changeset 10522:1828f73b35cf jdk9-b28

Merge
author lana
date Thu, 28 Aug 2014 14:54:07 -0700
parents 17d1dcffc733 5b5651cec6bd
children 9f92e7cade3d
files .hgtags make/src/classes/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java src/demo/share/jfc/Font2DTest/resources/TextResources.properties src/demo/share/jfc/Font2DTest/resources/TextResources_de.properties src/demo/share/jfc/Font2DTest/resources/TextResources_en.properties src/demo/share/jfc/Font2DTest/resources/TextResources_en_GB.properties src/demo/share/jfc/Font2DTest/resources/TextResources_ja.properties src/demo/share/jfc/Font2DTest/resources/TextResources_ko.properties src/demo/share/jfc/Font2DTest/resources/TextResources_zh_CN.properties src/demo/share/jfc/Font2DTest/resources/resource.data src/java.base/share/conf/security/java.security-aix src/java.base/share/conf/security/java.security-linux src/java.base/share/conf/security/java.security-macosx src/java.base/share/conf/security/java.security-solaris src/java.base/share/conf/security/java.security-windows test/sun/tools/jps/jps-Defaults.sh test/sun/tools/jps/jps-V_2.sh test/sun/tools/jps/jps-V_Output2.awk test/sun/tools/jps/jps-Vm_2.sh test/sun/tools/jps/jps-Vm_Output2.awk test/sun/tools/jps/jps-Vvm.sh test/sun/tools/jps/jps-Vvm_Output1.awk test/sun/tools/jps/jps-Vvml.sh test/sun/tools/jps/jps-Vvml_2.sh test/sun/tools/jps/jps-Vvml_Output1.awk test/sun/tools/jps/jps-Vvml_Output2.awk test/sun/tools/jps/jps-help.sh test/sun/tools/jps/jps-l_1.sh test/sun/tools/jps/jps-l_2.sh test/sun/tools/jps/jps-l_Output1.awk test/sun/tools/jps/jps-l_Output2.awk test/sun/tools/jps/jps-lm.sh test/sun/tools/jps/jps-lm_Output1.awk test/sun/tools/jps/jps-m.sh test/sun/tools/jps/jps-m_2.sh test/sun/tools/jps/jps-m_Output1.awk test/sun/tools/jps/jps-m_Output2.awk test/sun/tools/jps/jps-q.sh test/sun/tools/jps/jps-q_Output1.awk test/sun/tools/jps/jps-v_1.sh test/sun/tools/jps/jps-v_Output1.awk test/sun/tools/jps/jps-vm_1.sh test/sun/tools/jps/jps-vm_Output1.awk test/sun/tools/jps/jps_Output1.awk test/sun/tools/jps/vmflags
diffstat 392 files changed, 14358 insertions(+), 9359 deletions(-) [+]
line wrap: on
line diff
--- a/make/CopyIntoClasses.gmk	Thu Aug 21 14:16:26 2014 -0700
+++ b/make/CopyIntoClasses.gmk	Thu Aug 28 14:54:07 2014 -0700
@@ -164,15 +164,15 @@
 ################################################################################
 
 ifneq ($(OPENJDK_TARGET_OS), macosx)
-  OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes/sun/awt/datatransfer/flavormap.properties
+  OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/java.desktop/$(OPENJDK_TARGET_OS_API_DIR)/classes/sun/datatransfer/resources/flavormap.properties
 else
-  OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/macosx/classes/sun/awt/datatransfer/flavormap.properties
+  OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES = $(JDK_TOPDIR)/src/java.desktop/macosx/classes/sun/datatransfer/resources/flavormap.properties
 endif
 
-$(JDK_OUTPUTDIR)/classes/sun/awt/datatransfer/flavormap.properties: $(OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES)
+$(JDK_OUTPUTDIR)/classes/sun/datatransfer/resources/flavormap.properties: $(OPENJDK_TARGET_OS_FLAVORMAP_PROPERTIES)
 	$(install-file)
 
-COPY_EXTRA += $(JDK_OUTPUTDIR)/classes/sun/awt/datatransfer/flavormap.properties
+COPY_EXTRA += $(JDK_OUTPUTDIR)/classes/sun/datatransfer/resources/flavormap.properties
 
 ################################################################################
 
--- a/make/Tools.gmk	Thu Aug 21 14:16:26 2014 -0700
+++ b/make/Tools.gmk	Thu Aug 28 14:54:07 2014 -0700
@@ -101,6 +101,9 @@
 TOOL_BLACKLISTED_CERTS = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \
     build.tools.blacklistedcertsconverter.BlacklistedCertsConverter
 
+TOOL_MAKEJAVASECURITY = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \
+    build.tools.makejavasecurity.MakeJavaSecurity
+
 
 # TODO: There are references to the jdwpgen.jar in jdk/make/netbeans/jdwpgen/build.xml
 # and nbproject/project.properties in the same dir. Needs to be looked at.
@@ -136,9 +139,6 @@
     -cp "$(JDK_OUTPUTDIR)/btclasses$(PATH_SEP)$(JDK_OUTPUTDIR)" \
     build.tools.module.GenerateModulesXml
 
-TOOL_ADDTORESTRICTEDPKGS = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \
-    build.tools.addtorestrictedpkgs.AddToRestrictedPkgs
-
 ##########################################################################################
 
 # Tools needed on solaris because OBJCOPY is broken.
--- a/make/gendata/Gendata-java.base.gmk	Thu Aug 21 14:16:26 2014 -0700
+++ b/make/gendata/Gendata-java.base.gmk	Thu Aug 28 14:54:07 2014 -0700
@@ -62,25 +62,18 @@
 
 ##########################################################################################
 
-PROPS_SRC := $(JDK_TOPDIR)/src/java.base/share/conf/security/java.security-$(OPENJDK_TARGET_OS)
-PROPS_DST := $(JDK_OUTPUTDIR)/lib/security/java.security
-
-# Optionally set this variable to a file to add extra restricted packages.
-ifneq ($(RESTRICTED_PKGS_SRC), )
-
-  $(PROPS_DST): $(PROPS_SRC) $(RESTRICTED_PKGS_SRC)
+GENDATA_JAVA_SECURITY_SRC := $(JDK_TOPDIR)/src/java.base/share/conf/security/java.security
+GENDATA_JAVA_SECURITY := $(JDK_OUTPUTDIR)/lib/security/java.security
+ 
+# RESTRICTED_PKGS_SRC is optionally set in custom extension for this makefile
+ 
+$(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS) $(GENDATA_JAVA_SECURITY_SRC) $(RESTRICTED_PKGS_SRC)
+	$(ECHO) "Generating java.security"
 	$(MKDIR) -p $(@D)
-	$(TOOL_ADDTORESTRICTEDPKGS) $(PROPS_SRC) $@.tmp `$(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " "`
-	$(MV) $@.tmp $@
-
-else
-
-  $(PROPS_DST): $(PROPS_SRC)
-	$(call install-file)
-
-endif
-
-GENDATA += $(PROPS_DST)
+	$(TOOL_MAKEJAVASECURITY) $(GENDATA_JAVA_SECURITY_SRC) $@ $(OPENJDK_TARGET_OS) \
+		$(RESTRICTED_PKGS_SRC) || exit 1
+ 
+GENDATA += $(GENDATA_JAVA_SECURITY)
 
