changeset 17567:80f8d74959a0

Merge
author amurillo
date Wed, 31 Aug 2016 09:22:54 -0700
parents 6124931a770f 077a8cd3df68
children 85acda36fccb
files make/data/cryptopolicy/limited/default_local.policy make/data/cryptopolicy/limited/exempt_local.policy make/data/cryptopolicy/unlimited/default_US_export.policy make/data/cryptopolicy/unlimited/default_local.policy make/gendata/GendataPolicyJars.gmk test/sun/security/krb5/auto/unreachable.krb5.conf
diffstat 81 files changed, 1253 insertions(+), 768 deletions(-) [+]
line wrap: on
line diff
--- a/make/GenerateClasslist.gmk	Fri Aug 26 10:02:50 2016 -0700
+++ b/make/GenerateClasslist.gmk	Wed Aug 31 09:22:54 2016 -0700
@@ -50,6 +50,8 @@
 
 CLASSLIST_FILE := $(SUPPORT_OUTPUTDIR)/classlist/classlist
 
+JLI_TRACE_FILE := $(SUPPORT_OUTPUTDIR)/classlist/jli_trace.out
+
 # If an external buildjdk has been supplied, we don't build a separate interim
 # image, so just use the external build jdk instead.
 ifeq ($(EXTERNAL_BUILDJDK), true)
@@ -59,13 +61,11 @@
 $(CLASSLIST_FILE): $(INTERIM_IMAGE_DIR)/bin/java$(EXE_SUFFIX) $(CLASSLIST_JAR)
 	$(call MakeDir, $(@D))
 	$(call LogInfo, Generating lib/classlist)
-	$(FIXPATH) $(INTERIM_IMAGE_DIR)/bin/java -XX:DumpLoadedClassList=$@.tmp \
+	$(FIXPATH) $(INTERIM_IMAGE_DIR)/bin/java -XX:DumpLoadedClassList=$@ \
+	    -Djava.lang.invoke.MethodHandle.TRACE_RESOLVE=true \
 	    -cp $(SUPPORT_OUTPUTDIR)/classlist.jar \
-	    build.tools.classlist.HelloClasslist $(LOG_DEBUG) 2>&1
-        # Filter out generated classes, remove after JDK-8149977
-	$(FIXPATH) $(INTERIM_IMAGE_DIR)/bin/java -XX:DumpLoadedClassList=$@ \
-	    -Xshare:dump -XX:SharedClassListFile=$@.tmp $(LOG_DEBUG) 2>&1
-	$(RM) $@.tmp
+	    build.tools.classlist.HelloClasslist \
+	    $(LOG_DEBUG) 2>&1 > $(JLI_TRACE_FILE)
 
 TARGETS += $(CLASSLIST_FILE)
 
--- a/make/data/cryptopolicy/limited/default_local.policy	Fri Aug 26 10:02:50 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-// Some countries have import limits on crypto strength. This policy file
-// is worldwide importable.
-
-grant {
-    permission javax.crypto.CryptoPermission "DES", 64;
-    permission javax.crypto.CryptoPermission "DESede", *;
-    permission javax.crypto.CryptoPermission "RC2", 128, 
-                                     "javax.crypto.spec.RC2ParameterSpec", 128;
-    permission javax.crypto.CryptoPermission "RC4", 128;
-    permission javax.crypto.CryptoPermission "RC5", 128, 
-          "javax.crypto.spec.RC5ParameterSpec", *, 12, *;
-    permission javax.crypto.CryptoPermission "RSA", *;
-    permission javax.crypto.CryptoPermission *, 128;
-};
--- a/make/data/cryptopolicy/limited/exempt_local.policy	Fri Aug 26 10:02:50 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-// Some countries have import limits on crypto strength. So this file
-// will be useful.
-
-grant {
-    // There is no restriction to any algorithms if KeyRecovery is enforced.
-    permission javax.crypto.CryptoPermission *, "KeyRecovery"; 
-
-    // There is no restriction to any algorithms if KeyEscrow is enforced.
-    permission javax.crypto.CryptoPermission *, "KeyEscrow"; 
-
-    // There is no restriction to any algorithms if KeyWeakening is enforced. 
-    permission javax.crypto.CryptoPermission *, "KeyWeakening";
-};
--- a/make/data/cryptopolicy/unlimited/default_US_export.policy	Fri Aug 26 10:02:50 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-// Manufacturing policy file.
-grant {
-    // There is no restriction to any algorithms.
-    permission javax.crypto.CryptoAllPermission; 
-};
--- a/make/data/cryptopolicy/unlimited/default_local.policy	Fri Aug 26 10:02:50 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-// Country-specific policy file for countries with no limits on crypto strength.
-grant {
-    // There is no restriction to any algorithms.
-    permission javax.crypto.CryptoAllPermission; 
-};
--- a/make/gendata/Gendata-java.base.gmk	Fri Aug 26 10:02:50 2016 -0700
+++ b/make/gendata/Gendata-java.base.gmk	Wed Aug 31 09:22:54 2016 -0700
@@ -34,7 +34,7 @@
 
 include GendataBlacklistedCerts.gmk
 
-include GendataPolicyJars.gmk
+include GendataCryptoPolicy.gmk
 
 ################################################################################
 
@@ -64,13 +64,19 @@
 GENDATA_JAVA_SECURITY_SRC := $(JDK_TOPDIR)/src/java.base/share/conf/security/java.security
 GENDATA_JAVA_SECURITY := $(SUPPORT_OUTPUTDIR)/modules_conf/java.base/security/java.security
 
+ifeq ($(UNLIMITED_CRYPTO), true)
+    CRYPTO.POLICY := unlimited
+else
+    CRYPTO.POLICY := limited
+endif
+
 # RESTRICTED_PKGS_SRC is optionally set in custom extension for this makefile
 
 $(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS) $(GENDATA_JAVA_SECURITY_SRC) $(RESTRICTED_PKGS_SRC)
 	$(call LogInfo, Generating java.security)
 	$(call MakeDir, $(@D))
 	$(TOOL_MAKEJAVASECURITY) $(GENDATA_JAVA_SECURITY_SRC) $@ $(OPENJDK_TARGET_OS) \
-	    $(OPENJDK_TARGET_CPU_ARCH) $(RESTRICTED_PKGS_SRC)
+	    $(OPENJDK_TARGET_CPU_ARCH) $(CRYPTO.POLICY) $(RESTRICTED_PKGS_SRC)
 
 TARGETS += $(GENDATA_JAVA_SECURITY)
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/gendata/GendataCryptoPolicy.gmk	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,72 @@
+#
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+#
+# In pre-JDK9 releases, Oracle JDK has had a separately downloadable set
+# of policy files which has been a nightmare for deployment.
+#
+# We now create 2 complete initial sets of policy files and package into 
+# 2 different directories.  The crypto.policy Security property will select
+# the active policy.
+#
+# It will be up to the user/deployer to make an informed choice
+# as to whether they are legally entitled to use the unlimited policy
+# file in their environment.  The $(UNLIMITED_CRYPTO) make variable
+# determines the default directory/policy.
+#
+
+default: all
+
+include $(SPEC)
+include MakeBase.gmk
+
+
+################################################################################
+POLICY_DIR := $(SUPPORT_OUTPUTDIR)/modules_conf/java.base/security/policy
+LIMITED_POLICY_DIR := $(POLICY_DIR)/limited
+UNLIMITED_POLICY_DIR := $(POLICY_DIR)/unlimited
+
+POLICY_SRC_DIR := $(JDK_TOPDIR)/src/java.base/share/conf/security/policy
+LIMITED_POLICY_SRC_DIR := $(POLICY_SRC_DIR)/limited
+UNLIMITED_POLICY_SRC_DIR := $(POLICY_SRC_DIR)/unlimited
+
+$(POLICY_DIR)/README.txt: $(POLICY_SRC_DIR)/README.txt
+	$(install-file)
+
+$(LIMITED_POLICY_DIR)/%: $(LIMITED_POLICY_SRC_DIR)/%
+	$(install-file)
+
+$(UNLIMITED_POLICY_DIR)/%: $(UNLIMITED_POLICY_SRC_DIR)/%
+	$(install-file)
+
+TARGETS += \
+    $(POLICY_DIR)/README.txt \
+    $(LIMITED_POLICY_DIR)/default_US_export.policy \
+    $(LIMITED_POLICY_DIR)/default_local.policy \
+    $(LIMITED_POLICY_DIR)/exempt_local.policy \
+    $(UNLIMITED_POLICY_DIR)/default_US_export.policy \
+    $(UNLIMITED_POLICY_DIR)/default_local.policy \
+
+################################################################################
--- a/make/gendata/GendataPolicyJars.gmk	Fri Aug 26 10:02:50 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,150 +0,0 @@
-#
-# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-default: all
-
-include $(SPEC)
-include MakeBase.gmk
-include JarArchive.gmk
-
-
-################################################################################
-
-US_EXPORT_POLICY_JAR_DST := \
-    $(SUPPORT_OUTPUTDIR)/modules_libs/java.base/security/US_export_policy.jar
-
-US_EXPORT_POLICY_JAR_LIMITED := \
-    $(SUPPORT_OUTPUTDIR)/jce/policy/limited/US_export_policy.jar
-US_EXPORT_POLICY_JAR_UNLIMITED := \
-    $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/US_export_policy.jar
-
-#
-# TODO fix so that SetupJarArchive does not write files into SRCS
-# then we don't need this extra copying
-#
-# NOTE: We currently do not place restrictions on our limited export
-# policy. This was not a typo. This means we are shipping the same file
-# for both limited and unlimited US_export_policy.jar.  Only the local
-# policy file currently has restrictions.
-#
-US_EXPORT_POLICY_JAR_SRC_DIR := \
-    $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited
-US_EXPORT_POLICY_JAR_TMP := \
-    $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/US_export_policy_jar.tmp
-
-$(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/%
-	$(install-file)
-
-US_EXPORT_POLICY_JAR_DEPS := \
-    $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy
-
-$(eval $(call SetupJarArchive, BUILD_US_EXPORT_POLICY_JAR, \
-    DEPENDENCIES := $(US_EXPORT_POLICY_JAR_DEPS), \
-    SRCS := $(US_EXPORT_POLICY_JAR_TMP), \
-    SUFFIXES := .policy, \
-    JAR := $(US_EXPORT_POLICY_JAR_UNLIMITED), \
-    EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \
-    SKIP_METAINF := true, \
-))
-
-$(US_EXPORT_POLICY_JAR_LIMITED): \
-    $(US_EXPORT_POLICY_JAR_UNLIMITED)
-	$(call LogInfo, Copying unlimited $(patsubst $(OUTPUT_ROOT)/%,%,$@))
-	$(install-file)
-
-TARGETS += $(US_EXPORT_POLICY_JAR_LIMITED) $(US_EXPORT_POLICY_JAR_UNLIMITED)
-
-ifeq ($(UNLIMITED_CRYPTO), true)
-  $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNLIMITED)
-	$(install-file)
-else
-  $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_LIMITED)
-	$(install-file)
-endif
-
-POLICY_JARS += $(US_EXPORT_POLICY_JAR_DST)
-
-################################################################################
-
-LOCAL_POLICY_JAR_DST := \
-    $(SUPPORT_OUTPUTDIR)/modules_libs/java.base/security/local_policy.jar
-
-LOCAL_POLICY_JAR_LIMITED := \
-    $(SUPPORT_OUTPUTDIR)/jce/policy/limited/local_policy.jar
-LOCAL_POLICY_JAR_UNLIMITED := \
-    $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/local_policy.jar
-
-#
-# TODO fix so that SetupJarArchive does not write files into SRCS
-# then we don't need this extra copying
-#
-LOCAL_POLICY_JAR_LIMITED_TMP := \
-    $(SUPPORT_OUTPUTDIR)/jce/policy/limited/local_policy_jar.tmp
-LOCAL_POLICY_JAR_UNLIMITED_TMP := \
-    $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/local_policy_jar.tmp
-
-$(LOCAL_POLICY_JAR_LIMITED_TMP)/%: \
-    $(JDK_TOPDIR)/make/data/cryptopolicy/limited/%
-	$(install-file)
-
-$(LOCAL_POLICY_JAR_UNLIMITED_TMP)/%: \
-    $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited/%
-	$(install-file)
-
-$(eval $(call SetupJarArchive, BUILD_LOCAL_POLICY_JAR_LIMITED, \
-    DEPENDENCIES := $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \
-        $(LOCAL_POLICY_JAR_LIMITED_TMP)/default_local.policy, \
-    SRCS := $(LOCAL_POLICY_JAR_LIMITED_TMP), \
-    SUFFIXES := .policy, \
-    JAR := $(LOCAL_POLICY_JAR_LIMITED), \
-    EXTRA_MANIFEST_ATTR := Crypto-Strength: limited, \
-    SKIP_METAINF := true, \
-))
-
-$(eval $(call SetupJarArchive, BUILD_LOCAL_POLICY_JAR_UNLIMITED, \
-    DEPENDENCIES := $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/default_local.policy, \
-    SRCS := $(LOCAL_POLICY_JAR_UNLIMITED_TMP), \
-    SUFFIXES := .policy, \
-    JAR := $(LOCAL_POLICY_JAR_UNLIMITED), \
-    EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \
-    SKIP_METAINF := true, \
-))
-
-TARGETS += $(LOCAL_POLICY_JAR_LIMITED) $(LOCAL_POLICY_JAR_UNLIMITED)
-
-ifeq ($(UNLIMITED_CRYPTO), true)
-  $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNLIMITED)
-	$(install-file)
-else
-  $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_LIMITED)
-	$(install-file)
-endif
-
-POLICY_JARS += $(LOCAL_POLICY_JAR_DST)
-TARGETS += $(POLICY_JARS)
-
-################################################################################
-
-$(eval $(call IncludeCustomExtension, jdk, gendata/GendataPolicyJars.gmk))
--- a/make/lib/Lib-jdk.crypto.pkcs11.gmk	Fri Aug 26 10:02:50 2016 -0700
+++ b/make/lib/Lib-jdk.crypto.pkcs11.gmk	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -38,8 +38,6 @@
     CFLAGS := $(CFLAGS_JDKLIB) $(addprefix -I, $(LIBJ2PKCS11_SRC)) \
         $(LIBJAVA_HEADER_FLAGS) \
         -I$(SUPPORT_OUTPUTDIR)/headers/jdk.crypto.pkcs11, \
-    DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE, \
-    DISABLED_WARNINGS_microsoft := 4013 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libj2pkcs11/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,7 +35,8 @@
  *
  * 1. Adds additional packages to the package.access and
  *    package.definition security properties.
- * 2. Filter out platform-unrelated parts
+ * 2. Filter out platform-unrelated parts.
+ * 3. Set the JCE jurisdiction policy directory.
  *
  * In order to easily maintain platform-related entries, every item
  * (including the last line) in package.access and package.definition
@@ -50,12 +51,13 @@
 
     public static void main(String[] args) throws Exception {
 
-        if (args.length < 4) {
+        if (args.length < 5) {
             System.err.println("Usage: java MakeJavaSecurity " +
                                "[input java.security file name] " +
                                "[output java.security file name] " +
                                "[openjdk target os] " +
                                "[openjdk target cpu architecture]" +
+                               "[JCE jurisdiction policy directory]" +
                                "[more restricted packages file name?]");
 
