changeset 17348:727d29bef336

Merge
author amurillo
date Fri, 15 Jul 2016 09:10:36 -0700
parents 8b4f9c8902e3 9b3c7817d771
children ab4bfa1d32fc
files test/sun/security/tools/keytool/AltProviderPath.sh test/sun/security/tools/keytool/DummyProvider.java
diffstat 137 files changed, 3318 insertions(+), 1095 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Fri Jul 15 12:36:15 2016 +0200
+++ b/.hgtags	Fri Jul 15 09:10:36 2016 -0700
@@ -369,3 +369,4 @@
 7ff61c55b5c6c124592f09b18953222009a204a6 jdk-9+124
 073ab1d4edf5590cf1af7b6d819350c14e425c1a jdk-9+125
 6fda66a5bdf2da8994032b9da2078a4137f4d954 jdk-9+126
+7a97b89ba83077ca62e4aa5a05437adc8f315343 jdk-9+127
--- a/make/src/classes/build/tools/cldrconverter/CLDRConverter.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/make/src/classes/build/tools/cldrconverter/CLDRConverter.java	Fri Jul 15 09:10:36 2016 -0700
@@ -693,6 +693,8 @@
         "field.weekday",
         "field.dayperiod",
         "field.hour",
+        "timezone.hourFormat",
+        "timezone.gmtFormat",
         "field.minute",
         "field.second",
         "field.zone",
--- a/make/src/classes/build/tools/cldrconverter/CopyrightHeaders.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/make/src/classes/build/tools/cldrconverter/CopyrightHeaders.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,12 +41,12 @@
         " * Copyright (c) 2012, %d, Oracle and/or its affiliates. All rights reserved.\n" +
         " */\n";
 
-    // Last updated:  - 1/16/2015, 1:42:31 PM
+    // Last updated:  - 6/06/2016, 1:42:31 PM
     private static final String UNICODE =
         "/*\n" +
         " * COPYRIGHT AND PERMISSION NOTICE\n" +
         " *\n" +
-        " * Copyright (C) 1991-2015 Unicode, Inc. All rights reserved.\n" +
+        " * Copyright (C) 1991-2016 Unicode, Inc. All rights reserved.\n" +
         " * Distributed under the Terms of Use in \n" +
         " * http://www.unicode.org/copyright.html.\n" +
         " *\n" +
--- a/make/src/classes/build/tools/cldrconverter/LDMLParseHandler.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/make/src/classes/build/tools/cldrconverter/LDMLParseHandler.java	Fri Jul 15 09:10:36 2016 -0700
@@ -417,6 +417,12 @@
         case "timeZoneNames":
             pushContainer(qName, attributes);
             break;
+        case "hourFormat":
+            pushStringEntry(qName, attributes, "timezone.hourFormat");
+            break;
+        case "gmtFormat":
+            pushStringEntry(qName, attributes, "timezone.gmtFormat");
+            break;
         case "zone":
             {
                 String tzid = attributes.getValue("type"); // Olson tz id
--- a/src/java.base/linux/native/libnio/fs/GioFileTypeDetector.c	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/linux/native/libnio/fs/GioFileTypeDetector.c	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -91,7 +91,6 @@
     }
 
     g_type_init = (g_type_init_func)dlsym(gio_handle, "g_type_init");
-    (*g_type_init)();
 
     g_object_unref = (g_object_unref_func)dlsym(gio_handle, "g_object_unref");
 
@@ -104,9 +103,7 @@
     g_file_info_get_content_type = (g_file_info_get_content_type_func)
         dlsym(gio_handle, "g_file_info_get_content_type");
 
-
-    if (g_type_init == NULL ||
-        g_object_unref == NULL ||
+    if (g_object_unref == NULL ||
         g_file_new_for_path == NULL ||
         g_file_query_info == NULL ||
         g_file_info_get_content_type == NULL)
@@ -115,7 +112,10 @@
         return JNI_FALSE;
     }
 
-    (*g_type_init)();
+    if (g_type_init != NULL) {
+        (*g_type_init)();
+    }
+
     return JNI_TRUE;
 }
 
--- a/src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,8 +38,9 @@
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.HostnameVerifier} and
  *      {@link javax.net.ssl.CertificateHostnameVerifier}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public interface HostnameVerifier {
     /**
      * Verify that the hostname from the URL is an acceptable
--- a/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,8 +44,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.HttpsURLConnection}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public abstract
 class HttpsURLConnection extends HttpURLConnection
 {
--- a/src/java.base/share/classes/com/sun/net/ssl/KeyManager.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/KeyManager.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,8 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.KeyManager}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public interface KeyManager {
 }
--- a/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.KeyManagerFactory}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public class KeyManagerFactory {
     // The provider
     private Provider provider;
--- a/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.KeyManagerFactorySpi}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public abstract class KeyManagerFactorySpi {
     /**
      * Initializes this factory with a source of key material. The
--- a/src/java.base/share/classes/com/sun/net/ssl/SSLContext.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/SSLContext.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,8 +44,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.SSLContext}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public class SSLContext {
     private Provider provider;
 
--- a/src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,8 +43,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.SSLContextSpi}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public abstract class SSLContextSpi {
     /**
      * Initializes this context.
--- a/src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -97,8 +97,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.SSLPermission}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public final class SSLPermission extends BasicPermission {
 
     private static final long serialVersionUID = -2583684302506167542L;
--- a/src/java.base/share/classes/com/sun/net/ssl/TrustManager.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/TrustManager.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,8 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.TrustManager}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public interface TrustManager {
 }
--- a/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.TrustManagerFactory}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public class TrustManagerFactory {
     // The provider
     private Provider provider;
--- a/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.TrustManagerFactorySpi}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public abstract class TrustManagerFactorySpi {
     /**
      * Initializes this factory with a source of certificate
--- a/src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.X509KeyManager}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public interface X509KeyManager extends KeyManager {
     /**
      * Get the matching aliases for authenticating the client side of a secure
--- a/src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,8 +40,9 @@
  *
  * @deprecated As of JDK 1.4, this implementation-specific class was
  *      replaced by {@link javax.net.ssl.X509TrustManager}.
+ *      This class is subject to removal in a future version of JDK.
  */
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
 public interface X509TrustManager extends TrustManager {
     /**
      * Given the partial or complete certificate chain
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,10 @@
  * Main class for the SunJSSE provider. The actual code was moved to the
  * class sun.security.ssl.SunJSSE, but for backward compatibility we
  * continue to use this class as the main Provider class.
+ *
+ * @deprecated This class is subject to removal in a future version of JDK.
  */
+@Deprecated(since="9", forRemoval=true)
 public final class Provider extends SunJSSE {
 
     private static final long serialVersionUID = 3231825739635378733L;
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,7 +54,9 @@
  *
  * @since 1.6
  * @author Xuelei Fan
+ * @deprecated This class is subject to removal in a future version of JDK.
  */
+@Deprecated(since="9", forRemoval=true)
 public abstract class X509ExtendedTrustManager implements X509TrustManager {
     /**
      * Constructor used by subclasses only.
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,9 @@
  * of protocol implementation (this one)
  * com.sun.net.ssl.HttpURLConnection is used in the com.sun version.
  *
+ * @deprecated This class is subject to removal in a future version of JDK.
  */
+@Deprecated(since="9", forRemoval=true)
 @SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
 public class DelegateHttpsURLConnection extends AbstractDelegateHttpsURLConnection {
 
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,7 +34,9 @@
  * only. The HTTPS implementation can now be found in
  * sun.net.www.protocol.https.
  *
+ * @deprecated This class is subject to removal in a future version of JDK.
  */
+@Deprecated(since="9", forRemoval=true)
 public class Handler extends sun.net.www.protocol.https.Handler {
 
     public Handler() {
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,11 +59,13 @@
  * needs to implement all public methods in it's super class and all
  * the way to Object.
  *
+ * @deprecated This class is subject to removal in a future version of JDK.
  */
 
 // For both copies of the file, uncomment one line and comment the other
 // public class HttpsURLConnectionImpl
 //      extends javax.net.ssl.HttpsURLConnection {
+@Deprecated(since="9", forRemoval=true)
 @SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
 public class HttpsURLConnectionOldImpl
         extends com.sun.net.ssl.HttpsURLConnection {
--- a/src/java.base/share/classes/java/lang/VersionProps.java.template	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/lang/VersionProps.java.template	Fri Jul 15 09:10:36 2016 -0700
@@ -67,19 +67,35 @@
         System.setProperty("java.runtime.name", java_runtime_name);
     }
 
+    private static int parseVersionNumber(String version, int prevIndex, int index) {
+        if (index - prevIndex > 1 &&
+            Character.digit(version.charAt(prevIndex), 10) <= 0)
+            throw new IllegalArgumentException("Leading zeros not supported (" +
+                    version.substring(prevIndex, index) + ")");
+        return Integer.parseInt(version, prevIndex, index, 10);
+    }
+
+    // This method is reflectively used by regression tests.
+    static List<Integer> parseVersionNumbers(String version) {
+        List<Integer> verNumbers = new ArrayList<>(4);
+        int prevIndex = 0;
+        int index = version.indexOf('.');
+        while (index > 0) {
+            verNumbers.add(parseVersionNumber(version, prevIndex, index));
+            prevIndex = index + 1; // Skip the period
+            index = version.indexOf('.', prevIndex);
+        }
+        verNumbers.add(parseVersionNumber(version, prevIndex, version.length()));
+
+        if (verNumbers.get(0) == 0 || verNumbers.get(verNumbers.size() - 1) == 0)
+            throw new IllegalArgumentException("Leading/trailing zeros not supported (" +
+                    verNumbers + ")");
+
+        return verNumbers;
+    }
+
     static List<Integer> versionNumbers() {
-        List<Integer> versionNumbers = new ArrayList<>(4);
-        int prevIndex = 0;
-        int index = VERSION_NUMBER.indexOf('.');
-        while (index > 0) {
-            versionNumbers.add(
-                    Integer.parseInt(VERSION_NUMBER, prevIndex, index, 10));
-            prevIndex = index + 1; // Skip the period
-            index = VERSION_NUMBER.indexOf('.', prevIndex);
-        }
-        versionNumbers.add(Integer.parseInt(VERSION_NUMBER,
-                prevIndex, VERSION_NUMBER.length(), 10));
-        return versionNumbers;
+        return parseVersionNumbers(VERSION_NUMBER);
     }
 
     static Optional<String> pre() {
--- a/src/java.base/share/classes/java/lang/module/ModulePath.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/lang/module/ModulePath.java	Fri Jul 15 09:10:36 2016 -0700
@@ -523,7 +523,7 @@
         try (JarFile jf = new JarFile(file.toFile(),
                                       true,               // verify
                                       ZipFile.OPEN_READ,
-                                      JarFile.Release.RUNTIME))
+                                      JarFile.runtimeVersion()))
         {
             ModuleDescriptor md;
             JarEntry entry = jf.getJarEntry(MODULE_INFO);
--- a/src/java.base/share/classes/java/lang/module/ModuleReferences.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/lang/module/ModuleReferences.java	Fri Jul 15 09:10:36 2016 -0700
@@ -201,7 +201,7 @@
                 return new JarFile(path.toFile(),
                                    true,               // verify
                                    ZipFile.OPEN_READ,
-                                   JarFile.Release.RUNTIME);
+                                   JarFile.runtimeVersion());
             } catch (IOException ioe) {
                 throw new UncheckedIOException(ioe);
             }
--- a/src/java.base/share/classes/java/net/URLClassLoader.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/net/URLClassLoader.java	Fri Jul 15 09:10:36 2016 -0700
@@ -59,9 +59,11 @@
 
 /**
  * This class loader is used to load classes and resources from a search
- * path of URLs referring to both JAR files and directories. Any URL that
- * ends with a '/' is assumed to refer to a directory. Otherwise, the URL
- * is assumed to refer to a JAR file which will be opened as needed.
+ * path of URLs referring to both JAR files and directories. Any {@code jar:}
+ * scheme URL (see {@link java.net.JarURLConnection}) is assumed to refer to a
+ * JAR file.  Any {@code file:} scheme URL that ends with a '/' is assumed to
+ * refer to a directory. Otherwise, the URL is assumed to refer to a JAR file
+ * which will be opened as needed.
  * <p>
  * The AccessControlContext of the thread that created the instance of
  * URLClassLoader will be used when subsequently loading classes and
@@ -83,9 +85,11 @@
     /**
      * Constructs a new URLClassLoader for the given URLs. The URLs will be
      * searched in the order specified for classes and resources after first
-     * searching in the specified parent class loader. Any URL that ends with
-     * a '/' is assumed to refer to a directory. Otherwise, the URL is assumed
-     * to refer to a JAR file which will be downloaded and opened as needed.
+     * searching in the specified parent class loader.  Any {@code jar:}
+     * scheme URL is assumed to refer to a JAR file.  Any {@code file:} scheme
+     * URL that ends with a '/' is assumed to refer to a directory.  Otherwise,
+     * the URL is assumed to refer to a JAR file which will be downloaded and
+     * opened as needed.
      *
      * <p>If there is a security manager, this method first
      * calls the security manager's {@code checkCreateClassLoader} method
--- a/src/java.base/share/classes/java/security/CodeSource.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/security/CodeSource.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -86,10 +86,9 @@
      * Constructs a CodeSource and associates it with the specified
      * location and set of certificates.
      *
-     * @param url the location (URL).
-     *
-     * @param certs the certificate(s). It may be null. The contents of the
-     * array are copied to protect against subsequent modification.
+     * @param url the location (URL).  It may be {@code null}.
+     * @param certs the certificate(s). It may be {@code null}. The contents
+     * of the array are copied to protect against subsequent modification.
      */
     public CodeSource(URL url, java.security.cert.Certificate[] certs) {
         this.location = url;
@@ -107,9 +106,9 @@
      * Constructs a CodeSource and associates it with the specified
      * location and set of code signers.
      *
-     * @param url the location (URL).
-     * @param signers the code signers. It may be null. The contents of the
-     * array are copied to protect against subsequent modification.
+     * @param url the location (URL).  It may be {@code null}.
+     * @param signers the code signers. It may be {@code null}. The contents
+     * of the array are copied to protect against subsequent modification.
      *
      * @since 1.5
      */
@@ -176,7 +175,8 @@
     /**
      * Returns the location associated with this CodeSource.
      *
-     * @return the location (URL).
+     * @return the location (URL), or {@code null} if no URL was supplied
+     * during construction.
      */
     public final URL getLocation() {
         /* since URL is practically immutable, returning itself is not
@@ -203,7 +203,8 @@
      * bottom-to-top (i.e., with the signer certificate first and the (root)
      * certificate authority last).
      *
-     * @return A copy of the certificates array, or null if there is none.
+     * @return a copy of the certificate array, or {@code null} if there
+     * is none.
      */
     public final java.security.cert.Certificate[] getCertificates() {
         if (certs != null) {
@@ -235,7 +236,8 @@
      * create an array of CodeSigner objects. Note that only X.509 certificates
      * are examined - all other certificate types are ignored.
      *
-     * @return A copy of the code signer array, or null if there is none.
+     * @return a copy of the code signer array, or {@code null} if there
+     * is none.
      *
      * @since 1.5
      */
@@ -322,7 +324,6 @@
      * @return true if the specified codesource is implied by this codesource,
      * false if not.
      */
-
     public boolean implies(CodeSource codesource)
     {
         if (codesource == null)
@@ -336,7 +337,7 @@
      * CodeSource are also in <i>that</i>.
      *
      * @param that the CodeSource to check against.
-     * @param strict If true then a strict equality match is performed.
+     * @param strict if true then a strict equality match is performed.
      *               Otherwise a subset match is performed.
      */
     boolean matchCerts(CodeSource that, boolean strict)
@@ -622,7 +623,7 @@
      * The array of certificates is a concatenation of certificate chains
      * where the initial certificate in each chain is the end-entity cert.
      *
-     * @return An array of code signers or null if none are generated.
+     * @return an array of code signers or null if none are generated.
      */
     private CodeSigner[] convertCertArrayToSignerArray(
         java.security.cert.Certificate[] certs) {
--- a/src/java.base/share/classes/java/security/MessageDigest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/security/MessageDigest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -439,7 +439,12 @@
     }
 
     /**
-     * Compares two digests for equality. Does a simple byte compare.
+     * Compares two digests for equality. Two digests are equal if they have
+     * the same length and all bytes at corresponding positions are equal.
+     *
+     * @implNote
+     * If the digests are the same length, all bytes are examined to
+     * determine equality.
      *
      * @param digesta one of the digests to compare.
      *
--- a/src/java.base/share/classes/java/util/AbstractList.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/util/AbstractList.java	Fri Jul 15 09:10:36 2016 -0700
@@ -25,6 +25,8 @@
 
 package java.util;
 
+import java.util.function.Consumer;
+
 /**
  * This class provides a skeletal implementation of the {@link List}
  * interface to minimize the effort required to implement this interface
@@ -634,6 +636,115 @@
         return "Index: "+index+", Size: "+size();
     }
 
+    /**
+     * An index-based split-by-two, lazily initialized Spliterator covering
+     * a List that access elements via {@link List#get}.
+     *
+     * If access results in an IndexOutOfBoundsException then a
+     * ConcurrentModificationException is thrown instead (since the list has
+     * been structurally modified while traversing).
+     *
+     * If the List is an instance of AbstractList then concurrent modification
+     * checking is performed using the AbstractList's modCount field.
+     */
+    static final class RandomAccessSpliterator<E> implements Spliterator<E> {
+
+        private final List<E> list;
+        private int index; // current index, modified on advance/split
+        private int fence; // -1 until used; then one past last index
+
+        // The following fields are valid if covering an AbstractList
+        private final AbstractList<E> alist;
+        private int expectedModCount; // initialized when fence set
+
+        RandomAccessSpliterator(List<E> list) {
+            assert list instanceof RandomAccess;
+
+            this.list = list;
+            this.index = 0;
+            this.fence = -1;
+
+            this.alist = list instanceof AbstractList ? (AbstractList<E>) list : null;
+            this.expectedModCount = alist != null ? alist.modCount : 0;
+        }
+
+        /** Create new spliterator covering the given  range */
+        private RandomAccessSpliterator(RandomAccessSpliterator<E> parent,
+                                int origin, int fence) {
+            this.list = parent.list;
+            this.index = origin;
+            this.fence = fence;
+
+            this.alist = parent.alist;
+            this.expectedModCount = parent.expectedModCount;
+        }
+
+        private int getFence() { // initialize fence to size on first use
+            int hi;
+            List<E> lst = list;
+            if ((hi = fence) < 0) {
+                if (alist != null) {
+                    expectedModCount = alist.modCount;
+                }
+                hi = fence = lst.size();
+            }
+            return hi;
+        }
+
+        public Spliterator<E> trySplit() {
+            int hi = getFence(), lo = index, mid = (lo + hi) >>> 1;
+            return (lo >= mid) ? null : // divide range in half unless too small
+                    new RandomAccessSpliterator<>(this, lo, index = mid);
+        }
+
+        public boolean tryAdvance(Consumer<? super E> action) {
+            if (action == null)
+                throw new NullPointerException();
+            int hi = getFence(), i = index;
+            if (i < hi) {
+                index = i + 1;
+                action.accept(get(list, i));
+                checkAbstractListModCount(alist, expectedModCount);
+                return true;
+            }
+            return false;
+        }
+
+        public void forEachRemaining(Consumer<? super E> action) {
+            Objects.requireNonNull(action);
+            List<E> lst = list;
+            int hi = getFence();
+            int i = index;
+            index = hi;
+            for (; i < hi; i++) {
+                action.accept(get(lst, i));
+            }
+            checkAbstractListModCount(alist, expectedModCount);
+        }
+
+        public long estimateSize() {
+            return (long) (getFence() - index);
+        }
+
+        public int characteristics() {
+            return Spliterator.ORDERED | Spliterator.SIZED | Spliterator.SUBSIZED;
+        }
+
+        private static <E> E get(List<E> list, int i) {
+            try {
+                return list.get(i);
+            } catch (IndexOutOfBoundsException ex) {
+                throw new ConcurrentModificationException();
+            }
+        }
+
+        static void checkAbstractListModCount(AbstractList<?> alist, int expectedModCount) {
+            if (alist != null && alist.modCount != expectedModCount) {
+                throw new ConcurrentModificationException();
+            }
+        }
+    }
+
     private static class SubList<E> extends AbstractList<E> {
         private final AbstractList<E> root;
         private final SubList<E> parent;
--- a/src/java.base/share/classes/java/util/List.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/util/List.java	Fri Jul 15 09:10:36 2016 -0700
@@ -741,9 +741,22 @@
      *
      * @implSpec
      * The default implementation creates a
-     * <em><a href="Spliterator.html#binding">late-binding</a></em> spliterator
-     * from the list's {@code Iterator}.  The spliterator inherits the
-     * <em>fail-fast</em> properties of the list's iterator.
+     * <em><a href="Spliterator.html#binding">late-binding</a></em>
+     * spliterator as follows:
+     * <ul>
+     * <li>If the list is an instance of {@link RandomAccess} then the default
+     *     implementation creates a spliterator that traverses elements by
+     *     invoking the method {@link List#get}.  If such invocation results or
+     *     would result in an {@code IndexOutOfBoundsException} then the
+     *     spliterator will <em>fail-fast</em> and throw a
+     *     {@code ConcurrentModificationException}.
+     *     If the list is also an instance of {@link AbstractList} then the
+     *     spliterator will use the list's {@link AbstractList#modCount modCount}
+     *     field to provide additional <em>fail-fast</em> behavior.
+     * <li>Otherwise, the default implementation creates a spliterator from the
+     *     list's {@code Iterator}.  The spliterator inherits the
+     *     <em>fail-fast</em> of the list's iterator.
+     * </ul>
      *
      * @implNote
      * The created {@code Spliterator} additionally reports
@@ -754,7 +767,11 @@
      */
     @Override
     default Spliterator<E> spliterator() {
-        return Spliterators.spliterator(this, Spliterator.ORDERED);
+        if (this instanceof RandomAccess) {
+            return new AbstractList.RandomAccessSpliterator<>(this);
+        } else {
+            return Spliterators.spliterator(this, Spliterator.ORDERED);
+        }
     }
 
     /**
--- a/src/java.base/share/classes/java/util/jar/JarFile.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/util/jar/JarFile.java	Fri Jul 15 09:10:36 2016 -0700
@@ -64,8 +64,8 @@
  * file, and as such an entry name is associated with at most one base entry.
  * The {@code JarFile} may be configured to process a multi-release jar file by
  * creating the {@code JarFile} with the
- * {@link JarFile#JarFile(File, boolean, int, Release)} constructor.  The
- * {@code Release} object sets a maximum version used when searching for
+ * {@link JarFile#JarFile(File, boolean, int, Runtime.Version)} constructor.  The
+ * {@code Runtime.Version} object sets a maximum version used when searching for
  * versioned entries.  When so configured, an entry name
  * can correspond with at most one base entry and zero or more versioned
  * entries. A search is required to associate the entry name with the latest
@@ -74,8 +74,8 @@
  *
  * <p>Class loaders that utilize {@code JarFile} to load classes from the
  * contents of {@code JarFile} entries should construct the {@code JarFile}
- * by invoking the {@link JarFile#JarFile(File, boolean, int, Release)}
- * constructor with the value {@code Release.RUNTIME} assigned to the last
+ * by invoking the {@link JarFile#JarFile(File, boolean, int, Runtime.Version)}
+ * constructor with the value {@code Runtime.version()} assigned to the last
  * argument.  This assures that classes compatible with the major
  * version of the running JVM are loaded from multi-release jar files.
  *
@@ -99,12 +99,12 @@
  * <li>
  * {@code jdk.util.jar.version} can be assigned a value that is the
  * {@code String} representation of a non-negative integer
- * {@code <= Version.current().major()}.  The value is used to set the effective
+ * {@code <= Runtime.version().major()}.  The value is used to set the effective
  * runtime version to something other than the default value obtained by
- * evaluating {@code Version.current().major()}. The effective runtime version
- * is the version that the {@link JarFile#JarFile(File, boolean, int, Release)}
+ * evaluating {@code Runtime.version().major()}. The effective runtime version
+ * is the version that the {@link JarFile#JarFile(File, boolean, int, Runtime.Version)}
  * constructor uses when the value of the last argument is
- * {@code Release.RUNTIME}.
+ * {@code JarFile.runtimeVersion()}.
  * </li>
  * <li>
  * {@code jdk.util.jar.enableMultiRelease} can be assigned one of the three
@@ -116,7 +116,7 @@
  * the method {@link JarFile#isMultiRelease()} returns <em>false</em>. The value
  * <em>force</em> causes the {@code JarFile} to be initialized to runtime
  * versioning after construction.  It effectively does the same as this code:
- * {@code (new JarFile(File, boolean, int, Release.RUNTIME)}.
+ * {@code (new JarFile(File, boolean, int, JarFile.runtimeVersion())}.
  * </li>
  * </ul>
  * </div>
@@ -129,8 +129,9 @@
  */
 public
 class JarFile extends ZipFile {
-    private final static int BASE_VERSION;
-    private final static int RUNTIME_VERSION;
+    private final static Runtime.Version BASE_VERSION;
+    private final static int BASE_VERSION_MAJOR;
+    private final static Runtime.Version RUNTIME_VERSION;
     private final static boolean MULTI_RELEASE_ENABLED;
     private final static boolean MULTI_RELEASE_FORCED;
     private SoftReference<Manifest> manRef;
@@ -138,10 +139,10 @@
     private JarVerifier jv;
     private boolean jvInitialized;
     private boolean verify;
-    private final int version;
-    private boolean notVersioned;
-    private final boolean runtimeVersioned;
-    private boolean isMultiRelease;    // is jar multi-release?
+    private final Runtime.Version version;  // current version
+    private final int versionMajor;         // version.major()
+    private boolean notVersioned;           // legacy constructor called
+    private boolean isMultiRelease;         // is jar multi-release?
 