 ##########################################################################################
 
--- a/make/gensrc/GensrcLocaleDataMetaInfo.gmk	Thu Aug 21 14:16:26 2014 -0700
+++ b/make/gensrc/GensrcLocaleDataMetaInfo.gmk	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -34,7 +34,8 @@
     -name "TimeZoneNames_*.java" -o -name "TimeZoneNames_*.properties" -o \
     -name "LocaleNames_*.java" -o -name "LocaleNames_*.properties" -o \
     -name "CurrencyNames_*.java" -o -name "CurrencyNames_*.properties" -o \
-    -name "CalendarData_*.java" -o -name "CalendarData_*.properties")
+    -name "CalendarData_*.java" -o -name "CalendarData_*.properties" -o \
+    -name "BreakIteratorInfo_*.java" -o -name "BreakIteratorRules_*.java")
 
 # Then translate the locale files into for example: FormatData_sv
 LOCALE_RESOURCES := $(sort $(subst .properties,,$(subst .java,,$(notdir $(LOCALE_FILES)))))
@@ -86,6 +87,12 @@
 #sun.text.resources.CollationData
 $(eval $(call CaptureLocale,CollationData))
 
+#sun.text.resources.BreakIteratorInfo
+$(eval $(call CaptureLocale,BreakIteratorInfo))
+
+#sun.text.resources.BreakIteratorRules
+$(eval $(call CaptureLocale,BreakIteratorRules))
+
 #sun.util.resources.TimeZoneNames
 $(eval $(call CaptureLocale,TimeZoneNames))
 
--- a/make/lib/Awt2dLibraries.gmk	Thu Aug 21 14:16:26 2014 -0700
+++ b/make/lib/Awt2dLibraries.gmk	Thu Aug 28 14:54:07 2014 -0700
@@ -973,7 +973,6 @@
       #
 
   ifeq ($(OPENJDK_TARGET_OS), macosx)
-    LIBSPLASHSCREEN_CFLAGS += -F/System/Library/Frameworks/JavaVM.framework/Frameworks
     LIBSPLASHSCREEN_CFLAGS += -DWITH_MACOSX
     LIBSPLASHSCREEN_CFLAGS += -I$(JDK_TOPDIR)/src/java.desktop/macosx/native/libosxapp
 