                     System.exit(1);
@@ -63,8 +65,8 @@
 
         // more restricted packages
         List<String> extraLines;
-        if (args.length == 5) {
-            extraLines = Files.readAllLines(Paths.get(args[4]));
+        if (args.length == 6) {
+            extraLines = Files.readAllLines(Paths.get(args[5]));
         } else {
             extraLines = Collections.emptyList();
         }
@@ -135,6 +137,16 @@
             }
         }
 
+        // Set the JCE policy value
+        for (int i = 0; i < lines.size(); i++) {
+            String line = lines.get(i);
+            int index = line.indexOf("crypto.policydir-tbd");
+            if (index >= 0) {
+                String prefix = line.substring(0, index);
+                lines.set(i, prefix + args[4]);
+            }
+        }
+
         // Clean up the last line of PKG_ACC and PKG_DEF blocks.
         // Not really necessary since a blank line follows.
         boolean inBlock = false;
--- a/src/java.base/share/classes/java/lang/invoke/BoundMethodHandle.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/BoundMethodHandle.java	Wed Aug 31 09:22:54 2016 -0700
@@ -497,6 +497,10 @@
                         String shortTypes = LambdaForm.shortenSignature(types);
                         String className = SPECIES_CLASS_PREFIX + shortTypes;
                         Class<?> c = BootLoader.loadClassOrNull(className);
+                        if (TRACE_RESOLVE) {
+                            System.out.println("[BMH_RESOLVE] " + shortTypes +
+                                    (c != null ? " (success)" : " (fail)") );
+                        }
                         if (c != null) {
                             return c.asSubclass(BoundMethodHandle.class);
                         } else {
--- a/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Wed Aug 31 09:22:54 2016 -0700
@@ -607,7 +607,10 @@
     private static MemberName resolveFrom(String name, MethodType type, Class<?> holder) {
         MemberName member = new MemberName(holder, name, type, REF_invokeStatic);
         MemberName resolvedMember = MemberName.getFactory().resolveOrNull(REF_invokeStatic, member, holder);
-
+        if (TRACE_RESOLVE) {
+            System.out.println("[LF_RESOLVE] " + holder.getName() + " " + name + " " +
+                    shortenSignature(basicTypeSignature(type)) + (resolvedMember != null ? " (success)" : " (fail)") );
+        }
         return resolvedMember;
     }
 
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java	Wed Aug 31 09:22:54 2016 -0700
@@ -46,6 +46,7 @@
     static final boolean DUMP_CLASS_FILES;
     static final boolean TRACE_INTERPRETER;
     static final boolean TRACE_METHOD_LINKAGE;
+    static final boolean TRACE_RESOLVE;
     static final int COMPILE_THRESHOLD;
     static final boolean LOG_LF_COMPILATION_FAILURE;
     static final int DONT_INLINE_THRESHOLD;
@@ -65,6 +66,8 @@
                 props.getProperty("java.lang.invoke.MethodHandle.TRACE_INTERPRETER"));
         TRACE_METHOD_LINKAGE = Boolean.parseBoolean(
                 props.getProperty("java.lang.invoke.MethodHandle.TRACE_METHOD_LINKAGE"));
+        TRACE_RESOLVE = Boolean.parseBoolean(
+                props.getProperty("java.lang.invoke.MethodHandle.TRACE_RESOLVE"));
         COMPILE_THRESHOLD = Integer.parseInt(
                 props.getProperty("java.lang.invoke.MethodHandle.COMPILE_THRESHOLD", "0"));
         LOG_LF_COMPILATION_FAILURE = Boolean.parseBoolean(
--- a/src/java.base/share/classes/java/net/HttpCookie.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/classes/java/net/HttpCookie.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -233,7 +233,7 @@
         // if not specify max-age, this cookie should be
         // discarded when user agent is to be closed, but
         // it is not expired.
-        if (maxAge == MAX_AGE_UNSPECIFIED) return false;
+        if (maxAge < 0) return false;
 
         long deltaSecond = (System.currentTimeMillis() - whenCreated) / 1000;
         if (deltaSecond > maxAge)
@@ -952,7 +952,8 @@
                                    String attrName,
                                    String attrValue) {
                     if (cookie.getMaxAge() == MAX_AGE_UNSPECIFIED) {
-                        cookie.setMaxAge(cookie.expiryDate2DeltaSeconds(attrValue));
+                        long delta = cookie.expiryDate2DeltaSeconds(attrValue);
+                        cookie.setMaxAge(delta > 0 ? delta : 0);
                     }
                 }
             });
--- a/src/java.base/share/classes/javax/crypto/JceSecurity.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/classes/javax/crypto/JceSecurity.java	Wed Aug 31 09:22:54 2016 -0700
@@ -29,6 +29,7 @@
 import java.util.jar.*;
 import java.io.*;
 import java.net.URL;
+import java.nio.file.*;
 import java.security.*;
 
 import java.security.Provider.Service;
@@ -206,7 +207,7 @@
 
     static {
         try {
-            NULL_URL = new URL("http://null.sun.com/");
+            NULL_URL = new URL("http://null.oracle.com/");
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
@@ -243,83 +244,94 @@
         }
     }
 
+    // This is called from within an doPrivileged block.
     private static void setupJurisdictionPolicies() throws Exception {
-        String javaHomeDir = System.getProperty("java.home");
-        String sep = File.separator;
-        String pathToPolicyJar = javaHomeDir + sep + "lib" + sep +
-            "security" + sep;
 
-        File exportJar = new File(pathToPolicyJar, "US_export_policy.jar");
-        File importJar = new File(pathToPolicyJar, "local_policy.jar");
+        // Sanity check the crypto.policy Security property.  Single
+        // directory entry, no pseudo-directories (".", "..", leading/trailing
+        // path separators). normalize()/getParent() will help later.
+        String cryptoPolicyProperty = Security.getProperty("crypto.policy");
+        Path cpPath = Paths.get(cryptoPolicyProperty);
 
-        if (!exportJar.exists() || !importJar.exists()) {
-            throw new SecurityException
-                                ("Cannot locate policy or framework files!");
+        if ((cryptoPolicyProperty == null) ||
+                (cpPath.getNameCount() != 1) ||
+                (cpPath.compareTo(cpPath.getFileName()) != 0)) {
+            throw new SecurityException(
+                "Invalid policy directory name format: " +
+                cryptoPolicyProperty);
         }
 
-        // Read jurisdiction policies.
-        CryptoPermissions defaultExport = new CryptoPermissions();
-        CryptoPermissions exemptExport = new CryptoPermissions();
-        loadPolicies(exportJar, defaultExport, exemptExport);
+        // Prepend java.home to get the full path.  normalize() in
+        // case an extra "." or ".." snuck in somehow.
+        String javaHomeProperty = System.getProperty("java.home");
+        Path javaHomePolicyPath = Paths.get(javaHomeProperty, "conf",
+                "security", "policy").normalize();
+        Path cryptoPolicyPath = Paths.get(javaHomeProperty, "conf", "security",
+                "policy", cryptoPolicyProperty).normalize();
 
-        CryptoPermissions defaultImport = new CryptoPermissions();
-        CryptoPermissions exemptImport = new CryptoPermissions();
-        loadPolicies(importJar, defaultImport, exemptImport);
+        if (cryptoPolicyPath.getParent().compareTo(javaHomePolicyPath) != 0) {
+            throw new SecurityException(
+                "Invalid cryptographic jurisdiction policy directory path: " +
+                cryptoPolicyProperty);
+        }
 
-        // Merge the export and import policies for default applications.
-        if (defaultExport.isEmpty() || defaultImport.isEmpty()) {
-            throw new SecurityException("Missing mandatory jurisdiction " +
-                                        "policy files");
+        if (!Files.isDirectory(cryptoPolicyPath)
+                || !Files.isReadable(cryptoPolicyPath)) {
+            throw new SecurityException(
+                "Can't read cryptographic policy directory: " +
+                cryptoPolicyProperty);
         }
-        defaultPolicy = defaultExport.getMinimum(defaultImport);
 
-        // Merge the export and import policies for exempt applications.
-        if (exemptExport.isEmpty())  {
-            exemptPolicy = exemptImport.isEmpty() ? null : exemptImport;
-        } else {
-            exemptPolicy = exemptExport.getMinimum(exemptImport);
-        }
-    }
+        try (DirectoryStream<Path> stream = Files.newDirectoryStream(
+                cryptoPolicyPath, "{default,exempt}_*.policy")) {
+            for (Path entry : stream) {
+                try (InputStream is = new BufferedInputStream(
+                        Files.newInputStream(entry))) {
+                    String filename = entry.getFileName().toString();
 
-    /**
-     * Load the policies from the specified file. Also checks that the
-     * policies are correctly signed.
-     */
-    private static void loadPolicies(File jarPathName,
-                                     CryptoPermissions defaultPolicy,
-                                     CryptoPermissions exemptPolicy)
-        throws Exception {
+                    CryptoPermissions tmpPerms = new CryptoPermissions();
+                    tmpPerms.load(is);
 
-        JarFile jf = new JarFile(jarPathName);
-
-        Enumeration<JarEntry> entries = jf.entries();
-        while (entries.hasMoreElements()) {
-            JarEntry je = entries.nextElement();
-            InputStream is = null;
-            try {
-                if (je.getName().startsWith("default_")) {
-                    is = jf.getInputStream(je);
-                    defaultPolicy.load(is);
-                } else if (je.getName().startsWith("exempt_")) {
-                    is = jf.getInputStream(je);
-                    exemptPolicy.load(is);
-                } else {
-                    continue;
-                }
-            } finally {
-                if (is != null) {
-                    is.close();
+                    if (filename.startsWith("default_")) {
+                        // Did we find a default perms?
+                        defaultPolicy = ((defaultPolicy == null) ? tmpPerms :
+                                defaultPolicy.getMinimum(tmpPerms));
+                    } else if (filename.startsWith("exempt_")) {
+                        // Did we find a exempt perms?
+                        exemptPolicy = ((exemptPolicy == null) ? tmpPerms :
+                                exemptPolicy.getMinimum(tmpPerms));
+                    } else {
+                        // This should never happen.  newDirectoryStream
+                        // should only throw return "{default,exempt}_*.policy"
+                        throw new SecurityException(
+                            "Unexpected jurisdiction policy files in : " +
+                            cryptoPolicyProperty);
+                    }
+                } catch (Exception e) {
+                    throw new SecurityException(
+                        "Couldn't parse jurisdiction policy files in: " +
+                        cryptoPolicyProperty);
                 }
             }
+        } catch (DirectoryIteratorException ex) {
+            // I/O error encountered during the iteration,
+            // the cause is an IOException
+            throw new SecurityException(
+                "Couldn't iterate through the jurisdiction policy files: " +
+                cryptoPolicyProperty);
+        }
 
-            // Enforce the signer restraint, i.e. signer of JCE framework
-            // jar should also be the signer of the two jurisdiction policy
-            // jar files.
-            ProviderVerifier.verifyPolicySigned(je.getCertificates());
+        // Must have a default policy
+        if ((defaultPolicy == null) || defaultPolicy.isEmpty()) {
+            throw new SecurityException(
+                "Missing mandatory jurisdiction policy files: " +
+                cryptoPolicyProperty);
         }
-        // Close and nullify the JarFile reference to help GC.
-        jf.close();
-        jf = null;
+
+        // If there was an empty exempt policy file, ignore it.
+        if ((exemptPolicy != null) && exemptPolicy.isEmpty()) {
+            exemptPolicy = null;
+        }
     }
 
     static CryptoPermissions getDefaultPolicy() {
--- a/src/java.base/share/classes/jdk/internal/jrtfs/JrtDirectoryStream.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/classes/jdk/internal/jrtfs/JrtDirectoryStream.java	Wed Aug 31 09:22:54 2016 -0700
@@ -47,8 +47,8 @@
 
     private final JrtPath dir;
     private final DirectoryStream.Filter<? super Path> filter;
-    private volatile boolean isClosed;
-    private volatile Iterator<Path> itr;
+    private boolean isClosed;
+    private Iterator<Path> itr;
 