     // indicates if Class-Path attribute present
     private boolean hasClassPathAttribute;
@@ -151,17 +152,18 @@
     static {
         // Set up JavaUtilJarAccess in SharedSecrets
         SharedSecrets.setJavaUtilJarAccess(new JavaUtilJarAccessImpl());
-
-        BASE_VERSION = 8;  // one less than lowest version for versioned entries
+        // multi-release jar file versions >= 9
+        BASE_VERSION = Runtime.Version.parse(Integer.toString(8));
+        BASE_VERSION_MAJOR = BASE_VERSION.major();
+        String jarVersion = GetPropertyAction.privilegedGetProperty("jdk.util.jar.version");
         int runtimeVersion = Runtime.version().major();
-        String jarVersion =
-                GetPropertyAction.privilegedGetProperty("jdk.util.jar.version");
         if (jarVersion != null) {
             int jarVer = Integer.parseInt(jarVersion);
             runtimeVersion = (jarVer > runtimeVersion)
-                    ? runtimeVersion : Math.max(jarVer, 0);
+                    ? runtimeVersion
+                    : Math.max(jarVer, BASE_VERSION_MAJOR);
         }
-        RUNTIME_VERSION = runtimeVersion;
+        RUNTIME_VERSION = Runtime.Version.parse(Integer.toString(runtimeVersion));
         String enableMultiRelease = GetPropertyAction
                 .privilegedGetProperty("jdk.util.jar.enableMultiRelease", "true");
         switch (enableMultiRelease) {
@@ -181,61 +183,6 @@
         }
     }
 
-    /**
-     * A set of constants that represent the entries in either the base directory
-     * or one of the versioned directories in a multi-release jar file.  It's
-     * possible for a multi-release jar file to contain versioned directories
-     * that are not represented by the constants of the {@code Release} enum.
-     * In those cases, the entries will not be located by this {@code JarFile}
-     * through the aliasing mechanism, but they can be directly accessed by
-     * specifying the full path name of the entry.
-     *
-     * @since 9
-     */
-    public enum Release {
-        /**
-         * Represents unversioned entries, or entries in "regular", as opposed
-         * to multi-release jar files.
-         */
-        BASE(BASE_VERSION),
-
-        /**
-         * Represents entries found in the META-INF/versions/9 directory of a
-         * multi-release jar file.
-         */
-        VERSION_9(9),
-
-        // fill in the "blanks" for future releases
-
-        /**
-         * Represents entries found in the META-INF/versions/{n} directory of a
-         * multi-release jar file, where {@code n} is the effective runtime
-         * version of the jar file.
-         *
-         * @implNote
-         * <div class="block">
-         * The effective runtime version is determined
-         * by evaluating {@code Version.current().major()} or by using the value
-         * of the {@code jdk.util.jar.version} System property if it exists.
-         * </div>
-         */
-        RUNTIME(RUNTIME_VERSION);
-
-        Release(int version) {
-            this.version = version;
-        }
-
-        private static Release valueOf(int version) {
-            return version <= BASE.value() ? BASE : valueOf("VERSION_" + version);
-        }
-
-        private final int version;
-
-        private int value() {
-            return this.version;
-        }
-    }
-
     private static final String META_INF = "META-INF/";
 
     private static final String META_INF_VERSIONS = META_INF + "versions/";
@@ -246,6 +193,32 @@
     public static final String MANIFEST_NAME = META_INF + "MANIFEST.MF";
 
     /**
+     * The version that represents the unversioned configuration of a multi-release jar file.
+     *
+     * @return Runtime.Version that represents the unversioned configuration
+     *
+     * @since 9
+     */
+    public static Runtime.Version baseVersion() {
+        return BASE_VERSION;
+    }
+
+    /**
+     * The version that represents the effective runtime versioned configuration of a
+     * multi-release jar file.  In most cases, {@code runtimeVersion()} is equal to
+     * {@code Runtime.version()}.  However, if the {@code jdk.util.jar.version} property is set,
+     * {@code runtimeVersion()} is derived from that property and may not be equal to
+     * {@code Runtime.version()}.
+     *
+     * @return Runtime.Version that represents the runtime versioned configuration
+     *
+     * @since 9
+     */
+    public static Runtime.Version runtimeVersion() {
+        return RUNTIME_VERSION;
+    }
+
+    /**
      * Creates a new {@code JarFile} to read from the specified
      * file {@code name}. The {@code JarFile} will be verified if
      * it is signed.
@@ -316,7 +289,7 @@
      * @since 1.3
      */
     public JarFile(File file, boolean verify, int mode) throws IOException {
-        this(file, verify, mode, Release.BASE);
+        this(file, verify, mode, BASE_VERSION);
         this.notVersioned = true;
     }
 
@@ -324,8 +297,13 @@
      * Creates a new {@code JarFile} to read from the specified
      * {@code File} object in the specified mode.  The mode argument
      * must be either {@code OPEN_READ} or {@code OPEN_READ | OPEN_DELETE}.
-     * The version argument configures the {@code JarFile} for processing
+     * The version argument, after being converted to a canonical form, is
+     * used to configure the {@code JarFile} for processing
      * multi-release jar files.
+     * <p>
+     * The canonical form derived from the version parameter is
+     * {@code Runtime.Version.parse(Integer.toString(n))} where {@code n} is
+     * {@code Math.max(version.major(), JarFile.baseVersion().major())}.
      *
      * @param file the jar file to be opened for reading
      * @param verify whether or not to verify the jar file if
@@ -340,47 +318,31 @@
      * @throws NullPointerException if {@code version} is {@code null}
      * @since 9
      */
-    public JarFile(File file, boolean verify, int mode, Release version) throws IOException {
+    public JarFile(File file, boolean verify, int mode, Runtime.Version version) throws IOException {
         super(file, mode);
+        this.verify = verify;
         Objects.requireNonNull(version);
-        this.verify = verify;
-        // version applies to multi-release jar files, ignored for regular jar files
-        if (MULTI_RELEASE_FORCED) {
+        if (MULTI_RELEASE_FORCED || version.major() == RUNTIME_VERSION.major()) {
+            // This deals with the common case where the value from JarFile.runtimeVersion() is passed
             this.version = RUNTIME_VERSION;
-            version = Release.RUNTIME;
+        } else if (version.major() <= BASE_VERSION_MAJOR) {
+            // This also deals with the common case where the value from JarFile.baseVersion() is passed
+            this.version = BASE_VERSION;
         } else {
-            this.version = version.value();
+            // Canonicalize
+            this.version = Runtime.Version.parse(Integer.toString(version.major()));
         }
-        this.runtimeVersioned = version == Release.RUNTIME;
-
-        assert runtimeVersionExists();
-    }
-
-    private boolean runtimeVersionExists() {
-        int version = Runtime.version().major();
-        try {
-            Release.valueOf(version);
-            return true;
-        } catch (IllegalArgumentException x) {
-            System.err.println("No JarFile.Release object for release " + version);
-            return false;
-        }
+        this.versionMajor = this.version.major();
     }
 
     /**
      * Returns the maximum version used when searching for versioned entries.
      *
-     * @return the maximum version, or {@code Release.BASE} if this jar file is
-     *         processed as if it is an unversioned jar file or is not a
-     *         multi-release jar file
+     * @return the maximum version
      * @since 9
      */
-    public final Release getVersion() {
-        if (isMultiRelease()) {
-            return runtimeVersioned ? Release.RUNTIME : Release.valueOf(version);
-        } else {
-            return Release.BASE;
-        }
+    public final Runtime.Version getVersion() {
+        return isMultiRelease() ? this.version : BASE_VERSION;
     }
 
     /**
@@ -393,7 +355,7 @@
         if (isMultiRelease) {
             return true;
         }
-        if (MULTI_RELEASE_ENABLED && version != BASE_VERSION) {
+        if (MULTI_RELEASE_ENABLED && versionMajor != BASE_VERSION_MAJOR) {
             try {
                 checkForSpecialAttributes();
             } catch (IOException io) {
@@ -639,7 +601,7 @@
         ZipEntry vze = null;
         String sname = "/" + name;
         int i = version;
-        while (i > BASE_VERSION) {
+        while (i > BASE_VERSION_MAJOR) {
             vze = super.getEntry(META_INF_VERSIONS + i + sname);
             if (vze != null) break;
             i--;
@@ -649,10 +611,10 @@
 
     private ZipEntry getVersionedEntry(ZipEntry ze) {
         ZipEntry vze = null;
-        if (version > BASE_VERSION && !ze.isDirectory()) {
+        if (BASE_VERSION_MAJOR < versionMajor && !ze.isDirectory()) {
             String name = ze.getName();
             if (!name.startsWith(META_INF)) {
-                vze = searchForVersionedEntry(version, name);
+                vze = searchForVersionedEntry(versionMajor, name);
             }
         }
         return vze == null ? ze : vze;
@@ -1038,7 +1000,7 @@
                 hasClassPathAttribute = match(CLASSPATH_CHARS, b,
                         CLASSPATH_LASTOCC) != -1;
                 // is this a multi-release jar file
-                if (MULTI_RELEASE_ENABLED && version != BASE_VERSION) {
+                if (MULTI_RELEASE_ENABLED && versionMajor != BASE_VERSION_MAJOR) {
                     int i = match(MULTIRELEASE_CHARS, b, MULTIRELEASE_LASTOCC);
                     if (i != -1) {
                         i += MULTIRELEASE_CHARS.length;
--- a/src/java.base/share/classes/java/util/zip/InflaterInputStream.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/java/util/zip/InflaterInputStream.java	Fri Jul 15 09:10:36 2016 -0700
@@ -179,6 +179,10 @@
         ensureOpen();
         if (reachEOF) {
             return 0;
+        } else if (inf.finished()) {
+            // the end of the compressed data stream has been reached
+            reachEOF = true;
+            return 0;
         } else {
             return 1;
         }
--- a/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java	Fri Jul 15 09:10:36 2016 -0700
@@ -482,13 +482,4 @@
         done = true;
         return n;
     }
-
-    /**
-     * Ensures that the key stored away by this ExemptionMechanism
-     * object will be wiped out when there are no more references to it.
-     */
-    protected void finalize() {
-        keyStored = null;
-        // Are there anything else we could do?
-    }
 }
--- a/src/java.base/share/classes/javax/security/cert/Certificate.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/javax/security/cert/Certificate.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,10 +58,11 @@
  * @since 1.4
  * @see X509Certificate
  * @deprecated Use the classes in {@code java.security.cert} instead.
+ *      This class is subject to removal in a future version of Java SE.
  *
  * @author Hemma Prafullchandra
  */
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
 public abstract class Certificate {
 
     /**
--- a/src/java.base/share/classes/javax/security/cert/CertificateEncodingException.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/javax/security/cert/CertificateEncodingException.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,9 @@
  * @since 1.4
  * @author Hemma Prafullchandra
  * @deprecated Use the classes in {@code java.security.cert} instead.
+ *      This class is subject to removal in a future version of Java SE.
  */
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
 public class CertificateEncodingException extends CertificateException {
 
     private static final long serialVersionUID = -8187642723048403470L;
--- a/src/java.base/share/classes/javax/security/cert/CertificateException.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/javax/security/cert/CertificateException.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,9 @@
  * @since 1.4
  * @see Certificate
  * @deprecated Use the classes in {@code java.security.cert} instead.
+ *      This class is subject to removal in a future version of Java SE.
  */
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
 public class CertificateException extends Exception {
 
     private static final long serialVersionUID = -5757213374030785290L;
--- a/src/java.base/share/classes/javax/security/cert/CertificateExpiredException.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/javax/security/cert/CertificateExpiredException.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
  * @since 1.4
  * @author Hemma Prafullchandra
  * @deprecated Use the classes in {@code java.security.cert} instead.
+ *      This class is subject to removal in a future version of Java SE.
  */
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
 public class CertificateExpiredException extends CertificateException {
 
     private static final long serialVersionUID = 5091601212177261883L;
--- a/src/java.base/share/classes/javax/security/cert/CertificateNotYetValidException.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/javax/security/cert/CertificateNotYetValidException.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
  * @since 1.4
  * @author Hemma Prafullchandra
  * @deprecated Use the classes in {@code java.security.cert} instead.
+ *      This class is subject to removal in a future version of Java SE.
  */
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
 public class CertificateNotYetValidException extends CertificateException {
 
     private static final long serialVersionUID = -8976172474266822818L;
--- a/src/java.base/share/classes/javax/security/cert/CertificateParsingException.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/javax/security/cert/CertificateParsingException.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,8 +40,9 @@
  * @since 1.4
  * @author Hemma Prafullchandra
  * @deprecated Use the classes in {@code java.security.cert} instead.
+ *      This class is subject to removal in a future version of Java SE.
  */
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
 public class CertificateParsingException extends CertificateException {
 
     private static final long serialVersionUID = -8449352422951136229L;
--- a/src/java.base/share/classes/javax/security/cert/X509Certificate.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/javax/security/cert/X509Certificate.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -125,8 +125,9 @@
  * @see java.security.cert.X509Extension
  * @see java.security.Security security properties
  * @deprecated Use the classes in {@code java.security.cert} instead.
+ *      This class is subject to removal in a future version of Java SE.
  */
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
 public abstract class X509Certificate extends Certificate {
 
     /*
--- a/src/java.base/share/classes/jdk/internal/loader/URLClassPath.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/jdk/internal/loader/URLClassPath.java	Fri Jul 15 09:10:36 2016 -0700
@@ -695,7 +695,7 @@
                     throw new FileNotFoundException(p.getPath());
                 }
                 return checkJar(new JarFile(new File(p.getPath()), true, ZipFile.OPEN_READ,
-                        JarFile.Release.RUNTIME));
+                        JarFile.runtimeVersion()));
             }
             URLConnection uc = (new URL(getBaseURL(), "#runtime")).openConnection();
             uc.setRequestProperty(USER_AGENT_JAVA_VERSION, JAVA_VERSION);
--- a/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java	Fri Jul 15 09:10:36 2016 -0700
@@ -66,7 +66,9 @@
 
     static JarFile getJarFile(URL url, URLJarFileCloseController closeController) throws IOException {
         if (isFileURL(url)) {
-            Release version = "runtime".equals(url.getRef()) ? Release.RUNTIME : Release.BASE;
+            Runtime.Version version = "runtime".equals(url.getRef())
+                    ? JarFile.runtimeVersion()
+                    : JarFile.baseVersion();
             return new URLJarFile(url, closeController, version);
         } else {
             return retrieve(url, closeController);
@@ -90,12 +92,14 @@
         this.closeController = closeController;
     }
 
-    private URLJarFile(File file, URLJarFileCloseController closeController, Release version) throws IOException {
+    private URLJarFile(File file, URLJarFileCloseController closeController, Runtime.Version version)
+            throws IOException {
         super(file, true, ZipFile.OPEN_READ | ZipFile.OPEN_DELETE, version);
         this.closeController = closeController;
     }
 
-    private URLJarFile(URL url, URLJarFileCloseController closeController, Release version) throws IOException {
+    private URLJarFile(URL url, URLJarFileCloseController closeController, Runtime.Version version)
+            throws IOException {
         super(new File(ParseUtil.decode(url.getFile())), true, ZipFile.OPEN_READ, version);
         this.closeController = closeController;
     }
@@ -200,7 +204,9 @@
         {
 
             JarFile result = null;
-            Release version = "runtime".equals(url.getRef()) ? Release.RUNTIME : Release.BASE;
+            Runtime.Version version = "runtime".equals(url.getRef())
+                    ? JarFile.runtimeVersion()
+                    : JarFile.baseVersion();
 
             /* get the stream before asserting privileges */
             try (final InputStream in = url.openConnection().getInputStream()) {
--- a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java	Fri Jul 15 09:10:36 2016 -0700
@@ -159,6 +159,8 @@
     /**
      * Get the provider object. Loads the provider if it is not already loaded.
      */
+    // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9
+    @SuppressWarnings("deprecation")
     synchronized Provider getProvider() {
         // volatile variable load
         Provider p = provider;
--- a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -376,36 +376,38 @@
     static enum KeyExchange {
 
         // key exchange algorithms
-        K_NULL       ("NULL",       false),
-        K_RSA        ("RSA",        true),
-        K_RSA_EXPORT ("RSA_EXPORT", true),
-        K_DH_RSA     ("DH_RSA",     false),
-        K_DH_DSS     ("DH_DSS",     false),
-        K_DHE_DSS    ("DHE_DSS",    true),
-        K_DHE_RSA    ("DHE_RSA",    true),
-        K_DH_ANON    ("DH_anon",    true),
+        K_NULL       ("NULL",       false,      false),
+        K_RSA        ("RSA",        true,       false),
+        K_RSA_EXPORT ("RSA_EXPORT", true,       false),
+        K_DH_RSA     ("DH_RSA",     false,      false),
+        K_DH_DSS     ("DH_DSS",     false,      false),
+        K_DHE_DSS    ("DHE_DSS",    true,       false),
+        K_DHE_RSA    ("DHE_RSA",    true,       false),
+        K_DH_ANON    ("DH_anon",    true,       false),
 
-        K_ECDH_ECDSA ("ECDH_ECDSA",  ALLOW_ECC),
-        K_ECDH_RSA   ("ECDH_RSA",    ALLOW_ECC),
-        K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC),
-        K_ECDHE_RSA  ("ECDHE_RSA",   ALLOW_ECC),
-        K_ECDH_ANON  ("ECDH_anon",   ALLOW_ECC),
+        K_ECDH_ECDSA ("ECDH_ECDSA",  ALLOW_ECC, true),
+        K_ECDH_RSA   ("ECDH_RSA",    ALLOW_ECC, true),
+        K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC, true),
+        K_ECDHE_RSA  ("ECDHE_RSA",   ALLOW_ECC, true),
+        K_ECDH_ANON  ("ECDH_anon",   ALLOW_ECC, true),
 
         // Kerberos cipher suites
-        K_KRB5       ("KRB5", true),
-        K_KRB5_EXPORT("KRB5_EXPORT", true),
+        K_KRB5       ("KRB5", true,             false),
+        K_KRB5_EXPORT("KRB5_EXPORT", true,      false),
 
         // renegotiation protection request signaling cipher suite
-        K_SCSV       ("SCSV",        true);
+        K_SCSV       ("SCSV",        true,      false);
 
         // name of the key exchange algorithm, e.g. DHE_DSS
         final String name;
         final boolean allowed;
+        final boolean isEC;
         private final boolean alwaysAvailable;
 
-        KeyExchange(String name, boolean allowed) {
+        KeyExchange(String name, boolean allowed, boolean isEC) {
             this.name = name;
             this.allowed = allowed;
+            this.isEC = isEC;
             this.alwaysAvailable = allowed &&
                 (!name.startsWith("EC")) && (!name.startsWith("KRB"));
         }
@@ -415,7 +417,7 @@
                 return true;
             }
 
-            if (name.startsWith("EC")) {
+            if (isEC) {
                 return (allowed && JsseJce.isEcAvailable());
             } else if (name.startsWith("KRB")) {
                 return (allowed && JsseJce.isKerberosAvailable());
--- a/src/java.base/share/classes/sun/security/ssl/CipherSuiteList.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/CipherSuiteList.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -112,20 +112,15 @@
     boolean containsEC() {
         if (containsEC == null) {
             for (CipherSuite c : cipherSuites) {
-                switch (c.keyExchange) {
-                case K_ECDH_ECDSA:
-                case K_ECDH_RSA:
-                case K_ECDHE_ECDSA:
-                case K_ECDHE_RSA:
-                case K_ECDH_ANON:
+                if (c.keyExchange.isEC) {
                     containsEC = true;
                     return true;
-                default:
-                    break;
                 }
             }
+
             containsEC = false;
         }
+
         return containsEC;
     }
 
--- a/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java	Fri Jul 15 09:10:36 2016 -0700
@@ -877,30 +877,33 @@
                 String typeName;
 
                 switch (certRequest.types[i]) {
-                case CertificateRequest.cct_rsa_sign:
-                    typeName = "RSA";
-                    break;
+                    case CertificateRequest.cct_rsa_sign:
+                        typeName = "RSA";
+                        break;
 
-                case CertificateRequest.cct_dss_sign:
-                    typeName = "DSA";
-                    break;
+                    case CertificateRequest.cct_dss_sign:
+                        typeName = "DSA";
+                            break;
 
-                case CertificateRequest.cct_ecdsa_sign:
-                    // ignore if we do not have EC crypto available
-                    typeName = JsseJce.isEcAvailable() ? "EC" : null;
-                    break;
+                    case CertificateRequest.cct_ecdsa_sign:
+                        // ignore if we do not have EC crypto available
+                        typeName = JsseJce.isEcAvailable() ? "EC" : null;
+                        break;
 
-                // Fixed DH/ECDH client authentication not supported
-                case CertificateRequest.cct_rsa_fixed_dh:
-                case CertificateRequest.cct_dss_fixed_dh:
-                case CertificateRequest.cct_rsa_fixed_ecdh:
-                case CertificateRequest.cct_ecdsa_fixed_ecdh:
-                // Any other values (currently not used in TLS)
-                case CertificateRequest.cct_rsa_ephemeral_dh:
-                case CertificateRequest.cct_dss_ephemeral_dh:
-                default:
-                    typeName = null;
-                    break;
+                    // Fixed DH/ECDH client authentication not supported
+                    //
+                    // case CertificateRequest.cct_rsa_fixed_dh:
+                    // case CertificateRequest.cct_dss_fixed_dh:
+                    // case CertificateRequest.cct_rsa_fixed_ecdh:
+                    // case CertificateRequest.cct_ecdsa_fixed_ecdh:
+                    //
+                    // Any other values (currently not used in TLS)
+                    //
+                    // case CertificateRequest.cct_rsa_ephemeral_dh:
+                    // case CertificateRequest.cct_dss_ephemeral_dh:
+                    default:
+                        typeName = null;
+                        break;
                 }
 
                 if ((typeName != null) && (!keytypesTmp.contains(typeName))) {
@@ -928,16 +931,6 @@
                 X509Certificate[] certs = km.getCertificateChain(alias);
                 if ((certs != null) && (certs.length != 0)) {
                     PublicKey publicKey = certs[0].getPublicKey();
-                    // for EC, make sure we use a supported named curve
-                    if (publicKey instanceof ECPublicKey) {
-                        ECParameterSpec params =
-                            ((ECPublicKey)publicKey).getParams();
-                        int index =
-                            EllipticCurvesExtension.getCurveIndex(params);
-                        if (!EllipticCurvesExtension.isSupported(index)) {
-                            publicKey = null;
-                        }
-                    }
                     if (publicKey != null) {
                         m1 = new CertificateMsg(certs);
                         signingKey = km.getPrivateKey(alias);
@@ -1499,6 +1492,17 @@
                 sslContext.getSecureRandom(), maxProtocolVersion,
                 sessionId, cipherSuites, isDTLS);
 
+        // add elliptic curves and point format extensions
+        if (cipherSuites.containsEC()) {
+            EllipticCurvesExtension ece =
+                EllipticCurvesExtension.createExtension(algorithmConstraints);
+            if (ece != null) {
+                clientHelloMessage.extensions.add(ece);
+                clientHelloMessage.extensions.add(
+                        EllipticPointFormatsExtension.DEFAULT);
+            }
+        }
+
         // add signature_algorithm extension
         if (maxProtocolVersion.useTLS12PlusSpec()) {
             // we will always send the signature_algorithm extension
--- a/src/java.base/share/classes/sun/security/ssl/ECDHCrypt.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHCrypt.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,10 +56,11 @@
     }
 
     // Called by ServerHandshaker for ephemeral ECDH
-    ECDHCrypt(String curveName, SecureRandom random) {
+    ECDHCrypt(int curveId, SecureRandom random) {
         try {
             KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("EC");
-            ECGenParameterSpec params = new ECGenParameterSpec(curveName);
+            ECGenParameterSpec params =
+                    EllipticCurvesExtension.getECGenParamSpec(curveId);
             kpg.initialize(params, random);
             KeyPair kp = kpg.generateKeyPair();
             privateKey = kp.getPrivate();
--- a/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java	Fri Jul 15 09:10:36 2016 -0700
@@ -27,58 +27,271 @@
 
 import java.io.IOException;
 import java.security.spec.ECParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.security.AlgorithmParameters;
+import java.security.AlgorithmConstraints;
+import java.security.CryptoPrimitive;
+import java.security.AccessController;
+import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.ArrayList;
+import javax.net.ssl.SSLProtocolException;
 
-import javax.net.ssl.SSLProtocolException;
+import sun.security.action.GetPropertyAction;
 
 final class EllipticCurvesExtension extends HelloExtension {
 
-    // the extension value to send in the ClientHello message
-    static final EllipticCurvesExtension DEFAULT;
+    private static final int ARBITRARY_PRIME = 0xff01;
+    private static final int ARBITRARY_CHAR2 = 0xff02;
 
-    private static final boolean fips;
+    // speed up the searching
+    private static final Map<String, Integer> oidToIdMap = new HashMap<>();
+    private static final Map<Integer, String> idToOidMap = new HashMap<>();
+
+    // speed up the parameters construction
+    private static final Map<Integer,
+                AlgorithmParameters> idToParams = new HashMap<>();
+
+    // the supported elliptic curves
+    private static final int[] supportedCurveIds;
+
+    // the curves of the extension
+    private final int[] curveIds;
+
+    // See sun.security.util.CurveDB for the OIDs
+    private static enum NamedEllipticCurve {
+        T163_K1(1,  "sect163k1",    "1.3.132.0.1",      true),  // NIST K-163
+        T163_R1(2,  "sect163r1",    "1.3.132.0.2",      false),
+        T163_R2(3,  "sect163r2",    "1.3.132.0.15",     true),  // NIST B-163
+        T193_R1(4,  "sect193r1",    "1.3.132.0.24",     false),
+        T193_R2(5,  "sect193r2",    "1.3.132.0.25",     false),
+        T233_K1(6,  "sect233k1",    "1.3.132.0.26",     true),  // NIST K-233
+        T233_R1(7,  "sect233r1",    "1.3.132.0.27",     true),  // NIST B-233
+        T239_K1(8,  "sect239k1",    "1.3.132.0.3",      false),
+        T283_K1(9,  "sect283k1",    "1.3.132.0.16",     true),  // NIST K-283
+        T283_R1(10, "sect283r1",    "1.3.132.0.17",     true),  // NIST B-283
+        T409_K1(11, "sect409k1",    "1.3.132.0.36",     true),  // NIST K-409
+        T409_R1(12, "sect409r1",    "1.3.132.0.37",     true),  // NIST B-409
+        T571_K1(13, "sect571k1",    "1.3.132.0.38",     true),  // NIST K-571
+        T571_R1(14, "sect571r1",    "1.3.132.0.39",     true),  // NIST B-571
+
+        P160_K1(15, "secp160k1",    "1.3.132.0.9",      false),
+        P160_R1(16, "secp160r1",    "1.3.132.0.8",      false),
+        P160_R2(17, "secp160r2",    "1.3.132.0.30",     false),
+        P192_K1(18, "secp192k1",    "1.3.132.0.31",     false),
+        P192_R1(19, "secp192r1",    "1.2.840.10045.3.1.1", true), // NIST P-192
+        P224_K1(20, "secp224k1",    "1.3.132.0.32",     false),
+        P224_R1(21, "secp224r1",    "1.3.132.0.33",     true),  // NIST P-224
+        P256_K1(22, "secp256k1",    "1.3.132.0.10",     false),
+        P256_R1(23, "secp256r1",    "1.2.840.10045.3.1.7", true), // NIST P-256
+        P384_R1(24, "secp384r1",    "1.3.132.0.34",     true),  // NIST P-384
+        P521_R1(25, "secp521r1",    "1.3.132.0.35",     true);  // NIST P-521
+
+        int          id;
+        String       name;
+        String       oid;
+        boolean      isFips;
+
+        NamedEllipticCurve(int id, String name, String oid, boolean isFips) {
+            this.id = id;
+            this.name = name;
+            this.oid = oid;
+            this.isFips = isFips;
+
+            if (oidToIdMap.put(oid, id) != null ||
+                idToOidMap.put(id, oid) != null) {
+
+                throw new RuntimeException(
+                        "Duplicate named elliptic curve definition: " + name);
+            }
+        }
+
+        static NamedEllipticCurve getCurve(String name, boolean requireFips) {
+            for (NamedEllipticCurve curve : NamedEllipticCurve.values()) {
+                if (curve.name.equals(name) && (!requireFips || curve.isFips)) {
+                    return curve;
+                }
+            }
+
+            return null;
+        }
+    }
 
     static {
-        int[] ids;
-        fips = SunJSSE.isFIPS();
-        if (fips == false) {
-            ids = new int[] {
-                // NIST curves first
-                // prefer NIST P-256, rest in order of increasing key length
-                23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
-                // non-NIST curves
-                15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
-            };
+        boolean requireFips = SunJSSE.isFIPS();
+
+        // hack code to initialize NamedEllipticCurve
+        NamedEllipticCurve nec =
+                NamedEllipticCurve.getCurve("secp256r1", false);
+
+        // The value of the System Property defines a list of enabled named
+        // curves in preference order, separated with comma.  For example:
+        //
+        //      jdk.tls.namedGroups="secp521r1, secp256r1, secp384r1"
+        //
+        // If the System Property is not defined or the value is empty, the
+        // default curves and preferences will be used.
+        String property = AccessController.doPrivileged(
+                    new GetPropertyAction("jdk.tls.namedGroups"));
+        if (property != null && property.length() != 0) {
+            // remove double quote marks from beginning/end of the property
+            if (property.length() > 1 && property.charAt(0) == '"' &&
+                    property.charAt(property.length() - 1) == '"') {
+                property = property.substring(1, property.length() - 1);
+            }
+        }
+
+        ArrayList<Integer> idList;
+        if (property != null && property.length() != 0) {   // customized curves
+            String[] curves = property.split(",");
+            idList = new ArrayList<>(curves.length);
+            for (String curve : curves) {
+                curve = curve.trim();
+                if (!curve.isEmpty()) {
+                    NamedEllipticCurve namedCurve =
+                            NamedEllipticCurve.getCurve(curve, requireFips);
+                    if (namedCurve != null) {
+                        if (isAvailableCurve(namedCurve.id)) {
+                            idList.add(namedCurve.id);
+                        }
+                    }   // ignore unknown curves
+                }
+            }
+        } else {        // default curves
+            int[] ids;
+            if (requireFips) {
+                ids = new int[] {
+                    // only NIST curves in FIPS mode
+                    23, 24, 25, 9, 10, 11, 12, 13, 14,
+                };
+            } else {
+                ids = new int[] {
+                    // NIST curves first
+                    23, 24, 25, 9, 10, 11, 12, 13, 14,
+                    // non-NIST curves
+                    22,
+                };
+            }
+
+            idList = new ArrayList<>(ids.length);
+            for (int curveId : ids) {
+                if (isAvailableCurve(curveId)) {
+                    idList.add(curveId);
+                }
+            }
+        }
+
+        if (idList.isEmpty()) {
+            throw new IllegalArgumentException(
+                "System property jdk.tls.namedGroups(" + property + ") " +
+                "contains no supported elliptic curves");
         } else {
-            ids = new int[] {
-                // same as above, but allow only NIST curves in FIPS mode
-                23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
-            };
+            supportedCurveIds = new int[idList.size()];
+            int i = 0;
+            for (Integer id : idList) {
+                supportedCurveIds[i++] = id;
+            }
         }
-        DEFAULT = new EllipticCurvesExtension(ids);
     }
 