--- a/make/src/classes/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,105 +0,0 @@
-/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package build.tools.addtorestrictedpkgs;
-
-import java.io.*;
-
-/**
- * Adds additional packages to the package.access and package.definition
- * security properties.
- */
-public class AddToRestrictedPkgs {
-
-    private static final String PKG_ACC = "package.access";
-    private static final String PKG_DEF = "package.definition";
-    private static final int PKG_ACC_INDENT = 15;
-    private static final int PKG_DEF_INDENT = 19;
-
-    public static void main(String[] args) throws Exception {
-
-        if (args.length < 3) {
-            System.err.println("Usage: java AddToRestrictedPkgs " +
-                               "[input java.security file name] " +
-                               "[output java.security file name] " +
-                               "[packages ...]");
-            System.exit(1);
-        }
-
-        try (FileReader fr = new FileReader(args[0]);
-             BufferedReader br = new BufferedReader(fr);
-             FileWriter fw = new FileWriter(args[1]);
-             BufferedWriter bw = new BufferedWriter(fw))
-        {
-            // parse the file line-by-line, looking for pkg access properties
-            String line = br.readLine();
-            while (line != null) {
-                if (line.startsWith(PKG_ACC)) {
-                    writePackages(br, bw, line, PKG_ACC_INDENT, args);
-                } else if (line.startsWith(PKG_DEF)) {
-                    writePackages(br, bw, line, PKG_DEF_INDENT, args);
-                } else {
-                    writeLine(bw, line);
-                }
-                line = br.readLine();
-            }
-            bw.flush();
-        }
-    }
-
-    private static void writePackages(BufferedReader br, BufferedWriter bw,
-                                      String line, int numSpaces,
-                                      String[] args) throws IOException {
-        // parse property until EOL, not including line breaks
-        while (line.endsWith("\\")) {
-            writeLine(bw, line);
-            line = br.readLine();
-        }
-        // append comma and line-break to last package
-        writeLine(bw, line + ",\\");
-        // add new packages, one per line
-        for (int i = 2; i < args.length - 1; i++) {
-            indent(bw, numSpaces);
-            writeLine(bw, args[i] + ",\\");
-        }
-        indent(bw, numSpaces);
-        writeLine(bw, args[args.length - 1]);
-    }
-
-    private static void writeLine(BufferedWriter bw, String line)
-        throws IOException
-    {
-        bw.write(line);
-        bw.newLine();
-    }
-
-    private static void indent(BufferedWriter bw, int numSpaces)
-        throws IOException
-    {
-        for (int i = 0; i < numSpaces; i++) {
-            bw.append(' ');
-        }
-    }
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java	Thu Aug 28 14:54:07 2014 -0700
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package build.tools.makejavasecurity;
+
+import java.io.*;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.*;
+
+/**
+ * Builds the java.security file, including
+ *
+ * 1. Adds additional packages to the package.access and
+ *    package.definition security properties.
+ * 2. Filter out platform-unrelated parts
+ *
+ * In order to easily maintain platform-related entries, every item
+ * (including the last line) in package.access and package.definition
+ * MUST end with ',\'. A blank line MUST exist after the last line.
+ */
+public class MakeJavaSecurity {
+
+    private static final String PKG_ACC = "package.access";
+    private static final String PKG_DEF = "package.definition";
+    private static final int PKG_ACC_INDENT = 15;
+    private static final int PKG_DEF_INDENT = 19;
+
+    public static void main(String[] args) throws Exception {
+
+        if (args.length < 3) {
+            System.err.println("Usage: java MakeJavaSecurity " +
+                               "[input java.security file name] " +
+                               "[output java.security file name] " +
+                               "[openjdk target os] " +
+                               "[more restricted packages file name?]");
+            System.exit(1);
+        }
+
+        // more restricted packages
+        List<String> extraLines;
+        if (args.length == 4) {
+            extraLines = Files.readAllLines(Paths.get(args[3]));
+        } else {
+            extraLines = Collections.emptyList();
+        }
+
+        List<String> lines = new ArrayList<>();
+
+        // read raw java.security and add more restricted packages
+        try (FileReader fr = new FileReader(args[0]);
+                BufferedReader br = new BufferedReader(fr)) {
+            // looking for pkg access properties
+            String line = br.readLine();
+            while (line != null) {
+                if (line.startsWith(PKG_ACC)) {
+                    addPackages(br, lines, line, PKG_ACC_INDENT, extraLines);
+                } else if (line.startsWith(PKG_DEF)) {
+                    addPackages(br, lines, line, PKG_DEF_INDENT, extraLines);
+                } else {
+                    lines.add(line);
+                }
+                line = br.readLine();
+            }
+        }
+
+        // Filter out platform-unrelated ones. We only support
+        // #ifdef, #ifndef, and #endif.
+        int mode = 0;   // 0: out of block, 1: in match, 2: in non-match
+        Iterator<String> iter = lines.iterator();
+        while (iter.hasNext()) {
+            String line = iter.next();
+            if (line.startsWith("#endif")) {
+                mode = 0;
+                iter.remove();
+            } else if (line.startsWith("#ifdef ")) {
+                mode = line.endsWith(args[2])?1:2;
+                iter.remove();
+            } else if (line.startsWith("#ifndef ")) {
+                mode = line.endsWith(args[2])?2:1;
+                iter.remove();
+            } else {
+                if (mode == 2) iter.remove();
+            }
+        }
+
+        // Update .tbd to .1, .2, etc.
+        Map<String,Integer> count = new HashMap<>();
+        for (int i=0; i<lines.size(); i++) {
+            String line = lines.get(i);
+            int index = line.indexOf(".tbd");
+            if (index >= 0) {
+                String prefix = line.substring(0, index);
+                int n = count.getOrDefault(prefix, 1);
+                count.put(prefix, n+1);
+                lines.set(i, prefix + "." + n + line.substring(index+4));
+            }
+        }
+
+        // Clean up the last line of PKG_ACC and PKG_DEF blocks.
+        // Not really necessary since a blank line follows.
+        boolean inBlock = false;
+        for (int i=0; i<lines.size(); i++) {
+            String line = lines.get(i);
+            if (line.startsWith(PKG_ACC) || line.startsWith(PKG_DEF)) {
+                inBlock = true;
+            }
+            if (inBlock) {
+                if (line.isEmpty()) {
+                    String lastLine = lines.get(i-1);
+                    lines.set(i-1, lastLine.substring(0, lastLine.length()-2));
+                    inBlock = false;
+                }
+            }
+        }
+
+        Files.write(Paths.get(args[1]), lines);
+    }
+
+    private static void addPackages(BufferedReader br, List<String> lines,
+                                    String line, int numSpaces,
+                                    List<String> args) throws IOException {
+        // parse property until EOL, not including line breaks
+        boolean first = true;
+        while (!line.isEmpty()) {
+            if (!line.startsWith("#")) {
+                if (!line.endsWith(",\\") ||
+                        (!first && line.contains("="))) {
+                    throw new IOException("Invalid line: " + line);
+                }
+            }
+            lines.add(line);
+            line = br.readLine();
+            first = false;
+        }
+        // add new packages, one per line
+        for (String arg: args) {
+            if (arg.startsWith("#")) {
+                lines.add(arg);
+            } else {
+                lines.add(String.format("%"+numSpaces+"s", "") + arg + ",\\");
+            }
+        }
+        lines.add(line);
+    }
+}
--- a/src/demo/share/jfc/Font2DTest/resources/TextResources.properties	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (Default)
--- a/src/demo/share/jfc/Font2DTest/resources/TextResources_de.properties	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (German) \u00f6 \u00df \u00dc
--- a/src/demo/share/jfc/Font2DTest/resources/TextResources_en.properties	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (English) A B C
--- a/src/demo/share/jfc/Font2DTest/resources/TextResources_en_GB.properties	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (English in Great Britain) \u0075 \u006b Z
--- a/src/demo/share/jfc/Font2DTest/resources/TextResources_ja.properties	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=Java 2D\u3067\u3059\u3002(\u30C7\u30D5\u30A9\u30EB\u30C8)
--- a/src/demo/share/jfc/Font2DTest/resources/TextResources_ko.properties	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=This is Java 2D! (Korean)
--- a/src/demo/share/jfc/Font2DTest/resources/TextResources_zh_CN.properties	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-string=\u8FD9\u662F Java 2D! (\u9ED8\u8BA4\u503C)
--- a/src/demo/share/jfc/Font2DTest/resources/resource.data	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-en US
-en GB
-ko KO
-ab KO
-de DE
--- a/src/java.base/share/classes/java/lang/Class.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/Class.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1322,7 +1322,7 @@
         // (for anonymous classes): 1 or more digits.
 
         // Since getSimpleBinaryName() will strip the binary name of
-        // the immediatly enclosing class, we are now looking at a
+        // the immediately enclosing class, we are now looking at a
         // string that matches the regular expression "\$[0-9]*"
         // followed by a simple name (considering the simple of an
         // anonymous class to be the empty string).
--- a/src/java.base/share/classes/java/lang/ClassLoader.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/ClassLoader.java	Thu Aug 28 14:54:07 2014 -0700
@@ -205,7 +205,7 @@
         }
 
         /**
-         * Registers the given class loader type as parallel capabale.
+         * Registers the given class loader type as parallel capable.
          * Returns {@code true} is successfully registered; {@code false} if
          * loader's super class is not registered.
          */
@@ -832,7 +832,7 @@
     {
         int len = b.remaining();
 