     JrtDirectoryStream(JrtPath dir,
             DirectoryStream.Filter<? super java.nio.file.Path> filter)
@@ -73,24 +73,22 @@
             throw new IllegalStateException(e);
         }
         return new Iterator<Path>() {
-            private Path next;
             @Override
-            public synchronized boolean hasNext() {
-                if (isClosed)
-                    return false;
-                return itr.hasNext();
+            public boolean hasNext() {
+                synchronized (JrtDirectoryStream.this) {
+                    if (isClosed)
+                        return false;
+                    return itr.hasNext();
+                }
             }
 
             @Override
-            public synchronized Path next() {
-                if (isClosed)
-                    throw new NoSuchElementException();
-                return itr.next();
-            }
-
-            @Override
-            public void remove() {
-                throw new UnsupportedOperationException();
+            public Path next() {
+                synchronized (JrtDirectoryStream.this) {
+                    if (isClosed)
+                        throw new NoSuchElementException();
+                    return itr.next();
+                }
             }
         };
     }
--- a/src/java.base/share/classes/jdk/internal/jrtfs/JrtFileSystem.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/classes/jdk/internal/jrtfs/JrtFileSystem.java	Wed Aug 31 09:22:54 2016 -0700
@@ -119,9 +119,7 @@
 
     @Override
     public Iterable<Path> getRootDirectories() {
-        ArrayList<Path> dirs = new ArrayList<>();
-        dirs.add(getRootPath());
-        return dirs;
+        return Collections.singleton(getRootPath());
     }
 
     @Override
@@ -159,9 +157,7 @@
 
     @Override
     public final Iterable<FileStore> getFileStores() {
-        ArrayList<FileStore> list = new ArrayList<>(1);
-        list.add(getFileStore(getRootPath()));
-        return list;
+        return Collections.singleton(getFileStore(getRootPath()));
     }
 
     private static final Set<String> supportedFileAttributeViews
--- a/src/java.base/share/conf/security/java.security	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/conf/security/java.security	Wed Aug 31 09:22:54 2016 -0700
@@ -804,6 +804,56 @@
 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 #       FFFFFFFF FFFFFFFF, 2}
 
+# Cryptographic Jurisdiction Policy defaults
+# 
+# Due to the import control restrictions of some countries, the default
+# JCE policy files allow for strong but "limited" cryptographic key
+# lengths to be used.  If your country's cryptographic regulations allow,
+# the "unlimited" strength policy files can be used instead, which contain
+# no restrictions on cryptographic strengths.
+# 
+# If your country has restrictions that don't fit either "limited" or
+# "unlimited", an appropriate set of policy files should be created and
+# configured before using this distribution.  The jurisdiction policy file
+# configuration must reflect the cryptographic restrictions appropriate
+# for your country.
+# 
+# YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
+# TO DETERMINE THE EXACT REQUIREMENTS.
+# 
+# The policy files are flat text files organized into subdirectories of
+# <java-home>/conf/security/policy.  Each directory contains a complete
+# set of policy files.
+#
+# The "crypto.policy" Security property controls the directory selection,
+# and thus the effective cryptographic policy.
+# 
+# The default set of directories is:  
+# 
+#     limited | unlimited 
+# 
+# however other directories can be created and configured.
+# 
+# Within a directory, the effective policy is the combined minimum
+# permissions of the grant statements in the file(s) with the filename
+# pattern "default_*.policy".  At least one grant is required.  For
+# example:
+#
+#     limited   =  Export (all) + Import (limited)  =  Limited
+#     unlimited =  Export (all) + Import (all)      =  Unlimited
+#
+# The effective exemption policy is the combined minimum permissions
+# of the grant statements in the file(s) with the filename pattern
+# "exempt_*.policy".  Exemption grants are optional.
+#
+#     limited   =  grants exemption permissions, by which the
+#                  effective policy can be circumvented. 
+#                  e.g.  KeyRecovery/Escrow/Weakening.
+# 
+# Please see the JCA documentation for additional information on these
+# files and formats.
+crypto.policy=crypto.policydir-tbd
+
 #
 # The policy for the XML Signature secure validation mode. The mode is
 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/conf/security/policy/README.txt	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,35 @@
+
+            Java(TM) Cryptography Extension Policy Files
+    for the Java(TM) Platform, Standard Edition Runtime Environment
+
+                               README
+------------------------------------------------------------------------
+
+
+The JCE architecture allows flexible cryptographic strength to be
+configured via the jurisdiction policy files contained within these
+directories.
+
+Due to import control restrictions of some countries, the default
+JCE policy files bundled in this Java Runtime Environment allow
+for strong but "limited" cryptographic strengths.  For convenience,
+this build also contains the "unlimited strength" policy files which
+contain no restrictions on cryptographic strengths, but they must be
+specifically activated by updating the "crypto.policy" Security property
+(e.g. <java-home>/conf/security/java.security) to point to the appropriate
+directory.
+
+Each subdirectory contains a complete policy configuration, and additional
+subdirectories can be added/removed to reflect local regulations.
+
+JCE for Java SE has been through the U.S. export review process.  The JCE
+framework, along with the various JCE providers that come standard with it
+(SunJCE, SunEC, SunPKCS11, SunMSCAPI, etc), is exportable from the
+United States.
+
+You are advised to consult your export/import control counsel or attorney
+to determine the exact requirements of your location, and what policy
+settings should be used.
+
+Please see The Java(TM) Cryptography Architecture (JCA) Reference
+Guide and the java.security file for more information.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/conf/security/policy/limited/default_US_export.policy	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,6 @@
+// Default US Export policy file.
+
+grant {
+    // There is no restriction to any algorithms.
+    permission javax.crypto.CryptoAllPermission; 
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/conf/security/policy/limited/default_local.policy	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,14 @@
+// Some countries have import limits on crypto strength. This policy file
+// is worldwide importable.
+
+grant {
+    permission javax.crypto.CryptoPermission "DES", 64;
+    permission javax.crypto.CryptoPermission "DESede", *;
+    permission javax.crypto.CryptoPermission "RC2", 128, 
+                                     "javax.crypto.spec.RC2ParameterSpec", 128;
+    permission javax.crypto.CryptoPermission "RC4", 128;
+    permission javax.crypto.CryptoPermission "RC5", 128, 
+          "javax.crypto.spec.RC5ParameterSpec", *, 12, *;
+    permission javax.crypto.CryptoPermission "RSA", *;
+    permission javax.crypto.CryptoPermission *, 128;
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/conf/security/policy/limited/exempt_local.policy	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,13 @@
+// Some countries have import limits on crypto strength, but may allow for
+// these exemptions if the exemption mechanism is used.
+
+grant {
+    // There is no restriction to any algorithms if KeyRecovery is enforced.
+    permission javax.crypto.CryptoPermission *, "KeyRecovery"; 
+
+    // There is no restriction to any algorithms if KeyEscrow is enforced.
+    permission javax.crypto.CryptoPermission *, "KeyEscrow"; 
+
+    // There is no restriction to any algorithms if KeyWeakening is enforced. 
+    permission javax.crypto.CryptoPermission *, "KeyWeakening";
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/conf/security/policy/unlimited/default_US_export.policy	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,6 @@
+// Default US Export policy file.
+
+grant {
+    // There is no restriction to any algorithms.
+    permission javax.crypto.CryptoAllPermission; 
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/conf/security/policy/unlimited/default_local.policy	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,6 @@
+// Country-specific policy file for countries with no limits on crypto strength.
+
+grant {
+    // There is no restriction to any algorithms.
+    permission javax.crypto.CryptoAllPermission; 
+};
--- a/src/java.base/share/native/libjli/java.c	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.base/share/native/libjli/java.c	Wed Aug 31 09:22:54 2016 -0700
@@ -556,20 +556,6 @@
            JLI_StrCmp(name, "--list-modules") == 0;
 }
 
-#ifndef OLD_MODULE_OPTIONS
-/*
- * Old module options for transition
- */
-static jboolean
-IsOldModuleOption(const char* name) {
-    return JLI_StrCmp(name, "-modulepath") == 0 ||
-    JLI_StrCmp(name, "-mp") == 0 ||
-    JLI_StrCmp(name, "-upgrademodulepath") == 0 ||
-    JLI_StrCmp(name, "-addmods") == 0 ||
-    JLI_StrCmp(name, "-limitmods") == 0;
-}
-#endif
-
 /*
  * Test if the given name is a module-system white-space option that
  * will be passed to the VM with its corresponding long-form option
@@ -584,8 +570,7 @@
            JLI_StrCmp(name, "--limit-modules") == 0 ||
            JLI_StrCmp(name, "--add-exports") == 0 ||
            JLI_StrCmp(name, "--add-reads") == 0 ||
-           JLI_StrCmp(name, "--patch-module") == 0 ||
-           IsOldModuleOption(name);
+           JLI_StrCmp(name, "--patch-module") == 0;
 }
 
 /*
@@ -1224,32 +1209,6 @@
         }
     }
 
-#ifndef OLD_MODULE_OPTIONS
-    // for transition to support both old and new syntax
-    if (JLI_StrCmp(arg, "-modulepath") == 0 ||
-        JLI_StrCmp(arg, "-mp") == 0) {
-        option = "--module-path";
-    } else if (JLI_StrCmp(arg, "-upgrademodulepath") == 0) {
-        option = "--upgrade-module-path";
-    } else if (JLI_StrCmp(arg, "-addmods") == 0) {
-        option = "--add-modules";
-    } else if (JLI_StrCmp(arg, "-limitmods") == 0) {
-        option = "--limit-modules";
-    } else if (JLI_StrCCmp(arg, "-XaddExports:") == 0) {
-        option = "--add-exports";
-        value = arg + 13;
-        kind = VM_LONG_OPTION_WITH_ARGUMENT;
-    } else if (JLI_StrCCmp(arg, "-XaddReads:") == 0) {
-        option = "--add-reads";
-        value = arg + 11;
-        kind = VM_LONG_OPTION_WITH_ARGUMENT;
-    } else if (JLI_StrCCmp(arg, "-Xpatch:") == 0) {
-        option = "--patch-module";
-        value = arg + 8;
-        kind = VM_LONG_OPTION_WITH_ARGUMENT;
-    }
-#endif
-
     *pargc = argc;
     *pargv = argv;
     *poption = option;
@@ -1340,16 +1299,6 @@
                        JLI_StrCmp(arg, "--patch-module") == 0) {
                 REPORT_ERROR (has_arg, ARG_ERROR6, arg);
             }
-#ifndef OLD_MODULE_OPTIONS
-            else if (JLI_StrCmp(arg, "-modulepath") == 0 ||
-                     JLI_StrCmp(arg, "-mp") == 0 ||
-                     JLI_StrCmp(arg, "-upgrademodulepath") == 0) {
-                REPORT_ERROR (has_arg, ARG_ERROR4, arg);
-            } else if (JLI_StrCmp(arg, "-addmods") == 0 ||
-                       JLI_StrCmp(arg, "-limitmods") == 0) {
-                REPORT_ERROR (has_arg, ARG_ERROR6, arg);
-            }
-#endif
 /*
  * The following cases will cause the argument parsing to stop
  */
--- a/src/java.smartcardio/share/classes/sun/security/smartcardio/TerminalImpl.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/java.smartcardio/share/classes/sun/security/smartcardio/TerminalImpl.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -75,10 +75,10 @@
             }
         }
         try {
-            card =  new CardImpl(this, protocol);
+            card = new CardImpl(this, protocol);
             return card;
         } catch (PCSCException e) {
-            if (e.code == SCARD_W_REMOVED_CARD) {
+            if (e.code == SCARD_W_REMOVED_CARD || e.code == SCARD_E_NO_SMARTCARD) {
                 throw new CardNotPresentException("No card present", e);
             } else {
                 throw new CardException("connect() failed", e);
--- a/src/jdk.crypto.pkcs11/share/native/libj2pkcs11/p11_util.c	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/jdk.crypto.pkcs11/share/native/libj2pkcs11/p11_util.c	Wed Aug 31 09:22:54 2016 -0700
@@ -558,7 +558,7 @@
     pCharArray = (*env)->GetStringUTFChars(env, jArray, &isCopy);
     if (pCharArray == NULL) { return; }
 
-    *ckpLength = strlen(pCharArray);
+    *ckpLength = (CK_ULONG) strlen(pCharArray);
     *ckpArray = (CK_UTF8CHAR_PTR) malloc((*ckpLength + 1) * sizeof(CK_UTF8CHAR));
     if (*ckpArray == NULL) {
         (*env)->ReleaseStringUTFChars(env, (jstring) jArray, pCharArray);
--- a/src/jdk.crypto.pkcs11/unix/native/libj2pkcs11/j2secmod_md.c	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/jdk.crypto.pkcs11/unix/native/libj2pkcs11/j2secmod_md.c	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,7 @@
 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssGetLibraryHandle
   (JNIEnv *env, jclass thisClass, jstring jLibName)
 {
+    void *hModule;
     const char *libName = (*env)->GetStringUTFChars(env, jLibName, NULL);
     if (libName == NULL) {
         return 0L;
@@ -56,9 +57,9 @@
 
     // look up existing handle only, do not load
 #if defined(AIX)
-    void *hModule = dlopen(libName, RTLD_LAZY);
+    hModule = dlopen(libName, RTLD_LAZY);
 #else
-    void *hModule = dlopen(libName, RTLD_NOLOAD);
+    hModule = dlopen(libName, RTLD_NOLOAD);
 #endif
     dprintf2("-handle for %s: %u\n", libName, hModule);
     (*env)->ReleaseStringUTFChars(env, jLibName, libName);
--- a/src/jdk.crypto.pkcs11/windows/native/libj2pkcs11/j2secmod_md.c	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/jdk.crypto.pkcs11/windows/native/libj2pkcs11/j2secmod_md.c	Wed Aug 31 09:22:54 2016 -0700
@@ -31,6 +31,9 @@
 
 #include "j2secmod.h"
 