-    private final int[] curveIds;
+    // check whether the curve is supported by the underlying providers
+    private static boolean isAvailableCurve(int curveId) {
+        String oid = idToOidMap.get(curveId);
+        if (oid != null) {
+            AlgorithmParameters params = null;
+            try {
+                params = JsseJce.getAlgorithmParameters("EC");
+                params.init(new ECGenParameterSpec(oid));
+            } catch (Exception e) {
+                return false;
+            }
+
+            // cache the parameters
+            idToParams.put(curveId, params);
+
+            return true;
+        }
+
+        return false;
+    }
 
     private EllipticCurvesExtension(int[] curveIds) {
         super(ExtensionType.EXT_ELLIPTIC_CURVES);
+
         this.curveIds = curveIds;
     }
 
     EllipticCurvesExtension(HandshakeInStream s, int len)
             throws IOException {
         super(ExtensionType.EXT_ELLIPTIC_CURVES);
+
         int k = s.getInt16();
         if (((len & 1) != 0) || (k + 2 != len)) {
             throw new SSLProtocolException("Invalid " + type + " extension");
         }
+
+        // Note: unknown curves will be ignored later.
         curveIds = new int[k >> 1];
         for (int i = 0; i < curveIds.length; i++) {
             curveIds[i] = s.getInt16();
         }
     }
 
+    // get the preferred active curve
+    static int getActiveCurves(AlgorithmConstraints constraints) {
+        return getPreferredCurve(supportedCurveIds, constraints);
+    }
+
+    static boolean hasActiveCurves(AlgorithmConstraints constraints) {
+        return getActiveCurves(constraints) >= 0;
+    }
+
+    static EllipticCurvesExtension createExtension(
+                AlgorithmConstraints constraints) {
+
+        ArrayList<Integer> idList = new ArrayList<>(supportedCurveIds.length);
+        for (int curveId : supportedCurveIds) {
+            if (constraints.permits(
+                    EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+                                "EC", idToParams.get(curveId))) {
+                idList.add(curveId);
+            }
+        }
+
+        if (!idList.isEmpty()) {
+            int[] ids = new int[idList.size()];
+            int i = 0;
+            for (Integer id : idList) {
+                ids[i++] = id;
+            }
+
+            return new EllipticCurvesExtension(ids);
+        }
+
+        return null;
+    }
+
+    // get the preferred activated curve
+    int getPreferredCurve(AlgorithmConstraints constraints) {
+        return getPreferredCurve(curveIds, constraints);
+    }
+
+    // get a preferred activated curve
+    private static int getPreferredCurve(int[] curves,
+                AlgorithmConstraints constraints) {
+        for (int curveId : curves) {
+            if (constraints.permits(
+                    EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+                                "EC", idToParams.get(curveId))) {
+                return curveId;
+            }
+        }
+
+        return -1;
+    }
+
     boolean contains(int index) {
         for (int curveId : curveIds) {
             if (index == curveId) {
@@ -88,12 +301,6 @@
         return false;
     }
 
-    // Return a reference to the internal curveIds array.
-    // The caller must NOT modify the contents.
-    int[] curveIds() {
-        return curveIds;
-    }
-
     @Override
     int length() {
         return 6 + (curveIds.length << 1);
@@ -122,17 +329,9 @@
                 sb.append(", ");
             }
             // first check if it is a known named curve, then try other cases.
-            String oid = getCurveOid(curveId);
-            if (oid != null) {
-                ECParameterSpec spec = JsseJce.getECParameterSpec(oid);
-                // this toString() output will look nice for the current
-                // implementation of the ECParameterSpec class in the Sun
-                // provider, but may not look good for other implementations.
-                if (spec != null) {
-                    sb.append(spec.toString().split(" ")[0]);
-                } else {
-                    sb.append(oid);
-                }
+            String curveName = getCurveName(curveId);
+            if (curveName != null) {
+                sb.append(curveName);
             } else if (curveId == ARBITRARY_PRIME) {
                 sb.append("arbitrary_explicit_prime_curves");
             } else if (curveId == ARBITRARY_CHAR2) {
@@ -145,16 +344,15 @@
         return sb.toString();
     }
 
-    // Test whether we support the curve with the given index.
+    // Test whether the given curve is supported.
     static boolean isSupported(int index) {
-        if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
-            return false;
+        for (int curveId : supportedCurveIds) {
+            if (index == curveId) {
+                return true;
+            }
         }
-        if (fips == false) {
-            // in non-FIPS mode, we support all valid indices
-            return true;
-        }
-        return DEFAULT.contains(index);
+
+        return false;
     }
 
     static int getCurveIndex(ECParameterSpec params) {
@@ -162,57 +360,32 @@
         if (oid == null) {
             return -1;
         }
-        Integer n = curveIndices.get(oid);
+        Integer n = oidToIdMap.get(oid);
         return (n == null) ? -1 : n;
     }
 
     static String getCurveOid(int index) {
-        if ((index > 0) && (index < NAMED_CURVE_OID_TABLE.length)) {
-            return NAMED_CURVE_OID_TABLE[index];
-        }
-        return null;
+        return idToOidMap.get(index);
     }
 
-    private static final int ARBITRARY_PRIME = 0xff01;
-    private static final int ARBITRARY_CHAR2 = 0xff02;
-
-    // See sun.security.util.NamedCurve for the OIDs
-    private static final String[] NAMED_CURVE_OID_TABLE = new String[] {
-        null,                   //  (0) unused
-        "1.3.132.0.1",          //  (1) sect163k1, NIST K-163
-        "1.3.132.0.2",          //  (2) sect163r1
-        "1.3.132.0.15",         //  (3) sect163r2, NIST B-163
-        "1.3.132.0.24",         //  (4) sect193r1
-        "1.3.132.0.25",         //  (5) sect193r2
-        "1.3.132.0.26",         //  (6) sect233k1, NIST K-233
-        "1.3.132.0.27",         //  (7) sect233r1, NIST B-233
-        "1.3.132.0.3",          //  (8) sect239k1
-        "1.3.132.0.16",         //  (9) sect283k1, NIST K-283
-        "1.3.132.0.17",         // (10) sect283r1, NIST B-283
-        "1.3.132.0.36",         // (11) sect409k1, NIST K-409
-        "1.3.132.0.37",         // (12) sect409r1, NIST B-409
-        "1.3.132.0.38",         // (13) sect571k1, NIST K-571
-        "1.3.132.0.39",         // (14) sect571r1, NIST B-571
-        "1.3.132.0.9",          // (15) secp160k1
-        "1.3.132.0.8",          // (16) secp160r1
-        "1.3.132.0.30",         // (17) secp160r2
-        "1.3.132.0.31",         // (18) secp192k1
-        "1.2.840.10045.3.1.1",  // (19) secp192r1, NIST P-192
-        "1.3.132.0.32",         // (20) secp224k1
-        "1.3.132.0.33",         // (21) secp224r1, NIST P-224
-        "1.3.132.0.10",         // (22) secp256k1
-        "1.2.840.10045.3.1.7",  // (23) secp256r1, NIST P-256
-        "1.3.132.0.34",         // (24) secp384r1, NIST P-384
-        "1.3.132.0.35",         // (25) secp521r1, NIST P-521
-    };
-
-    private static final Map<String,Integer> curveIndices;
-
-    static {
-        curveIndices = new HashMap<String,Integer>();
-        for (int i = 1; i < NAMED_CURVE_OID_TABLE.length; i++) {
-            curveIndices.put(NAMED_CURVE_OID_TABLE[i], i);
+    static ECGenParameterSpec getECGenParamSpec(int index) {
+        AlgorithmParameters params = idToParams.get(index);
+        try {
+            return params.getParameterSpec(ECGenParameterSpec.class);
+        } catch (InvalidParameterSpecException ipse) {
+            // should be unlikely
+            String curveOid = getCurveOid(index);
+            return new ECGenParameterSpec(curveOid);
         }
     }
 
+    private static String getCurveName(int index) {
+        for (NamedEllipticCurve namedCurve : NamedEllipticCurve.values()) {
+            if (namedCurve.id == index) {
+                return namedCurve.name;
+            }
+        }
+
+        return null;
+    }
 }
--- a/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java	Fri Jul 15 09:10:36 2016 -0700
@@ -313,11 +313,6 @@
             this.cookie = null;
         }
 
-        if (cipherSuites.containsEC()) {
-            extensions.add(EllipticCurvesExtension.DEFAULT);
-            extensions.add(EllipticPointFormatsExtension.DEFAULT);
-        }
-
         clnt_random = new RandomCookie(generator);
         compression_methods = NULL_COMPRESSION;
     }
--- a/src/java.base/share/classes/sun/security/ssl/Handshaker.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/Handshaker.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -660,13 +660,42 @@
             ArrayList<CipherSuite> suites = new ArrayList<>();
             if (!(activeProtocols.collection().isEmpty()) &&
                     activeProtocols.min.v != ProtocolVersion.NONE.v) {
+                boolean checkedCurves = false;
+                boolean hasCurves = false;
                 for (CipherSuite suite : enabledCipherSuites.collection()) {
                     if (!activeProtocols.min.obsoletes(suite) &&
                             activeProtocols.max.supports(suite)) {
                         if (algorithmConstraints.permits(
                                 EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                                 suite.name, null)) {
-                            suites.add(suite);
+
+                            boolean available = true;
+                            if (suite.keyExchange.isEC) {
+                                if (!checkedCurves) {
+                                    hasCurves = EllipticCurvesExtension
+                                        .hasActiveCurves(algorithmConstraints);
+                                    checkedCurves = true;
+
+                                    if (!hasCurves && debug != null &&
+                                                Debug.isOn("verbose")) {
+                                        System.out.println(
+                                            "No available elliptic curves");
+                                    }
+                                }
+
+                                available = hasCurves;
+
+                                if (!available && debug != null &&
+                                        Debug.isOn("verbose")) {
+                                    System.out.println(
+                                        "No active elliptic curves, ignore " +
+                                        suite);
+                                }
+                            }
+
+                            if (available) {
+                                suites.add(suite);
+                            }
                         }
                     } else if (debug != null && Debug.isOn("verbose")) {
                         if (activeProtocols.min.obsoletes(suite)) {
@@ -703,6 +732,8 @@
     ProtocolList getActiveProtocols() {
         if (activeProtocols == null) {
             boolean enabledSSL20Hello = false;
+            boolean checkedCurves = false;
+            boolean hasCurves = false;
             ArrayList<ProtocolVersion> protocols = new ArrayList<>(4);
             for (ProtocolVersion protocol : enabledProtocols.collection()) {
                 // Need not to check the SSL20Hello protocol.
@@ -729,9 +760,36 @@
                         if (algorithmConstraints.permits(
                                 EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                                 suite.name, null)) {
-                            protocols.add(protocol);
-                            found = true;
-                            break;
+
+                            boolean available = true;
+                            if (suite.keyExchange.isEC) {
+                                if (!checkedCurves) {
+                                    hasCurves = EllipticCurvesExtension
+                                        .hasActiveCurves(algorithmConstraints);
+                                    checkedCurves = true;
+
+                                    if (!hasCurves && debug != null &&
+                                                Debug.isOn("verbose")) {
+                                        System.out.println(
+                                            "No activated elliptic curves");
+                                    }
+                                }
+
+                                available = hasCurves;
+
+                                if (!available && debug != null &&
+                                        Debug.isOn("verbose")) {
+                                    System.out.println(
+                                        "No active elliptic curves, ignore " +
+                                        suite + " for " + protocol);
+                                }
+                            }
+
+                            if (available) {
+                                protocols.add(protocol);
+                                found = true;
+                                break;
+                            }
                         } else if (debug != null && Debug.isOn("verbose")) {
                             System.out.println(
                                 "Ignoring disabled cipher suite: " + suite +
--- a/src/java.base/share/classes/sun/security/ssl/JsseJce.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/JsseJce.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -275,6 +275,15 @@
         }
     }
 
+    static AlgorithmParameters getAlgorithmParameters(String algorithm)
+            throws NoSuchAlgorithmException {
+        if (cryptoProvider == null) {
+            return AlgorithmParameters.getInstance(algorithm);
+        } else {
+            return AlgorithmParameters.getInstance(algorithm, cryptoProvider);
+        }
+    }
+
     static SecureRandom getSecureRandom() throws KeyManagementException {
         if (cryptoProvider == null) {
             return new SecureRandom();
@@ -394,6 +403,7 @@
                 JsseJce.getKeyAgreement("ECDH");
                 JsseJce.getKeyFactory("EC");
                 JsseJce.getKeyPairGenerator("EC");
+                JsseJce.getAlgorithmParameters("EC");
             } catch (Exception e) {
                 mediator = false;
             }
--- a/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java	Fri Jul 15 09:10:36 2016 -0700
@@ -94,7 +94,8 @@
     // we remember it for the RSA premaster secret version check
     private ProtocolVersion clientRequestedVersion;
 
-    private EllipticCurvesExtension supportedCurves;
+    // client supported elliptic curves
+    private EllipticCurvesExtension requestedCurves;
 
     // the preferable signature algorithm used by ServerKeyExchange message
     SignatureAndHashAlgorithm preferableSignatureAlgorithm;
@@ -741,7 +742,7 @@
                 throw new SSLException("Client did not resume a session");
             }
 
-            supportedCurves = (EllipticCurvesExtension)
+            requestedCurves = (EllipticCurvesExtension)
                         mesg.extensions.get(ExtensionType.EXT_ELLIPTIC_CURVES);
 
             // We only need to handle the "signature_algorithm" extension
@@ -1572,26 +1573,15 @@
     // If we cannot continue because we do not support any of the curves that
     // the client requested, return false. Otherwise (all is well), return true.
     private boolean setupEphemeralECDHKeys() {
-        int index = -1;
-        if (supportedCurves != null) {
-            // if the client sent the supported curves extension, pick the
-            // first one that we support;
-            for (int curveId : supportedCurves.curveIds()) {
-                if (EllipticCurvesExtension.isSupported(curveId)) {
-                    index = curveId;
-                    break;
-                }
-            }
-            if (index < 0) {
-                // no match found, cannot use this ciphersuite
-                return false;
-            }
-        } else {
-            // pick our preference
-            index = EllipticCurvesExtension.DEFAULT.curveIds()[0];
+        int index = (requestedCurves != null) ?
+                requestedCurves.getPreferredCurve(algorithmConstraints) :
+                EllipticCurvesExtension.getActiveCurves(algorithmConstraints);
+        if (index < 0) {
+            // no match found, cannot use this ciphersuite
+            return false;
         }
-        String oid = EllipticCurvesExtension.getCurveOid(index);
-        ecdh = new ECDHCrypt(oid, sslContext.getSecureRandom());
+
+        ecdh = new ECDHCrypt(index, sslContext.getSecureRandom());
         return true;
     }
 
@@ -1633,18 +1623,16 @@
             return false;
         }
         // For ECC certs, check whether we support the EC domain parameters.
-        // If the client sent a EllipticCurves ClientHello extension,
+        // If the client sent a SupportedEllipticCurves ClientHello extension,
         // check against that too.
         if (keyAlgorithm.equals("EC")) {
             if (publicKey instanceof ECPublicKey == false) {
                 return false;
             }
             ECParameterSpec params = ((ECPublicKey)publicKey).getParams();
-            int index = EllipticCurvesExtension.getCurveIndex(params);
-            if (!EllipticCurvesExtension.isSupported(index)) {
-                return false;
-            }
-            if ((supportedCurves != null) && !supportedCurves.contains(index)) {
+            int id = EllipticCurvesExtension.getCurveIndex(params);
+            if ((id <= 0) || !EllipticCurvesExtension.isSupported(id) ||
+                ((requestedCurves != null) && !requestedCurves.contains(id))) {
                 return false;
             }
         }
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -237,6 +237,8 @@
             "sun.security.pkcs12.PKCS12KeyStore");
     }
 
+    // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9
+    @SuppressWarnings("deprecation")
     private void subclassCheck() {
         if (getClass() != com.sun.net.ssl.internal.ssl.Provider.class) {
             throw new AssertionError("Illegal subclass: " + getClass());
--- a/src/java.base/share/classes/sun/security/tools/KeyStoreUtil.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/tools/KeyStoreUtil.java	Fri Jul 15 09:10:36 2016 -0700
@@ -38,6 +38,8 @@
 
 import java.security.KeyStore;
 
+import java.security.Provider;
+import java.security.Security;
 import java.security.cert.X509Certificate;
 import java.text.Collator;
 
@@ -46,6 +48,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Properties;
+import java.util.ServiceLoader;
 
 import sun.security.util.PropertyExpander;
 
@@ -209,6 +212,7 @@
 
     /**
      * Prepends matched options from a pre-configured options file.
+     *
      * @param tool the name of the tool, can be "keytool" or "jarsigner"
      * @param file the pre-configured options file
      * @param c1 the name of the command, with the "-" prefix,
@@ -259,4 +263,68 @@
             return result.toArray(new String[result.size()]);
         }
     }
+
+    /**
+     * Loads a security provider as a service.
+     *
+     * @param provName the name
+     * @param arg optional arg
+     * @throws IllegalArgumentException if no provider matches the name
+     */
+    public static void loadProviderByName(String provName, String arg) {
+        Provider loaded = Security.getProvider(provName);
+        if (loaded != null) {
+            if (arg != null) {
+                loaded = loaded.configure(arg);
+                Security.addProvider(loaded);
+            }
+            return;
+        }
+        for (Provider p : ServiceLoader.load(Provider.class,
+                ClassLoader.getSystemClassLoader())) {
+            if (p.getName().equals(provName)) {
+                if (arg != null) {
+                    p = p.configure(arg);
+                }
+                Security.addProvider(p);
+                return;
+            }
+        }
+        throw new IllegalArgumentException("No provider found");
+    }
+
+    /**
+     * Loads a security provider by a fully-qualified class name.
+     *
+     * @param provClass the class name
+     * @param arg optional arg
+     * @param cl optional class loader
+     * @throws IllegalArgumentException if no provider matches the class name
+     * @throws ClassCastException if the class has not extended Provider
+     */
+    public static void loadProviderByClass(
+            String provClass, String arg, ClassLoader cl) {
+
+        // For compatibility, SunPKCS11 and OracleUcrypto can still be
+        // loadable with -providerClass.
+        if (provClass.equals("sun.security.pkcs11.SunPKCS11")) {
+            loadProviderByName("SunPKCS11", arg);
+            return;
+        } else if (provClass.equals("com.oracle.security.crypto.UcryptoProvider")) {
+            loadProviderByName("OracleUcrypto", arg);
+            return;
+        }
+
+        Provider prov;
+        try {
+            Class<?> clazz = Class.forName(provClass, false, cl);
+            prov = (Provider) clazz.getConstructor().newInstance();
+        } catch (ReflectiveOperationException e) {
+            throw new IllegalArgumentException(e);
+        }
+        if (arg != null) {
+            prov = prov.configure(arg);
+        }
+        Security.addProvider(prov);
+    }
 }
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Fri Jul 15 09:10:36 2016 -0700
@@ -33,13 +33,11 @@
 import java.security.Key;
 import java.security.PublicKey;
 import java.security.PrivateKey;
-import java.security.Security;
 import java.security.Signature;
 import java.security.Timestamp;
 import java.security.UnrecoverableEntryException;
 import java.security.UnrecoverableKeyException;
 import java.security.Principal;
-import java.security.Provider;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertStoreException;
@@ -128,6 +126,7 @@
     // them through the command line.
 
     private Set<Pair <String, String>> providers = null;
+    private Set<Pair <String, String>> providerClasses = null;
     private String storetype = null;
     private boolean hasStoretypeOption = false;
     private String srcProviderName = null;
@@ -166,57 +165,57 @@
     enum Command {
         CERTREQ("Generates.a.certificate.request",
             ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME,
-            STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
-            PROVIDERARG, PROVIDERPATH, V, PROTECTED),
+            STOREPASS, STORETYPE, PROVIDERNAME, ADDPROVIDER,
+            PROVIDERCLASS, PROVIDERPATH, V, PROTECTED),
         CHANGEALIAS("Changes.an.entry.s.alias",
             ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS,
-            STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
+            STORETYPE, PROVIDERNAME, ADDPROVIDER, PROVIDERCLASS,
             PROVIDERPATH, V, PROTECTED),
         DELETE("Deletes.an.entry",
             ALIAS, KEYSTORE, STOREPASS, STORETYPE,
-            PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
+            PROVIDERNAME, ADDPROVIDER, PROVIDERCLASS,
             PROVIDERPATH, V, PROTECTED),
         EXPORTCERT("Exports.certificate",
             RFC, ALIAS, FILEOUT, KEYSTORE, STOREPASS,
-            STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
+            STORETYPE, PROVIDERNAME, ADDPROVIDER, PROVIDERCLASS,
             PROVIDERPATH, V, PROTECTED),
         GENKEYPAIR("Generates.a.key.pair",
             ALIAS, KEYALG, KEYSIZE, SIGALG, DESTALIAS, DNAME,
             STARTDATE, EXT, VALIDITY, KEYPASS, KEYSTORE,
-            STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
-            PROVIDERARG, PROVIDERPATH, V, PROTECTED),
+            STOREPASS, STORETYPE, PROVIDERNAME, ADDPROVIDER,
+            PROVIDERCLASS, PROVIDERPATH, V, PROTECTED),
         GENSECKEY("Generates.a.secret.key",
             ALIAS, KEYPASS, KEYALG, KEYSIZE, KEYSTORE,
-            STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
-            PROVIDERARG, PROVIDERPATH, V, PROTECTED),
+            STOREPASS, STORETYPE, PROVIDERNAME, ADDPROVIDER,
+            PROVIDERCLASS, PROVIDERPATH, V, PROTECTED),
         GENCERT("Generates.certificate.from.a.certificate.request",
             RFC, INFILE, OUTFILE, ALIAS, SIGALG, DNAME,
             STARTDATE, EXT, VALIDITY, KEYPASS, KEYSTORE,
-            STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
-            PROVIDERARG, PROVIDERPATH, V, PROTECTED),
+            STOREPASS, STORETYPE, PROVIDERNAME, ADDPROVIDER,
+            PROVIDERCLASS, PROVIDERPATH, V, PROTECTED),
         IMPORTCERT("Imports.a.certificate.or.a.certificate.chain",
             NOPROMPT, TRUSTCACERTS, PROTECTED, ALIAS, FILEIN,
             KEYPASS, KEYSTORE, STOREPASS, STORETYPE,
-            PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
+            PROVIDERNAME, ADDPROVIDER, PROVIDERCLASS,
             PROVIDERPATH, V),
         IMPORTPASS("Imports.a.password",
             ALIAS, KEYPASS, KEYALG, KEYSIZE, KEYSTORE,
-            STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
-            PROVIDERARG, PROVIDERPATH, V, PROTECTED),
+            STOREPASS, STORETYPE, PROVIDERNAME, ADDPROVIDER,
+            PROVIDERCLASS, PROVIDERPATH, V, PROTECTED),
         IMPORTKEYSTORE("Imports.one.or.all.entries.from.another.keystore",
             SRCKEYSTORE, DESTKEYSTORE, SRCSTORETYPE,
             DESTSTORETYPE, SRCSTOREPASS, DESTSTOREPASS,
             SRCPROTECTED, DESTPROTECTED, SRCPROVIDERNAME, DESTPROVIDERNAME,
             SRCALIAS, DESTALIAS, SRCKEYPASS, DESTKEYPASS,
-            NOPROMPT, PROVIDERCLASS, PROVIDERARG, PROVIDERPATH,
+            NOPROMPT, ADDPROVIDER, PROVIDERCLASS, PROVIDERPATH,
             V),
         KEYPASSWD("Changes.the.key.password.of.an.entry",
             ALIAS, KEYPASS, NEW, KEYSTORE, STOREPASS,
-            STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
+            STORETYPE, PROVIDERNAME, ADDPROVIDER, PROVIDERCLASS,
             PROVIDERPATH, V),
         LIST("Lists.entries.in.a.keystore",
             RFC, ALIAS, KEYSTORE, STOREPASS, STORETYPE,
-            PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
+            PROVIDERNAME, ADDPROVIDER, PROVIDERCLASS,
             PROVIDERPATH, V, PROTECTED),
         PRINTCERT("Prints.the.content.of.a.certificate",
             RFC, FILEIN, SSLSERVER, JARFILE, V),
@@ -226,26 +225,26 @@
             FILEIN, V),
         STOREPASSWD("Changes.the.store.password.of.a.keystore",
             NEW, KEYSTORE, STOREPASS, STORETYPE, PROVIDERNAME,
-            PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V),
+            ADDPROVIDER, PROVIDERCLASS, PROVIDERPATH, V),
 
         // Undocumented start here, KEYCLONE is used a marker in -help;
 