-        // Use byte[] if not a direct ByteBufer:
+        // Use byte[] if not a direct ByteBuffer:
         if (!b.isDirect()) {
             if (b.hasArray()) {
                 return defineClass(name, b.array(),
--- a/src/java.base/share/classes/java/lang/StringCoding.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/StringCoding.java	Thu Aug 28 14:54:07 2014 -0700
@@ -196,19 +196,19 @@
     static char[] decode(Charset cs, byte[] ba, int off, int len) {
         // (1)We never cache the "external" cs, the only benefit of creating
         // an additional StringDe/Encoder object to wrap it is to share the
-        // de/encode() method. These SD/E objects are short-lifed, the young-gen
-        // gc should be able to take care of them well. But the best approash
+        // de/encode() method. These SD/E objects are short-lived, the young-gen
+        // gc should be able to take care of them well. But the best approach
         // is still not to generate them if not really necessary.
         // (2)The defensive copy of the input byte/char[] has a big performance
         // impact, as well as the outgoing result byte/char[]. Need to do the
         // optimization check of (sm==null && classLoader0==null) for both.
         // (3)getClass().getClassLoader0() is expensive
         // (4)There might be a timing gap in isTrusted setting. getClassLoader0()
-        // is only chcked (and then isTrusted gets set) when (SM==null). It is
+        // is only checked (and then isTrusted gets set) when (SM==null). It is
         // possible that the SM==null for now but then SM is NOT null later
         // when safeTrim() is invoked...the "safe" way to do is to redundant
         // check (... && (isTrusted || SM == null || getClassLoader0())) in trim
-        // but it then can be argued that the SM is null when the opertaion
+        // but it then can be argued that the SM is null when the operation
         // is started...
         CharsetDecoder cd = cs.newDecoder();
         int en = scale(len, cd.maxCharsPerByte());
--- a/src/java.base/share/classes/java/lang/System.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/System.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1193,7 +1193,7 @@
         // Setup Java signal handlers for HUP, TERM, and INT (where available).
         Terminator.setup();
 
-        // Initialize any miscellenous operating system settings that need to be
+        // Initialize any miscellaneous operating system settings that need to be
         // set for the class libraries. Currently this is no-op everywhere except
         // for Windows where the process-wide error mode is set before the java.io
         // classes are used.
--- a/src/java.base/share/classes/java/lang/Throwable.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/Throwable.java	Thu Aug 28 14:54:07 2014 -0700
@@ -139,7 +139,7 @@
          * {@linkplain #setStackTrace(StackTraceElement[]) Setting the
          * stack trace} to a one-element array containing this sentinel
          * value indicates future attempts to set the stack trace will be
-         * ignored.  The sentinal is equal to the result of calling:<br>
+         * ignored.  The sentinel is equal to the result of calling:<br>
          * {@code new StackTraceElement("", "", null, Integer.MIN_VALUE)}
          */
         public static final StackTraceElement STACK_TRACE_ELEMENT_SENTINEL =
--- a/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java	Thu Aug 28 14:54:07 2014 -0700
@@ -98,7 +98,7 @@
     private final String implMethodClassName;        // Name of type containing implementation "CC"
     private final String implMethodName;             // Name of implementation method "impl"
     private final String implMethodDesc;             // Type descriptor for implementation methods "(I)Ljava/lang/String;"
-    private final Class<?> implMethodReturnClass;    // class for implementaion method return type "Ljava/lang/String;"
+    private final Class<?> implMethodReturnClass;    // class for implementation method return type "Ljava/lang/String;"
     private final MethodType constructorType;        // Generated class constructor type "(CC)void"
     private final ClassWriter cw;                    // ASM class writer
     private final String[] argNames;                 // Generated names for the constructor arguments
--- a/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Thu Aug 28 14:54:07 2014 -0700
@@ -209,7 +209,7 @@
             throw new InternalError("observed CP placeholder twice: " + cpPlaceholder);
         }
         // insert placeholder in CP and remember the patch
-        int index = cw.newConst((Object) cpPlaceholder);  // TODO check if aready in the constant pool
+        int index = cw.newConst((Object) cpPlaceholder);  // TODO check if already in the constant pool
         cpPatches.put(cpPlaceholder, new CpPatch(index, cpPlaceholder, arg));
         return cpPlaceholder;
     }
--- a/src/java.base/share/classes/java/lang/invoke/Invokers.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/Invokers.java	Thu Aug 28 14:54:07 2014 -0700
@@ -37,7 +37,7 @@
  * @author jrose
  */
 class Invokers {
-    // exact type (sans leading taget MH) for the outgoing call
+    // exact type (sans leading target MH) for the outgoing call
     private final MethodType targetType;
 
     // FIXME: Get rid of the invokers that are not useful.
--- a/src/java.base/share/classes/java/lang/invoke/MemberName.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/MemberName.java	Thu Aug 28 14:54:07 2014 -0700
@@ -59,7 +59,7 @@
  * and properly use the named member.
  * <p>
  * When resolved, a member name's internal implementation may include references to JVM metadata.
- * This representation is stateless and only decriptive.
+ * This representation is stateless and only descriptive.
  * It provides no private information and no capability to use the member.
  * <p>
  * By contrast, a {@linkplain java.lang.reflect.Method} contains fuller information
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandle.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandle.java	Thu Aug 28 14:54:07 2014 -0700
@@ -679,7 +679,7 @@
      * This method provides the crucial behavioral difference between
      * {@link #invokeExact invokeExact} and plain, inexact {@link #invoke invoke}.
      * The two methods
-     * perform the same steps when the caller's type descriptor exactly m atches
+     * perform the same steps when the caller's type descriptor exactly matches
      * the callee's, but when the types differ, plain {@link #invoke invoke}
      * also calls {@code asType} (or some internal equivalent) in order
      * to match up the caller's and callee's types.
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java	Thu Aug 28 14:54:07 2014 -0700
@@ -621,7 +621,7 @@
     }
 
     /**
-     * The LambaForm shape for catchException combinator is the following:
+     * The LambdaForm shape for catchException combinator is the following:
      * <blockquote><pre>{@code
      *  guardWithCatch=Lambda(a0:L,a1:L,a2:L)=>{
      *    t3:L=BoundMethodHandle$Species_LLLLL.argL0(a0:L);
@@ -702,7 +702,7 @@
         MethodType type = target.type();
         LambdaForm form = makeGuardWithCatchForm(type.basicType());
 
-        // Prepare auxiliary method handles used during LambdaForm interpreation.
+        // Prepare auxiliary method handles used during LambdaForm interpretation.
         // Box arguments and wrap them into Object[]: ValueConversions.array().
         MethodType varargsType = type.changeReturnType(Object[].class);
         MethodHandle collectArgs = ValueConversions.varargsArray(type.parameterCount())
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java	Thu Aug 28 14:54:07 2014 -0700
@@ -509,7 +509,7 @@
 