+extern void throwNullPointerException(JNIEnv *env, const char *message);
+extern void throwIOException(JNIEnv *env, const char *message);
+
 void *findFunction(JNIEnv *env, jlong jHandle, const char *functionName) {
     HINSTANCE hModule = (HINSTANCE)jHandle;
     void *fAddress = GetProcAddress(hModule, functionName);
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/builder/DefaultImageBuilder.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/builder/DefaultImageBuilder.java	Wed Aug 31 09:22:54 2016 -0700
@@ -78,28 +78,21 @@
         private final List<String> args;
         private final Set<String> modules;
 
-        public DefaultExecutableImage(Path home, Set<String> modules) {
-            this(home, modules, createArgs(home));
-        }
-
-        private DefaultExecutableImage(Path home, Set<String> modules,
-                List<String> args) {
+        DefaultExecutableImage(Path home, Set<String> modules) {
             Objects.requireNonNull(home);
-            Objects.requireNonNull(args);
             if (!Files.exists(home)) {
                 throw new IllegalArgumentException("Invalid image home");
             }
             this.home = home;
             this.modules = Collections.unmodifiableSet(modules);
-            this.args = Collections.unmodifiableList(args);
+            this.args = createArgs(home);
         }
 
         private static List<String> createArgs(Path home) {
             Objects.requireNonNull(home);
-            List<String> javaArgs = new ArrayList<>();
-            javaArgs.add(home.resolve("bin").
-                    resolve(getJavaProcessName()).toString());
-            return javaArgs;
+            Path binDir = home.resolve("bin");
+            String java = Files.exists(binDir.resolve("java"))? "java" : "java.exe";
+            return List.of(binDir.resolve(java).toString());
         }
 
         @Override
@@ -130,6 +123,7 @@
     private final Path root;
     private final Path mdir;
     private final Set<String> modules = new HashSet<>();
+    private String targetOsName;
 
     /**
      * Default image builder constructor.
@@ -171,6 +165,11 @@
     @Override
     public void storeFiles(ResourcePool files) {
         try {
+            // populate release properties up-front. targetOsName
+            // field is assigned from there and used elsewhere.
+            Properties release = releaseProperties(files);
+            Path bin = root.resolve("bin");
+
             files.entries().forEach(f -> {
                 if (!f.type().equals(ResourcePoolEntry.Type.CLASS_OR_RESOURCE)) {
                     try {
@@ -186,11 +185,11 @@
                     modules.add(m.name());
                 }
             });
-            storeFiles(modules, releaseProperties(files));
+
+            storeFiles(modules, release);
 
             if (Files.getFileStore(root).supportsFileAttributeView(PosixFileAttributeView.class)) {
                 // launchers in the bin directory need execute permission
-                Path bin = root.resolve("bin");
                 if (Files.isDirectory(bin)) {
                     Files.list(bin)
                             .filter(f -> !f.toString().endsWith(".diz"))
@@ -208,7 +207,11 @@
                 }
             }
 
-            prepareApplicationFiles(files, modules);
+            // If native files are stripped completely, <root>/bin dir won't exist!
+            // So, don't bother generating launcher scripts.
+            if (Files.isDirectory(bin)) {
+                 prepareApplicationFiles(files, modules);
+            }
         } catch (IOException ex) {
             throw new PluginException(ex);
         }
@@ -226,6 +229,11 @@
             props.setProperty("JAVA_VERSION", System.getProperty("java.version"));
         });
 
+        this.targetOsName = props.getProperty("OS_NAME");
+        if (this.targetOsName == null) {
+            throw new PluginException("TargetPlatform attribute is missing for java.base module");
+        }
+
         Optional<ResourcePoolEntry> release = pool.findEntry("/java.base/release");
         if (release.isPresent()) {
             try (InputStream is = release.get().content()) {
@@ -373,7 +381,7 @@
         Files.createLink(dstFile, target);
     }
 
-    private static String nativeDir(String filename) {
+    private String nativeDir(String filename) {
         if (isWindows()) {
             if (filename.endsWith(".dll") || filename.endsWith(".diz")
                     || filename.endsWith(".pdb") || filename.endsWith(".map")) {
@@ -386,8 +394,8 @@
         }
     }
 
-    private static boolean isWindows() {
-        return System.getProperty("os.name").startsWith("Windows");
+    private boolean isWindows() {
+        return targetOsName.startsWith("Windows");
     }
 
     /**
@@ -452,12 +460,10 @@
         }
     }
 
-    private static String getJavaProcessName() {
-        return isWindows() ? "java.exe" : "java";
-    }
-
     public static ExecutableImage getExecutableImage(Path root) {
-        if (Files.exists(root.resolve("bin").resolve(getJavaProcessName()))) {
+        Path binDir = root.resolve("bin");
+        if (Files.exists(binDir.resolve("java")) ||
+            Files.exists(binDir.resolve("java.exe"))) {
             return new DefaultExecutableImage(root, retrieveModules(root));
         }
         return null;
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/PathResourcePoolEntry.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/PathResourcePoolEntry.java	Wed Aug 31 09:22:54 2016 -0700
@@ -5,7 +5,7 @@
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classfile" exception as provided
+ * particular file as subject to the "Classpath" exception as provided
  * by Oracle in the LICENSE file that accompanied this code.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/plugins/GenerateJLIClassesPlugin.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/internal/plugins/GenerateJLIClassesPlugin.java	Wed Aug 31 09:22:54 2016 -0700
@@ -24,14 +24,19 @@
  */
 package jdk.tools.jlink.internal.plugins;
 
+import java.io.File;
+import java.io.IOException;
 import java.lang.invoke.MethodType;
-import java.util.Arrays;
+import java.nio.file.Files;
+import java.util.ArrayList;
 import java.util.EnumSet;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.TreeMap;
+import java.util.TreeSet;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import jdk.internal.misc.SharedSecrets;
 import jdk.internal.misc.JavaLangInvokeAccess;
 import jdk.tools.jlink.plugin.ResourcePoolEntry;
@@ -47,12 +52,8 @@
 
     private static final String NAME = "generate-jli-classes";
 
-    private static final String BMH_PARAM = "bmh";
-    private static final String BMH_SPECIES_PARAM = "bmh-species";
-
     private static final String DESCRIPTION = PluginsResourceBundle.getDescription(NAME);
 
-    private static final String DMH_PARAM = "dmh";
     private static final String DIRECT_HOLDER = "java/lang/invoke/DirectMethodHandle$Holder";
     private static final String DMH_INVOKE_VIRTUAL = "invokeVirtual";
     private static final String DMH_INVOKE_STATIC = "invokeStatic";
@@ -61,8 +62,6 @@
     private static final String DMH_INVOKE_INTERFACE = "invokeInterface";
     private static final String DMH_INVOKE_STATIC_INIT = "invokeStaticInit";
 
-    private static final String INVOKERS_PARAM = "invokers";
-
     private static final String DELEGATING_HOLDER = "java/lang/invoke/DelegatingMethodHandle$Holder";
     private static final String BASIC_FORMS_HOLDER = "java/lang/invoke/LambdaForm$Holder";
     private static final String INVOKERS_HOLDER = "java/lang/invoke/Invokers$Holder";
@@ -70,12 +69,11 @@
     private static final JavaLangInvokeAccess JLIA
             = SharedSecrets.getJavaLangInvokeAccess();
 
-    List<String> speciesTypes;
+    Set<String> speciesTypes;
 
-    List<String> invokerTypes;
+    Set<String> invokerTypes;
 
-    Map<String, List<String>> dmhMethods;
-
+    Map<String, Set<String>> dmhMethods;
 
     public GenerateJLIClassesPlugin() {
     }
@@ -112,8 +110,8 @@
      * A better long-term solution is to define and run a set of quick
      * generators and extracting this list as a step in the build process.
      */
-    public static List<String> defaultSpecies() {
-        return List.of("LL", "L3", "L4", "L5", "L6", "L7", "L7I",
+    public static Set<String> defaultSpecies() {
+        return Set.of("LL", "L3", "L4", "L5", "L6", "L7", "L7I",
                 "L7II", "L7IIL", "L8", "L9", "L10", "L10I", "L10II", "L10IIL",
                 "L11", "L12", "L13", "LI", "D", "L3I", "LIL", "LLI", "LLIL",
                 "LILL", "I", "LLILL");
@@ -122,26 +120,27 @@
     /**
      * @return the default invoker forms to generate.
      */
-    public static List<String> defaultInvokers() {
-        return List.of("_L", "_I", "I_I", "LI_I", "ILL_I", "LIL_I", "L_L", "LL_V", "LLLL_L");
+    private static Set<String> defaultInvokers() {
+        return Set.of("LL_L", "LL_I", "LILL_I", "L6_L");
     }
 
     /**
      * @return the list of default DirectMethodHandle methods to generate.
      */
-    public static Map<String, List<String>> defaultDMHMethods() {
+    private static Map<String, Set<String>> defaultDMHMethods() {
         return Map.of(
-            DMH_INVOKE_VIRTUAL, List.of("_L", "L_L", "LI_I", "LL_V"),
-            DMH_INVOKE_SPECIAL, List.of("L_I", "L_L", "LF_L", "LD_L", "LL_L",
-                "L3_L", "L4_L", "L5_L", "L6_L", "L7_L", "LI_I", "LI_L", "LIL_I",
-                "LII_I", "LII_L", "LLI_L", "LLI_I", "LILI_I", "LIIL_L",
-                "LIILL_L", "LIILL_I", "LIIL_I", "LILIL_I", "LILILL_I",
-                "LILII_I", "LI3_I", "LI3L_I", "LI3LL_I", "LI3_L", "LI4_I"),
-            DMH_INVOKE_STATIC, List.of("II_I", "IL_I", "ILIL_I", "ILII_I",
-                "_I", "_L", "_V", "D_L", "F_L", "I_I", "II_L", "LI_L",
-                "L_V", "L_L", "LL_L", "L3_L", "L4_L", "L5_L", "L6_L",
-                "L7_L", "L8_L", "L9_L", "L9I_L", "L9II_L", "L9IIL_L",
-                "L10_L", "L11_L", "L12_L", "L13_L", "L13I_L", "L13II_L")
+            DMH_INVOKE_VIRTUAL, Set.of("L_L", "LL_L", "LLI_I", "L3_V"),
+            DMH_INVOKE_SPECIAL, Set.of("LL_I", "LL_L", "LLF_L", "LLD_L", "L3_L",
+                "L4_L", "L5_L", "L6_L", "L7_L", "L8_L", "LLI_I", "LLI_L",
+                "LLIL_I", "LLII_I", "LLII_L", "L3I_L", "L3I_I", "LLILI_I",
+                "LLIIL_L", "LLIILL_L", "LLIILL_I", "LLIIL_I", "LLILIL_I",
+                "LLILILL_I", "LLILII_I", "LLI3_I", "LLI3L_I", "LLI3LL_I",
+                "LLI3_L", "LLI4_I"),
+            DMH_INVOKE_STATIC, Set.of("LII_I", "LIL_I", "LILIL_I", "LILII_I",
+                "L_I", "L_L", "L_V", "LD_L", "LF_L", "LI_I", "LII_L", "LLI_L",
+                "LL_V", "LL_L", "L3_L", "L4_L", "L5_L", "L6_L", "L7_L",
+                "L8_L", "L9_L", "L10_L", "L10I_L", "L10II_L", "L10IIL_L",
+                "L11_L", "L12_L", "L13_L", "L14_L", "L14I_L", "L14II_L")
         );
     }
 
@@ -160,94 +159,110 @@
     public void configure(Map<String, String> config) {
         String mainArgument = config.get(NAME);
 
-        // Enable by default
-        boolean bmhEnabled = true;
-        boolean dmhEnabled = true;
-        boolean invokersEnabled = true;
-        if (mainArgument != null) {
-            List<String> args = Arrays.asList(mainArgument.split(","));
-            if (!args.contains(BMH_PARAM)) {
-                bmhEnabled = false;
-            }
-            if (!args.contains(DMH_PARAM)) {
-                dmhEnabled = false;
-            }
-            if (!args.contains(INVOKERS_PARAM)) {
-                dmhEnabled = false;
-            }
+        if ("none".equals(mainArgument)) {
+            speciesTypes = Set.of();
+            invokerTypes = Set.of();
+            dmhMethods = Map.of();
+            return;
         }
 
-        if (!bmhEnabled) {
-            speciesTypes = List.of();
-        } else {
-            String args = config.get(BMH_SPECIES_PARAM);
-            List<String> bmhSpecies;
-            if (args != null && !args.isEmpty()) {
-                bmhSpecies = Arrays.stream(args.split(","))
-                    .map(String::trim)
-                    .filter(s -> !s.isEmpty())
-                    .collect(Collectors.toList());
-            } else {
-                bmhSpecies = defaultSpecies();
-            }
+        // Start with the default configuration
+        Set<String> defaultBMHSpecies = defaultSpecies();
+        // Expand BMH species signatures
+        defaultBMHSpecies = defaultBMHSpecies.stream()
+                .map(type -> expandSignature(type))
+                .collect(Collectors.toSet());
 
-            // Expand BMH species signatures
-            speciesTypes = bmhSpecies.stream()
-                    .map(type -> expandSignature(type))
-                    .collect(Collectors.toList());
+        Set<String> defaultInvokerTypes = defaultInvokers();
+        validateMethodTypes(defaultInvokerTypes);
+
+        Map<String, Set<String>> defaultDmhMethods = defaultDMHMethods();
+        for (Set<String> dmhMethodTypes : defaultDmhMethods.values()) {
+            validateMethodTypes(dmhMethodTypes);
         }
 