         KEYCLONE("Clones.a.key.entry",
             ALIAS, DESTALIAS, KEYPASS, NEW, STORETYPE,
-            KEYSTORE, STOREPASS, PROVIDERNAME, PROVIDERCLASS,
-            PROVIDERARG, PROVIDERPATH, V),
+            KEYSTORE, STOREPASS, PROVIDERNAME, ADDPROVIDER,
+            PROVIDERCLASS, PROVIDERPATH, V),
         SELFCERT("Generates.a.self.signed.certificate",
             ALIAS, SIGALG, DNAME, STARTDATE, VALIDITY, KEYPASS,
             STORETYPE, KEYSTORE, STOREPASS, PROVIDERNAME,
-            PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V),
+            ADDPROVIDER, PROVIDERCLASS, PROVIDERPATH, V),
         GENCRL("Generates.CRL",
             RFC, FILEOUT, ID,
             ALIAS, SIGALG, EXT, KEYPASS, KEYSTORE,
-            STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
-            PROVIDERARG, PROVIDERPATH, V, PROTECTED),
+            STOREPASS, STORETYPE, PROVIDERNAME, ADDPROVIDER,
+            PROVIDERCLASS, PROVIDERPATH, V, PROTECTED),
         IDENTITYDB("Imports.entries.from.a.JDK.1.1.x.style.identity.database",
             FILEIN, STORETYPE, KEYSTORE, STOREPASS, PROVIDERNAME,
-            PROVIDERCLASS, PROVIDERARG, PROVIDERPATH, V);
+            ADDPROVIDER, PROVIDERCLASS, PROVIDERPATH, V);
 
         final String description;
         final Option[] options;
@@ -289,48 +288,48 @@
 
     enum Option {
         ALIAS("alias", "<alias>", "alias.name.of.the.entry.to.process"),
-        DESTALIAS("destalias", "<destalias>", "destination.alias"),
+        DESTALIAS("destalias", "<alias>", "destination.alias"),
         DESTKEYPASS("destkeypass", "<arg>", "destination.key.password"),
-        DESTKEYSTORE("destkeystore", "<destkeystore>", "destination.keystore.name"),
+        DESTKEYSTORE("destkeystore", "<keystore>", "destination.keystore.name"),
         DESTPROTECTED("destprotected", null, "destination.keystore.password.protected"),
-        DESTPROVIDERNAME("destprovidername", "<destprovidername>", "destination.keystore.provider.name"),
+        DESTPROVIDERNAME("destprovidername", "<name>", "destination.keystore.provider.name"),
         DESTSTOREPASS("deststorepass", "<arg>", "destination.keystore.password"),
-        DESTSTORETYPE("deststoretype", "<deststoretype>", "destination.keystore.type"),
-        DNAME("dname", "<dname>", "distinguished.name"),
+        DESTSTORETYPE("deststoretype", "<type>", "destination.keystore.type"),
+        DNAME("dname", "<name>", "distinguished.name"),
         EXT("ext", "<value>", "X.509.extension"),
-        FILEOUT("file", "<filename>", "output.file.name"),
-        FILEIN("file", "<filename>", "input.file.name"),
+        FILEOUT("file", "<file>", "output.file.name"),
+        FILEIN("file", "<file>", "input.file.name"),
         ID("id", "<id:reason>", "Serial.ID.of.cert.to.revoke"),
-        INFILE("infile", "<filename>", "input.file.name"),
-        KEYALG("keyalg", "<keyalg>", "key.algorithm.name"),
+        INFILE("infile", "<file>", "input.file.name"),
+        KEYALG("keyalg", "<alg>", "key.algorithm.name"),
         KEYPASS("keypass", "<arg>", "key.password"),
-        KEYSIZE("keysize", "<keysize>", "key.bit.size"),
+        KEYSIZE("keysize", "<size>", "key.bit.size"),
         KEYSTORE("keystore", "<keystore>", "keystore.name"),
         NEW("new", "<arg>", "new.password"),
         NOPROMPT("noprompt", null, "do.not.prompt"),
-        OUTFILE("outfile", "<filename>", "output.file.name"),
+        OUTFILE("outfile", "<file>", "output.file.name"),
         PROTECTED("protected", null, "password.through.protected.mechanism"),
-        PROVIDERARG("providerarg", "<arg>", "provider.argument"),
-        PROVIDERCLASS("providerclass", "<providerclass>", "provider.class.name"),
-        PROVIDERNAME("providername", "<providername>", "provider.name"),
-        PROVIDERPATH("providerpath", "<pathlist>", "provider.classpath"),
+        PROVIDERCLASS("providerclass", "<class>\n[-providerarg <arg>]", "provider.class.option"),
+        ADDPROVIDER("addprovider", "<name>\n[-providerarg <arg>]", "addprovider.option"),
+        PROVIDERNAME("providername", "<name>", "provider.name"),
+        PROVIDERPATH("providerpath", "<list>", "provider.classpath"),
         RFC("rfc", null, "output.in.RFC.style"),
-        SIGALG("sigalg", "<sigalg>", "signature.algorithm.name"),
-        SRCALIAS("srcalias", "<srcalias>", "source.alias"),
+        SIGALG("sigalg", "<alg>", "signature.algorithm.name"),
+        SRCALIAS("srcalias", "<alias>", "source.alias"),
         SRCKEYPASS("srckeypass", "<arg>", "source.key.password"),
-        SRCKEYSTORE("srckeystore", "<srckeystore>", "source.keystore.name"),
+        SRCKEYSTORE("srckeystore", "<keystore>", "source.keystore.name"),
         SRCPROTECTED("srcprotected", null, "source.keystore.password.protected"),
-        SRCPROVIDERNAME("srcprovidername", "<srcprovidername>", "source.keystore.provider.name"),
+        SRCPROVIDERNAME("srcprovidername", "<name>", "source.keystore.provider.name"),
         SRCSTOREPASS("srcstorepass", "<arg>", "source.keystore.password"),
-        SRCSTORETYPE("srcstoretype", "<srcstoretype>", "source.keystore.type"),
+        SRCSTORETYPE("srcstoretype", "<type>", "source.keystore.type"),
         SSLSERVER("sslserver", "<server[:port]>", "SSL.server.host.and.port"),
-        JARFILE("jarfile", "<filename>", "signed.jar.file"),
-        STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"),
+        JARFILE("jarfile", "<file>", "signed.jar.file"),
+        STARTDATE("startdate", "<date>", "certificate.validity.start.date.time"),
         STOREPASS("storepass", "<arg>", "keystore.password"),
-        STORETYPE("storetype", "<storetype>", "keystore.type"),
+        STORETYPE("storetype", "<type>", "keystore.type"),
         TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"),
         V("v", null, "verbose.output"),
-        VALIDITY("validity", "<valDays>", "validity.number.of.days");
+        VALIDITY("validity", "<days>", "validity.number.of.days");
 
         final String name, arg, description;
         Option(String name, String arg, String description) {
@@ -344,8 +343,6 @@
         }
     };
 
-    private static final Class<?>[] PARAM_STRING = { String.class };
-
     private static final String NONE = "NONE";
     private static final String P11KEYSTORE = "PKCS11";
     private static final String P12KEYSTORE = "PKCS12";
@@ -549,12 +546,29 @@
                 jarfile = args[++i];
             } else if (collator.compare(flags, "-srckeystore") == 0) {
                 srcksfname = args[++i];
-            } else if ((collator.compare(flags, "-provider") == 0) ||
-                        (collator.compare(flags, "-providerclass") == 0)) {
+            } else if (collator.compare(flags, "-provider") == 0 ||
+                        collator.compare(flags, "-providerclass") == 0) {
+                if (providerClasses == null) {
+                    providerClasses = new HashSet<Pair <String, String>> (3);
+                }
+                String providerClass = args[++i];
+                String providerArg = null;
+
+                if (args.length > (i+1)) {
+                    flags = args[i+1];
+                    if (collator.compare(flags, "-providerarg") == 0) {
+                        if (args.length == (i+2)) errorNeedArgument(flags);
+                        providerArg = args[i+2];
+                        i += 2;
+                    }
+                }
+                providerClasses.add(
+                        Pair.of(providerClass, providerArg));
+            } else if (collator.compare(flags, "-addprovider") == 0) {
                 if (providers == null) {
                     providers = new HashSet<Pair <String, String>> (3);
                 }
-                String providerClass = args[++i];
+                String provider = args[++i];
                 String providerArg = null;
 
                 if (args.length > (i+1)) {
@@ -566,7 +580,7 @@
                     }
                 }
                 providers.add(
-                        Pair.of(providerClass, providerArg));
+                        Pair.of(provider, providerArg));
             }
 
             /*
@@ -617,7 +631,6 @@
         return cmd != PRINTCERT && cmd != PRINTCERTREQ;
     }
 
-
     /**
      * Execute the commands.
      */
@@ -703,6 +716,20 @@
 
         // Try to load and install specified provider
         if (providers != null) {
+            for (Pair<String, String> provider : providers) {
+                try {
+                    KeyStoreUtil.loadProviderByName(
+                            provider.fst, provider.snd);
+                    if (debug) {
+                        System.out.println("loadProviderByName: " + provider.fst);
+                    }
+                } catch (IllegalArgumentException e) {
+                    throw new Exception(String.format(rb.getString(
+                            "provider.name.not.found"), provider.fst));
+                }
+            }
+        }
+        if (providerClasses != null) {
             ClassLoader cl = null;
             if (pathlist != null) {
                 String path = null;
@@ -717,30 +744,20 @@
             } else {
                 cl = ClassLoader.getSystemClassLoader();
             }
-
-            for (Pair <String, String> provider: providers) {
-                String provName = provider.fst;
-                Class<?> provClass;
-                if (cl != null) {
-                    provClass = cl.loadClass(provName);
-                } else {
-                    provClass = Class.forName(provName);
+            for (Pair<String, String> provider : providerClasses) {
+                try {
+                    KeyStoreUtil.loadProviderByClass(
+                            provider.fst, provider.snd, cl);
+                    if (debug) {
+                        System.out.println("loadProviderByClass: " + provider.fst);
+                    }
+                } catch (ClassCastException cce) {
+                    throw new Exception(String.format(rb.getString(
+                            "provclass.not.a.provider"), provider.fst));
+                } catch (IllegalArgumentException e) {
+                    throw new Exception(String.format(rb.getString(
+                            "provider.class.not.found"), provider.fst), e.getCause());
                 }
-
-                @SuppressWarnings("deprecation")
-                Object obj = provClass.newInstance();
-                if (!(obj instanceof Provider)) {
-                    MessageFormat form = new MessageFormat
-                        (rb.getString("provName.not.a.provider"));
-                    Object[] source = {provName};
-                    throw new Exception(form.format(source));
-                }
-                Provider p = (Provider) obj;
-                String provArg = provider.snd;
-                if (provArg != null) {
-                    p = p.configure(provArg);
-                }
-                Security.addProvider(p);
             }
         }
 
@@ -4132,27 +4149,40 @@
             System.err.println(rb.getString("Options."));
             System.err.println();
 
-            // Left and right sides of the options list
+            // Left and right sides of the options list. Both might
+            // contain "\n" and span multiple lines
             String[] left = new String[command.options.length];
             String[] right = new String[command.options.length];
 
-            // Check if there's an unknown option
-            boolean found = false;
-
             // Length of left side of options list
             int lenLeft = 0;
-            for (int j=0; j<left.length; j++) {
+
+            for (int j = 0; j < command.options.length; j++) {
                 Option opt = command.options[j];
                 left[j] = opt.toString();
-                if (opt.arg != null) left[j] += " " + opt.arg;
-                if (left[j].length() > lenLeft) {
-                    lenLeft = left[j].length();
+                if (opt.arg != null) {
+                    left[j] += " " + opt.arg;
+                }
+                String[] lefts = left[j].split("\n");
+                for (String s : lefts) {
+                    if (s.length() > lenLeft) {
+                        lenLeft = s.length();
+                    }
                 }
                 right[j] = rb.getString(opt.description);
             }
-            for (int j=0; j<left.length; j++) {
-                System.err.printf(" %-" + lenLeft + "s  %s\n",
-                        left[j], right[j]);
+            for (int j = 0; j < left.length; j++) {
+                String[] lefts = left[j].split("\n");
+                String[] rights = right[j].split("\n");
+                for (int i = 0; i < lefts.length && i < rights.length; i++) {
+                    String s1 = i < lefts.length ? lefts[i] : "";
+                    String s2 = i < rights.length ? rights[i] : "";
+                    if (i == 0) {
+                        System.err.printf(" %-" + lenLeft + "s  %s\n", s1, s2);
+                    } else {
+                        System.err.printf("   %-" + lenLeft + "s  %s\n", s1, s2);
+                    }
+                }
             }
             System.err.println();
             System.err.println(rb.getString(
--- a/src/java.base/share/classes/sun/security/tools/keytool/Resources.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Resources.java	Fri Jul 15 09:10:36 2016 -0700
@@ -133,10 +133,16 @@
                 "do not prompt"}, //-noprompt
         {"password.through.protected.mechanism",
                 "password through protected mechanism"}, //-protected
-        {"provider.argument",
-                "provider argument"}, //-providerarg
-        {"provider.class.name",
-                "provider class name"}, //-providerclass
+
+        // The following 2 values should span 2 lines, the first for the
+        // option itself, the second for its -providerArg value.
+        {"addprovider.option",
+                "add security provider by name (e.g. SunPKCS11)\n" +
+                        "configure argument for -addprovider"}, //-addprovider
+        {"provider.class.option",
+                "add security provider by fully-qualified class name\n" +
+                        "configure argument for -providerclass"}, //-providerclass
+
         {"provider.name",
                 "provider name"}, //-providername
         {"provider.classpath",
@@ -209,7 +215,9 @@
         {"Illegal.startdate.value", "Illegal startdate value"},
         {"Validity.must.be.greater.than.zero",
                 "Validity must be greater than zero"},
-        {"provName.not.a.provider", "{0} not a provider"},
+        {"provclass.not.a.provider", "%s not a provider"},
+        {"provider.name.not.found", "Provider named \"%s\" not found"},
+        {"provider.class.not.found", "Provider \"%s\" not found"},
         {"Usage.error.no.command.provided", "Usage error: no command provided"},
         {"Source.keystore.file.exists.but.is.empty.", "Source keystore file exists, but is empty: "},
         {"Please.specify.srckeystore", "Please specify -srckeystore"},
--- a/src/java.base/share/classes/sun/text/resources/JavaTimeSupplementary.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/classes/sun/text/resources/JavaTimeSupplementary.java	Fri Jul 15 09:10:36 2016 -0700
@@ -343,6 +343,10 @@
                 sharedShortEras },
             { "roc.short.Eras",
                 sharedShortEras },
+            { "timezone.gmtFormat",
+                "GMT{0}" },
+            { "timezone.hourFormat",
+                "+HH:mm;-HH:mm" },
         };
     }
 }
--- a/src/java.base/share/conf/security/java.policy	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/conf/security/java.policy	Fri Jul 15 09:10:36 2016 -0700
@@ -30,7 +30,8 @@
         permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
         permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
         permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
-        permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read";
+        // Needed for reading Ucrypto config file
+        permission java.io.FilePermission "<<ALL FILES>>", "read";
 };
 
 grant codeBase "jrt:/java.sql" {
--- a/src/java.base/share/conf/security/java.security	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/conf/security/java.security	Fri Jul 15 09:10:36 2016 -0700
@@ -653,7 +653,7 @@
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-    DSA keySize < 1024
+    DSA keySize < 1024, EC keySize < 224
 
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
 # (SSL/TLS/DTLS) processing
@@ -681,7 +681,8 @@
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024
+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
+    EC keySize < 224
 
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
--- a/src/java.base/share/native/libjli/args.c	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/share/native/libjli/args.c	Fri Jul 15 09:10:36 2016 -0700
@@ -130,7 +130,7 @@
         expectingNoDashArg = JNI_FALSE;
     }
     // only update on java mode and not yet found main class
-    if (firstAppArgIndex == -1 && idx != 0) {
+    if (firstAppArgIndex == NOT_FOUND && idx != 0) {
         firstAppArgIndex = (int) idx;
     }
 }
--- a/src/java.base/windows/native/libjli/java_md.c	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.base/windows/native/libjli/java_md.c	Fri Jul 15 09:10:36 2016 -0700
@@ -943,26 +943,6 @@
     return JNI_FALSE;
 }
 
-int
-filterArgs(StdArg *stdargs, const int nargc, StdArg **pargv) {
-    StdArg* argv = NULL;
-    int nargs = 0;
-    int i;
-
-    /* Copy the non-vm args */
-    for (i = 0; i < nargc ; i++) {
-        const char *arg = stdargs[i].arg;
-        if (arg[0] == '-' && arg[1] == 'J')
-            continue;
-        argv = (StdArg*) JLI_MemRealloc(argv, (nargs+1) * sizeof(StdArg));
-        argv[nargs].arg = JLI_StringDup(arg);
-        argv[nargs].has_wildcard = stdargs[i].has_wildcard;
-        nargs++;
-    }
-    *pargv = argv;
-    return nargs;
-}
-
 /*
  * At this point we have the arguments to the application, and we need to
  * check with original stdargs in order to compare which of these truly
@@ -975,12 +955,13 @@
     int i, j, idx;
     size_t tlen;
     jobjectArray outArray, inArray;
-    char *ostart, *astart, **nargv;
+    char *arg, **nargv;
     jboolean needs_expansion = JNI_FALSE;
     jmethodID mid;
-    int filteredargc, stdargc;
+    int stdargc;
     StdArg *stdargs;
-    StdArg *filteredargs;
+    int *appArgIdx;
+    int isTool;
     jclass cls = GetLauncherHelperClass(env);
     NULL_CHECK0(cls);
 
@@ -991,8 +972,6 @@
     stdargs = JLI_GetStdArgs();
     stdargc = JLI_GetStdArgc();
 
-    filteredargc = filterArgs(stdargs, stdargc, &filteredargs);
-
     // sanity check, this should never happen
     if (argc > stdargc) {
         JLI_TraceLauncher("Warning: app args is larger than the original, %d %d\n", argc, stdargc);
@@ -1001,22 +980,35 @@
     }
 
     // sanity check, match the args we have, to the holy grail
-    idx = filteredargc - argc;
-    ostart = filteredargs[idx].arg;
-    astart = strv[0];
-    // sanity check, ensure that the first argument of the arrays are the same
-    if (JLI_StrCmp(ostart, astart) != 0) {
-        // some thing is amiss the args don't match
-        JLI_TraceLauncher("Warning: app args parsing error\n");
-        JLI_TraceLauncher("passing arguments as-is\n");
+    idx = JLI_GetAppArgIndex();
+    isTool = (idx == 0);
+    if (isTool) { idx++; } // skip tool name
+    JLI_TraceLauncher("AppArgIndex: %d points to %s\n", idx, stdargs[idx].arg);
+
+    appArgIdx = calloc(argc, sizeof(int));
+    for (i = idx, j = 0; i < stdargc; i++) {
+        if (isTool) { // filter -J used by tools to pass JVM options
+            arg = stdargs[i].arg;
+            if (arg[0] == '-' && arg[1] == 'J') {
+                continue;
+            }
+        }
+        appArgIdx[j++] = i;
+    }
+    // sanity check, ensure same number of arguments for application
+    if (j != argc) {
+        JLI_TraceLauncher("Warning: app args count doesn't match, %d %d\n", j, argc);
+        JLI_TraceLauncher("passing arguments as-is.\n");
+        JLI_MemFree(appArgIdx);
         return NewPlatformStringArray(env, strv, argc);
     }
 
     // make a copy of the args which will be expanded in java if required.
     nargv = (char **)JLI_MemAlloc(argc * sizeof(char*));
-    for (i = 0, j = idx; i < argc; i++, j++) {
-        jboolean arg_expand = (JLI_StrCmp(filteredargs[j].arg, strv[i]) == 0)
-                                ? filteredargs[j].has_wildcard
+    for (i = 0; i < argc; i++) {
+        j = appArgIdx[i];
+        jboolean arg_expand = (JLI_StrCmp(stdargs[j].arg, strv[i]) == 0)
+                                ? stdargs[j].has_wildcard
                                 : JNI_FALSE;
         if (needs_expansion == JNI_FALSE)
             needs_expansion = arg_expand;
@@ -1039,6 +1031,7 @@
             JLI_MemFree(nargv[i]);
         }
         JLI_MemFree(nargv);
+        JLI_MemFree(appArgIdx);
         return NewPlatformStringArray(env, strv, argc);
     }
     NULL_CHECK0(mid = (*env)->GetStaticMethodID(env, cls,
@@ -1053,6 +1046,6 @@
         JLI_MemFree(nargv[i]);
     }
     JLI_MemFree(nargv);
-    JLI_MemFree(filteredargs);
+    JLI_MemFree(appArgIdx);
     return outArray;
 }
--- a/src/java.httpclient/share/classes/java/net/http/AsyncSSLDelegate.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.httpclient/share/classes/java/net/http/AsyncSSLDelegate.java	Fri Jul 15 09:10:36 2016 -0700
@@ -81,7 +81,7 @@
  * the channel to be closed, and the error is reported to the user's
  * Consumer<Throwable>
  */
-public class AsyncSSLDelegate implements Closeable, AsyncConnection {
+class AsyncSSLDelegate implements Closeable, AsyncConnection {
 
     // outgoing buffers put in this queue first and may remain here
     // while SSL handshaking happening.
--- a/src/java.logging/share/classes/java/util/logging/LogManager.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.logging/share/classes/java/util/logging/LogManager.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -387,11 +387,15 @@
                         assert rootLogger == null;
                         assert initializedCalled && !initializationDone;
 
+                        // create root logger before reading primordial
+                        // configuration - to ensure that it will be added
+                        // before the global logger, and not after.
+                        owner.rootLogger = owner.new RootLogger();
+
                         // Read configuration.
                         owner.readPrimordialConfiguration();
 
                         // Create and retain Logger for the root of the namespace.
-                        owner.rootLogger = owner.new RootLogger();
                         owner.addLogger(owner.rootLogger);
                         if (!owner.rootLogger.isLevelInitialized()) {
                             owner.rootLogger.setLevel(defaultLevel);
@@ -516,7 +520,7 @@
         if (result == null) {
             // only allocate the new logger once
             Logger newLogger = new Logger(name, resourceBundleName,
-                    module == null ? null : module, this, false);
+                                          module, this, false);
             do {
                 if (addLogger(newLogger)) {
                     // We successfully added the new Logger that we
@@ -569,15 +573,13 @@
         } while (logger == null);
 
         // LogManager will set the sysLogger's handlers via LogManager.addLogger method.
-        if (logger != sysLogger && sysLogger.accessCheckedHandlers().length == 0) {
-            // if logger already exists but handlers not set
+        if (logger != sysLogger) {
+            // if logger already exists we merge the two logger configurations.
             final Logger l = logger;
             AccessController.doPrivileged(new PrivilegedAction<Void>() {
                 @Override
                 public Void run() {
-                    for (Handler hdl : l.accessCheckedHandlers()) {
-                        sysLogger.addHandler(hdl);
-                    }
+                    l.mergeWithSystemLogger(sysLogger);
                     return null;
                 }
             });
--- a/src/java.logging/share/classes/java/util/logging/Logger.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.logging/share/classes/java/util/logging/Logger.java	Fri Jul 15 09:10:36 2016 -0700
@@ -259,13 +259,185 @@
     private static final RuntimePermission GET_CLASS_LOADER_PERMISSION =
             new RuntimePermission("getClassLoader");
 
+    // A value class that holds the logger configuration data.
+    // This configuration can be shared between an application logger
+    // and a system logger of the same name.
+    private static final class ConfigurationData {
+
+        // The delegate field is used to avoid races while
+        // merging configuration. This will ensure that any pending
+        // configuration action on an application logger will either
+        // be finished before the merge happens, or will be forwarded
+        // to the system logger configuration after the merge is completed.
+        // By default delegate=this.
+        private volatile ConfigurationData delegate;
+
+        volatile boolean useParentHandlers;
+        volatile Filter filter;
+        volatile Level levelObject;
+        volatile int levelValue;  // current effective level value
+        final CopyOnWriteArrayList<Handler> handlers =
+            new CopyOnWriteArrayList<>();
+
+        ConfigurationData() {
+            delegate = this;
+            useParentHandlers = true;
+            levelValue = Level.INFO.intValue();
+        }
+
+        void setUseParentHandlers(boolean flag) {
+            useParentHandlers = flag;
+            if (delegate != this) {
+                // merge in progress - propagate value to system peer.
+                final ConfigurationData system = delegate;
+                synchronized (system) {
+                    system.useParentHandlers = useParentHandlers;
+                }
+            }
+        }
+
+        void setFilter(Filter f) {
+            filter = f;
+            if (delegate != this) {
+                // merge in progress - propagate value to system peer.
+                final ConfigurationData system = delegate;
+                synchronized (system) {
+                    system.filter = filter;
+                }
+            }
+        }
+
+        void setLevelObject(Level l) {
+            levelObject = l;
+            if (delegate != this) {
+                // merge in progress - propagate value to system peer.
+                final ConfigurationData system = delegate;
+                synchronized (system) {
+                    system.levelObject = levelObject;
+                }
+            }
+        }
+
+        void setLevelValue(int v) {
+            levelValue = v;
+            if (delegate != this) {
+                // merge in progress - propagate value to system peer.
+                final ConfigurationData system = delegate;
+                synchronized (system) {
+                    system.levelValue = levelValue;
+                }
+            }
+        }
+
+        void addHandler(Handler h) {
+            if (handlers.add(h)) {
+                if (delegate != this) {
+                    // merge in progress - propagate value to system peer.
+                    final ConfigurationData system = delegate;
+                    synchronized (system) {
+                        system.handlers.addIfAbsent(h);
+                    }
+                }
+            }
+        }
+
+        void removeHandler(Handler h) {
+            if (handlers.remove(h)) {
+                if (delegate != this) {
+                    // merge in progress - propagate value to system peer.
+                    final ConfigurationData system = delegate;
+                    synchronized (system) {
+                        system.handlers.remove(h);
+                    }
+                }
+            }
+        }
+
+        ConfigurationData merge(Logger systemPeer) {
+            if (!systemPeer.isSystemLogger) {
+                // should never come here
+                throw new InternalError("not a system logger");
+            }
+
+            ConfigurationData system = systemPeer.config;
+
+            if (system == this) {
+                // nothing to do
+                return system;
+            }
+
+            synchronized (system) {
+                // synchronize before checking on delegate to counter
+                // race conditions where two threads might attempt to
+                // merge concurrently
+                if (delegate == system) {
+                    // merge already performed;
+                    return system;
+                }
+
+                // publish system as the temporary delegate configuration.
+                // This should take care of potential race conditions where
+                // an other thread might attempt to call e.g. setlevel on
+                // the application logger while merge is in progress.
+                // (see implementation of ConfigurationData::setLevel)
+                delegate = system;
+
+                // merge this config object data into the system config
+                system.useParentHandlers = useParentHandlers;
+                system.filter = filter;
+                system.levelObject = levelObject;
+                system.levelValue = levelValue;
+
+                // Prevent race condition in case two threads attempt to merge
+                // configuration and add handlers at the same time. We don't want
+                // to add the same handlers twice.
+                //
+                // Handlers are created and loaded by LogManager.addLogger. If we
+                // reach here, then it means that the application logger has
+                // been created first and added with LogManager.addLogger, and the
+                // system logger was created after - and no handler has been added
+                // to it by LogManager.addLogger. Therefore, system.handlers
+                // should be empty.
+                //
+                // A non empty cfg.handlers list indicates a race condition
+                // where two threads might attempt to merge the configuration
+                // or add handlers concurrently. Though of no consequence for
+                // the other data (level etc...) this would be an issue if we
+                // added the same handlers twice.
+                //
+                for (Handler h : handlers) {
+                    if (!system.handlers.contains(h)) {
+                        systemPeer.addHandler(h);
+                    }
+                }
+                system.handlers.retainAll(handlers);
+                system.handlers.addAllAbsent(handlers);
+            }
+
+            // sanity: update effective level after merging
+            synchronized(treeLock) {
+                systemPeer.updateEffectiveLevel();
+            }
+
+            return system;
+        }
+
+    }
+
+    // The logger configuration data. Ideally, this should be final
+    // for system loggers, and replace-once for application loggers.
+    // When an application requests a logger by name, we do not know a-priori
+    // whether that corresponds to a system logger name or not.
+    // So if no system logger by that name already exists, we simply return an
+    // application logger.
+    // If a system class later requests a system logger of the same name, then
+    // the application logger and system logger configurations will be merged
+    // in a single instance of ConfigurationData that both loggers will share.
+    private volatile ConfigurationData config;
+
     private volatile LogManager manager;
     private String name;
-    private final CopyOnWriteArrayList<Handler> handlers =
-        new CopyOnWriteArrayList<>();
     private volatile LoggerBundle loggerBundle = NO_RESOURCE_BUNDLE;
-    private volatile boolean useParentHandlers = true;
-    private volatile Filter filter;
     private boolean anonymous;
 
     // Cache to speed up behavior of findResourceBundle:
@@ -280,8 +452,6 @@
     // references from children to parents.
     private volatile Logger parent;    // our nearest parent.
     private ArrayList<LogManager.LoggerWeakRef> kids;   // WeakReferences to loggers that have us as parent
-    private volatile Level levelObject;
-    private volatile int levelValue;  // current effective level value
     private WeakReference<Module> callerModuleRef;
     private final boolean isSystemLogger;
 
@@ -384,9 +554,29 @@
            LogManager manager, boolean isSystemLogger) {
         this.manager = manager;
         this.isSystemLogger = isSystemLogger;
+        this.config = new ConfigurationData();
+        this.name = name;
         setupResourceInfo(resourceBundleName, caller);
-        this.name = name;
-        levelValue = Level.INFO.intValue();
+    }
+
+    // Called by LogManager when a system logger is created
+    // after a user logger of the same name.
+    // Ensure that both loggers will share the same
+    // configuration.
+    final void mergeWithSystemLogger(Logger system) {
+        // sanity checks
+        if (!system.isSystemLogger
+                || anonymous
+                || name == null
+                || !name.equals(system.name)) {
+            // should never come here
+            throw new InternalError("invalid logger merge");
+        }
+        checkPermission();
+        final ConfigurationData cfg = config;
+        if (cfg != system.config) {
+            config = cfg.merge(system);
+        }
     }
 
     private void setCallerModuleRef(Module callerModule) {
@@ -408,7 +598,7 @@
         // The manager field is not initialized here.
         this.name = name;
         this.isSystemLogger = true;
-        levelValue = Level.INFO.intValue();
+        config = new ConfigurationData();
     }
 
     // It is called from LoggerContext.addLocalLogger() when the logger
@@ -451,7 +641,7 @@
     private static Logger demandLogger(String name, String resourceBundleName, Class<?> caller) {
         LogManager manager = LogManager.getLogManager();
         if (!SystemLoggerHelper.disableCallerCheck) {
-            if (caller.getClassLoader() == null) {
+            if (isSystem(caller.getModule())) {
                 return manager.demandSystemLogger(name, resourceBundleName, caller);
             }
         }
@@ -740,7 +930,7 @@
      */
     public void setFilter(Filter newFilter) throws SecurityException {
         checkPermission();
-        filter = newFilter;
+        config.setFilter(newFilter);
     }
 