     /**
      * Is this method a caller-sensitive method?
-     * I.e., does it call Reflection.getCallerClass or a similer method
+     * I.e., does it call Reflection.getCallerClass or a similar method
      * to ask about the identity of its caller?
      */
     static boolean isCallerSensitive(MemberName mem) {
--- a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java	Thu Aug 28 14:54:07 2014 -0700
@@ -78,7 +78,7 @@
      * object is a {@link Constructor} object for the class {@link
      * java.lang.Class}).  In the event of such a SecurityException, the
      * accessibility of objects is set to {@code flag} for array elements
-     * upto (and excluding) the element for which the exception occurred; the
+     * up to (and excluding) the element for which the exception occurred; the
      * accessibility of elements beyond (and including) the element for which
      * the exception occurred is unchanged.
      *
--- a/src/java.base/share/classes/java/lang/reflect/Constructor.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/reflect/Constructor.java	Thu Aug 28 14:54:07 2014 -0700
@@ -544,15 +544,33 @@
      */
     @Override
     public AnnotatedType getAnnotatedReceiverType() {
-        if (getDeclaringClass().getEnclosingClass() == null)
-            return super.getAnnotatedReceiverType();
+        Class<?> thisDeclClass = getDeclaringClass();
+        Class<?> enclosingClass = thisDeclClass.getEnclosingClass();
 
+        if (enclosingClass == null) {
+            // A Constructor for a top-level class
+            return null;
+        }
+
+        Class<?> outerDeclaringClass = thisDeclClass.getDeclaringClass();
+        if (outerDeclaringClass == null) {
+            // A constructor for a local or anonymous class
+            return null;
+        }
+
+        // Either static nested or inner class
+        if (Modifier.isStatic(thisDeclClass.getModifiers())) {
+            // static nested
+            return null;
+        }
+
+        // A Constructor for an inner class
         return TypeAnnotationParser.buildAnnotatedType(getTypeAnnotationBytes0(),
                 sun.misc.SharedSecrets.getJavaLangAccess().
-                        getConstantPool(getDeclaringClass()),
+                    getConstantPool(thisDeclClass),
                 this,
-                getDeclaringClass(),
-                getDeclaringClass().getEnclosingClass(),
+                thisDeclClass,
+                enclosingClass,
                 TypeAnnotation.TypeAnnotationTarget.METHOD_RECEIVER);
     }
 }
--- a/src/java.base/share/classes/java/lang/reflect/Executable.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/reflect/Executable.java	Thu Aug 28 14:54:07 2014 -0700
@@ -585,21 +585,24 @@
     /**
      * Returns an {@code AnnotatedType} object that represents the use of a
      * type to specify the receiver type of the method/constructor represented
-     * by this Executable object. The receiver type of a method/constructor is
-     * available only if the method/constructor has a <em>receiver
-     * parameter</em> (JLS 8.4.1).
+     * by this {@code Executable} object.
      *
-     * If this {@code Executable} object represents a constructor or instance
-     * method that does not have a receiver parameter, or has a receiver
-     * parameter with no annotations on its type, then the return value is an
-     * {@code AnnotatedType} object representing an element with no
+     * The receiver type of a method/constructor is available only if the
+     * method/constructor has a receiver parameter (JLS 8.4.1). If this {@code
+     * Executable} object <em>represents an instance method or represents a
+     * constructor of an inner member class</em>, and the
+     * method/constructor <em>either</em> has no receiver parameter or has a
+     * receiver parameter with no annotations on its type, then the return
+     * value is an {@code AnnotatedType} object representing an element with no
      * annotations.
      *
-     * If this {@code Executable} object represents a static method, then the
-     * return value is null.
+     * If this {@code Executable} object represents a static method or
+     * represents a constructor of a top level, static member, local, or
+     * anoymous class, then the return value is null.
      *
      * @return an object representing the receiver type of the method or
-     * constructor represented by this {@code Executable}
+     * constructor represented by this {@code Executable} or {@code null} if
+     * this {@code Executable} can not have a receiver parameter
      */
     public AnnotatedType getAnnotatedReceiverType() {
         if (Modifier.isStatic(this.getModifiers()))
--- a/src/java.base/share/classes/java/lang/reflect/Parameter.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/lang/reflect/Parameter.java	Thu Aug 28 14:54:07 2014 -0700
@@ -173,7 +173,7 @@
      *         a name.
      */
     public String getName() {
-        // Note: empty strings as paramete names are now outlawed.
+        // Note: empty strings as parameter names are now outlawed.
         // The .equals("") is for compatibility with current JVM
         // behavior.  It may be removed at some point.
         if(name == null || name.equals(""))
--- a/src/java.base/share/classes/java/security/SecureRandom.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/security/SecureRandom.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,15 +39,16 @@
  *
  * <p>A cryptographically strong random number
  * minimally complies with the statistical random number generator tests
- * specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+ * specified in
+ * <a href="http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf">
  * <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>,
  * section 4.9.1.
  * Additionally, SecureRandom must produce non-deterministic output.
  * Therefore any seed material passed to a SecureRandom object must be
  * unpredictable, and all SecureRandom output sequences must be
  * cryptographically strong, as described in
- * <a href="http://www.ietf.org/rfc/rfc1750.txt">
- * <i>RFC 1750: Randomness Recommendations for Security</i></a>.
+ * <a href="http://tools.ietf.org/html/rfc4086">
+ * <i>RFC 4086: Randomness Requirements for Security</i></a>.
  *
  * <p>A caller obtains a SecureRandom instance via the
  * no-argument constructor or one of the {@code getInstance} methods:
--- a/src/java.base/share/classes/java/time/Duration.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/time/Duration.java	Thu Aug 28 14:54:07 2014 -0700
@@ -388,19 +388,21 @@
         Matcher matcher = PATTERN.matcher(text);
         if (matcher.matches()) {
             // check for letter T but no time sections
-            if ("T".equals(matcher.group(3)) == false) {
-                boolean negate = "-".equals(matcher.group(1));
-                String dayMatch = matcher.group(2);
-                String hourMatch = matcher.group(4);
-                String minuteMatch = matcher.group(5);
-                String secondMatch = matcher.group(6);
-                String fractionMatch = matcher.group(7);
-                if (dayMatch != null || hourMatch != null || minuteMatch != null || secondMatch != null) {
-                    long daysAsSecs = parseNumber(text, dayMatch, SECONDS_PER_DAY, "days");
-                    long hoursAsSecs = parseNumber(text, hourMatch, SECONDS_PER_HOUR, "hours");
-                    long minsAsSecs = parseNumber(text, minuteMatch, SECONDS_PER_MINUTE, "minutes");
-                    long seconds = parseNumber(text, secondMatch, 1, "seconds");
-                    int nanos = parseFraction(text,  fractionMatch, seconds < 0 ? -1 : 1);
+            if (!charMatch(text, matcher.start(3), matcher.end(3), 'T')) {
+                boolean negate = charMatch(text, matcher.start(1), matcher.end(1), '-');
+
+                int dayStart = matcher.start(2), dayEnd = matcher.end(2);
+                int hourStart = matcher.start(4), hourEnd = matcher.end(4);
+                int minuteStart = matcher.start(5), minuteEnd = matcher.end(5);
+                int secondStart = matcher.start(6), secondEnd = matcher.end(6);
+                int fractionStart = matcher.start(7), fractionEnd = matcher.end(7);
+
+                if (dayStart >= 0 || hourStart >= 0 || minuteStart >= 0 || secondStart >= 0) {
+                    long daysAsSecs = parseNumber(text, dayStart, dayEnd, SECONDS_PER_DAY, "days");
+                    long hoursAsSecs = parseNumber(text, hourStart, hourEnd, SECONDS_PER_HOUR, "hours");
+                    long minsAsSecs = parseNumber(text, minuteStart, minuteEnd, SECONDS_PER_MINUTE, "minutes");
+                    long seconds = parseNumber(text, secondStart, secondEnd, 1, "seconds");
+                    int nanos = parseFraction(text, fractionStart, fractionEnd, seconds < 0 ? -1 : 1);
                     try {
                         return create(negate, daysAsSecs, hoursAsSecs, minsAsSecs, seconds, nanos);
                     } catch (ArithmeticException ex) {
@@ -412,27 +414,37 @@
         throw new DateTimeParseException("Text cannot be parsed to a Duration", text, 0);
     }
 