-        if (!invokersEnabled) {
-            invokerTypes = List.of();
+        // Extend the default configuration with the contents in the supplied
+        // input file
+        if (mainArgument == null || !mainArgument.startsWith("@")) {
+            speciesTypes = defaultBMHSpecies;
+            invokerTypes = defaultInvokerTypes;
+            dmhMethods = defaultDmhMethods;
         } else {
-            String args = config.get(INVOKERS_PARAM);
-            if (args != null && !args.isEmpty()) {
-                invokerTypes = Arrays.stream(args.split(","))
-                            .map(String::trim)
-                            .filter(s -> !s.isEmpty())
-                            .collect(Collectors.toList());
-                validateMethodTypes(invokerTypes);
-            } else {
-                invokerTypes = defaultInvokers();
-            }
-
-        }
-        // DirectMethodHandles
-        if (!dmhEnabled) {
-            dmhMethods = Map.of();
-        } else {
-            dmhMethods = new HashMap<>();
-            for (String dmhParam : DMH_METHOD_TYPE_MAP.keySet()) {
-                String args = config.get(dmhParam);
-                if (args != null && !args.isEmpty()) {
-                    List<String> dmhMethodTypes = Arrays.stream(args.split(","))
-                            .map(String::trim)
-                            .filter(s -> !s.isEmpty())
-                            .collect(Collectors.toList());
-                    dmhMethods.put(dmhParam, dmhMethodTypes);
-                    validateMethodTypes(dmhMethodTypes);
+            File file = new File(mainArgument.substring(1));
+            if (file.exists()) {
+                // Use TreeSet/TreeMap to keep things sorted in a deterministic
+                // order to avoid scrambling the layout on small changes and to
+                // ease finding methods in the generated code
+                speciesTypes = new TreeSet<>(defaultBMHSpecies);
+                invokerTypes = new TreeSet<>(defaultInvokerTypes);
+                dmhMethods = new TreeMap<>();
+                for (Map.Entry<String, Set<String>> entry : defaultDmhMethods.entrySet()) {
+                    dmhMethods.put(entry.getKey(), new TreeSet<>(entry.getValue()));
                 }
-            }
-            if (dmhMethods.isEmpty()) {
-                dmhMethods = defaultDMHMethods();
+                fileLines(file)
+                    .map(line -> line.split(" "))
+                    .forEach(parts -> {
+                        switch (parts[0]) {
+                            case "[BMH_RESOLVE]":
+                                speciesTypes.add(expandSignature(parts[1]));
+                                break;
+                            case "[LF_RESOLVE]":
+                                String methodType = parts[3];
+                                validateMethodType(methodType);
+                                if (parts[1].contains("Invokers")) {
+                                    invokerTypes.add(methodType);
+                                } else if (parts[1].contains("DirectMethodHandle")) {
+                                    String dmh = parts[2];
+                                    // ignore getObject etc for now (generated
+                                    // by default)
+                                    if (DMH_METHOD_TYPE_MAP.containsKey(dmh)) {
+                                        addDMHMethodType(dmh, methodType);
+                                    }
+                                }
+                                break;
+                            default: break; // ignore
+                        }
+                });
             }
         }
     }
 
-    void validateMethodTypes(List<String> dmhMethodTypes) {
+    private void addDMHMethodType(String dmh, String methodType) {
+        validateMethodType(methodType);
+        Set<String> methodTypes = dmhMethods.get(dmh);
+        if (methodTypes == null) {
+            methodTypes = new TreeSet<>();
+            dmhMethods.put(dmh, methodTypes);
+        }
+        methodTypes.add(methodType);
+    }
+
+    private Stream<String> fileLines(File file) {
+        try {
+            return Files.lines(file.toPath());
+        } catch (IOException io) {
+            throw new PluginException("Couldn't read file");
+        }
+    }
+
+    private void validateMethodTypes(Set<String> dmhMethodTypes) {
         for (String type : dmhMethodTypes) {
-            String[] typeParts = type.split("_");
-            // check return type (second part)
-            if (typeParts.length != 2 || typeParts[1].length() != 1
-                    || "LJIFDV".indexOf(typeParts[1].charAt(0)) == -1) {
-                throw new PluginException(
-                        "Method type signature must be of form [LJIFD]*_[LJIFDV]");
-            }
-            // expand and check arguments (first part)
-            expandSignature(typeParts[0]);
+            validateMethodType(type);
         }
     }
 
+    private void validateMethodType(String type) {
+        String[] typeParts = type.split("_");
+        // check return type (second part)
+        if (typeParts.length != 2 || typeParts[1].length() != 1
+                || "LJIFDV".indexOf(typeParts[1].charAt(0)) == -1) {
+            throw new PluginException(
+                    "Method type signature must be of form [LJIFD]*_[LJIFDV]");
+        }
+        // expand and check arguments (first part)
+        expandSignature(typeParts[0]);
+    }
+
     private static void requireBasicType(char c) {
         if ("LIJFD".indexOf(c) < 0) {
             throw new PluginException(
@@ -295,23 +310,44 @@
 
     private void generateHolderClasses(ResourcePoolBuilder out) {
         int count = 0;
-        for (List<String> entry : dmhMethods.values()) {
+        for (Set<String> entry : dmhMethods.values()) {
             count += entry.size();
         }
         MethodType[] directMethodTypes = new MethodType[count];
         int[] dmhTypes = new int[count];
         int index = 0;
-        for (Map.Entry<String, List<String>> entry : dmhMethods.entrySet()) {
+        for (Map.Entry<String, Set<String>> entry : dmhMethods.entrySet()) {
             String dmhType = entry.getKey();
             for (String type : entry.getValue()) {
-                directMethodTypes[index] = asMethodType(type);
+                // The DMH type to actually ask for is retrieved by removing
+                // the first argument, which needs to be of Object.class
+                MethodType mt = asMethodType(type);
+                if (mt.parameterCount() < 1 ||
+                    mt.parameterType(0) != Object.class) {
+                    throw new PluginException(
+                            "DMH type parameter must start with L");
+                }
+                directMethodTypes[index] = mt.dropParameterTypes(0, 1);
                 dmhTypes[index] = DMH_METHOD_TYPE_MAP.get(dmhType);
                 index++;
             }
         }
         MethodType[] invokerMethodTypes = new MethodType[this.invokerTypes.size()];
-        for (int i = 0; i < invokerTypes.size(); i++) {
-            invokerMethodTypes[i] = asMethodType(invokerTypes.get(i));
+        int i = 0;
+        for (String invokerType : invokerTypes) {
+            // The invoker type to ask for is retrieved by removing the first
+            // and the last argument, which needs to be of Object.class
+            MethodType mt = asMethodType(invokerType);
+            final int lastParam = mt.parameterCount() - 1;
+            if (mt.parameterCount() < 2 ||
+                    mt.parameterType(0) != Object.class ||
+                    mt.parameterType(lastParam) != Object.class) {
+                throw new PluginException(
+                        "Invoker type parameter must start and end with L");
+            }
+            mt = mt.dropParameterTypes(lastParam, lastParam + 1);
+            invokerMethodTypes[i] = mt.dropParameterTypes(0, 1);
+            i++;
         }
         try {
             byte[] bytes = JLIA.generateDirectMethodHandleHolderClassBytes(
--- a/src/jdk.jlink/share/classes/jdk/tools/jlink/resources/plugins.properties	Fri Aug 26 10:02:50 2016 -0700
+++ b/src/jdk.jlink/share/classes/jdk/tools/jlink/resources/plugins.properties	Wed Aug 31 09:22:54 2016 -0700
@@ -68,10 +68,12 @@
 exclude-resources.description=\
 Specify resources to exclude. e.g.: **.jcov,glob:**/META-INF/**
 
-generate-jli-classes.argument=<bmh[:bmh-species=LL,L3,...]>
+generate-jli-classes.argument=<none|@filename>
 
 generate-jli-classes.description=\
-Concrete java.lang.invoke classes to generate
+Takes a file hinting to jlink what java.lang.invoke classes to pre-generate. If\n\
+this flag is not specified a default set of classes will be generated. To \n\
+disable pre-generation specify none as the argument
 
 installed-modules.description=Fast loading of module descriptors (always enabled)
 
--- a/test/ProblemList.txt	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/ProblemList.txt	Wed Aug 31 09:22:54 2016 -0700
@@ -213,8 +213,6 @@
 
 sun/security/pkcs11/ec/TestKeyFactory.java                      8026976 generic-all
 
-sun/security/krb5/auto/Unreachable.java                         7164518 macosx-all
-
 sun/security/tools/keytool/ListKeychainStore.sh                 8156889 macosx-all
 
 sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java      8026393 generic-all
--- a/test/java/lang/ProcessBuilder/Zombies.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/lang/ProcessBuilder/Zombies.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,7 +25,6 @@
  * @test
  * @run main/othervm Zombies
  * @bug 6474073 6180151
- * @key intermittent
  * @summary Make sure zombies don't get created on Unix
  * @author Martin Buchholz
  */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/net/HttpCookie/CookieNegativeMaxAge.java	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8005068
+ * @summary Check that any negative maxAge is treated as "unspecified" and
+ * if header contains cookie with "expires" attribute in the past then cookie
+ * is created with maxAge=0 meaning it is specified to be immediately expired.
+ * @run main CookieNegativeMaxAge
+ */
+
+
+import java.net.HttpCookie;
+import java.util.List;
+
+public class CookieNegativeMaxAge {
+
+    public static void main(String... args) {
+        HttpCookie cookie = new HttpCookie("testCookie", "value");
+        cookie.setMaxAge(Integer.MIN_VALUE);
+        if (cookie.hasExpired()) {
+            throw new RuntimeException("Cookie has unexpectedly expired");
+        }
+
+        List<HttpCookie> cookies = HttpCookie.parse("Set-Cookie: " +
+                "expiredCookie=value; expires=Thu, 01 Jan 1970 00:00:00 GMT");
+        if (cookies.size() == 1) {
+            if (cookies.get(0).getMaxAge() != 0) {
+                throw new RuntimeException("Cookie maxAge expected to be 0");
+            }
+        } else {
+            throw new RuntimeException("Header was incorrectly parsed");
+        }
+    }
+}
--- a/test/java/net/URLPermission/nstest/lookup.sh	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/net/URLPermission/nstest/lookup.sh	Wed Aug 31 09:22:54 2016 -0700
@@ -27,6 +27,7 @@
 # @build jdk.testlibrary.*
 # @compile -XDignore.symbol.file=true LookupTest.java
 # @run shell/timeout=50 lookup.sh
+# @key intermittent
 #
 
 OS=`uname -s`
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/net/httpclient/ProxyAuthTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,174 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ */
+
+/*
+ * @test
+ * @bug 8163561
+ * @modules java.base/sun.net.www
+ * @summary Verify that Proxy-Authenticate header is correctly handled
+ *
+ * @run main/othervm ProxyAuthTest
+ */
+
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.net.Authenticator;
+import java.net.InetSocketAddress;
+import java.net.PasswordAuthentication;
+import java.net.ProxySelector;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpResponse;
+import java.util.Base64;
+
+import sun.net.www.MessageHeader;
+
+public class ProxyAuthTest {
+    private static final String AUTH_USER = "user";
+    private static final String AUTH_PASSWORD = "password";
+
+    public static void main(String[] args) throws Exception {
+        try (ServerSocket ss = new ServerSocket(0)) {
+            int port = ss.getLocalPort();
+            MyProxy proxy = new MyProxy(ss);
+            (new Thread(proxy)).start();
+            System.out.println("Proxy listening port " + port);
+
+            Auth auth = new Auth();
+            InetSocketAddress paddr = new InetSocketAddress("localhost", port);
+
+            URI uri = new URI("http://www.google.ie/");
+            HttpClient client = HttpClient.create()
+                    .proxy(ProxySelector.of(paddr))
+                    .authenticator(auth)
+                    .build();
+            HttpResponse resp = client.request(uri)
+                    .GET()
+                    .responseAsync()
+                    .get();
+            if (resp.statusCode() != 404) {
+                throw new RuntimeException("Unexpected status code: " + resp.statusCode());
+            }
+
+            if (auth.isCalled) {
+                System.out.println("Authenticator is called");
+            } else {
+                throw new RuntimeException("Authenticator is not called");
+            }
+
+            if (!proxy.matched) {
+                throw new RuntimeException("Proxy authentication failed");
+            }
+        }
+    }
+
+    static class Auth extends Authenticator {
+        private volatile boolean isCalled;
+
+        @Override
+        protected PasswordAuthentication getPasswordAuthentication() {
+            System.out.println("scheme: " + this.getRequestingScheme());
+            isCalled = true;
+            return new PasswordAuthentication(AUTH_USER,
+                    AUTH_PASSWORD.toCharArray());
+        }
+    }
+
+    static class MyProxy implements Runnable {
+        final ServerSocket ss;
+        private volatile boolean matched;
+
+        MyProxy(ServerSocket ss) {
+            this.ss = ss;
+        }
+
+        public void run() {
+            for (int i = 0; i < 2; i++) {
+                try (Socket s = ss.accept();
+                     InputStream in = s.getInputStream();
+                     OutputStream os = s.getOutputStream();
+                     BufferedWriter writer = new BufferedWriter(
+                             new OutputStreamWriter(os));
+                     PrintWriter out = new PrintWriter(writer);) {
+                    MessageHeader headers = new MessageHeader(in);
+                    System.out.println("Proxy: received " + headers);
+
+                    String authInfo = headers
+                            .findValue("Proxy-Authorization");
+                    if (authInfo != null) {
+                        authenticate(authInfo);
+                        out.print("HTTP/1.1 404 Not found\r\n");
+                        out.print("\r\n");
+                        System.out.println("Proxy: 404");
+                        out.flush();
+                    } else {
+                        out.print("HTTP/1.1 407 Proxy Authorization Required\r\n");
+                        out.print(
+                                "Proxy-Authenticate: Basic realm=\"a fake realm\"\r\n");
+                        out.print("\r\n");
+                        System.out.println("Proxy: Authorization required");
+                        out.flush();
+                    }
+                } catch (IOException x) {
+                    System.err.println("Unexpected IOException from proxy.");
+                    x.printStackTrace();
+                    break;
+                }
+            }
+        }
+
+        private void authenticate(String authInfo) throws IOException {
+            try {
+                authInfo.trim();
+                int ind = authInfo.indexOf(' ');
+                String recvdUserPlusPass = authInfo.substring(ind + 1).trim();
+                // extract encoded username:passwd
+                String value = new String(
+                        Base64.getMimeDecoder().decode(recvdUserPlusPass));
+                String userPlusPassword = AUTH_USER + ":" + AUTH_PASSWORD;
+                if (userPlusPassword.equals(value)) {
+                    matched = true;
+                    System.out.println("Proxy: client authentication successful");
+                } else {
+                    System.err.println(
+                            "Proxy: client authentication failed, expected ["
+                                    + userPlusPassword + "], actual [" + value
+                                    + "]");
+                }
+            } catch (Exception e) {
+                throw new IOException(
+                        "Proxy received invalid Proxy-Authorization value: "
+                                + authInfo);
+            }
+        }
+    }
+
+}
+
--- a/test/java/nio/channels/FileChannel/Lock.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/nio/channels/FileChannel/Lock.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,8 +22,8 @@
  */
 