     /**
@@ -749,7 +939,7 @@
      * @return  a filter object (may be null)
      */
     public Filter getFilter() {
-        return filter;
+        return config.filter;
     }
 
     /**
@@ -765,7 +955,7 @@
         if (!isLoggable(record.getLevel())) {
             return;
         }
-        Filter theFilter = filter;
+        Filter theFilter = config.filter;
         if (theFilter != null && !theFilter.isLoggable(record)) {
             return;
         }
@@ -784,7 +974,7 @@
             }
 
             final boolean useParentHdls = isSystemLogger
-                ? logger.useParentHandlers
+                ? logger.config.useParentHandlers
                 : logger.getUseParentHandlers();
 
             if (!useParentHdls) {
@@ -1804,13 +1994,13 @@
     public void setLevel(Level newLevel) throws SecurityException {
         checkPermission();
         synchronized (treeLock) {
-            levelObject = newLevel;
+            config.setLevelObject(newLevel);
             updateEffectiveLevel();
         }
     }
 
     final boolean isLevelInitialized() {
-        return levelObject != null;
+        return config.levelObject != null;
     }
 
     /**
@@ -1821,7 +2011,7 @@
      * @return  this Logger's level
      */
     public Level getLevel() {
-        return levelObject;
+        return config.levelObject;
     }
 
     /**
@@ -1833,6 +2023,7 @@
      * @return  true if the given message level is currently being logged.
      */
     public boolean isLoggable(Level level) {
+        int levelValue = config.levelValue;
         if (level.intValue() < levelValue || levelValue == offValue) {
             return false;
         }
@@ -1862,7 +2053,7 @@
     public void addHandler(Handler handler) throws SecurityException {
         Objects.requireNonNull(handler);
         checkPermission();
-        handlers.add(handler);
+        config.addHandler(handler);
     }
 
     /**
@@ -1880,7 +2071,7 @@
         if (handler == null) {
             return;
         }
-        handlers.remove(handler);
+        config.removeHandler(handler);
     }
 
     /**
@@ -1895,7 +2086,7 @@
     // This method should ideally be marked final - but unfortunately
     // it needs to be overridden by LogManager.RootLogger
     Handler[] accessCheckedHandlers() {
-        return handlers.toArray(emptyHandlers);
+        return config.handlers.toArray(emptyHandlers);
     }
 
     /**
@@ -1912,7 +2103,7 @@
      */
     public void setUseParentHandlers(boolean useParentHandlers) {
         checkPermission();
-        this.useParentHandlers = useParentHandlers;
+        config.setUseParentHandlers(useParentHandlers);
     }
 
     /**
@@ -1922,7 +2113,7 @@
      * @return  true if output is to be sent to the logger's parent
      */
     public boolean getUseParentHandlers() {
-        return useParentHandlers;
+        return config.useParentHandlers;
     }
 
     /**
@@ -2256,11 +2447,13 @@
 
         // Figure out our current effective level.
         int newLevelValue;
+        final ConfigurationData cfg = config;
+        final Level levelObject = cfg.levelObject;
         if (levelObject != null) {
             newLevelValue = levelObject.intValue();
         } else {
             if (parent != null) {
-                newLevelValue = parent.levelValue;
+                newLevelValue = parent.config.levelValue;
             } else {
                 // This may happen during initialization.
                 newLevelValue = Level.INFO.intValue();
@@ -2268,11 +2461,11 @@
         }
 
         // If our effective value hasn't changed, we're done.
-        if (levelValue == newLevelValue) {
+        if (cfg.levelValue == newLevelValue) {
             return;
         }
 
-        levelValue = newLevelValue;
+        cfg.setLevelValue(newLevelValue);
 
         // System.err.println("effective level: \"" + getName() + "\" := " + level);
 
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/AbstractLdapNamingEnumeration.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/AbstractLdapNamingEnumeration.java	Fri Jul 15 09:10:36 2016 -0700
@@ -300,7 +300,7 @@
         errEx = e;
     }
 
-    protected abstract AbstractLdapNamingEnumeration<T> getReferredResults(
+    protected abstract AbstractLdapNamingEnumeration<? extends NameClassPair> getReferredResults(
             LdapReferralContext refCtx) throws NamingException;
 
     /*
@@ -360,7 +360,7 @@
      * Merge the entries and/or referrals from the supplied enumeration
      * with those of the current enumeration.
      */
-    protected void update(AbstractLdapNamingEnumeration<T> ne) {
+    protected void update(AbstractLdapNamingEnumeration<? extends NameClassPair> ne) {
         // Cleanup previous context first
         homeCtx.decEnumCount();
 
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java	Fri Jul 15 09:10:36 2016 -0700
@@ -104,9 +104,9 @@
     }
 
     @Override
-    protected LdapBindingEnumeration getReferredResults(
+    protected AbstractLdapNamingEnumeration<? extends NameClassPair> getReferredResults(
             LdapReferralContext refCtx) throws NamingException{
         // repeat the original operation at the new context
-        return (LdapBindingEnumeration)refCtx.listBindings(listArg);
+        return (AbstractLdapNamingEnumeration<? extends NameClassPair>)refCtx.listBindings(listArg);
     }
 }
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapNamingEnumeration.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapNamingEnumeration.java	Fri Jul 15 09:10:36 2016 -0700
@@ -72,9 +72,9 @@
     }
 
     @Override
-    protected LdapNamingEnumeration getReferredResults(
+    protected AbstractLdapNamingEnumeration<? extends NameClassPair> getReferredResults(
             LdapReferralContext refCtx) throws NamingException {
         // repeat the original operation at the new context
-        return (LdapNamingEnumeration)refCtx.list(listArg);
+        return (AbstractLdapNamingEnumeration<? extends NameClassPair>)refCtx.list(listArg);
     }
 }
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java	Fri Jul 15 09:10:36 2016 -0700
@@ -199,15 +199,15 @@
     }
 
     @Override
-    protected LdapSearchEnumeration getReferredResults(
+    protected AbstractLdapNamingEnumeration<? extends NameClassPair> getReferredResults(
             LdapReferralContext refCtx) throws NamingException {
         // repeat the original operation at the new context
-        return (LdapSearchEnumeration)refCtx.search(
+        return (AbstractLdapNamingEnumeration<? extends NameClassPair>)refCtx.search(
                 searchArgs.name, searchArgs.filter, searchArgs.cons);
     }
 
     @Override
-    protected void update(AbstractLdapNamingEnumeration<SearchResult> ne) {
+    protected void update(AbstractLdapNamingEnumeration<? extends NameClassPair> ne) {
         super.update(ne);
 
         // Update search-specific variables
--- a/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/package-info.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/package-info.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2015 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java	Fri Jul 15 09:10:36 2016 -0700
@@ -235,13 +235,14 @@
 
     @Override
     public Provider configure(String configArg) throws InvalidParameterException {
-        // default policy entry only grants read access to default config
-        if (!defConfigName.equals(configArg)) {
-            throw new InvalidParameterException("Ucrypto provider can only be " +
-                "configured with default configuration file");
+        try {
+            init(configArg);
+        } catch (UcryptoException ue) {
+            InvalidParameterException ipe =
+                    new InvalidParameterException("Error using " + configArg);
+            ipe.initCause(ue.getCause());
+            throw ipe;
         }
-        // re-read the config
-        init(defConfigName);
         return this;
     }
 
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java	Fri Jul 15 09:10:36 2016 -0700
@@ -118,7 +118,8 @@
     boolean protectedPath; // protected authentication path
     String storetype; // keystore type
     String providerName; // provider name
-    Vector<String> providers = null; // list of providers
+    List<String> providers = null; // list of provider names
+    List<String> providerClasses = null; // list of provider classes
     // arguments for provider constructors
     HashMap<String,String> providerArgs = new HashMap<>();
     char[] keypass; // private key password
@@ -174,30 +175,36 @@
 
             // Try to load and install the specified providers
             if (providers != null) {
+                for (String provName: providers) {
+                    try {
+                        KeyStoreUtil.loadProviderByName(provName,
+                                providerArgs.get(provName));
+                        if (debug) {
+                            System.out.println("loadProviderByName: " + provName);
+                        }
+                    } catch (IllegalArgumentException e) {
+                        throw new Exception(String.format(rb.getString(
+                                "provider.name.not.found"), provName));
+                    }
+                }
+            }
+
+            if (providerClasses != null) {
                 ClassLoader cl = ClassLoader.getSystemClassLoader();
-                Enumeration<String> e = providers.elements();
-                while (e.hasMoreElements()) {
-                    String provName = e.nextElement();
-                    Class<?> provClass;
-                    if (cl != null) {
-                        provClass = cl.loadClass(provName);
-                    } else {
-                        provClass = Class.forName(provName);
+                for (String provClass: providerClasses) {
+                    try {
+                        KeyStoreUtil.loadProviderByClass(provClass,
+                                providerArgs.get(provClass), cl);
+                        if (debug) {
+                            System.out.println("loadProviderByClass: " + provClass);
+                        }
+                    } catch (ClassCastException cce) {
+                        throw new Exception(String.format(rb.getString(
+                                "provclass.not.a.provider"), provClass));
+                    } catch (IllegalArgumentException e) {
+                        throw new Exception(String.format(rb.getString(
+                                "provider.class.not.found"), provClass), e.getCause());
                     }
-
-                    Object obj = provClass.newInstance();
-                    if (!(obj instanceof Provider)) {
-                        MessageFormat form = new MessageFormat(rb.getString
-                            ("provName.not.a.provider"));
-                        Object[] source = {provName};
-                        throw new Exception(form.format(source));
-                    }
-                    Provider p = (Provider) obj;
-                    String provArg = providerArgs.get(provName);
-                    if (provArg != null) {
-                        p = p.configure(provArg);
-                    }
-                    Security.addProvider(p);
                 }
             }
 
@@ -335,11 +342,26 @@
             } else if (collator.compare(flags, "-providerName") ==0) {
                 if (++n == args.length) usageNoArg();
                 providerName = args[n];
-            } else if ((collator.compare(flags, "-provider") == 0) ||
-                        (collator.compare(flags, "-providerClass") == 0)) {
+            } else if (collator.compare(flags, "-provider") == 0 ||
+                        collator.compare(flags, "-providerClass") == 0) {
+                if (++n == args.length) usageNoArg();
+                if (providerClasses == null) {
+                    providerClasses = new ArrayList<>(3);
+                }
+                providerClasses.add(args[n]);
+
+                if (args.length > (n+1)) {
+                    flags = args[n+1];
+                    if (collator.compare(flags, "-providerArg") == 0) {
+                        if (args.length == (n+2)) usageNoArg();
+                        providerArgs.put(args[n], args[n+2]);
+                        n += 2;
+                    }
+                }
+            } else if (collator.compare(flags, "-addprovider") == 0) {
                 if (++n == args.length) usageNoArg();
                 if (providers == null) {
-                    providers = new Vector<String>(3);
+                    providers = new ArrayList<>(3);
                 }
                 providers.add(args[n]);
 
@@ -584,9 +606,14 @@
                 (".providerName.name.provider.name"));
         System.out.println();
         System.out.println(rb.getString
-                (".providerClass.class.name.of.cryptographic.service.provider.s"));
+                (".add.provider.option"));
         System.out.println(rb.getString
-                (".providerArg.arg.master.class.file.and.constructor.argument"));
+                (".providerArg.option.1"));
+        System.out.println();
+        System.out.println(rb.getString
+                (".providerClass.option"));
+        System.out.println(rb.getString
+                (".providerArg.option.2"));
         System.out.println();
         System.out.println(rb.getString
                 (".strict.treat.warnings.as.errors"));
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java	Fri Jul 15 09:10:36 2016 -0700
@@ -40,8 +40,9 @@
         {"6SPACE", "      "},
         {"COMMA", ", "},
 
-        {"provName.not.a.provider", "{0} not a provider"},
-        {"signerClass.is.not.a.signing.mechanism", "{0} is not a signing mechanism"},
+        {"provclass.not.a.provider", "%s not a provider"},
+        {"provider.name.not.found", "Provider named \"%s\" not found"},
+        {"provider.class.not.found", "Provider \"%s\" not found"},
         {"jarsigner.error.", "jarsigner error: "},
         {"Illegal.option.", "Illegal option: "},
         {"This.option.is.deprecated", "This option is deprecated: "},
@@ -105,10 +106,14 @@
                 "[-protected]                keystore has protected authentication path"},
         {".providerName.name.provider.name",
                 "[-providerName <name>]      provider name"},
-        {".providerClass.class.name.of.cryptographic.service.provider.s",
-                "[-providerClass <class>     name of cryptographic service provider's"},
-        {".providerArg.arg.master.class.file.and.constructor.argument",
-                "  [-providerArg <arg>]] ... master class file and constructor argument"},
+        {".add.provider.option",
+                "[-addprovider <name>        add security provider by name (e.g. SunPKCS11)"},
+        {".providerArg.option.1",
+                "  [-providerArg <arg>]] ... configure argument for -addprovider"},
+        {".providerClass.option",
+                "[-providerClass <class>     add security provider by fully-qualified class name"},
+        {".providerArg.option.2",
+                "  [-providerArg <arg>]] ... configure argument for -providerClass"},
         {".strict.treat.warnings.as.errors",
                 "[-strict]                   treat warnings as errors"},
         {".conf.url.specify.a.pre.configured.options.file",
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/ImagePluginStack.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/ImagePluginStack.java	Fri Jul 15 09:10:36 2016 -0700
@@ -400,6 +400,14 @@
         }
 
         @Override
+        public Optional<ModuleEntry> findEntryInContext(String path, ModuleEntry context) {
+            Objects.requireNonNull(path);
+            Objects.requireNonNull(context);
+            Optional<ModuleEntry> res = pool.findEntryInContext(path, context);
+            return res.map(this::getUncompressed);
+        }
+
+        @Override
         public boolean contains(ModuleEntry res) {
             return pool.contains(res);
         }
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/ModuleEntryFactory.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/ModuleEntryFactory.java	Fri Jul 15 09:10:36 2016 -0700
@@ -51,16 +51,32 @@
                 original.getPath(), original.getType(), file);
     }
 
-    private static String moduleFrom(String path) {
+    static String moduleFrom(String path) {
         Objects.requireNonNull(path);
         if (path.isEmpty() || path.charAt(0) != '/') {
             throw new IllegalArgumentException(path + " must start with /");
         }
-        String noRoot = path.substring(1);
-        int idx = noRoot.indexOf('/');
+        int idx = path.indexOf('/', 1);
         if (idx == -1) {
             throw new IllegalArgumentException("/ missing after module: " + path);
         }
-        return noRoot.substring(0, idx);
+        return path.substring(1, idx);
+    }
+
+    static String packageFrom(String path) {
+        Objects.requireNonNull(path);
+        int idx = path.lastIndexOf('/');
+        if (idx == -1) {
+            throw new IllegalArgumentException("/ missing from path: " + path);
+        }
+        if (path.startsWith("/")) {
+            int jdx = path.indexOf('/', 1);
+            if (jdx == -1) {
+                throw new IllegalArgumentException("/ missing after module: " + path);
+            }
+            return path.substring(jdx + 1, idx);
+        } else {
+            return path.substring(0, idx);
+        }
     }
 }
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/ModulePoolImpl.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/ModulePoolImpl.java	Fri Jul 15 09:10:36 2016 -0700
@@ -265,6 +265,25 @@
     }
 
     /**
+     * Get the ModuleEntry for the passed path restricted to supplied context.
+     *
+     * @param path A data path
+     * @param context A context of the search
+     * @return A ModuleEntry instance or null if the data is not found
+     */
+    @Override
+    public Optional<ModuleEntry> findEntryInContext(String path, ModuleEntry context) {
+        Objects.requireNonNull(path);
+        Objects.requireNonNull(context);
+        LinkModule module = modules.get(context.getModule());
+        Objects.requireNonNull(module);
+        Optional<ModuleEntry> entry = module.findEntry(path);
+        // Navigating other modules via requires and exports is problematic
+        // since we cannot construct the runtime model of loaders and layers.
+        return entry;
+     }
+
+    /**
      * Check if the ModulePool contains the given ModuleEntry.
      *
      * @param data The module data to check existence for.
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/plugins/ClassForNamePlugin.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/plugins/ClassForNamePlugin.java	Fri Jul 15 09:10:36 2016 -0700
@@ -28,7 +28,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-import java.util.stream.Collectors;
+import java.util.Optional;
 import jdk.tools.jlink.plugin.ModulePool;
 import jdk.tools.jlink.plugin.Plugin.Category;
 import jdk.internal.org.objectweb.asm.ClassReader;
@@ -67,7 +67,7 @@
         return index == -1 ? "" : binaryName.substring(0, index);
     }
 
-    private ModuleEntry transform(ModuleEntry resource, Map<String, ModuleEntry> classes) {
+    private ModuleEntry transform(ModuleEntry resource, ModulePool pool) {
         byte[] inBytes = resource.getBytes();
         ClassReader cr = new ClassReader(inBytes);
         ClassNode cn = new ClassNode();
@@ -96,10 +96,11 @@
                         min.desc.equals("(Ljava/lang/String;)Ljava/lang/Class;")) {
                         String ldcClassName = ldc.cst.toString();
                         String thatClassName = ldcClassName.replaceAll("\\.", "/");
-                        ModuleEntry thatClass = classes.get(thatClassName);
+                        Optional<ModuleEntry> thatClass =
+                            pool.findEntryInContext(thatClassName + ".class", resource);
 
-                        if (thatClass != null) {
-                            int thatAccess = getAccess(thatClass);
+                        if (thatClass.isPresent()) {
+                            int thatAccess = getAccess(thatClass.get());
                             String thatPackage = getPackage(thatClassName);
 
                             if ((thatAccess & Opcodes.ACC_PRIVATE) != Opcodes.ACC_PRIVATE &&
@@ -142,19 +143,13 @@
     public void visit(ModulePool in, ModulePool out) {
         Objects.requireNonNull(in);
         Objects.requireNonNull(out);
-        Map<String, ModuleEntry> classes = in.entries()
-            .filter(resource -> resource != null &&
-                    resource.getPath().endsWith(".class") &&
-                    !resource.getPath().endsWith("/module-info.class"))
-            .collect(Collectors.toMap(resource -> binaryClassName(resource.getPath()),
-                                      resource -> resource));
+
         in.entries()
-            .filter(resource -> resource != null)
             .forEach(resource -> {
                 String path = resource.getPath();
 
                 if (path.endsWith(".class") && !path.endsWith("/module-info.class")) {
-                    out.add(transform(resource, classes));
+                    out.add(transform(resource, in));
                 } else {
                     out.add(resource);
                 }
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/plugin/ModulePool.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/plugin/ModulePool.java	Fri Jul 15 09:10:36 2016 -0700
@@ -89,7 +89,16 @@
      * @param path A data path
      * @return A ModuleEntry instance or null if the data is not found
      */
-   public Optional<ModuleEntry> findEntry(String path);
+    public Optional<ModuleEntry> findEntry(String path);
+
+    /**
+     * Get the ModuleEntry for the passed path restricted to supplied context.
+     *
+     * @param path A data path
+     * @param context A context of the search
+     * @return A ModuleEntry instance or null if the data is not found
+     */
+    public Optional<ModuleEntry> findEntryInContext(String path, ModuleEntry context);
 
     /**
      * Check if the ModulePool contains the given ModuleEntry.
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_ar.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_ar.java	Fri Jul 15 09:10:36 2016 -0700
@@ -371,6 +371,8 @@
                 sharedShortEras },
             { "roc.short.Eras",
                 sharedShortEras },
+            { "timezone.gmtFormat",
+                "\u062c\u0631\u064a\u0646\u062a\u0634{0}" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_be.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_be.java	Fri Jul 15 09:10:36 2016 -0700
@@ -308,6 +308,8 @@
                 sharedAbbreviatedAmPmMarkers },
             { "roc.narrow.AmPmMarkers",
                 sharedNarrowAmPmMarkers },
+            { "timezone.hourFormat",
+                "+HH.mm;-HH.mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_bg.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_bg.java	Fri Jul 15 09:10:36 2016 -0700
@@ -309,6 +309,8 @@
                 sharedAmPmMarkers },
             { "roc.narrow.AmPmMarkers",
                 sharedAmPmMarkers },
+            { "timezone.gmtFormat",
+                "\u0413\u0440\u0438\u043d\u0443\u0438\u0447{0}" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_cs.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_cs.java	Fri Jul 15 09:10:36 2016 -0700
@@ -298,6 +298,8 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.hourFormat",
+                "+H:mm;-H:mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_da.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_da.java	Fri Jul 15 09:10:36 2016 -0700
@@ -308,6 +308,8 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.hourFormat",
+                "+HH.mm;-HH.mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_et.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_et.java	Fri Jul 15 09:10:36 2016 -0700
@@ -280,6 +280,8 @@
                 sharedTimePatterns },
             { "roc.narrow.AmPmMarkers",
                 sharedNarrowAmPmMarkers },
+            { "timezone.hourFormat",
+                "+HH:mm;\u2212HH:mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_fi.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_fi.java	Fri Jul 15 09:10:36 2016 -0700
@@ -324,6 +324,10 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.gmtFormat",
+                "UTC{0}" },
+            { "timezone.hourFormat",
+                "+H.mm;-H.mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_fr.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_fr.java	Fri Jul 15 09:10:36 2016 -0700
@@ -329,6 +329,10 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.gmtFormat",
+                "UTC{0}" },
+            { "timezone.hourFormat",
+                "+HH:mm;\u2212HH:mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_ga.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_ga.java	Fri Jul 15 09:10:36 2016 -0700
@@ -284,6 +284,8 @@
                 sharedAmPmMarkers },
             { "roc.narrow.AmPmMarkers",
                 sharedNarrowAmPmMarkers },
+            { "timezone.gmtFormat",
+                "MAG{0}" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_hr.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_hr.java	Fri Jul 15 09:10:36 2016 -0700
@@ -335,6 +335,8 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.hourFormat",
+                "+HH:mm; -HH:mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_in.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_in.java	Fri Jul 15 09:10:36 2016 -0700
@@ -347,6 +347,8 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.hourFormat",
+                "+HH.mm;-HH.mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_iw.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_iw.java	Fri Jul 15 09:10:36 2016 -0700
@@ -324,6 +324,10 @@
                 sharedAmPmMarkers },
             { "roc.narrow.AmPmMarkers",
                 sharedAmPmMarkers },
+            { "timezone.gmtFormat",
+                "GMT{0}\u200e" },
+            { "timezone.hourFormat",
+                "\u200e+HH:mm;-HH:mm\u200e" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_lt.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_lt.java	Fri Jul 15 09:10:36 2016 -0700
@@ -325,6 +325,8 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.hourFormat",
+                "+HH:mm;\u2212HH:mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_no.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_no.java	Fri Jul 15 09:10:36 2016 -0700
@@ -389,6 +389,8 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.hourFormat",
+                "+HH.mm;-HH.mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_sl.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_sl.java	Fri Jul 15 09:10:36 2016 -0700
@@ -286,6 +286,8 @@
                 sharedAmPmMarkers },
             { "roc.narrow.AmPmMarkers",
                 sharedNarrowAmPmMarkers },
+            { "timezone.hourFormat",
+                "+HH.mm;-HH.mm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_sq.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_sq.java	Fri Jul 15 09:10:36 2016 -0700
@@ -294,6 +294,8 @@
                 sharedAmPmMarkers },
             { "roc.narrow.AmPmMarkers",
                 sharedAmPmMarkers },
+            { "timezone.gmtFormat",
+                "Ora e Grenui\u00e7it: {0}" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_sr.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_sr.java	Fri Jul 15 09:10:36 2016 -0700
@@ -386,6 +386,8 @@
                 sharedShortEras },
             { "roc.short.Eras",
                 sharedShortEras },
+            { "timezone.hourFormat",
+                "+HHmm;-HHmm" },
         };
     }
 }
--- a/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_sv.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.localedata/share/classes/sun/text/resources/ext/JavaTimeSupplementary_sv.java	Fri Jul 15 09:10:36 2016 -0700
@@ -345,6 +345,8 @@
                 sharedEras },
             { "roc.short.Eras",
                 sharedEras },
+            { "timezone.hourFormat",
+                "+HH:mm;\u2212HH:mm" },
         };
     }
 }
--- a/src/jdk.policytool/share/classes/sun/security/tools/policytool/PolicyTool.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/src/jdk.policytool/share/classes/sun/security/tools/policytool/PolicyTool.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1376,10 +1376,6 @@
         ToolDialog ed = new ToolDialog
                 (PolicyTool.getMessage("Error"), tool, this, true);
 
-        // find where the PolicyTool gui is
-        Point location = ((w == null) ?
-                getLocationOnScreen() : w.getLocationOnScreen());
-        //ed.setBounds(location.x + 50, location.y + 50, 600, 100);
         ed.setLayout(new GridBagLayout());
 
         JLabel label = new JLabel(error);
--- a/test/ProblemList.txt	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/ProblemList.txt	Fri Jul 15 09:10:36 2016 -0700
@@ -215,9 +215,9 @@
 
 # jdk_security
 
-sun/security/pkcs11/ec/TestKeyFactory.java                      7157786 generic-all
+sun/security/pkcs11/ec/TestKeyFactory.java                      8026976 generic-all
 
-sun/security/krb5/auto/Unreachable.java                         7164518 macosx-all no PortUnreachableException on Mac
+sun/security/krb5/auto/Unreachable.java                         7164518 macosx-all
 
 sun/security/tools/keytool/ListKeychainStore.sh                 8156889 macosx-all
 
@@ -286,6 +286,7 @@
 sun/security/krb5/auto/HttpNegotiateServer.java                 8038079 generic-all
 
 sun/security/tools/keytool/autotest.sh                          8130302 generic-all
+sun/security/ssl/SSLSocketImpl/AsyncSSLSocketClose.java         8161232 macosx-all
 
 ############################################################################
 
--- a/test/java/io/Reader/ReaderBulkReadContract.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/io/Reader/ReaderBulkReadContract.java	Fri Jul 15 09:10:36 2016 -0700
@@ -148,7 +148,8 @@
 
     private static File createTempFileWithContents(String contents) {
         try {
-            File file = File.createTempFile("ReaderContract", "");
+            File testDir = new File(System.getProperty("test.dir", "."));
+            File file = File.createTempFile("ReaderContract", "", testDir);
             try (FileWriter w = new FileWriter(file)) {
                 w.write(contents);
             }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/lang/Runtime/Version/VersionProps.java	Fri Jul 15 09:10:36 2016 -0700
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2016 SAP SE. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8160564
+ * @summary check the implementation of VersionProps.versionNumbers()
+ * @run main VersionProps
+ * @author Volker Simonis
+ */
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.Arrays;
+import java.util.List;
+
+public class VersionProps {
+
+    final static String[] validVersions = {
+        "1", "1.2", "1.2.3", "1.2.3.4", "1.0.0.1",
+        "1.10000.1", "1.0.2.0.0.3.0.0.0.4.5.0.0.6",
+        "1000001", "1.2.3.4.5.6.7.8.9.0.9.8.7.6.5.4.3.2.1" };
+
+    @SuppressWarnings("rawtypes")
+    final static List[] validLists = {
+        Arrays.asList(1),
+        Arrays.asList(1, 2),
+        Arrays.asList(1, 2, 3),
+        Arrays.asList(1, 2, 3, 4),
+        Arrays.asList(1, 0, 0, 1),
+        Arrays.asList(1, 10000, 1),
+        Arrays.asList(1, 0, 2, 0, 0, 3, 0, 0, 0, 4, 5, 0, 0, 6),
+        Arrays.asList(1000001),
+        Arrays.asList(1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 9, 8, 7, 6, 5, 4, 3, 2, 1) };
+
+    final static String[] invalidVersions = {
+        "01", "0.1.2", "1.02.3", "1.2.03.4", "1.0.0.1.0",
+        "1.0.1.0.0", "1.00.1", "1.0.1.00", "1.10000." };
+
+    public static void main(String[] args) throws Exception {
+        Class<?> versionProps = Class.forName("java.lang.VersionProps");
+        Method parseVersionNumbers =
+            versionProps.getDeclaredMethod("parseVersionNumbers", String.class);
+        parseVersionNumbers.setAccessible(true);
+
+        for (int i = 0; i < validVersions.length; i++) {
+            @SuppressWarnings("unchecked")
+            List<Integer> li =
+                (List<Integer>)parseVersionNumbers.invoke(null, validVersions[i]);
+            System.out.println(li);
+            if (!validLists[i].equals(li))
+                throw new Exception(li + " != " + validLists[i]);
+            li = Runtime.Version.parse(validVersions[i]).version();
+            if (!validLists[i].equals(li))
+                throw new Exception(li + " != " + validLists[i]);
+        }
+
+        for (int i = 0; i < invalidVersions.length; i++) {
+            try {
+                List<Integer> li =
+                        (List<Integer>)parseVersionNumbers.invoke(null, invalidVersions[i]);
+                throw new Exception(invalidVersions[i] +
+                        " not recognized as invalid by VersionProps.parseVersionNumbers()");
+            } catch (InvocationTargetException ex) {
+                if (ex.getCause() instanceof IllegalArgumentException) {
+                    System.out.println("OK - caught bad version string " +
+                            invalidVersions[i]);
+                } else {
+                    throw ex;
+                }
+            }
+
+            try {
+                List<Integer> li = Runtime.Version.parse(invalidVersions[i]).version();
+                throw new Exception(invalidVersions[i] +
+                        " not recognized as invalid by Runtime.Version.parse()");
+            } catch (IllegalArgumentException ex) {
+                continue;
+            }
+        }
+    }
+}
--- a/test/java/lang/System/Logger/default/DefaultLoggerTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/lang/System/Logger/default/DefaultLoggerTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -539,6 +539,7 @@
             throw new RuntimeException("identical loggers");
         }
 