-    private static long parseNumber(CharSequence text, String parsed, int multiplier, String errorText) {
+    private static boolean charMatch(CharSequence text, int start, int end, char c) {
+        return (start >= 0 && end == start + 1 && text.charAt(start) == c);
+    }
+
+    private static long parseNumber(CharSequence text, int start, int end, int multiplier, String errorText) {
         // regex limits to [-+]?[0-9]+
-        if (parsed == null) {
+        if (start < 0 || end < 0) {
             return 0;
         }
         try {
-            long val = Long.parseLong(parsed);
+            long val = Long.parseLong(text, 10, start, end);
             return Math.multiplyExact(val, multiplier);
         } catch (NumberFormatException | ArithmeticException ex) {
             throw (DateTimeParseException) new DateTimeParseException("Text cannot be parsed to a Duration: " + errorText, text, 0).initCause(ex);
         }
     }
 
-    private static int parseFraction(CharSequence text, String parsed, int negate) {
+    private static int parseFraction(CharSequence text, int start, int end, int negate) {
         // regex limits to [0-9]{0,9}
-        if (parsed == null || parsed.length() == 0) {
+        if (start < 0 || end < 0 || end - start == 0) {
             return 0;
         }
         try {
-            parsed = (parsed + "000000000").substring(0, 9);
-            return Integer.parseInt(parsed) * negate;
+            int fraction = Integer.parseInt(text, 10, start, end);
+
+            // for number strings smaller than 9 digits, interpret as if there
+            // were trailing zeros
+            for (int i = end - start; i < 9; i++) {
+                fraction *= 10;
+            }
+            return fraction * negate;
         } catch (NumberFormatException | ArithmeticException ex) {
             throw (DateTimeParseException) new DateTimeParseException("Text cannot be parsed to a Duration: fraction", text, 0).initCause(ex);
         }
--- a/src/java.base/share/classes/java/time/Period.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/time/Period.java	Thu Aug 28 14:54:07 2014 -0700
@@ -329,17 +329,17 @@
         Objects.requireNonNull(text, "text");
         Matcher matcher = PATTERN.matcher(text);
         if (matcher.matches()) {
-            int negate = ("-".equals(matcher.group(1)) ? -1 : 1);
-            String yearMatch = matcher.group(2);
-            String monthMatch = matcher.group(3);
-            String weekMatch = matcher.group(4);
-            String dayMatch = matcher.group(5);
-            if (yearMatch != null || monthMatch != null || dayMatch != null || weekMatch != null) {
+            int negate = (charMatch(text, matcher.start(1), matcher.end(1), '-') ? -1 : 1);
+            int yearStart = matcher.start(2), yearEnd = matcher.end(2);
+            int monthStart = matcher.start(3), monthEnd = matcher.end(3);
+            int weekStart = matcher.start(4), weekEnd = matcher.end(4);
+            int dayStart = matcher.start(5), dayEnd = matcher.end(5);
+            if (yearStart >= 0 || monthStart >= 0 || weekStart >= 0 || dayStart >= 0) {
                 try {
-                    int years = parseNumber(text, yearMatch, negate);
-                    int months = parseNumber(text, monthMatch, negate);
-                    int weeks = parseNumber(text, weekMatch, negate);
-                    int days = parseNumber(text, dayMatch, negate);
+                    int years = parseNumber(text, yearStart, yearEnd, negate);
+                    int months = parseNumber(text, monthStart, monthEnd, negate);
+                    int weeks = parseNumber(text, weekStart, weekEnd, negate);
+                    int days = parseNumber(text, dayStart, dayEnd, negate);
                     days = Math.addExact(days, Math.multiplyExact(weeks, 7));
                     return create(years, months, days);
                 } catch (NumberFormatException ex) {
@@ -350,11 +350,15 @@
         throw new DateTimeParseException("Text cannot be parsed to a Period", text, 0);
     }
 
-    private static int parseNumber(CharSequence text, String str, int negate) {
-        if (str == null) {
+    private static boolean charMatch(CharSequence text, int start, int end, char c) {
+        return (start >= 0 && end == start + 1 && text.charAt(start) == c);
+    }
+
+    private static int parseNumber(CharSequence text, int start, int end, int negate) {
+        if (start < 0 || end < 0) {
             return 0;
         }
-        int val = Integer.parseInt(str);
+        int val = Integer.parseInt(text, 10, start, end);
         try {
             return Math.multiplyExact(val, negate);
         } catch (ArithmeticException ex) {
--- a/src/java.base/share/classes/java/util/JapaneseImperialCalendar.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/util/JapaneseImperialCalendar.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,20 +38,20 @@
 import sun.util.calendar.ZoneInfo;
 