 /* @test
- * @bug 4429043 4493595 6332756 6709457
- * @summary The FileChannel file locking
+ * @bug 4429043 4493595 6332756 6709457 7146506
+ * @summary Test FileChannel file locking
  */
 
 import java.io.*;
@@ -33,17 +33,14 @@
 /**
  * Testing FileChannel's lock method.
  */
-
 public class Lock {
 
     public static void main(String[] args) throws Exception {
-        if (args.length > 0) {
-            if(args[0].equals("1")) {
-                MadWriter mw = new MadWriter(args[1], false);
-            } else {
-                MadWriter mw = new MadWriter(args[1], true);
-            }
+        if (args.length == 2) {
+            attemptLock(args[1], args[0].equals("2"));
             return;
+        } else if (args.length != 0) {
+            throw new RuntimeException("Wrong number of parameters.");
         }
         File blah = File.createTempFile("blah", null);
         blah.deleteOnExit();
@@ -56,120 +53,128 @@
         test2(blah, false);
         test3(blah);
         test4(blah);
-        blah.delete();
     }
 
-    private static void test2(File blah, boolean b) throws Exception {
-        RandomAccessFile raf = new RandomAccessFile(blah, "rw");
-        FileChannel channel = raf.getChannel();
-        FileLock lock;
-        if (b)
-            lock = channel.lock();
-        else
-            lock = channel.tryLock();
-        lock.release();
-        channel.close();
+    /**
+     * Test mutual locking with other process
+     */
+    static void test1(File blah, String str) throws Exception {
+        try (RandomAccessFile fis = new RandomAccessFile(blah, "rw")) {
+            FileChannel fc = fis.getChannel();
+            FileLock lock = null;
+
+            // grab the lock
+            if (str.equals("1")) {
+                lock = fc.lock(0, 10, false);
+                if (lock == null)
+                    throw new RuntimeException("Lock should not return null");
+                try {
+                    fc.lock(5, 10, false);
+                    throw new RuntimeException("Overlapping locks allowed");
+                } catch (OverlappingFileLockException e) {} // correct result
+            }
+
+            // execute the tamperer
+            String command = System.getProperty("java.home") +
+                File.separator + "bin" + File.separator + "java";
+            String testClasses = System.getProperty("test.classes");
+            if (testClasses != null)
+                command += " -cp " + testClasses;
+            command += " Lock " + str + " " + blah;
+            Process p = Runtime.getRuntime().exec(command);
+
+            // evaluate System.out of child process
+            String s;
+            boolean hasOutput = false;
+            InputStreamReader isr;
+            isr = new InputStreamReader(p.getInputStream());
+            BufferedReader br = new BufferedReader(isr);
+            while ((s = br.readLine()) != null) {
+                // only throw on Unix as windows over NFS fails...
+                if ((File.separatorChar == '/') && !s.equals("good")) {
+                    throw new RuntimeException("Failed: " + s);
+                }
+                hasOutput = true;
+            }
+
+            // evaluate System.err in case of System.out of child process
+            // was empty
+            if (!hasOutput) {
+                isr = new InputStreamReader(p.getErrorStream());
+                br = new BufferedReader(isr);
+                if ((s = br.readLine()) != null) {
+                    System.err.println("Error output:");
+                    System.err.println(s);
+                    while ((s = br.readLine()) != null) {
+                        System.err.println(s);
+                    }
+                }
+                throw new RuntimeException("Failed, no output");
+            }
+
+            // clean up, check multiple releases
+            if (lock != null) {
+                lock.release();
+                lock.release();
+            }
+        }
     }
 
-    static void test1(File blah, String str) throws Exception {
-
-        // Grab the lock
-        RandomAccessFile fis = new RandomAccessFile(blah, "rw");
-        FileChannel fc = fis.getChannel();
-        FileLock lock = null;
-
-        if (str.equals("1")) {
-            lock = fc.lock(0, 10, false);
-            if (lock == null)
-                throw new RuntimeException("Lock should not return null");
-            try {
-                FileLock lock2 = fc.lock(5, 10, false);
-                throw new RuntimeException("Overlapping locks allowed");
-            } catch (OverlappingFileLockException e) {
-                // Correct result
-            }
-        }
-
-        // Exec the tamperer
-        String command = System.getProperty("java.home") +
-            File.separator + "bin" + File.separator + "java";
-        String testClasses = System.getProperty("test.classes");
-        if (testClasses != null)
-            command += " -cp " + testClasses;
-        command += " Lock " + str + " " + blah;
-        Process p = Runtime.getRuntime().exec(command);
-
-        BufferedReader in = new BufferedReader
-            (new InputStreamReader(p.getInputStream()));
-
-        String s;
-        int count = 0;
-        while ((s = in.readLine()) != null) {
-            if (!s.equals("good")) {
-                if (File.separatorChar == '/') {
-                    // Fails on windows over NFS...
-                    throw new RuntimeException("Failed: "+s);
-                }
-            }
-            count++;
-        }
-
-        if (count == 0) {
-            in = new BufferedReader(new InputStreamReader(p.getErrorStream()));
-            while ((s = in.readLine()) != null) {
-                System.err.println("Error output: " + s);
-            }
-            throw new RuntimeException("Failed, no output");
-        }
-
-        // Clean up
-        if (lock != null) {
-            /* Check multiple releases */
-            lock.release();
+    /**
+     * Basic test for FileChannel.lock() and FileChannel.tryLock()
+     */
+    static void test2(File blah, boolean b) throws Exception {
+        try (RandomAccessFile raf = new RandomAccessFile(blah, "rw")) {
+            FileChannel channel = raf.getChannel();
+            FileLock lock;
+            if (b)
+                lock = channel.lock();
+            else
+                lock = channel.tryLock();
             lock.release();
         }
-        fc.close();
-        fis.close();
     }
 
-    // The overlap check for file locks should be JVM-wide
-    private static void test3(File blah) throws Exception {
-        FileChannel fc1 = new RandomAccessFile(blah, "rw").getChannel();
-        FileChannel fc2 = new RandomAccessFile(blah, "rw").getChannel();
+    /**
+     * Test that overlapping file locking is not possible when using different
+     * FileChannel objects to the same file path
+     */
+    static void test3(File blah) throws Exception {
+        try (RandomAccessFile raf1 = new RandomAccessFile(blah, "rw");
+             RandomAccessFile raf2 = new RandomAccessFile(blah, "rw"))
+        {
+            FileChannel fc1 = raf1.getChannel();
+            FileChannel fc2 = raf2.getChannel();
 
-        // lock via one channel, and then attempt to lock the same file
-        // using a second channel
-        FileLock fl1 = fc1.lock();
-        try {
-            fc2.tryLock();
-            throw new RuntimeException("Overlapping locks allowed");
-        } catch (OverlappingFileLockException x) {
+            // lock via one channel, and then attempt to lock the same file
+            // using a second channel
+            FileLock fl1 = fc1.lock();
+            try {
+                fc2.tryLock();
+                throw new RuntimeException("Overlapping locks allowed");
+            } catch (OverlappingFileLockException x) {}
+            try {
+                fc2.lock();
+                throw new RuntimeException("Overlapping locks allowed");
+            } catch (OverlappingFileLockException x) {}
+
+            // release lock and the attempt to lock with the second channel
+            // should succeed.
+            fl1.release();
+            fc2.lock();
+            try {
+                fc1.lock();
+                throw new RuntimeException("Overlapping locks allowed");
+            } catch (OverlappingFileLockException x) {}
         }
-        try {
-            fc2.lock();
-            throw new RuntimeException("Overlapping locks allowed");
-        } catch (OverlappingFileLockException x) {
-        }
-
-        // release lock and the attempt to lock with the second channel
-        // should succeed.
-        fl1.release();
-        FileLock fl2 = fc2.lock();
-        try {
-            fc1.lock();
-            throw new RuntimeException("Overlapping locks allowed");
-        } catch (OverlappingFileLockException x) {
-        }
-
-        fc1.close();
-        fc2.close();
     }
 
     /**
      * Test file locking when file is opened for append
      */
     static void test4(File blah) throws Exception {
-        try (FileChannel fc = new FileOutputStream(blah, true).getChannel()) {
+        try (FileOutputStream fos = new FileOutputStream(blah, true)) {
+            FileChannel fc = fos.getChannel();
             fc.tryLock().release();
             fc.tryLock(0L, 1L, false).release();
             fc.lock().release();
@@ -182,30 +187,31 @@
             fc.lock(0L, 1L, false).release();
         }
     }
+
+    /**
+     * Utility method to be run in secondary process which tries to acquire a
+     * lock on a FileChannel
+     */
+    static void attemptLock(String fileName,
+                            boolean expectsLock) throws Exception
+    {
+        File f = new File(fileName);
+        try (RandomAccessFile raf = new RandomAccessFile(f, "rw")) {
+            FileChannel fc = raf.getChannel();
+            if (fc.tryLock(10, 10, false) == null) {
+                System.out.println("bad: Failed to grab adjacent lock");
+            }
+            if (fc.tryLock(0, 10, false) == null) {
+                if (expectsLock)
+                    System.out.println("bad");
+                else
+                    System.out.println("good");
+            } else {
+                if (expectsLock)
+                    System.out.println("good");
+                else
+                    System.out.println("bad");
+            }
+        }
+    }
 }
-
-class MadWriter {
-    public MadWriter(String s, boolean b) throws Exception {
-        File f = new File(s);
-        RandomAccessFile fos = new RandomAccessFile(f, "rw");
-        FileChannel fc = fos.getChannel();
-        if (fc.tryLock(10, 10, false) == null) {
-            System.out.println("bad: Failed to grab adjacent lock");
-        }
-        FileLock lock = fc.tryLock(0, 10, false);
-        if (lock == null) {
-            if (b)
-                System.out.println("bad");
-            else
-                System.out.println("good");
-        } else {
-            if (b)
-                System.out.println("good");
-            else
-                System.out.println("bad");
-        }
-        fc.close();
-        fos.close();
-    }
-
-}
--- a/test/java/text/Bidi/BidiConformance.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Bidi/BidiConformance.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 6850113 8032446
  * @summary confirm the behavior of new Bidi implementation. (Backward compatibility)
+ * @modules java.desktop
  */
 
 import java.awt.font.NumericShaper;
--- a/test/java/text/Bidi/BidiEmbeddingTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Bidi/BidiEmbeddingTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
  * indicate overrides, rather than using bit 7.  Also tests Bidi without loading awt classes to
  * confirm that Bidi can be used without awt. Verify that embedding level 0 is properly mapped
  * to the base embedding level.
+ * @modules java.desktop
  */
 
 import java.awt.Color;
--- a/test/java/text/Bidi/Bug7042148.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Bidi/Bug7042148.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 7042148
  * @summary verify that Bidi.baseIsLeftToRight() returns the correct value even if an incorrect position is set in the given AttributedCharacterIterator.
+ * @modules java.desktop
  */
 import java.awt.font.*;
 import java.text.*;
--- a/test/java/text/Bidi/Bug7051769.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Bidi/Bug7051769.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
  * @bug 7051769 8038092
  * @summary verify that Bidi.toString() returns the corect result.
  *     The second run is intended to test lazy SharedSectets init for 8038092
+ * @modules java.desktop
  * @run main Bug7051769
  * @run main/othervm -DpreloadBidi=true Bug7051769
  */
--- a/test/java/text/BreakIterator/NewVSOld_th_TH.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/BreakIterator/NewVSOld_th_TH.java	Wed Aug 31 09:22:54 2016 -0700
@@ -22,9 +22,10 @@
  */
 
 /*
-    @test
-    @summary test Comparison of New Collators against Old Collators in the en_US locale
-*/
+ * @test
+ * @summary test Comparison of New Collators against Old Collators in the en_US locale
+ * @modules jdk.localedata
+ */
 
 import java.io.*;
 import java.util.Enumeration;
--- a/test/java/text/Collator/APITest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/APITest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @library /java/text/testlib
  * @summary test Collation API
+ * @modules jdk.localedata
  */
 /*
 (C) Copyright Taligent, Inc. 1996 - All Rights Reserved
--- a/test/java/text/Collator/CollationKeyTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/CollationKeyTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -29,6 +29,7 @@
  *          RuleBasedCollationKey. This test basically tests on the two features:
  *          1. Existing code using CollationKey works (backward compatiblility)
  *          2. CollationKey can be extended by its subclass.
+ * @modules jdk.localedata
  */
 