+        final java.util.logging.Logger sink;
         final java.util.logging.Logger appSink;
         final java.util.logging.Logger sysSink;
         final java.util.logging.Handler appHandler;
@@ -548,10 +549,9 @@
         try {
             appSink = java.util.logging.Logger.getLogger("foo");
             sysSink = accessSystemLogger.demandSystemLogger("foo");
-            appSink.addHandler(appHandler = new MyHandler());
-            sysSink.addHandler(sysHandler = new MyHandler());
-            appSink.setUseParentHandlers(false);
-            sysSink.setUseParentHandlers(false);
+            sink = java.util.logging.Logger.getLogger("foo");
+            sink.addHandler(appHandler = sysHandler = new MyHandler());
+            sink.setUseParentHandlers(false);
             provider = LoggerFinder.getLoggerFinder();
         } finally {
             allowAll.get().set(false);
--- a/test/java/lang/System/LoggerFinder/DefaultLoggerFinderTest/DefaultLoggerFinderTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/lang/System/LoggerFinder/DefaultLoggerFinderTest/DefaultLoggerFinderTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -299,10 +299,9 @@
 
         final java.util.logging.Logger appSink = java.util.logging.Logger.getLogger("foo");
         final java.util.logging.Logger sysSink = accessSystemLogger.demandSystemLogger("foo");
-        appSink.addHandler(new MyHandler());
-        sysSink.addHandler(new MyHandler());
-        appSink.setUseParentHandlers(VERBOSE);
-        sysSink.setUseParentHandlers(VERBOSE);
+        final java.util.logging.Logger sink = java.util.logging.Logger.getLogger("foo");
+        sink.addHandler(new MyHandler());
+        sink.setUseParentHandlers(VERBOSE);
 
         Stream.of(args).map(TestCases::valueOf).forEach((testCase) -> {
             LoggerFinder provider;
--- a/test/java/lang/System/LoggerFinder/jdk/DefaultLoggerBridgeTest/DefaultLoggerBridgeTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/lang/System/LoggerFinder/jdk/DefaultLoggerBridgeTest/DefaultLoggerBridgeTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -390,6 +390,7 @@
             throw new RuntimeException("identical loggers");
         }
 
+        final java.util.logging.Logger sink;
         final java.util.logging.Logger appSink;
         final java.util.logging.Logger sysSink;
         final MyHandler appHandler;
@@ -404,10 +405,13 @@
             if (appSink == sysSink) {
                 throw new RuntimeException("identical backend loggers");
             }
-            appSink.addHandler(appHandler = new MyHandler());
-            sysSink.addHandler(sysHandler = new MyHandler());
-            appSink.setUseParentHandlers(VERBOSE);
-            sysSink.setUseParentHandlers(VERBOSE);
+            sink = java.util.logging.Logger.getLogger("foo");
+            if (appSink != sink) {
+                throw new RuntimeException("expected same application logger");
+            }
+
+            sink.addHandler(appHandler = sysHandler = new MyHandler());
+            sink.setUseParentHandlers(VERBOSE);
         } finally {
             allowAll.get().set(old);
         }
--- a/test/java/lang/System/LoggerFinder/jdk/DefaultPlatformLoggerTest/DefaultPlatformLoggerTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/lang/System/LoggerFinder/jdk/DefaultPlatformLoggerTest/DefaultPlatformLoggerTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,9 +42,9 @@
 import java.util.logging.LogManager;
 import java.util.logging.LogRecord;
 import java.lang.System.LoggerFinder;
+import java.util.logging.Logger;
 import sun.util.logging.PlatformLogger;
 import sun.util.logging.internal.LoggingProviderImpl;
-import java.lang.reflect.Module;
 
 /**
  * @test
@@ -248,10 +248,9 @@
                         DefaultPlatformLoggerTest.class.getModule());
         java.util.logging.Logger sysSink = LoggingProviderImpl.getLogManagerAccess()
                 .demandLoggerFor(LogManager.getLogManager(),"foo", Thread.class.getModule());
-        appSink.addHandler(new MyHandler());
-        sysSink.addHandler(new MyHandler());
-        appSink.setUseParentHandlers(VERBOSE);
-        sysSink.setUseParentHandlers(VERBOSE);
+        java.util.logging.Logger sink = Logger.getLogger("foo");
+        sink.addHandler(new MyHandler());
+        sink.setUseParentHandlers(VERBOSE);
 
         System.out.println("\n*** Without Security Manager\n");
         test(provider, true, appSink, sysSink);
@@ -274,7 +273,7 @@
     public static void test(LoggerFinder provider, boolean hasRequiredPermissions,
             java.util.logging.Logger appSink, java.util.logging.Logger sysSink) throws Exception {
 
-        // No way to giva a resource bundle to a platform logger.
+        // No way to give a resource bundle to a platform logger.
         // ResourceBundle loggerBundle = ResourceBundle.getBundle(MyLoggerBundle.class.getName());
         final Map<PlatformLogger, String> loggerDescMap = new HashMap<>();
 
--- a/test/java/lang/ThreadGroup/Stop.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/lang/ThreadGroup/Stop.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,60 +28,41 @@
  *          unpredictable results.
  */
 
-public class Stop implements Runnable {
-    private static boolean groupStopped = false ;
-    private static final Object lock = new Object();
+import java.util.concurrent.CountDownLatch;
 
-    private static final ThreadGroup group = new ThreadGroup("");
-    private static final Thread first = new Thread(group, new Stop());
-    private static final Thread second = new Thread(group, new Stop());
+public class Stop {
 
-    public void run() {
-        while (true) {
-            // Give the other thread a chance to start
-            try {
-                Thread.sleep(1000);
-            } catch (InterruptedException e) {
-            }
+    public static void main(String[] args) throws Exception {
+        final CountDownLatch ready = new CountDownLatch(1);
+        final ThreadGroup group = new ThreadGroup("");
 
-            // When the first thread runs, it will stop the group.
-            if (Thread.currentThread() == first) {
-                synchronized (lock) {
-                    try {
-                        group.stop();
-                    } finally {
-                        // Signal the main thread it is time to check
-                        // that the stopped thread group was successful
-                        groupStopped = true;
-                        lock.notifyAll();
-                    }
+        final Thread second = new Thread(group, () -> {
+            ready.countDown();
+            while (true) {
+                try {
+                    Thread.sleep(60000);
+                } catch (InterruptedException shouldNotHappen) {
                 }
             }
-        }
-    }
+        });
 
-    public static void main(String[] args) throws Exception {
+        final Thread first = new Thread(group, () -> {
+            // Wait until "second" is started
+            try {
+                ready.await();
+            } catch (InterruptedException shouldNotHappen) {
+            }
+            // Now stop the group
+            group.stop();
+        });
+
         // Launch two threads as part of the same thread group
         first.start();
         second.start();
 
-        // Wait for the thread group stop to be issued
-        synchronized(lock){
-            while (!groupStopped) {
-                lock.wait();
-                // Give the other thread a chance to stop
-                Thread.sleep(1000);
-            }
-        }
-
         // Check that the second thread is terminated when the
         // first thread terminates the thread group.
-        boolean failed = second.isAlive();
-
-        // Clean up any threads that may have not been terminated
-        first.stop();
-        second.stop();
-        if (failed)
-            throw new RuntimeException("Failure.");
+        second.join();
+        // Test passed - if never get here the test times out and fails.
     }
 }
--- a/test/java/nio/channels/FileChannel/Transfers.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/nio/channels/FileChannel/Transfers.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -489,69 +489,72 @@
                 debug = verbose = true;
         }
 
-        sourceFile = File.createTempFile("xfer.src.", "");
+        File testDir = new File(System.getProperty("test.dir", "."));
+
+        sourceFile = File.createTempFile("xfer.src.", "", testDir);
         sourceFile.deleteOnExit();
-        targetFile = File.createTempFile("xfer.tgt.", "");
+        targetFile = File.createTempFile("xfer.tgt.", "", testDir);
         targetFile.deleteOnExit();
 
-        File fn = File.createTempFile("xfer.fch.", "");
+        File fn = File.createTempFile("xfer.fch.", "", testDir);
         fn.deleteOnExit();
-        FileChannel fc = new RandomAccessFile(fn, "rw").getChannel();
 
         Random rnd = new Random();
         int failures = 0;
 
-        for (boolean to = false;; to = true) {
-            for (boolean user = false;; user = true) {
-                if (!verbose)
-                    out.print((to ? "To " : "From ") +
-                              (user ? "user channel" : "file channel")
-                              + ":");
-                IntGenerator offGen = new IntGenerator(MAX_XFER_SIZE + 2);
-                while (offGen.hasNext()) {
-                    int off = offGen.next();
-                    if (!verbose) out.print(" " + off);
-                    IntGenerator lenGen = new IntGenerator(MAX_XFER_SIZE + 2);
-                    while (lenGen.hasNext()) {
-                        int len = lenGen.next();
-                        long s = rnd.nextLong();
-                        String chName = null;
-                        try {
-                            if (to) {
-                                Target tgt;
-                                if (user)
-                                    tgt = new UserTarget(len, s);
-                                else
-                                    tgt = new FileTarget(len, s);
-                                chName = tgt.name();
-                                testTo(s, fc, off, len, tgt);
+        try (FileChannel fc = new RandomAccessFile(fn, "rw").getChannel()) {
+            for (boolean to = false;; to = true) {
+                for (boolean user = false;; user = true) {
+                    if (!verbose)
+                        out.print((to ? "To " : "From ") +
+                                  (user ? "user channel" : "file channel")
+                                  + ":");
+                    IntGenerator offGen = new IntGenerator(MAX_XFER_SIZE + 2);
+                    while (offGen.hasNext()) {
+                        int off = offGen.next();
+                        if (!verbose) out.print(" " + off);
+                        IntGenerator lenGen = new IntGenerator(MAX_XFER_SIZE + 2);
+                        while (lenGen.hasNext()) {
+                            int len = lenGen.next();
+                            long s = rnd.nextLong();
+                            String chName = null;
+                            try {
+                                if (to) {
+                                    Target tgt;
+                                    if (user)
+                                        tgt = new UserTarget(len, s);
+                                    else
+                                        tgt = new FileTarget(len, s);
+                                    chName = tgt.name();
+                                    testTo(s, fc, off, len, tgt);
+                                }
+                                else {
+                                    Source src;
+                                    if (user)
+                                        src = new UserSource(len, s);
+                                    else
+                                        src = new FileSource(len, s);
+                                    chName = src.name();
+                                    testFrom(s, src, fc, off, len);
+                                }
+                            } catch (Failure x) {
+                                out.println();
+                                out.println("FAILURE: " + chName
+                                            + ", offset " + off
+                                            + ", length " + len);
+                                x.printStackTrace(out);
+                                failures++;
                             }
-                            else {
-                                Source src;
-                                if (user)
-                                    src = new UserSource(len, s);
-                                else
-                                    src = new FileSource(len, s);
-                                chName = src.name();
-                                testFrom(s, src, fc, off, len);
-                            }
-                        } catch (Failure x) {
-                            out.println();
-                            out.println("FAILURE: " + chName
-                                        + ", offset " + off
-                                        + ", length " + len);
-                            x.printStackTrace(out);
-                            failures++;
                         }
                     }
+                    if (!verbose)
+                        out.println();
+                    if (user)
+                        break;
                 }
-                if (!verbose)
-                    out.println();
-                if (user)
+                if (to)
                     break;
             }
-            if (to)
-                break;
         }
 
         sourceFile.delete();
@@ -563,6 +566,6 @@
             throw new RuntimeException("Some tests failed");
         }
 
+        out.println("Test succeeded.");
     }
-
 }
--- a/test/java/nio/file/FileStore/Basic.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/nio/file/FileStore/Basic.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -124,6 +124,12 @@
                 // ignore exception as the store could have been
                 // deleted since the iterator was instantiated
                 System.err.format("%s was not found\n", store);
+            } catch (AccessDeniedException ade) {
+                // ignore exception as the lack of ability to access the
+                // store due to lack of file permission or similar does not
+                // reflect whether the space attributes would be accessible
+                // were access to be permitted
+                System.err.format("%s is inaccessible\n", store);
             }
 
             // two distinct FileStores should not be equal
--- a/test/java/rmi/activation/Activatable/restartService/RestartService.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/rmi/activation/Activatable/restartService/RestartService.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,6 +23,7 @@
 
 /* @test
  * @bug 4095165 4321151
+ * @key intermittent
  * @summary synopsis: activator should restart daemon services
  * @author Ann Wollrath
  *
--- a/test/java/rmi/activation/ActivationGroup/downloadActivationGroup/DownloadActivationGroup.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/rmi/activation/ActivationGroup/downloadActivationGroup/DownloadActivationGroup.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
 /*
  * @test
  * @bug 4510355
+ * @key intermittent
  * @summary ActivationGroup implementations cannot be downloaded by default;
  * Creates a custom activation group without setting a security manager
  * in activation group's descriptor.  The custom activation group
--- a/test/java/rmi/server/RMISocketFactory/useSocketFactory/activatable/UseCustomSocketFactory.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/rmi/server/RMISocketFactory/useSocketFactory/activatable/UseCustomSocketFactory.java	Fri Jul 15 09:10:36 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /* @test
  * @bug 4115696
-
+ * @key intermittent
  * @summary synopsis: cannot use socket factories with Activatable objects
  * @author Ann Wollrath
  *
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/util/Locale/Bug8154797.java	Fri Jul 15 09:10:36 2016 -0700
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8154797
+ * @modules java.base/sun.util.locale.provider
+ *          java.base/sun.util.resources
+ *          jdk.localedata
+ * @summary Test for checking HourFormat and GmtFormat resources are retrieved from
+ *  COMPAT and CLDR Providers.
+*/
+
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+import java.util.ResourceBundle;
+import sun.util.locale.provider.LocaleProviderAdapter.Type;
+import sun.util.locale.provider.LocaleProviderAdapter;
+
+public class Bug8154797 {
+    static Map<String, String> expectedResourcesMap = new HashMap<>();
+    static final String GMT_RESOURCE_KEY = "timezone.gmtFormat";
+    static final String HMT_RESOURCE_KEY = "timezone.hourFormat";
+    static final String GMT = "Gmt";
+    static final String HMT = "Hmt";
+
+    static void generateExpectedValues() {
+        expectedResourcesMap.put("FR" + GMT, "UTC{0}");
+        expectedResourcesMap.put("FR" + HMT, "+HH:mm;\u2212HH:mm");
+        expectedResourcesMap.put("FI" + HMT, "+H.mm;-H.mm");
+        expectedResourcesMap.put("FI" + GMT, "UTC{0}");
+        /* For  root locale, en_US, de_DE, hi_IN, ja_JP,Root locale resources
+        * should be returned.
+         */
+        expectedResourcesMap.put(GMT, "GMT{0}"); //Root locale resource
+        expectedResourcesMap.put(HMT, "+HH:mm;-HH:mm"); //Root locale resource
+    }
+
+    static void compareResources(Locale loc) {
+        String mapKeyHourFormat = HMT, mapKeyGmtFormat = GMT;
+        ResourceBundle compatBundle, cldrBundle;
+        compatBundle = LocaleProviderAdapter.forJRE().getLocaleResources(loc)
+                .getJavaTimeFormatData();
+        cldrBundle = LocaleProviderAdapter.forType(Type.CLDR)
+                .getLocaleResources(loc).getJavaTimeFormatData();
+        if (loc.getCountry() == "FR" || loc.getCountry() == "FI") {
+            mapKeyHourFormat = loc.getCountry() + HMT;
+            mapKeyGmtFormat = loc.getCountry() + GMT;
+        }
+
+        if (!(expectedResourcesMap.get(mapKeyGmtFormat)
+                .equals(compatBundle.getString(GMT_RESOURCE_KEY))
+                && expectedResourcesMap.get(mapKeyHourFormat)
+                .equals(compatBundle.getString(HMT_RESOURCE_KEY))
+                && expectedResourcesMap.get(mapKeyGmtFormat)
+                .equals(cldrBundle.getString(GMT_RESOURCE_KEY))
+                && expectedResourcesMap.get(mapKeyHourFormat)
+                .equals(cldrBundle.getString(HMT_RESOURCE_KEY)))) {
+
+            throw new RuntimeException("Retrieved resource does not match with "
+                    + "  expected string for Locale " + compatBundle.getLocale());
+
+        }
+
+    }
+
+    public static void main(String args[]) {
+        Bug8154797.generateExpectedValues();
+        Locale[] locArr = {new Locale("hi", "IN"), Locale.UK, new Locale("fi", "FI"),
+                           Locale.ROOT, Locale.GERMAN, Locale.JAPANESE,
+                           Locale.ENGLISH, Locale.FRANCE};
+        for (Locale loc : locArr) {
+            Bug8154797.compareResources(loc);
+        }
+    }
+
+}
+
--- a/test/java/util/Spliterator/SpliteratorLateBindingFailFastTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/util/Spliterator/SpliteratorLateBindingFailFastTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -24,11 +24,13 @@
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
+import java.util.AbstractList;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.ConcurrentModificationException;
+import java.util.Iterator;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
@@ -37,6 +39,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.PriorityQueue;
+import java.util.RandomAccess;
 import java.util.Set;
 import java.util.Spliterator;
 import java.util.Stack;
@@ -191,6 +194,46 @@
 
         db.addList(Vector::new);
 
+        class AbstractRandomAccessListImpl extends AbstractList<Integer> implements RandomAccess {
+            List<Integer> l;
+
+            AbstractRandomAccessListImpl(Collection<Integer> c) {
+                this.l = new ArrayList<>(c);
+            }
+
+            @Override
+            public boolean add(Integer integer) {
+                modCount++;
+                return l.add(integer);
+            }
+
+            @Override
+            public Iterator<Integer> iterator() {
+                return l.iterator();
+            }
+
+            @Override
+            public Integer get(int index) {
+                return l.get(index);
+            }
+
+            @Override
+            public boolean remove(Object o) {
+                modCount++;
+                return l.remove(o);
+            }
+
+            @Override
+            public int size() {
+                return l.size();
+            }
+
+            @Override
+            public List<Integer> subList(int fromIndex, int toIndex) {
+                return l.subList(fromIndex, toIndex);
+            }
+        }
+        db.addList(AbstractRandomAccessListImpl::new);
 
         db.addCollection(HashSet::new);
 
--- a/test/java/util/Spliterator/SpliteratorTraversingAndSplittingTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/util/Spliterator/SpliteratorTraversingAndSplittingTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -49,8 +49,10 @@
 import java.util.LinkedHashSet;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.ListIterator;
 import java.util.Map;
 import java.util.PriorityQueue;
+import java.util.RandomAccess;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.Spliterator;
@@ -379,6 +381,150 @@
 
             db.addList(Vector::new);
 
+            class AbstractRandomAccessListImpl extends AbstractList<Integer> implements RandomAccess {
+                Integer[] ia;
+
+                AbstractRandomAccessListImpl(Collection<Integer> c) {
+                    this.ia = c.toArray(new Integer[c.size()]);
+                }
+
+                @Override
+                public Integer get(int index) {
+                    return ia[index];
+                }
+
+                @Override
+                public int size() {
+                    return ia.length;
+                }
+            }
+            db.addList(AbstractRandomAccessListImpl::new);
+
+            class RandomAccessListImpl implements List<Integer>, RandomAccess {
+                Integer[] ia;
+                List<Integer> l;
+
+                RandomAccessListImpl(Collection<Integer> c) {
+                    this.ia = c.toArray(new Integer[c.size()]);
+                    this.l = Arrays.asList(ia);
+                }
+
+                @Override
+                public Integer get(int index) {
+                    return ia[index];
+                }
+
+                @Override
+                public Integer set(int index, Integer element) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public void add(int index, Integer element) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public Integer remove(int index) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public int indexOf(Object o) {
+                    return l.indexOf(o);
+                }
+
+                @Override
+                public int lastIndexOf(Object o) {
+                    return Arrays.asList(ia).lastIndexOf(o);
+                }
+
+                @Override
+                public ListIterator<Integer> listIterator() {
+                    return l.listIterator();
+                }
+
+                @Override
+                public ListIterator<Integer> listIterator(int index) {
+                    return l.listIterator(index);
+                }
+
+                @Override
+                public List<Integer> subList(int fromIndex, int toIndex) {
+                    return l.subList(fromIndex, toIndex);
+                }
+
+                @Override
+                public int size() {
+                    return ia.length;
+                }
+
+                @Override
+                public boolean isEmpty() {
+                    return size() != 0;
+                }
+
+                @Override
+                public boolean contains(Object o) {
+                    return l.contains(o);
+                }
+
+                @Override
+                public Iterator<Integer> iterator() {
+                    return l.iterator();
+                }
+
+                @Override
+                public Object[] toArray() {
+                    return l.toArray();
+                }
+
+                @Override
+                public <T> T[] toArray(T[] a) {
+                    return l.toArray(a);
+                }
+
+                @Override
+                public boolean add(Integer integer) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public boolean remove(Object o) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public boolean containsAll(Collection<?> c) {
+                    return l.containsAll(c);
+                }
+
+                @Override
+                public boolean addAll(Collection<? extends Integer> c) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public boolean addAll(int index, Collection<? extends Integer> c) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public boolean removeAll(Collection<?> c) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public boolean retainAll(Collection<?> c) {
+                    throw new UnsupportedOperationException();
+                }
+
+                @Override
+                public void clear() {
+                    throw new UnsupportedOperationException();
+                }
+            }
+            db.addList(RandomAccessListImpl::new);
 
             db.addCollection(HashSet::new);
 
--- a/test/java/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java	Fri Jul 15 09:10:36 2016 -0700
@@ -40,25 +40,19 @@
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
 
-import static java.util.jar.JarFile.Release;
-
 import org.testng.Assert;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
-
 public class MultiReleaseJarAPI {
 
-    static final int MAJOR_VERSION = Runtime.version().major();
-
     String userdir = System.getProperty("user.dir",".");
     CreateMultiReleaseTestJars creator =  new CreateMultiReleaseTestJars();
     File unversioned = new File(userdir, "unversioned.jar");
     File multirelease = new File(userdir, "multi-release.jar");
     File signedmultirelease = new File(userdir, "signed-multi-release.jar");
-    Release[] values = JarFile.Release.values();
-
 
     @BeforeClass
     public void initialize() throws Exception {
@@ -81,7 +75,7 @@
             Assert.assertFalse(jf.isMultiRelease());
         }
 
-        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, Release.RUNTIME)) {
+        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, Runtime.version())) {
             Assert.assertFalse(jf.isMultiRelease());
         }
 
@@ -89,7 +83,7 @@
             Assert.assertFalse(jf.isMultiRelease());
         }
 
-        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Release.RUNTIME)) {
+        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Runtime.version())) {
             Assert.assertTrue(jf.isMultiRelease());
         }
 
@@ -110,68 +104,68 @@
     private void testCustomMultiReleaseValue(String value, boolean expected) throws Exception {
         creator.buildCustomMultiReleaseJar("custom-mr.jar", value);
         File custom = new File(userdir, "custom-mr.jar");
-        try (JarFile jf = new JarFile(custom, true, ZipFile.OPEN_READ, Release.RUNTIME)) {
+        try (JarFile jf = new JarFile(custom, true, ZipFile.OPEN_READ, Runtime.version())) {
             Assert.assertEquals(jf.isMultiRelease(), expected);
         }
         Files.delete(custom.toPath());
     }
 
-    @Test
-    public void testVersioning() throws Exception {
-        // multi-release jar
-        JarFile jar = new JarFile(multirelease);
-        Assert.assertEquals(Release.BASE, jar.getVersion());
-        jar.close();
+    @DataProvider(name = "versions")
+    public Object[][] createVersionData() throws Exception {
+        return new Object[][]{
+                {JarFile.baseVersion(), 8},
+                {JarFile.runtimeVersion(), Runtime.version().major()},
+                {Runtime.version(), Runtime.version().major()},
+                {Runtime.Version.parse("7.1"), JarFile.baseVersion().major()},
+                {Runtime.Version.parse("9"), 9},
+                {Runtime.Version.parse("9.1.5-ea+200"), 9}
+        };
+    }
 
-        for (Release value : values) {
-            System.err.println("test versioning for Release " + value);
-            try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, value)) {
-                Assert.assertEquals(value, jf.getVersion());
-            }
+    @Test(dataProvider="versions")
+    public void testVersioning(Runtime.Version value, int xpected) throws Exception {
+        Runtime.Version expected = Runtime.Version.parse(String.valueOf(xpected));
+        Runtime.Version base = JarFile.baseVersion();
+
+        // multi-release jar, opened as unversioned
+        try (JarFile jar = new JarFile(multirelease)) {
+            Assert.assertEquals(jar.getVersion(), base);
+        }
+
+        System.err.println("test versioning for Release " + value);
+        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, value)) {
+            Assert.assertEquals(jf.getVersion(), expected);
         }
 
         // regular, unversioned, jar
-        for (Release value : values) {
-            try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, value)) {
-                Assert.assertEquals(Release.BASE, jf.getVersion());
-            }
-        }
-
-        // assure that we have a Release object corresponding to the actual runtime version
-        String version = "VERSION_" + MAJOR_VERSION;
-        boolean runtimeVersionExists = false;
-        for (Release value : values) {
-            if (version.equals(value.name())) runtimeVersionExists = true;
-        }
-        Assert.assertTrue(runtimeVersionExists);
-    }
-
-    @Test
-    public void testAliasing() throws Exception {
-        for (Release value : values) {
-            System.err.println("test aliasing for Release " + value);
-            String name = value.name();
-            String prefix;
-            if (name.equals("BASE")) {
-                prefix = "";
-            } else if (name.equals("RUNTIME")) {
-                prefix = "META-INF/versions/" + MAJOR_VERSION + "/";
-            } else {
-                prefix = "META-INF/versions/" + name.substring(8) + "/";
-            }
-            // test both multi-release jars
-            readAndCompare(multirelease, value, "README", prefix + "README");
-            readAndCompare(multirelease, value, "version/Version.class", prefix + "version/Version.class");
-            // and signed multi-release jars
-            readAndCompare(signedmultirelease, value, "README", prefix + "README");
-            readAndCompare(signedmultirelease, value, "version/Version.class", prefix + "version/Version.class");
+        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, value)) {
+            Assert.assertEquals(jf.getVersion(), base);
         }
     }
 