 /**
- * <code>JapaneseImperialCalendar</code> implements a Japanese
+ * {@code JapaneseImperialCalendar} implements a Japanese
  * calendar system in which the imperial era-based year numbering is
  * supported from the Meiji era. The following are the eras supported
  * by this calendar system.
- * <pre><tt>
+ * <pre>{@code
  * ERA value   Era name    Since (in Gregorian)
  * ------------------------------------------------------
  *     0       N/A         N/A
- *     1       Meiji       1868-01-01 midnight local time
- *     2       Taisho      1912-07-30 midnight local time
- *     3       Showa       1926-12-25 midnight local time
- *     4       Heisei      1989-01-08 midnight local time
+ *     1       Meiji       1868-01-01T00:00:00 local time
+ *     2       Taisho      1912-07-30T00:00:00 local time
+ *     3       Showa       1926-12-25T00:00:00 local time
+ *     4       Heisei      1989-01-08T00:00:00 local time
  * ------------------------------------------------------
- * </tt></pre>
+ * }</pre>
  *
  * <p><code>ERA</code> value 0 specifies the years before Meiji and
  * the Gregorian year values are used. Unlike {@link
@@ -63,6 +63,31 @@
  * with time differences for applying the era transitions. This
  * calendar implementation assumes local time for all transitions.
  *
+ * <p>A new era can be specified using property
+ * jdk.calendar.japanese.supplemental.era. The new era is added to the
+ * predefined eras. The syntax of the property is as follows.
+ * <p><pre>
+ *   {@code name=<name>,abbr=<abbr>,since=<time['u']>}
+ * </pre>
+ * where
+ * <dl>
+ * <dt>{@code <name>:}<dd>the full name of the new era (non-ASCII characters allowed)
+ * <dt>{@code <abbr>:}<dd>the abbreviation of the new era (non-ASCII characters allowed)
+ * <dt>{@code <time['u']>:}<dd>the start time of the new era represented by
+ * milliseconds from 1970-01-01T00:00:00 local time or UTC if {@code 'u'} is
+ * appended to the milliseconds value. (ASCII digits only)
+ * </dl>
+ *
+ * <p>If the given era is invalid, such as the since value before the
+ * beginning of the last predefined era, the given era will be
+ * ignored.
+ *
+ * <p>The following is an example of the property usage.
+ * <p><pre>
+ *   java -Djdk.calendar.japanese.supplemental.era="name=NewEra,abbr=N,since=253374307200000"
+ * </pre>
+ * The property specifies an era change to NewEra at 9999-02-11T00:00:00 local time.
+ *
  * @author Masayoshi Okutsu
  * @since 1.6
  */
@@ -102,7 +127,6 @@
     public static final int HEISEI = 4;
 
     private static final int EPOCH_OFFSET   = 719163; // Fixed date of January 1, 1970 (Gregorian)
-    private static final int EPOCH_YEAR     = 1970;
 
     // Useful millisecond constants.  Although ONE_DAY and ONE_WEEK can fit
     // into ints, they must be longs in order to prevent arithmetic overflow
@@ -111,7 +135,6 @@
     private static final int  ONE_MINUTE = 60*ONE_SECOND;
     private static final int  ONE_HOUR   = 60*ONE_MINUTE;
     private static final long ONE_DAY    = 24*ONE_HOUR;
-    private static final long ONE_WEEK   = 7*ONE_DAY;
 
     // Reference to the sun.util.calendar.LocalGregorianCalendar instance (singleton).
     private static final LocalGregorianCalendar jcal
@@ -217,6 +240,7 @@
     };
 
     // Proclaim serialization compatibility with JDK 1.6
+    @SuppressWarnings("FieldNameHidesFieldInSuperclass")
     private static final long serialVersionUID = -3364572813905467929L;
 
     static {
@@ -340,6 +364,7 @@
      * <code>false</code> otherwise.
      * @see Calendar#compareTo(Calendar)
      */
+    @Override
     public boolean equals(Object obj) {
         return obj instanceof JapaneseImperialCalendar &&
             super.equals(obj);
@@ -349,6 +374,7 @@
      * Generates the hash code for this
      * <code>JapaneseImperialCalendar</code> object.
      */
+    @Override
     public int hashCode() {
         return super.hashCode() ^ jdate.hashCode();
     }
@@ -381,6 +407,7 @@
      * or if any calendar fields have out-of-range values in
      * non-lenient mode.
      */
+    @Override
     public void add(int field, int amount) {
         // If amount == 0, do nothing even the given field is out of
         // range. This is tested by JCK.
@@ -509,6 +536,7 @@
         }
     }
 
+    @Override
     public void roll(int field, boolean up) {
         roll(field, up ? +1 : -1);
     }
@@ -533,6 +561,7 @@
      * @see #add(int,int)
      * @see #set(int,int)
      */
+    @Override
     public void roll(int field, int amount) {
         // If amount == 0, do nothing even the given field is out of
         // range. This is tested by JCK.
--- a/src/java.base/share/classes/java/util/StringJoiner.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/java/util/StringJoiner.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,9 @@
  */
 package java.util;
 
+import sun.misc.JavaLangAccess;
+import sun.misc.SharedSecrets;
+
 /**
  * {@code StringJoiner} is used to construct a sequence of characters separated
  * by a delimiter and optionally starting with a supplied prefix
@@ -67,22 +70,24 @@
     private final String delimiter;
     private final String suffix;
 
-    /*
-     * StringBuilder value -- at any time, the characters constructed from the
-     * prefix, the added element separated by the delimiter, but without the
-     * suffix, so that we can more easily add elements without having to jigger
-     * the suffix each time.
-     */
-    private StringBuilder value;
+    /** Contains all the string components added so far. */
+    private String[] elts;
 
-    /*
-     * By default, the string consisting of prefix+suffix, returned by
-     * toString(), or properties of value, when no elements have yet been added,
-     * i.e. when it is empty.  This may be overridden by the user to be some
-     * other value including the empty String.
+    /** The number of string components added so far. */
+    private int size;
+
+    /** Total length in chars so far, excluding prefix and suffix. */
+    private int len;
+
+    /**
+     * When overriden by the user to be non-null via {@link setEmptyValue}, the
+     * string returned by toString() when no elements have yet been added.
+     * When null, prefix + suffix is used as the empty value.
      */
     private String emptyValue;
 