 
--- a/test/java/text/Collator/DanishTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/DanishTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -26,6 +26,7 @@
  * @bug 4930708 4174436 5008498
  * @library /java/text/testlib
  * @summary test Danish Collation
+ * @modules jdk.localedata
  */
 /*
 (C) Copyright Taligent, Inc. 1996 - All Rights Reserved
--- a/test/java/text/Collator/FinnishTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/FinnishTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @library /java/text/testlib
  * @summary test Finnish Collation
+ * @modules jdk.localedata
  */
 /*
 (C) Copyright Taligent, Inc. 1996 - All Rights Reserved
--- a/test/java/text/Collator/FrenchTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/FrenchTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @library /java/text/testlib
  * @summary test French Collation
+ * @modules jdk.localedata
  */
 /*
 (C) Copyright Taligent, Inc. 1996 - All Rights Reserved
--- a/test/java/text/Collator/G7Test.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/G7Test.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @library /java/text/testlib
  * @summary test G7 Collation
+ * @modules jdk.localedata
  */
 /*
  *
--- a/test/java/text/Collator/JapaneseTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/JapaneseTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test 1.1 02/09/11
  * @bug 4176141 4655819
  * @summary Regression tests for Japanese Collation
+ * @modules jdk.localedata
  */
 
 import java.text.*;
--- a/test/java/text/Collator/KoreanTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/KoreanTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test 1.1 02/09/12
  * @bug 4176141 4655819
  * @summary Regression tests for Korean Collation
+ * @modules jdk.localedata
  */
 
 import java.text.*;
--- a/test/java/text/Collator/Regression.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/Regression.java	Wed Aug 31 09:22:54 2016 -0700
@@ -29,6 +29,7 @@
  *      4133509 4139572 4141640 4179126 4179686 4244884 4663220
  * @library /java/text/testlib
  * @summary Regression tests for Collation and associated classes
+ * @modules jdk.localedata
  */
 /*
 (C) Copyright Taligent, Inc. 1996 - All Rights Reserved
--- a/test/java/text/Collator/ThaiTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/ThaiTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @library /java/text/testlib
  * @summary test Thai Collation
+ * @modules jdk.localedata
  */
 /*
  * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
--- a/test/java/text/Collator/TurkishTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/TurkishTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @library /java/text/testlib
  * @summary test Turkish Collation
+ * @modules jdk.localedata
  */
 /*
 (C) Copyright Taligent, Inc. 1996 - All Rights Reserved
--- a/test/java/text/Collator/VietnameseTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Collator/VietnameseTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -26,6 +26,7 @@
  * @bug 4932968 5015215
  * @library /java/text/testlib
  * @summary test Vietnamese Collation
+ * @modules jdk.localedata
  */
 
 /*
--- a/test/java/text/Format/DateFormat/Bug4823811.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/DateFormat/Bug4823811.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 4823811 8008577
  * @summary Confirm that text which includes numbers with a trailing minus sign is parsed correctly.
+ * @modules jdk.localedata
  * @run main/othervm -Duser.timezone=GMT+09:00 -Djava.locale.providers=JRE,SPI Bug4823811
  */
 
--- a/test/java/text/Format/DateFormat/Bug6683975.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/DateFormat/Bug6683975.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 6683975 8008577
  * @summary Make sure that date is formatted correctlyin th locale.
+ * @modules jdk.localedata
  * @run main/othervm -Djava.locale.providers=JRE,SPI Bug6683975
  */
 import java.text.*;
--- a/test/java/text/Format/DateFormat/Bug8139572.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/DateFormat/Bug8139572.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
  * @bug 8139572
  * @summary SimpleDateFormat parse month stand-alone format bug
  * @compile -encoding utf-8 Bug8139572.java
+ * @modules jdk.localedata
  * @run main Bug8139572
  */
 import java.text.ParseException;
--- a/test/java/text/Format/DateFormat/ContextMonthNamesTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/DateFormat/ContextMonthNamesTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 7079560 8008577
  * @summary Unit test for context-sensitive month names
+ * @modules jdk.localedata
  * @run main/othervm -Djava.locale.providers=JRE,SPI ContextMonthNamesTest
  */
 
--- a/test/java/text/Format/DateFormat/DateFormatTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/DateFormat/DateFormatTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -26,6 +26,7 @@
  * @bug 4052223 4089987 4469904 4326988 4486735 8008577 8045998 8140571
  * @summary test DateFormat and SimpleDateFormat.
  * @library /java/text/testlib
+ * @modules jdk.localedata
  * @run main/othervm -Djava.locale.providers=COMPAT,SPI DateFormatTest
  */
 
--- a/test/java/text/Format/DateFormat/LocaleDateFormats.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/DateFormat/LocaleDateFormats.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
 /**
  * @test
  * @bug 8080774
+ * @modules jdk.localedata
  * @run testng/othervm -Djava.locale.providers=JRE,CLDR LocaleDateFormats
  * @summary This file contains tests for JRE locales date formats
  */
--- a/test/java/text/Format/DateFormat/NonGregorianFormatTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/DateFormat/NonGregorianFormatTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @bug 4833268 6253991 8008577
  * @summary Test formatting and parsing with non-Gregorian calendars
+ * @modules jdk.localedata
  * @run main/othervm -Djava.locale.providers=COMPAT,SPI NonGregorianFormatTest
  */
 
--- a/test/java/text/Format/DateFormat/bug4117335.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/DateFormat/bug4117335.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  *
  * @bug 4117335 4432617
+ * @modules jdk.localedata
  */
 
 import java.text.DateFormatSymbols ;
--- a/test/java/text/Format/MessageFormat/LargeMessageFormat.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/MessageFormat/LargeMessageFormat.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @bug 4112090 8008577
  * @summary verify that MessageFormat can handle large numbers of arguments
+ * @modules jdk.localedata
  * @run main/othervm -Djava.locale.providers=COMPAT,SPI LargeMessageFormat
  */
 
--- a/test/java/text/Format/NumberFormat/Bug8132125.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/NumberFormat/Bug8132125.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 8132125
  * @summary Checks Swiss' number elements
+ * @modules jdk.localedata
  */
 
 import java.text.*;
--- a/test/java/text/Format/NumberFormat/CurrencyFormat.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/NumberFormat/CurrencyFormat.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @bug 4290801 4942982 5102005 8008577 8021121
  * @summary Basic tests for currency formatting.
+ * @modules jdk.localedata
  * @run main/othervm -Djava.locale.providers=JRE,SPI CurrencyFormat
  */
 
--- a/test/java/text/Format/NumberFormat/IntlTestNumberFormatAPI.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/NumberFormat/IntlTestNumberFormatAPI.java	Wed Aug 31 09:22:54 2016 -0700
@@ -25,6 +25,7 @@
  * @test
  * @library /java/text/testlib
  * @summary test International Number Format API
+ * @modules jdk.localedata
  */
 /*
 (C) Copyright Taligent, Inc. 1996, 1997 - All Rights Reserved
--- a/test/java/text/Format/NumberFormat/NumberRegression.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/NumberFormat/NumberRegression.java	Wed Aug 31 09:22:54 2016 -0700
@@ -34,6 +34,7 @@
  * @library /java/text/testlib
  * @build IntlTest HexDumpReader TestUtils
  * @modules java.base/sun.util.resources
+ *          jdk.localedata
  * @compile -XDignore.symbol.file NumberRegression.java
  * @run main/othervm -Djava.locale.providers=COMPAT,SPI NumberRegression
  */
--- a/test/java/text/Format/NumberFormat/NumberTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/java/text/Format/NumberFormat/NumberTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -27,6 +27,7 @@
  * @summary test NumberFormat
  * @library /java/text/testlib
  * @modules java.base/sun.util.resources
+ *          jdk.localedata
  * @compile -XDignore.symbol.file NumberTest.java
  * @run main/othervm -Djava.locale.providers=COMPAT,SPI NumberTest
  */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/crypto/CryptoPermissions/TestUnlimited.java	Wed Aug 31 09:22:54 2016 -0700
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8061842
+ * @summary Package jurisdiction policy files as something other than JAR
+ * @run main/othervm TestUnlimited "" exception
+ * @run main/othervm TestUnlimited limited fail
+ * @run main/othervm TestUnlimited unlimited pass
+ * @run main/othervm TestUnlimited unlimited/ pass
+ * @run main/othervm TestUnlimited NosuchDir exception
+ * @run main/othervm TestUnlimited . exception
+ * @run main/othervm TestUnlimited /tmp/unlimited exception
+ * @run main/othervm TestUnlimited ../policy/unlimited exception
+ * @run main/othervm TestUnlimited ./unlimited exception
+ * @run main/othervm TestUnlimited /unlimited exception
+ */
+import javax.crypto.*;
+import java.security.Security;
+
+public class TestUnlimited {
+
+    public static void main(String[] args) throws Exception {
+        /*
+         * Override the Security property to allow for unlimited policy.
+         * Would need appropriate permissions if Security Manager were
+         * active.
+         */
+        if (args.length != 2) {
+            throw new Exception("Two args required");
+        }
+
+        boolean expected = args[1].equals("pass");
+        boolean exception = args[1].equals("exception");
+        boolean result = false;
+
+        System.out.println("Testing: " + args[0]);
+
+        if (args[0].equals("\"\"")) {
+            Security.setProperty("crypto.policy", "");
+        } else {
+            Security.setProperty("crypto.policy", args[0]);
+        }
+
+        /*
+         * Use the AES as the test Cipher
+         * If there is an error initializing, we will never get past here.
+         */
+        try {
+            int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
+            System.out.println("max AES key len:" + maxKeyLen);
+            if (maxKeyLen > 128) {
+                System.out.println("Unlimited policy is active");
+                result = true;
+            } else {
+                System.out.println("Unlimited policy is NOT active");
+                result = false;
+            }
+        } catch (Throwable e) {
+            if (!exception) {
+                throw new Exception();
+            }
+        }
+
+        System.out.println(
+                "Expected:\t" + expected + "\nResult:\t\t" + result);
+        if (expected != result) {
+            throw new Exception();
+        }
+
+        System.out.println("DONE!");
+    }
+}
--- a/test/jdk/security/JavaDotSecurity/final_java_security	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/jdk/security/JavaDotSecurity/final_java_security	Wed Aug 31 09:22:54 2016 -0700
@@ -10,6 +10,7 @@
 foo.6=9a
 foo.7=10
 foo.8=12
+crypto.policy=somepolicy
 
 package.access=sun.,\
                solaris.,\
--- a/test/jdk/security/JavaDotSecurity/ifdefs.sh	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/jdk/security/JavaDotSecurity/ifdefs.sh	Wed Aug 31 09:22:54 2016 -0700
@@ -46,7 +46,13 @@
 fi
 
 $JAVAC -d . $TOOLSRC
-$JAVA $TOOLNAME $TESTSRC/raw_java_security outfile solaris sparc $TESTSRC/more_restricted
+$JAVA $TOOLNAME \
+    $TESTSRC/raw_java_security \
+    outfile \
+    solaris \
+    sparc \
+    somepolicy \
+    $TESTSRC/more_restricted
 
 # On Windows, line end could be different. -b is a cross-platform option.
-diff -b outfile $TESTSRC/final_java_security
\ No newline at end of file
+diff -b outfile $TESTSRC/final_java_security
--- a/test/jdk/security/JavaDotSecurity/raw_java_security	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/jdk/security/JavaDotSecurity/raw_java_security	Wed Aug 31 09:22:54 2016 -0700
@@ -44,6 +44,7 @@
 #ifndef macosx-x64
 foo.tbd=12
 #endif
+crypto.policy=crypto.policydir-tbd
 
 package.access=sun.,\
 #ifdef solaris
--- a/test/sun/security/krb5/auto/Unreachable.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/sun/security/krb5/auto/Unreachable.java	Wed Aug 31 09:22:54 2016 -0700
@@ -23,31 +23,108 @@
 
 /*
  * @test
- * @bug 7162687
+ * @bug 7162687 8015595
  * @key intermittent
  * @summary enhance KDC server availability detection
  * @compile -XDignore.symbol.file Unreachable.java
- * @run main/othervm/timeout=10 Unreachable
+ * @run main/othervm Unreachable
  */
-
-import java.io.File;
+import java.net.PortUnreachableException;
+import java.net.SocketTimeoutException;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.InetSocketAddress;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.concurrent.Executors;
 import javax.security.auth.login.LoginException;
 import sun.security.krb5.Config;
 
 public class Unreachable {
 
+    // Wait for 20 second until unreachable KDC throws PortUnreachableException.
+    private static final int TIMEOUT = 20;
+    private static final String REALM = "RABBIT.HOLE";
+    private static final String HOST = "127.0.0.1";
+    private static final int PORT = 13434;
+    private static final String KRB_CONF = "unreachable.krb5.conf";
+
     public static void main(String[] args) throws Exception {
-        File f = new File(
-                System.getProperty("test.src", "."), "unreachable.krb5.conf");
-        System.setProperty("java.security.krb5.conf", f.getPath());
-        Config.refresh();
 