-    private void readAndCompare(File jar, Release version, String name, String realName) throws Exception {
+    @Test(dataProvider="versions")
+    public void testAliasing(Runtime.Version version, int xpected) throws Exception {
+        int n = Math.max(version.major(), JarFile.baseVersion().major());
+        Runtime.Version value = Runtime.Version.parse(String.valueOf(n));
+        System.err.println("test aliasing for Release " + version);
+        String prefix;
+        if (JarFile.baseVersion().equals(value)) {
+            prefix = "";
+        } else {
+            prefix = "META-INF/versions/" + value.major() + "/";
+        }
+        // test both multi-release jars
+        readAndCompare(multirelease, value, "README", prefix + "README");
+        readAndCompare(multirelease, value, "version/Version.class", prefix + "version/Version.class");
+        // and signed multi-release jars
+        readAndCompare(signedmultirelease, value, "README", prefix + "README");
+        readAndCompare(signedmultirelease, value, "version/Version.class", prefix + "version/Version.class");
+    }
+
+    private void readAndCompare(File jar, Runtime.Version version, String name, String realName) throws Exception {
         byte[] baseBytes;
         byte[] versionedBytes;
-        try (JarFile jf = new JarFile(jar, true, ZipFile.OPEN_READ, Release.BASE)) {
+        try (JarFile jf = new JarFile(jar, true, ZipFile.OPEN_READ, JarFile.baseVersion())) {
             ZipEntry ze = jf.getEntry(realName);
             try (InputStream is = jf.getInputStream(ze)) {
                 baseBytes = is.readAllBytes();
@@ -200,7 +194,7 @@
             ze1 = jf.getEntry(vname);
         }
         Assert.assertEquals(ze1.getName(), vname);
-        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Release.VERSION_9)) {
+        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Runtime.Version.parse("9"))) {
             ze2 = jf.getEntry(rname);
         }
         Assert.assertEquals(ze2.getName(), rname);
--- a/test/java/util/jar/JarFile/mrjar/MultiReleaseJarHttpProperties.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/util/jar/JarFile/mrjar/MultiReleaseJarHttpProperties.java	Fri Jul 15 09:10:36 2016 -0700
@@ -47,14 +47,8 @@
  */
 
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.InetSocketAddress;
 import java.net.URL;
 import java.net.URLClassLoader;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 
 import org.testng.Assert;
 import org.testng.annotations.AfterClass;
--- a/test/java/util/jar/JarFile/mrjar/MultiReleaseJarIterators.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/util/jar/JarFile/mrjar/MultiReleaseJarIterators.java	Fri Jul 15 09:10:36 2016 -0700
@@ -43,8 +43,6 @@
 import java.util.stream.Collectors;
 import java.util.zip.ZipFile;
 
-import static java.util.jar.JarFile.Release;
-
 import org.testng.Assert;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
@@ -111,17 +109,17 @@
             testStream(jf, mrEntries);
         }
 
-        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Release.BASE)) {
+        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, JarFile.baseVersion())) {
             testEnumeration(jf, baseEntries);
             testStream(jf, baseEntries);
         }
 
-        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Release.VERSION_9)) {
+        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Runtime.Version.parse("9"))) {
             testEnumeration(jf, v9Entries);
             testStream(jf, v9Entries);
         }
 
-        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Release.RUNTIME)) {
+        try (JarFile jf = new JarFile(multirelease, true, ZipFile.OPEN_READ, Runtime.version())) {
             Map<String,JarEntry> expectedEntries;
             switch (MAJOR_VERSION) {
                 case 9:
@@ -147,17 +145,17 @@
             testStream(jf, uvEntries);
         }
 
-        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, Release.BASE)) {
+        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, JarFile.baseVersion())) {
             testEnumeration(jf, uvEntries);
             testStream(jf, uvEntries);
         }
 
-        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, Release.VERSION_9)) {
+        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, Runtime.Version.parse("9"))) {
             testEnumeration(jf, uvEntries);
             testStream(jf, uvEntries);
         }
 
-        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, Release.RUNTIME)) {
+        try (JarFile jf = new JarFile(unversioned, true, ZipFile.OPEN_READ, Runtime.version())) {
             testEnumeration(jf, uvEntries);
             testStream(jf, uvEntries);
         }
--- a/test/java/util/jar/JarFile/mrjar/MultiReleaseJarProperties.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/util/jar/JarFile/mrjar/MultiReleaseJarProperties.java	Fri Jul 15 09:10:36 2016 -0700
@@ -60,11 +60,10 @@
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 
+
 public class MultiReleaseJarProperties {
+    final static int BASE_VERSION = JarFile.baseVersion().major();
 
-    static final int MAJOR_VERSION = Runtime.version().major();
-
-    final static int ROOTVERSION = 8; // magic number from knowledge of internals
     final static String userdir = System.getProperty("user.dir", ".");
     final static File multirelease = new File(userdir, "multi-release.jar");
     protected int rtVersion;
@@ -77,15 +76,15 @@
         CreateMultiReleaseTestJars creator =  new CreateMultiReleaseTestJars();
         creator.compileEntries();
         creator.buildMultiReleaseJar();
-
-        rtVersion = Integer.getInteger("jdk.util.jar.version", MAJOR_VERSION);
+        int RUNTIME_VERSION = Runtime.version().major();
+        rtVersion = Integer.getInteger("jdk.util.jar.version", RUNTIME_VERSION);
         String mrprop = System.getProperty("jdk.util.jar.enableMultiRelease", "");
         if (mrprop.equals("false")) {
-            rtVersion = ROOTVERSION;
-        } else if (rtVersion < ROOTVERSION) {
-            rtVersion = ROOTVERSION;
-        } else if (rtVersion > MAJOR_VERSION) {
-            rtVersion = MAJOR_VERSION;
+            rtVersion = BASE_VERSION;
+        } else if (rtVersion < BASE_VERSION) {
+            rtVersion = BASE_VERSION;
+        } else if (rtVersion > RUNTIME_VERSION) {
+            rtVersion = RUNTIME_VERSION;
         }
         force = mrprop.equals("force");
 
@@ -135,7 +134,7 @@
                     if (force) throw x;
                 }
             }
-            invokeMethod(vcls, force ? rtVersion : ROOTVERSION);
+            invokeMethod(vcls, force ? rtVersion : BASE_VERSION);
         }
     }
 
--- a/test/java/util/jar/JarFile/mrjar/MultiReleaseJarSecurity.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/util/jar/JarFile/mrjar/MultiReleaseJarSecurity.java	Fri Jul 15 09:10:36 2016 -0700
@@ -70,7 +70,7 @@
 
     @Test
     public void testCertsAndSigners() throws IOException {
-        try (JarFile jf = new JarFile(signedmultirelease, true, ZipFile.OPEN_READ, JarFile.Release.RUNTIME)) {
+        try (JarFile jf = new JarFile(signedmultirelease, true, ZipFile.OPEN_READ, Runtime.version())) {
             CertsAndSigners vcas = new CertsAndSigners(jf, jf.getJarEntry("version/Version.class"));
             CertsAndSigners rcas = new CertsAndSigners(jf, jf.getJarEntry("META-INF/versions/" + MAJOR_VERSION + "/version/Version.class"));
             Assert.assertTrue(Arrays.equals(rcas.getCertificates(), vcas.getCertificates()));
--- a/test/java/util/logging/CheckLockLocationTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/java/util/logging/CheckLockLocationTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -30,13 +30,16 @@
  * @run  main/othervm CheckLockLocationTest
  */
 import java.io.File;
+import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.OutputStream;
 import java.nio.file.AccessDeniedException;
 import java.nio.file.FileSystemException;
 import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.nio.file.attribute.UserPrincipal;
+import java.util.UUID;
 import java.util.logging.FileHandler;
 public class CheckLockLocationTest {
 
@@ -78,7 +81,11 @@
         } catch (IOException ex) {
             throw new RuntimeException("Test failed: should have been able"
                     + " to create FileHandler for " + "%t/" + WRITABLE_DIR
-                    + "/log.log in writable directory.", ex);
+                    + "/log.log in writable directory"
+                    + (!writableDir.canRead() // concurrent tests running or user conf issue?
+                        ? ": directory not readable.\n\tPlease check your "
+                         + "environment and machine configuration."
+                        : "."), ex);
         } finally {
             // the above test leaves files in the directory.  Get rid of the
             // files created and the directory
@@ -149,8 +156,41 @@
                     + " writable working directory "
                     + writableDir.getAbsolutePath() );
         }
+
+        if (!writableDir.canRead()) {
+            throw new RuntimeException("Test setup failed: can't read "
+                    + " writable working directory "
+                    + writableDir.getAbsolutePath() );
+        }
+
         // writableDirectory and its contents will be deleted after the test
-        // that uses it
+        // that uses it.
+
+        // check that we can write in the new writable dir.
+        File dummyFile = new File(writableDir, UUID.randomUUID().toString() + ".txt" );
+        try {
+            if (!dummyFile.createNewFile()) {
+                throw new RuntimeException("Test setup failed: can't create "
+                        + " dummy file in writable working directory "
+                        + dummyFile.getAbsolutePath() );
+            }
+            try (OutputStream os = new FileOutputStream(dummyFile)) {
+                os.write('A');
+            } finally {
+                dummyFile.delete();
+            }
+            if (dummyFile.canRead()) {
+                throw new RuntimeException("Test setup failed: can't delete "
+                        + " dummy file in writable working directory "
+                        + dummyFile.getAbsolutePath() );
+            }
+            System.out.println("Successfully created and deleted dummy file: " +
+                dummyFile.getAbsolutePath());
+        } catch(IOException x) {
+            throw new RuntimeException("Test setup failed: can't write "
+                        + " or delete dummy file in writable working directory "
+                        + dummyFile.getAbsolutePath(), x);
+        }
 
         // Create a plain file which we will attempt to use as a directory
         // (%t/not-a-dir)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/util/logging/SystemLoggerConfigTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -0,0 +1,423 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.lang.ref.Reference;
+import java.security.Permission;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.Properties;
+import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.concurrent.atomic.AtomicLong;
+import java.util.logging.Handler;
+import java.util.logging.Level;
+import java.util.logging.LogManager;
+import java.util.logging.LogRecord;
+import java.util.logging.Logger;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import sun.util.logging.PlatformLogger;
+
+
+/**
+ * @test
+ * @bug     8159245
+ * @summary Tests configuration of loggers.
+ * @modules java.logging/sun.util.logging.internal java.base/sun.util.logging
+ * @run  main/othervm SystemLoggerConfigTest NOSECURITY
+ * @run  main/othervm SystemLoggerConfigTest WITHSECURITY
+ *
+ * @author danielfuchs
+ */
+public class SystemLoggerConfigTest {
+
+    static Logger createSystemLogger(String name) {
+        return sun.util.logging.internal.LoggingProviderImpl.getLogManagerAccess()
+                .demandLoggerFor(LogManager.getLogManager(), name,
+                                 Thread.class.getModule());
+    }
+
+    static PlatformLogger createPlatformLogger(String name) {
+        return PlatformLogger.getLogger(name);
+    }
+
+    private static void assertFalse(boolean value, String msg) {
+        assertEquals(false, value, msg);
+    }
+    private static void assertEquals(boolean expected, boolean actual, String msg) {
+        if (expected != actual) {
+            throw new AssertionError(msg+": expected: " + expected + " actual: " + actual);
+        }
+    }
+    private static void assertEquals(int expected, int actual, String msg) {
+        if (expected != actual) {
+            throw new AssertionError(msg+": expected: " + expected + " actual: " + actual);
+        }
+    }
+    private static void assertEquals(long expected, long actual, String msg) {
+        if (expected != actual) {
+            throw new AssertionError(msg+": expected: " + expected + " actual: " + actual);
+        }
+    }
+    private static void assertEquals(Object expected, Object actual, String msg) {
+        if (!Objects.equals(expected, actual)) {
+            throw new AssertionError(msg+": expected: " + expected + " actual: " + actual);
+        }
+    }
+
+    static class TestHandler extends Handler {
+        private final List<LogRecord> records = new CopyOnWriteArrayList<>();
+        public TestHandler() {
+            super();
+            setLevel(Level.ALL);
+        }
+
+        @Override
+        public void publish(LogRecord lr) {
+            records.add(lr);
+        }
+
+        public List<LogRecord> drain() {
+            List<LogRecord> list = new ArrayList<>(records);
+            records.clear();
+            return list;
+        }
+
+        public void close() {
+            records.clear();
+        }
+
+        public void flush() {
+        }
+
+    }
+
+    public static class TestHandler1 extends TestHandler {
+        final static AtomicLong COUNT = new AtomicLong();
+        public TestHandler1() {
+            COUNT.incrementAndGet();
+        }
+    }
+
+    public static class TestHandler2 extends TestHandler {
+        final static AtomicLong COUNT = new AtomicLong();
+        public TestHandler2() {
+            COUNT.incrementAndGet();
+        }
+    }
+
+    static enum TestCase { WITHSECURITY, NOSECURITY }
+
+    public static void main(String[] args) {
+        if (args == null || args.length == 0) {
+            args = Stream.of(TestCase.values())
+                    .map(String::valueOf)
+                    .collect(Collectors.toList())
+                    .toArray(new String[0]);
+        }
+        Stream.of(args)
+              .map(TestCase::valueOf)
+              .forEach(SystemLoggerConfigTest::launch);
+    }
+
+    public static void launch(TestCase test) {
+        switch(test) {
+            case WITHSECURITY:
+                Policy.setPolicy(new Policy() {
+                    @Override
+                    public boolean implies(ProtectionDomain domain, Permission permission) {
+                        return true;
+                    }
+                });
+                System.setSecurityManager(new SecurityManager());
+                break;
+            case NOSECURITY:
+                break;
+            default:
+                throw new InternalError("Unexpected enum: " + test);
+        }
+        try {
+            test(test.name(), ".1", ".child");
+            test(test.name(), ".2", "");
+            testUpdateConfiguration(test.name(), ".3");
+            testSetPlatformLevel(test.name(), ".4");
+        } catch (IOException io) {
+            throw new UncheckedIOException(io);
+        }
+    }
+
+    public static void test(String name, String step, String ext)
+            throws IOException {
+
+        System.out.println("\n*** Testing " + name + step + ext);
+
+        final String systemName1a = "system.logger.one.a." + name + step + ext;
+        final String systemName1b = "system.logger.one.b." + name + step + ext;
+        final String appName1a = "system.logger.one.a." + name + step;
+        final String appName1b = "system.logger.one.b." + name + step;
+        final String msg1a = "logger name: " + systemName1a;
+        final String msg1b = "logger name: " + systemName1b;
+        final String systemName2 = "system.logger.two." + name + step + ext;
+        final String appName2 = "system.logger.two." + name + step;
+        final String msg2 = "logger name: " + systemName2;
+        final String systemName3 = "system.logger.three." + name + step + ext;
+        final String appName3 = "system.logger.three." + name + step;
+        final String msg3 = "logger name: " + systemName3;
+        List<LogRecord> records;
+
+        System.out.println("\n[Case #1] Creating platform logger: " + systemName1a);
+        PlatformLogger system1a = createPlatformLogger(systemName1a);
+        System.out.println("    Creating platform logger: " + systemName1b);
+        PlatformLogger system1b = createPlatformLogger(systemName1b);
+        System.out.println("    Adding handler on root logger...");
+        TestHandler test1 = new TestHandler();
+        Logger.getLogger("").addHandler(test1);
+
+        System.out.println("    Creating and configuring app logger: " + appName1a
+                + ", " + appName1b);
+        Logger app1a = Logger.getLogger(appName1a);
+        app1a.setLevel(Level.INFO);
+        Logger app1b = Logger.getLogger(appName1b);
+        app1b.setLevel(Level.INFO);
+        assertFalse(system1a.isLoggable(PlatformLogger.Level.FINEST),
+                "Unexpected level for " + system1a);
+        System.out.println("    Configuring root logger...");
+        Logger.getLogger("").setLevel(Level.FINEST);
+        System.out.println("    Logging through system logger: " + systemName1a);
+        system1a.finest(msg1a);
+        Reference.reachabilityFence(app1a);
+        records = test1.drain();
+        assertEquals(0, records.size(), "Unexpected size for " + records.toString());
+        System.out.println("    Logging through system logger: " + systemName1b);
+        system1b.finest(msg1b);
+        Reference.reachabilityFence(app1b);
+        records = test1.drain();
+        assertEquals(0, records.size(), "Unexpected size for " + records.toString());
+        Logger.getLogger("system.logger.one.a").finest("system.logger.one.a");
+        records = test1.drain();
+        assertEquals("system.logger.one.a", records.get(0).getMessage(), "Unexpected message: ");
+        Logger.getLogger("").setLevel(Level.INFO);
+        Logger.getLogger("system.logger.one.a").finest("system.logger.one.a");
+        records = test1.drain();
+        assertEquals(0, records.size(), "Unexpected size for " + records.toString());
+
+        Reference.reachabilityFence(system1a);
+        Reference.reachabilityFence(system1b);
+
+        System.out.println("\n[Case #2] Creating system logger: " + systemName2);
+        Logger system2 = createSystemLogger(systemName2);
+        System.out.println("    Creating app logger: " + appName2);
+        Logger app2 = Logger.getLogger(appName2);
+        System.out.println("    Configuring app logger...");
+        TestHandler test2 = new TestHandler();
+        app2.setLevel(Level.ALL);
+        app2.setUseParentHandlers(false);
+        app2.addHandler(test2);
+        System.out.println("    Logging through system logger: " + systemName2);
+        system2.finest(msg2);
+        records = test2.drain();
+        assertEquals(1, records.size(), "Unexpected size for " + records.toString());
+        assertEquals(msg2, records.get(0).getMessage(), "Unexpected message: ");
+        records = test1.drain();
+        assertEquals(0, records.size(), "Unexpected size for " + records.toString());
+
+        Reference.reachabilityFence(app2);
+        Reference.reachabilityFence(system2);
+
+        System.out.println("\n[Case #3] Creating app logger: " + appName3);
+        Logger app3 = Logger.getLogger(appName3);
+        System.out.println("    Configuring app logger...");
+        TestHandler test3 = new TestHandler();
+        app3.setLevel(Level.ALL);
+        app3.setUseParentHandlers(false);
+        app3.addHandler(test3);
+        System.out.println("    Creating system logger: " + systemName3);
+        Logger system3 = createSystemLogger(systemName3);
+        System.out.println("    Logging through system logger: " + systemName3);
+        system3.finest(msg3);
+        records = test3.drain();
+        assertEquals(1, records.size(), "Unexpected size for " + records.toString());
+        assertEquals(msg3, records.get(0).getMessage(), "Unexpected message: ");
+        records = test1.drain();
+        assertEquals(0, records.size(), "Unexpected size for " + records.toString());
+
+        Reference.reachabilityFence(app3);
+        Reference.reachabilityFence(system3);
+        System.gc();
+
+    }
+
+    @SuppressWarnings("deprecated")
+    static void setPlatformLevel(PlatformLogger logger, PlatformLogger.Level level) {
+        logger.setLevel(level);
+    }
+
+    public static void testSetPlatformLevel(String name, String step) {
+        System.out.println("\n*** Testing PlatformLogger.setLevel " + name + step);
+
+        System.out.println("\n[Case #5] Creating app logger: " + name + step);
+        // this should return named logger in the global context
+        Logger foo = Logger.getLogger(name + step);
+        foo.setLevel(Level.FINE);
+
+        System.out.println("    Creating platform logger: " + name + step);
+        PlatformLogger foo1 = PlatformLogger.getLogger(name + step);
+        System.out.println("    Configuring platform logger...");
+        setPlatformLevel(foo1, PlatformLogger.Level.INFO);
+
+        System.out.println("    Checking levels...");
+        assertEquals(foo.getName(), foo1.getName(), "Bad logger names");
+         // both logger share the same config
+        assertEquals(foo.getLevel(), Level.INFO, "Bad level for user logger");
+        assertEquals(foo1.level(), PlatformLogger.Level.INFO,
+                "Bad level for platform logger");
+
+    }
+
+    static void updateConfiguration(Properties props) throws IOException {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        props.store(baos, "");
+        ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
+        LogManager.getLogManager().updateConfiguration(bais, (k) -> (o,n) -> n != null ? n : o);
+    }
+
+    static void readConfiguration(Properties props) throws IOException {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        props.store(baos, "");
+        ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
+        LogManager.getLogManager().readConfiguration(bais);
+    }
+
+    // Tests that though two loggers exist, only one handler is created for the
+    // pair when reading configuration.
+    //
+    public static void testUpdateConfiguration(String name, String step) throws IOException {
+
+        System.out.println("\n*** Testing LogManager.updateConfiguration " + name + step);
+
+        final String name1a = "system.logger.one.a." + name + step;
+        final String name1b = "system.logger.one.b." + name + step;
+        final String msg1a = "logger name: " + name1a;
+        final String msg1b = "logger name: " + name1b;
+        List<LogRecord> records;
+
+        TestHandler1.COUNT.set(0);
+        TestHandler2.COUNT.set(0);
+        Properties props = new Properties();
+        props.setProperty(name1a+".handlers", TestHandler1.class.getName());
+        updateConfiguration(props);
+        assertEquals(0, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        assertEquals(0, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        System.out.println("\n[Case #4] Creating app logger: " + name1a);
+        Logger app1a = Logger.getLogger(name1a);
+        System.out.println("    Configuring app logger...");
+        TestHandler test1 = new TestHandler();
+        app1a.setLevel(Level.ALL);
+        app1a.setUseParentHandlers(false);
+        app1a.addHandler(test1);
+        assertEquals(1, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        assertEquals(0, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        System.out.println("    Creating system logger: " + name1a);
+        Logger system1a = createSystemLogger(name1a);
+        assertEquals(Level.ALL, system1a.getLevel(), "Bad level for system logger " + name1a);
+        System.out.println("    Logging through system logger: " + name1a);
+        system1a.finest(msg1a);
+        records = test1.drain();
+        assertEquals(1, records.size(), "Unexpected size for " + records.toString());
+        assertEquals(msg1a, records.get(0).getMessage(), "Unexpected message: ");
+        records = test1.drain();
+        assertEquals(0, records.size(), "Unexpected size for " + records.toString());
+
+        assertEquals(1, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        assertEquals(0, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        props.setProperty(name1a+".handlers", TestHandler2.class.getName());
+        updateConfiguration(props);
+
+        assertEquals(1, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        assertEquals(1, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        updateConfiguration(props);
+
+        assertEquals(1, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        assertEquals(1, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        readConfiguration(props);
+
+        assertEquals(1, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        // readConfiguration reset handlers but does not recreate them
+        assertEquals(1, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        updateConfiguration(props);
+
+        assertEquals(1, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        assertEquals(1, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        LogManager.getLogManager().reset();
+        updateConfiguration(props);
+
+        assertEquals(1, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        assertEquals(2, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        props.setProperty(name1a+".handlers",
+                TestHandler2.class.getName() + "," + TestHandler1.class.getName());
+        updateConfiguration(props);
+
+        assertEquals(2, TestHandler1.COUNT.get(), "Bad instance count for "
+                + TestHandler1.class.getName());
+        assertEquals(3, TestHandler2.COUNT.get(), "Bad instance count for "
+                + TestHandler2.class.getName());
+
+        Reference.reachabilityFence(app1a);
+        Reference.reachabilityFence(system1a);
+
+        LogManager.getLogManager().readConfiguration();
+        System.gc();
+    }
+
+
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/util/zip/InflaterInputStream/TestAvailable.java	Fri Jul 15 09:10:36 2016 -0700
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @library /lib/testlibrary/
+ * @build jdk.testlibrary.*
+ * @run main TestAvailable
+ * @bug 7031075 8161426
+ * @summary Make sure that available() method behaves as expected.
+ * @key randomness
+ */
+
+import java.io.*;
+import java.util.Random;
+import java.util.zip.*;
+import jdk.testlibrary.RandomFactory;
+
+public class TestAvailable {
+
+    public static void main(String args[]) throws Throwable {
+        Random r = RandomFactory.getRandom();
+        for (int n = 0; n < 10; n++) {
+            byte[] src = new byte[r.nextInt(100) + 1];
+            r.nextBytes(src);
+            // test InflaterInputStream
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            try (DeflaterOutputStream dos = new DeflaterOutputStream(baos)) {
+                dos.write(src);
+            }
+            try (InflaterInputStream iis = new InflaterInputStream(
+                   new ByteArrayInputStream(baos.toByteArray()))) {
+                test(iis, src);
+            }
+
+            // test GZIPInputStream
+            baos = new ByteArrayOutputStream();
+            try (GZIPOutputStream dos = new GZIPOutputStream(baos)) {
+                dos.write(src);
+            }
+            try (GZIPInputStream gis = new GZIPInputStream(
+                   new ByteArrayInputStream(baos.toByteArray()))) {
+                test(gis, src);
+            }
+        }
+    }
+
+    private static void test(InputStream is, byte[] expected) throws IOException {
+        int cnt = 0;
+        do {
+            int available = is.available();
+            if (available > 0) {
+                int b = is.read();
+                if (b == -1) {
+                    throw new RuntimeException("available() > 0, read() == -1 : failed!");
+                }
+                if (expected[cnt++] != (byte)b) {
+                    throw new RuntimeException("read() : failed!");
+                }
+            } else if (available == 0) {
+                if (is.read() != -1) {
+                    throw new RuntimeException("available() == 0, read() != -1 : failed!");
+                }
+                break;
+            } else {
+                throw new RuntimeException("available() < 0 : failed!");
+            }
+        } while (true);
+        if (cnt != expected.length) {
+            throw new RuntimeException("read : failed!");
+        }
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/ciphersuites/ECCurvesconstraints.java	Fri Jul 15 09:10:36 2016 -0700
@@ -0,0 +1,408 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8148516
+ * @summary Improve the default strength of EC in JDK
+ * @run main/othervm ECCurvesconstraints PKIX
+ * @run main/othervm ECCurvesconstraints SunX509
+ */
+
+import java.net.*;
+import java.util.*;
+import java.io.*;
+import javax.net.ssl.*;
+import java.security.Security;
+import java.security.KeyStore;
+import java.security.KeyFactory;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.spec.*;
+import java.security.interfaces.*;
+import java.util.Base64;
+
+
+public class ECCurvesconstraints {
+
+    /*
+     * =============================================================
+     * Set the various variables needed for the tests, then
+     * specify what tests to run on each side.
+     */
+
+    /*
+     * Should we run the client or server in a separate thread?
+     * Both sides can throw exceptions, but do you have a preference
+     * as to which side should be the main thread.
+     */
+    static boolean separateServerThread = false;
+
+    /*
+     * Where do we find the keystores?
+     */
+    // Certificates and key used in the test.
+    //
+    // EC curve: secp224k1
+    static String trustedCertStr =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBCzCBugIEVz2lcjAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA93d3cuZXhhbXBs\n" +
+        "ZS5vcmcwHhcNMTYwNTE5MTEzNzM5WhcNMTcwNTE5MTEzNzM5WjAaMRgwFgYDVQQD\n" +
+        "DA93d3cuZXhhbXBsZS5vcmcwTjAQBgcqhkjOPQIBBgUrgQQAIAM6AAT68uovMZ8f\n" +
+        "KARn5NOjvieJaq6h8zHYkM9w5DuN0kkOo4KBhke06EkQj0nvQQcSvppTV6RoDLY4\n" +
+        "djAKBggqhkjOPQQDAgNAADA9AhwMNIujM0R0llpPH6d89d1S3VRGH/78ovc+zw51\n" +
+        "Ah0AuZ1YlQkUbrJIzkuPSICxz5UfCWPe+7w4as+wiA==\n" +
+        "-----END CERTIFICATE-----";
+
+    // Private key in the format of PKCS#8
+    static String targetPrivateKey =
+        "MIGCAgEAMBAGByqGSM49AgEGBSuBBAAgBGswaQIBAQQdAPbckc86mgW/zexB1Ajq\n" +
+        "38HntWOjdxL6XSoiAsWgBwYFK4EEACChPAM6AAT68uovMZ8fKARn5NOjvieJaq6h\n" +
+        "8zHYkM9w5DuN0kkOo4KBhke06EkQj0nvQQcSvppTV6RoDLY4dg==";
+
+    static String[] serverCerts = {trustedCertStr};
+    static String[] serverKeys  = {targetPrivateKey};
+    static String[] clientCerts = {trustedCertStr};
+    static String[] clientKeys  = {targetPrivateKey};
+
+    static char passphrase[] = "passphrase".toCharArray();
+
+    /*
+     * Is the server ready to serve?
+     */
+    volatile static boolean serverReady = false;
+
+    /*
+     * Turn on SSL debugging?
+     */
+    static boolean debug = false;
+
+    /*
+     * Define the server side of the test.
+     *
+     * If the server prematurely exits, serverReady will be set to true
+     * to avoid infinite hangs.
+     */
+    void doServerSide() throws Exception {
+        SSLContext context = generateSSLContext(false);
+        SSLServerSocketFactory sslssf = context.getServerSocketFactory();
+        SSLServerSocket sslServerSocket =
+            (SSLServerSocket)sslssf.createServerSocket(serverPort);
+        serverPort = sslServerSocket.getLocalPort();
+
+        /*
+         * Signal Client, we're ready for his connect.
+         */
+        serverReady = true;
+
+        SSLSocket sslSocket = (SSLSocket)sslServerSocket.accept();
+        try {
+            sslSocket.setSoTimeout(5000);
+            sslSocket.setSoLinger(true, 5);
+
+            InputStream sslIS = sslSocket.getInputStream();
+            OutputStream sslOS = sslSocket.getOutputStream();
+
+            sslIS.read();
+            sslOS.write('A');
+            sslOS.flush();
+
+            throw new Exception("EC curve secp224k1 should be disabled");
+        } catch (SSLHandshakeException she) {
+            // expected exception: no cipher suites in common
+            System.out.println("Expected exception: " + she);
+        } finally {
+            sslSocket.close();
+            sslServerSocket.close();
+        }
+    }
+
+    /*
+     * Define the client side of the test.
+     *
+     * If the server prematurely exits, serverReady will be set to true
+     * to avoid infinite hangs.
+     */
+    void doClientSide() throws Exception {
+
+        /*
+         * Wait for server to get started.
+         */
+        while (!serverReady) {
+            Thread.sleep(50);
+        }
+
+        SSLContext context = generateSSLContext(true);
+        SSLSocketFactory sslsf = context.getSocketFactory();
+
+        SSLSocket sslSocket =
+            (SSLSocket)sslsf.createSocket("localhost", serverPort);
+
+        try {
+            sslSocket.setSoTimeout(5000);
+            sslSocket.setSoLinger(true, 5);
+
+            InputStream sslIS = sslSocket.getInputStream();
+            OutputStream sslOS = sslSocket.getOutputStream();
+
+            sslOS.write('B');
+            sslOS.flush();
+            sslIS.read();
+
+            throw new Exception("EC curve secp224k1 should be disabled");
+        } catch (SSLHandshakeException she) {
+            // expected exception: Received fatal alert
+            System.out.println("Expected exception: " + she);
+        } finally {
+            sslSocket.close();
+        }
+    }
+
+    /*
+     * =============================================================
+     * The remainder is just support stuff
+     */
+    private static String tmAlgorithm;             // trust manager
+
+    private static void parseArguments(String[] args) {
+        tmAlgorithm = args[0];
+    }
+
+    private static SSLContext generateSSLContext(boolean isClient)
+            throws Exception {
+
+        // generate certificate from cert string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+        // create a key store
+        KeyStore ks = KeyStore.getInstance("JKS");
+        ks.load(null, null);
+
+        // import the trused cert
+        ByteArrayInputStream is =
+                    new ByteArrayInputStream(trustedCertStr.getBytes());
+        Certificate trusedCert = cf.generateCertificate(is);
+        is.close();
+
+        ks.setCertificateEntry("Export Signer", trusedCert);
+
+        String[] certStrs = null;
+        String[] keyStrs = null;
+        if (isClient) {
+            certStrs = clientCerts;
+            keyStrs = clientKeys;
+        } else {
+            certStrs = serverCerts;
+            keyStrs = serverKeys;
+        }
+
+        for (int i = 0; i < certStrs.length; i++) {
+            // generate the private key.
+            String keySpecStr = keyStrs[i];
+            PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
+                                Base64.getMimeDecoder().decode(keySpecStr));
+            KeyFactory kf = KeyFactory.getInstance("EC");
+            ECPrivateKey priKey =
+                    (ECPrivateKey)kf.generatePrivate(priKeySpec);
+
+            // generate certificate chain
+            String keyCertStr = certStrs[i];
+            is = new ByteArrayInputStream(keyCertStr.getBytes());
+            Certificate keyCert = cf.generateCertificate(is);
+            is.close();
+
+            Certificate[] chain = new Certificate[2];
+            chain[0] = keyCert;
+            chain[1] = trusedCert;
+
+            // import the key entry.
+            ks.setKeyEntry("key-entry-" + i, priKey, passphrase, chain);
+        }
+
+        // create SSL context
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
+        tmf.init(ks);
+
+        SSLContext ctx = SSLContext.getInstance("TLS");
+        KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
+        kmf.init(ks, passphrase);
+
+        ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+        ks = null;
+
+        return ctx;
+    }
+
+    // use any free port by default
+    volatile int serverPort = 0;
+
+    volatile Exception serverException = null;
+    volatile Exception clientException = null;
+
+    public static void main(String[] args) throws Exception {
+        if (debug) {
+            System.setProperty("javax.net.debug", "all");
+        }
+
+        /*
+         * Get the customized arguments.
+         */
+        parseArguments(args);
+
+        /*
+         * Start the tests.
+         */
+        new ECCurvesconstraints();
+    }
+
+    Thread clientThread = null;
+    Thread serverThread = null;
+
+    /*
+     * Primary constructor, used to drive remainder of the test.
+     *
+     * Fork off the other side, then do your work.
+     */
+    ECCurvesconstraints() throws Exception {
+        try {
+            if (separateServerThread) {
+                startServer(true);
+                startClient(false);
+            } else {
+                startClient(true);
+                startServer(false);
+            }
+        } catch (Exception e) {
+            // swallow for now.  Show later
+        }
+
+        /*
+         * Wait for other side to close down.
+         */
+        if (separateServerThread) {
+            serverThread.join();
+        } else {
+            clientThread.join();
+        }
+
+        /*
+         * When we get here, the test is pretty much over.
+         * Which side threw the error?
+         */
+        Exception local;
+        Exception remote;
+        String whichRemote;
+
+        if (separateServerThread) {
+            remote = serverException;
+            local = clientException;
+            whichRemote = "server";
+        } else {
+            remote = clientException;
+            local = serverException;
+            whichRemote = "client";
+        }
+
+        /*
+         * If both failed, return the curthread's exception, but also
+         * print the remote side Exception
+         */
+        if ((local != null) && (remote != null)) {
+            System.out.println(whichRemote + " also threw:");
+            remote.printStackTrace();
+            System.out.println();
+            throw local;
+        }
+
+        if (remote != null) {
+            throw remote;
+        }
+
+        if (local != null) {
+            throw local;
+        }
+    }
+
+    void startServer(boolean newThread) throws Exception {
+        if (newThread) {
+            serverThread = new Thread() {
+                public void run() {
+                    try {
+                        doServerSide();
+                    } catch (Exception e) {
+                        /*
+                         * Our server thread just died.
+                         *
+                         * Release the client, if not active already...
+                         */
+                        System.err.println("Server died, because of " + e);
+                        serverReady = true;
+                        serverException = e;
+                    }
+                }
+            };
+            serverThread.start();
+        } else {
+            try {
+                doServerSide();
+            } catch (Exception e) {
+                serverException = e;
+            } finally {
+                serverReady = true;
+            }
+        }
+    }
+
+    void startClient(boolean newThread) throws Exception {
+        if (newThread) {
+            clientThread = new Thread() {
+                public void run() {
+                    try {
+                        doClientSide();
+                    } catch (Exception e) {
+                        /*
+                         * Our client thread just died.
+                         */
+                        System.err.println("Client died, because of " + e);
+                        clientException = e;
+                    }
+                }
+            };
+            clientThread.start();
+        } else {
+            try {
+                doClientSide();
+            } catch (Exception e) {
+                clientException = e;
+            }
+        }
+    }
+}
--- a/test/sun/net/www/protocol/jar/MultiReleaseJarURLConnection.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/sun/net/www/protocol/jar/MultiReleaseJarURLConnection.java	Fri Jul 15 09:10:36 2016 -0700
@@ -132,12 +132,12 @@
         URL rootUrl = new URL(urlFile);
         JarURLConnection juc = (JarURLConnection)rootUrl.openConnection();
         JarFile rootJar = juc.getJarFile();
-        JarFile.Release root = rootJar.getVersion();
+        Runtime.Version root = rootJar.getVersion();
 
         URL runtimeUrl = new URL(urlFile + "#runtime");
         juc = (JarURLConnection)runtimeUrl.openConnection();
         JarFile runtimeJar = juc.getJarFile();
-        JarFile.Release runtime = runtimeJar.getVersion();
+        Runtime.Version runtime = runtimeJar.getVersion();
         if (style.equals("unversioned")) {
             Assert.assertEquals(root, runtime);
         } else {
--- a/test/sun/security/ec/TestEC.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/sun/security/ec/TestEC.java	Fri Jul 15 09:10:36 2016 -0700
@@ -36,7 +36,7 @@
  * @library ../../../java/security/testlibrary
  * @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper
  * @compile -XDignore.symbol.file TestEC.java
- * @run main/othervm TestEC
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
  */
 
 import java.security.NoSuchProviderException;
--- a/test/sun/security/pkcs11/fips/ImportKeyStore.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/sun/security/pkcs11/fips/ImportKeyStore.java	Fri Jul 15 09:10:36 2016 -0700
@@ -37,7 +37,7 @@
 modutil -create -dbdir .
 modutil -changepw "NSS Internal PKCS #11 Module" -dbdir .
 
-$JHOME/bin/keytool -list -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerarg "--name=NSS\nnssSecmodDirectory=." -v -storepass test12
+$JHOME/bin/keytool -list -storetype PKCS11 -addprovider SunPKCS11 -providerarg "--name=NSS\nnssSecmodDirectory=." -v -storepass test12
 
 modutil -fips true -dbdir .
 
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java	Fri Jul 15 09:10:36 2016 -0700
@@ -33,8 +33,10 @@
  * @author Andreas Sterbenz
  * @library ..
  * @library ../../../../java/security/testlibrary
- * @run main/othervm ClientJSSEServerJSSE
- * @run main/othervm ClientJSSEServerJSSE sm policy
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ *      ClientJSSEServerJSSE
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ *      ClientJSSEServerJSSE sm policy
  */
 
 import java.security.Provider;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/jarsigner/AltProvider.java	Fri Jul 15 09:10:36 2016 -0700
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 4906940 8130302
+ * @summary -providerPath, -providerClass, -addprovider, and -providerArg
+ * @library /lib/testlibrary /test/lib/share/classes
+ * @modules java.base/jdk.internal.misc
+ */
+
+import jdk.test.lib.JDKToolLauncher;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+import jdk.testlibrary.JarUtils;
+
+import java.nio.file.*;
+
+public class AltProvider {
+
+    private static final String TEST_SRC =
+            Paths.get(System.getProperty("test.src")).toString();
+
+    private static final Path MOD_SRC_DIR = Paths.get(TEST_SRC, "alt");
+    private static final Path MOD_DEST_DIR = Paths.get("mods");
+
+    private static final String ktCommand = "-keystore x.jks " +
+            "-storepass changeit -storetype dummyks -list -debug";
+
+    private static final String jsCommand = "-keystore x.jks " +
+            "-storepass changeit -storetype dummyks -debug x.jar x";
+
+    public static void main(String[] args) throws Throwable {
+
+        // Compile the provider
+        CompilerUtils.compile(
+                MOD_SRC_DIR, MOD_DEST_DIR,
+                "-modulesourcepath",
+                MOD_SRC_DIR.toString());
+
+        // Create a keystore
+        tool("keytool", "-keystore x.jks -storetype jks -genkeypair" +
+                " -storepass changeit -keypass changeit -alias x -dname CN=X")
+                .shouldHaveExitValue(0);
+
+        // Create a jar file
+        JarUtils.createJar("x.jar", "x.jks");
+
+        // Test starts here
+
+        // Without new provider
+        testBoth("", 1, "DUMMYKS not found");
+
+        // legacy use (-providerPath only supported by keytool)
+        testKeytool("-providerPath mods/test.dummy " +
+                "-providerClass org.test.dummy.DummyProvider -providerArg full",
+                0, "loadProviderByClass: org.test.dummy.DummyProvider");
+
+        // legacy, on classpath
+        testBoth("-J-cp -Jmods/test.dummy " +
+                "-providerClass org.test.dummy.DummyProvider -providerArg full",
+                0, "loadProviderByClass: org.test.dummy.DummyProvider");
+
+        // Wrong name
+        testBoth("-J-cp -Jmods/test.dummy " +
+                "-providerClass org.test.dummy.Dummy -providerArg full",
+                1, "Provider \"org.test.dummy.Dummy\" not found");
+
+        // Not a provider name
+        testBoth("-J-cp -Jmods/test.dummy " +
+                "-providerClass java.lang.Object -providerArg full",
+                1, "java.lang.Object not a provider");
+
+        // without arg
+        testBoth("-J-cp -Jmods/test.dummy " +
+                "-providerClass org.test.dummy.DummyProvider",
+                1, "DUMMYKS not found");
+
+        // old -provider still works
+        testBoth("-J-cp -Jmods/test.dummy " +
+                "-provider org.test.dummy.DummyProvider -providerArg full",
+                0, "loadProviderByClass: org.test.dummy.DummyProvider");
+
+        // name in a module
+        testBoth("-J-mp -Jmods " +
+                "-addprovider Dummy -providerArg full",
+                0, "loadProviderByName: Dummy");
+
+        // -providerClass does not work
+        testBoth("-J-mp -Jmods " +
+                "-providerClass org.test.dummy.DummyProvider -providerArg full",
+                1, "Provider \"org.test.dummy.DummyProvider\" not found");
+
+        // -addprovider with class does not work
+        testBoth("-J-mp -Jmods " +
+                "-addprovider org.test.dummy.DummyProvider -providerArg full",
+                1, "Provider named \"org.test.dummy.DummyProvider\" not found");
+
+        // -addprovider without arg does not work
+        testBoth("-J-mp -Jmods " +
+                "-addprovider Dummy",
+                1, "DUMMYKS not found");
+    }
+
+    // Test both tools with the same extra options
+    private static void testBoth(String args, int exitValue, String contains)
+            throws Throwable {
+        testKeytool(args, exitValue, contains);
+        testJarsigner(args, exitValue, contains);
+    }
+
+    // Test keytool with extra options and check exitValue and output
+    private static void testKeytool(String args, int exitValue, String contains)
+            throws Throwable {
+        tool("keytool", ktCommand + " " + args)
+                .shouldHaveExitValue(exitValue)
+                .shouldContain(contains);
+    }
+
+    // Test jarsigner with extra options and check exitValue and output
+    private static void testJarsigner(String args, int exitValue, String contains)
+            throws Throwable {
+        tool("jarsigner", jsCommand + " " + args)
+                .shouldHaveExitValue(exitValue)
+                .shouldContain(contains);
+    }
+
+    // Launch a tool with args (space separated string)
+    private static OutputAnalyzer tool(String tool, String args)
+            throws Throwable {
+        JDKToolLauncher l = JDKToolLauncher.createUsingTestJDK(tool);
+        for (String a: args.split("\\s+")) {
+            if (a.startsWith("-J")) {
+                l.addVMArg(a.substring(2));
+            } else {
+                l.addToolArg(a);
+            }
+        }
+        return ProcessTools.executeCommand(l.getCommand());
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/jarsigner/alt/test.dummy/module-info.java	Fri Jul 15 09:10:36 2016 -0700
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+module test.dummy {
+    provides java.security.Provider with org.test.dummy.DummyProvider;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/jarsigner/alt/test.dummy/org/test/dummy/DummyProvider.java	Fri Jul 15 09:10:36 2016 -0700
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package org.test.dummy;
+
+import java.security.*;
+
+public class DummyProvider extends Provider {
+    public DummyProvider() {
+        super("Dummy", 0.1, "Dummy Provider with nothing");
+    }
+
+    @Override
+    public Provider configure(String configArg) {
+        return new DummyProvider(configArg);
+    }
+
+    private DummyProvider(String arg) {
+        super("Dummy", 0.2, "Dummy Provider with " + arg);
+        //
+        // KeyStore
+        //
+        put("KeyStore.DummyKS", "sun.security.provider.JavaKeyStore$JKS");
+
+        //
+        // Signature engines
+        //
+        put("Signature.SHA1withDSA",
+            "sun.security.provider.DSA$SHA1withDSA");
+        put("Alg.Alias.Signature.DSA", "SHA1withDSA");
+
+        //
+        // Key Pair Generator engines
+        //
+        put("KeyPairGenerator.DSA",
+            "sun.security.provider.DSAKeyPairGenerator");
+
+        //
+        // Digest engines
+        //
+        put("MessageDigest.SHA", "sun.security.provider.SHA");
+        put("Alg.Alias.MessageDigest.SHA1", "SHA");
+
+        //
+        // Algorithm Parameter Generator engines
+        //
+        put("AlgorithmParameterGenerator.DSA",
+            "sun.security.provider.DSAParameterGenerator");
+
+        //
+        // Algorithm Parameter engines
+        //
+        put("AlgorithmParameters.DSA",
+            "sun.security.provider.DSAParameters");
+
+        //
+        // Key factories
+        //
+        put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
+
+        //
+        // Certificate factories
+        //
+        put("CertificateFactory.X.509",
+            "sun.security.provider.X509Factory");
+        put("Alg.Alias.CertificateFactory.X509", "X.509");
+    }
+}
--- a/test/sun/security/tools/keytool/AltProviderPath.sh	Fri Jul 15 12:36:15 2016 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,122 +0,0 @@
-#
-# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 4906940
-# @summary Add -providerPath option for keytool allowing one to specify
-#          an additional classpath to search for providers.
-# @author Andrew Fan
-#
-# @run build DummyProvider
-# @run shell AltProviderPath.sh
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    NULL=/dev/null
-    PS=":"
-    FS="/"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    PS=";"
-    FS="/"
-    ;;
-  Windows_* )
-    NULL=NUL
-    PS=";"
-    FS="\\"
-    ;;
-  * )
-    echo "Unrecognized operating system!"
-    exit 1;
-    ;;
-esac
-
-# the test code
-#genkey
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -genkey -v -alias dummyTestCA \
-    -keyalg "RSA" -keysize 1024 -sigalg "ShA1WithRSA" \
-    -dname "cn=Dummy Test CA, ou=JSN, o=JavaSoft, c=US" -validity 3650 \
-    -keypass storepass -keystore keystoreCA.dks -storepass storepass \
-    -storetype "dummyks" -provider "org.test.dummy.DummyProvider" \
-    -providerPath ${TESTCLASSES}
-
-if [ $? -ne 0 ]; then
-    exit 1
-fi
-
-#Change keystore password
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepasswd -new storepass2 \
-    -keystore keystoreCA.dks -storetype "dummyks" -storepass storepass \
-    -provider "org.test.dummy.DummyProvider" -providerPath ${TESTCLASSES}
-
-if [ $? -ne 0 ]; then
-    exit 1
-fi
-
-
-#Change keystore key password
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -keypasswd -alias "dummyTestCA" \
-    -keypass storepass -new keypass -keystore keystoreCA.dks \
-    -storetype "dummyks" -storepass storepass2 \
-    -provider "org.test.dummy.DummyProvider" -providerPath ${TESTCLASSES}
-
-if [ $? -ne 0 ]; then
-    exit 1
-fi
-
-#Export certificate
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -v -export -rfc -alias "dummyTestCA" \
-    -file "dummyTestCA.der" -keystore keystoreCA.dks -storetype "dummyks" \
-    -storepass storepass2 -provider "org.test.dummy.DummyProvider" \
-    -providerPath ${TESTCLASSES}
-
-if [ $? -ne 0 ]; then
-    exit 1
-fi
-
-#list keystore
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -v -list -keystore keystoreCA.dks \
-    -storetype "dummyks" -storepass storepass2 \
-    -provider "org.test.dummy.DummyProvider" -providerPath ${TESTCLASSES}
-
-if [ $? -ne 0 ]; then
-    exit 1
-fi
-
-exit 0
--- a/test/sun/security/tools/keytool/DummyProvider.java	Fri Jul 15 12:36:15 2016 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- *
- *
- * @bug 4906490
- * @summary Dummy security service provider.
- *          It is cited by the AltProviderPath.sh script.
- */
-package org.test.dummy;
-
-import java.util.*;
-import java.security.*;
-
-public class DummyProvider extends Provider {
-    public DummyProvider() {
-        super("Dummy", 0.1, "Dummy Provider");
-
-        //
-        // KeyStore
-        //
-        put("KeyStore.DummyKS", "sun.security.provider.JavaKeyStore$JKS");
-
-        //
-        // Signature engines
-        //
-        put("Signature.SHA1withDSA",
-            "sun.security.provider.DSA$SHA1withDSA");
-        put("Alg.Alias.Signature.DSA", "SHA1withDSA");
-
-        //
-        // Key Pair Generator engines
-        //
-        put("KeyPairGenerator.DSA",
-            "sun.security.provider.DSAKeyPairGenerator");
-
-        //
-        // Digest engines
-        //
-        put("MessageDigest.SHA", "sun.security.provider.SHA");
-        put("Alg.Alias.MessageDigest.SHA1", "SHA");
-
-        //
-        // Algorithm Parameter Generator engines
-        //
-        put("AlgorithmParameterGenerator.DSA",
-            "sun.security.provider.DSAParameterGenerator");
-
-        //
-        // Algorithm Parameter engines
-        //
-        put("AlgorithmParameters.DSA",
-            "sun.security.provider.DSAParameters");
-
-        //
-        // Key factories
-        //
-        put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
-
-        //
-        // Certificate factories
-        //
-        put("CertificateFactory.X.509",
-            "sun.security.provider.X509Factory");
-        put("Alg.Alias.CertificateFactory.X509", "X.509");
-    }
-}
--- a/test/sun/security/tools/keytool/KeyToolTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/sun/security/tools/keytool/KeyToolTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -82,8 +82,9 @@
 
     static final String NSS_P11_ARG =
             "-keystore NONE -storetype PKCS11 -providerName SunPKCS11-nss " +
-            "-providerClass sun.security.pkcs11.SunPKCS11 " +
+            "-addprovider SunPKCS11 " +
             "-providerArg p11-nss.txt ";
+    // Use -providerClass here, to confirm it still works for SunPKCS11.
     static final String NSS_SRC_P11_ARG =
             "-srckeystore NONE -srcstoretype PKCS11 " +
             "-srcproviderName SunPKCS11-nss " +
@@ -91,12 +92,12 @@
             "-providerArg p11-nss.txt ";
     static final String NZZ_P11_ARG =
             "-keystore NONE -storetype PKCS11 -providerName SunPKCS11-nzz " +
-            "-providerClass sun.security.pkcs11.SunPKCS11 " +
+            "-addprovider SunPKCS11 " +
             "-providerArg p11-nzz.txt ";
     static final String NZZ_SRC_P11_ARG =
             "-srckeystore NONE -srcstoretype PKCS11 " +
             "-srcproviderName SunPKCS11-nzz " +
-            "-providerClass sun.security.pkcs11.SunPKCS11 " +
+            "-addprovider SunPKCS11 " +
             "-providerArg p11-nzz.txt ";
     static final String SUN_P11_ARG = "-keystore NONE -storetype PKCS11 ";
     static final String SUN_SRC_P11_ARG =
@@ -1715,9 +1716,9 @@
         //  14. keytool -printcert -file cert
         testOK("", "-printcert -file cert -keystore x.jks -storetype JKS");
         remove("cert");
-        //  15. keytool -list -storepass password -provider sun.security.provider.Sun
+        //  15. keytool -list -storepass password -addprovider SUN
         testOK("", "-list -storepass password" +
-                " -provider sun.security.provider.Sun" +
+                " -addprovider SUN" +
                 " -keystore x.jks -storetype JKS");
 
         //Error tests
--- a/test/sun/security/tools/keytool/i18n.html	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/sun/security/tools/keytool/i18n.html	Fri Jul 15 09:10:36 2016 -0700
@@ -50,7 +50,7 @@
 <li>	keytool -import -v -file /tmp/cert -storepass password
 	Check error (Certificate reply and cert are the same)
 <li>	keytool -printcert -file /tmp/cert
-<li>	keytool -list -storepass password -provider sun.security.provider.Sun
+<li>	keytool -list -storepass password -addprovider SUN
 </ol>
 
 Error tests
@@ -93,19 +93,19 @@
 <ol>
 <li>	sccs edit cert8.db key3.db
 
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -genkey -alias genkey -dname cn=genkey -keysize 512 -keyalg rsa
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list -alias genkey
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -certreq -alias genkey -file genkey.certreq
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -export -alias genkey -file genkey.cert
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -genkey -alias genkey -dname cn=genkey -keysize 512 -keyalg rsa
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -list
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -list -alias genkey
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -certreq -alias genkey -file genkey.certreq
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -export -alias genkey -file genkey.cert
 <li>	keytool -printcert -file genkey.cert
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -selfcert -alias genkey -dname cn=selfCert
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -selfcert -alias genkey -dname cn=selfCert
 
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list -alias genkey -v
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -list -alias genkey -v
 (check that cert subject DN is [cn=selfCert])
 
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -delete -alias genkey
-<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -delete -alias genkey
+<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -addprovider SunPKCS11 -providerArg p11-nss.txt -list
 (check for empty database listing)
 
 <li>	sccs unedit cert8.db key3.db
--- a/test/sun/text/resources/JavaTimeSupplementaryTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/sun/text/resources/JavaTimeSupplementaryTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8159943
+ * @bug 8159943 8154797
  * @modules java.base/sun.util.locale.provider
  *          java.base/sun.util.resources
  *          jdk.localedata
@@ -65,6 +65,7 @@
         "field.",
         "islamic.",
         "roc.",
+        "timezone."
     };
 
     // All available locales for the COMPAT FormatData resource bundles
--- a/test/tools/jar/multiRelease/Basic.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/tools/jar/multiRelease/Basic.java	Fri Jul 15 09:10:36 2016 -0700
@@ -220,7 +220,7 @@
 
     private void checkMultiRelease(String jarFile, boolean expected) throws IOException {
         try (JarFile jf = new JarFile(new File(jarFile), true, ZipFile.OPEN_READ,
-                JarFile.Release.RUNTIME)) {
+                JarFile.runtimeVersion())) {
             assertEquals(jf.isMultiRelease(), expected);
         }
     }
--- a/test/tools/jlink/JLinkPluginsTest.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/tools/jlink/JLinkPluginsTest.java	Fri Jul 15 09:10:36 2016 -0700
@@ -75,5 +75,13 @@
             Path imageDir = helper.generateDefaultImage(userOptions, moduleName).assertSuccess();
             helper.checkImage(imageDir, moduleName, res, null);
         }
+        {
+            // Optimize Class.forName
+            String[] userOptions = {"--class-for-name"};
+            String moduleName = "classforname";
+            helper.generateDefaultJModule(moduleName, "composite2");
+            Path imageDir = helper.generateDefaultImage(userOptions, moduleName).assertSuccess();
+            helper.checkImage(imageDir, moduleName, null, null);
+        }
     }
 }
--- a/test/tools/launcher/Arrrghs.java	Fri Jul 15 12:36:15 2016 +0200
+++ b/test/tools/launcher/Arrrghs.java	Fri Jul 15 09:10:36 2016 -0700
@@ -24,7 +24,7 @@
 /**
  * @test
  * @bug 5030233 6214916 6356475 6571029 6684582 6742159 4459600 6758881 6753938
- *      6894719 6968053 7151434 7146424 8007333 8077822 8143640
+ *      6894719 6968053 7151434 7146424 8007333 8077822 8143640 8132379
  * @summary Argument parsing validation.
  * @compile -XDignore.symbol.file Arrrghs.java
  * @run main/othervm Arrrghs
@@ -383,6 +383,12 @@
         checkArgumentWildcard("empty\\*?", "empty\\*?");
         checkArgumentWildcard("empty\\?*", "empty\\?*");
 
+        // 8132379: java should not filter out -J options for application
+        String[] args = { "-J-one", "-Jtwo", "lib\\???.java", "-J-Dsomething",
+           "a", "-J-Dlast.arg" };
+        String[] expected = { "-J-one", "-Jtwo", "lib\\Fbo.java",
+           "lib\\Foo.java", "-J-Dsomething", "a", "-J-Dlast.arg" };
+        checkArgumentWildcard(args, expected);
     }
 
     void doArgumentCheck(String inArgs, String... expArgs) {