-        // If PortUnreachableException is not received, the login will consume
-        // about 3*3*30 seconds and the test will timeout.
+        // - Only PortUnreachableException will allow to continue execution.
+        // - SocketTimeoutException may occur on Mac because it will not throw
+        // PortUnreachableException for unreachable port in which case the Test
+        // execution will be skipped.
+        // - For Reachable port, the Test execution will get skipped.
+        // - Any other Exception will be treated as Test failure.
+        if (!findPortUnreachableExc()) {
+            System.out.println(String.format("WARNING: Either a reachable "
+                    + "connection found to %s:%s or SocketTimeoutException "
+                    + "occured which means PortUnreachableException not thrown"
+                    + " by the platform.", HOST, PORT));
+            return;
+        }
+        KDC kdc = KDC.existing(REALM, HOST, PORT);
+        KDC.saveConfig(KRB_CONF, kdc);
+        ExecutorService executor = Executors.newSingleThreadExecutor();
+        Future<Exception> future = executor.submit(new Callable<Exception>() {
+            @Override
+            public Exception call() {
+                System.setProperty("java.security.krb5.conf", KRB_CONF);
+                try {
+                    Config.refresh();
+                    // If PortUnreachableException is not received, the login
+                    // will consume about 3*3*30 seconds and the test will
+                    // timeout.
+                    try {
+                        Context.fromUserPass("name", "pass".toCharArray(), true);
+                    } catch (LoginException le) {
+                        // This is OK
+                    }
+                    System.out.println("Execution successful.");
+                } catch (Exception e) {
+                    return e;
+                }
+                return null;
+            }
+        });
         try {
-            Context.fromUserPass("name", "pass".toCharArray(), true);
-        } catch (LoginException le) {
-            // This is OK
+            Exception ex = null;
+            if ((ex = future.get(TIMEOUT, TimeUnit.SECONDS)) != null) {
+                throw new RuntimeException(ex);
+            }
+        } catch (TimeoutException e) {
+            future.cancel(true);
+            throw new RuntimeException("PortUnreachableException not thrown.");
+        } finally {
+            executor.shutdownNow();
         }
     }
+
+    /**
+     * If the remote destination to which the socket is connected does not
+     * exist, or is otherwise unreachable, and if an ICMP destination unreachable
+     * packet has been received for that address, then a subsequent call to
+     * send or receive may throw a PortUnreachableException. Note, there is no
+     * guarantee that the exception will be thrown.
+     */
+    private static boolean findPortUnreachableExc() throws Exception {
+        try {
+            InetSocketAddress iaddr = new InetSocketAddress(HOST, PORT);
+            DatagramSocket dgSocket = new DatagramSocket();
+            dgSocket.setSoTimeout(5000);
+            dgSocket.connect(iaddr);
+            byte[] data = new byte[]{};
+            dgSocket.send(new DatagramPacket(data, data.length, iaddr));
+            dgSocket.receive(new DatagramPacket(data, data.length));
+        } catch (PortUnreachableException e) {
+            return true;
+        } catch (SocketTimeoutException e) {
+            return false;
+        }
+        return false;
+    }
 }
--- a/test/sun/security/krb5/auto/unreachable.krb5.conf	Fri Aug 26 10:02:50 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-[libdefaults]
-   default_realm = RABBIT.HOLE
-[realms]
-
-RABBIT.HOLE = {
-   kdc = 127.0.0.1:13434
-   kdc = 127.0.0.1:13435
-   kdc = 127.0.0.1:13436
-}
--- a/test/sun/security/provider/SecureRandom/AutoReseed.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/sun/security/provider/SecureRandom/AutoReseed.java	Wed Aug 31 09:22:54 2016 -0700
@@ -20,6 +20,7 @@
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */
+
 import java.security.SecureRandom;
 import java.security.Security;
 
@@ -27,15 +28,15 @@
  * @test
  * @bug 8051408
  * @summary make sure nextBytes etc can be called before setSeed
+ * @run main/othervm -Djava.security.egd=file:/dev/urandom AutoReseed
  */
 public class AutoReseed {
 
     public static void main(String[] args) throws Exception {
         SecureRandom sr;
-        String old = Security.getProperty("securerandom.drbg.config");
-        try {
-            for (String mech :
-                    new String[]{"Hash_DRBG", "HMAC_DRBG", "CTR_DRBG"}) {
+        boolean pass = true;
+        for (String mech : new String[]{"Hash_DRBG", "HMAC_DRBG", "CTR_DRBG"}) {
+            try {
                 System.out.println("Testing " + mech + "...");
                 Security.setProperty("securerandom.drbg.config", mech);
 
@@ -46,9 +47,13 @@
                 sr.reseed();
                 sr = SecureRandom.getInstance("DRBG");
                 sr.generateSeed(10);
+            } catch (Exception e) {
+                pass = false;
+                e.printStackTrace(System.out);
             }
-        } finally {
-            Security.setProperty("securerandom.drbg.config", old);
+        }
+        if (!pass) {
+            throw new RuntimeException("At least one test case failed");
         }
     }
 }
--- a/test/sun/security/ssl/SSLSocketImpl/CloseSocket.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/sun/security/ssl/SSLSocketImpl/CloseSocket.java	Wed Aug 31 09:22:54 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,67 +26,96 @@
  * @bug 4674913
  * @summary Verify that EOFException are correctly handled during the handshake
  * @author Andreas Sterbenz
+ * @run main/othervm CloseSocket
  */
 
-import java.io.*;
-import java.net.*;
-
-import javax.net.ssl.*;
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.util.ArrayList;
 
 public class CloseSocket {
 
+    private static ArrayList<TestCase> testCases = new ArrayList<>();
+
+    static {
+        testCases.add(socket -> socket.startHandshake());
+        testCases.add(socket -> {
+            InputStream in = socket.getInputStream();
+            in.read();
+        });
+        testCases.add(socket -> {
+            OutputStream out = socket.getOutputStream();
+            out.write(43);
+        });
+    }
+
     public static void main(String[] args) throws Exception {
-        final ServerSocket serverSocket = new ServerSocket(0);
-        int serverPort = serverSocket.getLocalPort();
-        new Thread() {
-            public void run() {
-                try {
-                    Socket s = serverSocket.accept();
-                    System.out.println("Server accepted connection");
-                    // wait a bit before closing the socket to give
-                    // the client time to send its hello message
-                    Thread.currentThread().sleep(100);
-                    s.close();
-                    System.out.println("Server closed socket, done.");
-                } catch (Exception e) {
-                    System.out.println("Server exception:");
-                    e.printStackTrace();
+        try (Server server = new Server()) {
+            new Thread(server).start();
+
+            SocketFactory factory = SSLSocketFactory.getDefault();
+            try (SSLSocket socket = (SSLSocket) factory.createSocket("localhost",
+                    server.getPort())) {
+                socket.setSoTimeout(2000);
+                System.out.println("Client established TCP connection");
+                boolean failed = false;
+                for (TestCase testCase : testCases) {
+                    try {
+                        testCase.test(socket);
+                        System.out.println("ERROR: no exception");
+                        failed = true;
+                    } catch (IOException e) {
+                        System.out.println("Failed as expected: " + e);
+                    }
+                }
+                if (failed) {
+                    throw new Exception("One or more tests failed");
                 }
             }
-        }.start();
-        SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
-        SSLSocket socket = (SSLSocket)factory.createSocket("localhost", serverPort);
-        System.out.println("Client established TCP connection");
-        boolean failed = false;
-        try {
-            System.out.println("Starting handshake...");
-            socket.startHandshake();
-            System.out.println("ERROR: no exception");
-            failed = true;
-        } catch (IOException e) {
-            System.out.println("Failed as expected: " + e);
-        }
-        try {
-            System.out.println("Trying read...");
-            InputStream in = socket.getInputStream();
-            int b = in.read();
-            System.out.println("ERROR: no exception, read: " + b);
-            failed = true;
-        } catch (IOException e) {
-            System.out.println("Failed as expected: " + e);
-        }
-        try {
-            System.out.println("Trying read...");
-            OutputStream out = socket.getOutputStream();
-            out.write(43);
-            System.out.println("ERROR: no exception");
-            failed = true;
-        } catch (IOException e) {
-            System.out.println("Failed as expected: " + e);
-        }
-        if (failed) {
-            throw new Exception("One or more tests failed");
         }
     }
 
+    static class Server implements AutoCloseable, Runnable {
+
+        final ServerSocket serverSocket;
+
+        Server() throws IOException {
+            serverSocket = new ServerSocket(0);
+        }
+
+        public int getPort() {
+            return serverSocket.getLocalPort();
+        }
+
+        @Override
+        public void run() {
+            try (Socket s = serverSocket.accept()) {
+                System.out.println("Server accepted connection");
+                // wait a bit before closing the socket to give
+                // the client time to send its hello message
+                Thread.currentThread().sleep(100);
+                s.close();
+                System.out.println("Server closed socket, done.");
+            } catch (Exception e) {
+                throw new RuntimeException("Problem in test execution", e);
+            }
+        }
+
+        @Override
+        public void close() throws Exception {
+            if (!serverSocket.isClosed()) {
+                serverSocket.close();
+            }
+        }
+    }
+
+    interface TestCase {
+        void test(SSLSocket socket) throws IOException;
+    }
 }
--- a/test/sun/util/calendar/zi/TestZoneInfo310.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/sun/util/calendar/zi/TestZoneInfo310.java	Wed Aug 31 09:22:54 2016 -0700
@@ -22,11 +22,15 @@
  */
 
 /*
- *@test
- *@bug 8007572 8008161
- *@summary Test whether the TimeZone generated from JSR310 tzdb is the same
- *as the one from the tz data from javazic
+ * @test
+ * @bug 8007572 8008161 8157792
+ * @summary Test whether the TimeZone generated from JSR310 tzdb is the same
+ * as the one from the tz data from javazic
  * @modules java.base/sun.util.calendar
+ * @build BackEnd Checksum DayOfWeek Gen GenDoc Main Mappings Month
+ *        Rule RuleDay RuleRec Simple TestZoneInfo310 Time Timezone
+ *        TzIDOldMapping Zone ZoneInfoFile ZoneInfoOld ZoneRec Zoneinfo
+ * @run main TestZoneInfo310
  */
 
 import java.io.File;
@@ -164,10 +168,6 @@
         }
 
         for (String zid : zids_new) {
-            if (zid.equals("Asia/Oral") || zid.equals("Asia/Qyzylorda")) {
-                // JDK-8157792 tracking this issue
-                continue;
-            }
             ZoneInfoOld zi = toZoneInfoOld(TimeZone.getTimeZone(zid));
             ZoneInfoOld ziOLD = (ZoneInfoOld)ZoneInfoOld.getTimeZone(zid);
             if (! zi.equalsTo(ziOLD)) {
--- a/test/sun/util/calendar/zi/Zoneinfo.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/sun/util/calendar/zi/Zoneinfo.java	Wed Aug 31 09:22:54 2016 -0700
@@ -373,6 +373,7 @@
         tz.getOffsetIndex(zrec.getGmtOffset());
 
         int lastGmtOffsetValue = -1;
+        ZoneRec prevzrec = null;
         int currentSave = 0;
         boolean usedZone;
         for (int zindex = 0; zindex < zone.size(); zindex++) {
@@ -441,6 +442,15 @@
                                                                      currentSave);
                             if (zrec.hasUntil()) {
                                 if (transition >= zrec.getUntilTime(currentSave)) {
+                                    // If the GMT offset changed from the previous one,
+                                    // record fromTime as a transition.
+                                    if (!fromTimeUsed && prevzrec != null
+                                        && gmtOffset != prevzrec.getGmtOffset()) {
+                                        tz.addTransition(fromTime,
+                                                         tz.getOffsetIndex(gmtOffset+currentSave),
+                                                         tz.getDstOffsetIndex(currentSave));
+                                        fromTimeUsed = true; // for consistency
+                                    }
                                     break year_loop;
                                 }
                             }
@@ -452,8 +462,6 @@
                                     if (fromTime != minTime) {
                                         int prevsave;
 
-                                        ZoneRec prevzrec = zone.get(zindex - 1);
-
                                         // See if until time in the previous
                                         // ZoneRec is the same thing as the
                                         // local time in the next rule.
@@ -555,6 +563,7 @@
                 fromYear = zrec.getUntilYear();
                 year = zrec.getUntilYear();
             }
+            prevzrec = zrec;
         }
 
         if (tz.getDSTType() == Timezone.UNDEF_DST) {
--- a/test/tools/jlink/plugins/GenerateJLIClassesPluginTest.java	Fri Aug 26 10:02:50 2016 -0700
+++ b/test/tools/jlink/plugins/GenerateJLIClassesPluginTest.java	Wed Aug 31 09:22:54 2016 -0700
@@ -22,6 +22,7 @@
  */
 
 import java.nio.file.Path;
+import java.util.Collection;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -73,50 +74,9 @@
                     classFilesForSpecies(GenerateJLIClassesPlugin.defaultSpecies()),
                     List.of());
 
-
-        // Test a valid set of options
-        result = JImageGenerator.getJLinkTask()
-                .modulePath(helper.defaultModulePath())
-                .output(helper.createNewImageDir("generate-jli"))
-                .option("--generate-jli-classes=bmh:bmh-species=LL,L3")
-                .addMods("java.base")
-                .call();
-
-        image = result.assertSuccess();
-
-        JImageValidator.validate(
-                image.resolve("lib").resolve("modules"),
-                classFilesForSpecies(List.of("LL", "L3")),
-                classFilesForSpecies(List.of("L4")));
-
-
-        // Test disabling BMH species generation
-        result = JImageGenerator.getJLinkTask()
-                .modulePath(helper.defaultModulePath())
-                .output(helper.createNewImageDir("generate-jli"))
-                .option("--generate-jli-classes=not-bmh:bmh-species=LL,L3")
-                .addMods("java.base")
-                .call();
-
-        image = result.assertSuccess();
-        JImageValidator.validate(
-            image.resolve("lib").resolve("modules"),
-            List.of(),
-            classFilesForSpecies(List.of("LL", "L3", "L4")));
-
-
-        // Test an invalid set of options
-        result = JImageGenerator.getJLinkTask()
-                .modulePath(helper.defaultModulePath())
-                .output(helper.createNewImageDir("generate-jli"))
-                .option("--generate-jli-classes=bmh:bmh-species=LL,L7V")
-                .addMods("java.base")
-                .call();
-
-        result.assertFailure();
     }
 
-    private static List<String> classFilesForSpecies(List<String> species) {
+    private static List<String> classFilesForSpecies(Collection<String> species) {
         return species.stream()
                 .map(s -> "/java.base/java/lang/invoke/BoundMethodHandle$Species_" + s + ".class")
                 .collect(Collectors.toList());