+    private static final JavaLangAccess jla = SharedSecrets.getJavaLangAccess();
+
     /**
      * Constructs a {@code StringJoiner} with no characters in it, with no
      * {@code prefix} or {@code suffix}, and a copy of the supplied
@@ -125,7 +130,6 @@
         this.prefix = prefix.toString();
         this.delimiter = delimiter.toString();
         this.suffix = suffix.toString();
-        this.emptyValue = this.prefix + this.suffix;
     }
 
     /**
@@ -148,29 +152,44 @@
         return this;
     }
 
+    private static int getChars(String s, char[] chars, int start) {
+        int len = s.length();
+        s.getChars(0, len, chars, start);
+        return len;
+    }
+
     /**
      * Returns the current value, consisting of the {@code prefix}, the values
      * added so far separated by the {@code delimiter}, and the {@code suffix},
      * unless no elements have been added in which case, the
-     * {@code prefix + suffix} or the {@code emptyValue} characters are returned
+     * {@code prefix + suffix} or the {@code emptyValue} characters are returned.
      *
      * @return the string representation of this {@code StringJoiner}
      */
     @Override
     public String toString() {
-        if (value == null) {
+        final String[] elts = this.elts;
+        if (elts == null && emptyValue != null) {
             return emptyValue;
-        } else {
-            if (suffix.equals("")) {
-                return value.toString();
-            } else {
-                int initialLength = value.length();
-                String result = value.append(suffix).toString();
-                // reset value to pre-append initialLength
-                value.setLength(initialLength);
-                return result;
+        }
+        final int size = this.size;
+        final int addLen = prefix.length() + suffix.length();
+        if (addLen == 0) {
+            compactElts();
+            return size == 0 ? "" : elts[0];
+        }
+        final String delimiter = this.delimiter;
+        final char[] chars = new char[len + addLen];
+        int k = getChars(prefix, chars, 0);
+        if (size > 0) {
+            k += getChars(elts[0], chars, k);
+            for (int i = 1; i < size; i++) {
+                k += getChars(delimiter, chars, k);
+                k += getChars(elts[i], chars, k);
             }
         }
+        k += getChars(suffix, chars, k);
+        return jla.newStringUnsafe(chars);
     }
 
     /**
@@ -182,7 +201,16 @@
      * @return a reference to this {@code StringJoiner}
      */
     public StringJoiner add(CharSequence newElement) {
-        prepareBuilder().append(newElement);
+        final String elt = String.valueOf(newElement);
+        if (elts == null) {
+            elts = new String[8];
+        } else {
+            if (size == elts.length)
+                elts = Arrays.copyOf(elts, 2 * size);
+            len += delimiter.length();
+        }
+        len += elt.length();
+        elts[size++] = elt;
         return this;
     }
 
@@ -207,24 +235,25 @@
      */
     public StringJoiner merge(StringJoiner other) {
         Objects.requireNonNull(other);
-        if (other.value != null) {
-            final int length = other.value.length();
-            // lock the length so that we can seize the data to be appended
-            // before initiate copying to avoid interference, especially when
-            // merge 'this'
-            StringBuilder builder = prepareBuilder();
-            builder.append(other.value, other.prefix.length(), length);
+        if (other.elts == null) {
+            return this;
         }
-        return this;
+        other.compactElts();
+        return add(other.elts[0]);
     }
 
-    private StringBuilder prepareBuilder() {
-        if (value != null) {
-            value.append(delimiter);
-        } else {
-            value = new StringBuilder().append(prefix);
+    private void compactElts() {
+        if (size > 1) {
+            final char[] chars = new char[len];
+            int i = 1, k = getChars(elts[0], chars, 0);
+            do {
+                k += getChars(delimiter, chars, k);
+                k += getChars(elts[i], chars, k);
+                elts[i] = null;
+            } while (++i < size);
+            size = 1;
+            elts[0] = jla.newStringUnsafe(chars);
         }
-        return value;
     }
 
     /**
@@ -238,10 +267,7 @@
      * @return the length of the current value of {@code StringJoiner}
      */
     public int length() {
-        // Remember that we never actually append the suffix unless we return
-        // the full (present) value or some sub-string or length of it, so that
-        // we can add on more if we need to.
-        return (value != null ? value.length() + suffix.length() :
-                emptyValue.length());
+        return (size == 0 && emptyValue != null) ? emptyValue.length() :
+            len + prefix.length() + suffix.length();
     }
 }
--- a/src/java.base/share/classes/javax/security/auth/Subject.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/javax/security/auth/Subject.java	Thu Aug 28 14:54:07 2014 -0700
@@ -182,21 +182,20 @@
      * {@code AuthPermission("modifyPublicCredentials")}.
      * To modify the private credential Set, the caller must have
      * {@code AuthPermission("modifyPrivateCredentials")}.
-     * <p>
      *
      * @param readOnly true if the {@code Subject} is to be read-only,
-     *          and false otherwise. <p>
+     *          and false otherwise.
      *
      * @param principals the {@code Set} of Principals
-     *          to be associated with this {@code Subject}. <p>
+     *          to be associated with this {@code Subject}.
      *
      * @param pubCredentials the {@code Set} of public credentials
-     *          to be associated with this {@code Subject}. <p>
+     *          to be associated with this {@code Subject}.
      *
      * @param privCredentials the {@code Set} of private credentials
      *          to be associated with this {@code Subject}.
      *
-     * @exception NullPointerException if the specified
+     * @throws NullPointerException if the specified
      *          {@code principals}, {@code pubCredentials},
      *          or {@code privCredentials} are {@code null},
      *          or a null value exists within any of these three
@@ -233,10 +232,11 @@
      * Also, once a {@code Subject} is read-only,
      * it can not be reset to being writable again.
      *
-     * <p>
-     *
-     * @exception SecurityException if the caller does not have permission
-     *          to set this {@code Subject} to be read-only.
+     * @throws SecurityException if a security manager is installed and the
+     *         caller does not have an
+     *         {@link AuthPermission#AuthPermission(String)
+     *         AuthPermission("setReadOnly")} permission to set this
+     *         {@code Subject} to be read-only.
      */
     public void setReadOnly() {
         java.lang.SecurityManager sm = System.getSecurityManager();
@@ -250,8 +250,6 @@
     /**
      * Query whether this {@code Subject} is read-only.
      *
-     * <p>
-     *
      * @return true if this {@code Subject} is read-only, false otherwise.
      */
     public boolean isReadOnly() {
@@ -267,8 +265,6 @@
      * In this situation, the most recent {@code Subject} associated
      * with the {@code AccessControlContext} is returned.
      *
-     * <p>
-     *
      * @param  acc the {@code AccessControlContext} from which to retrieve
      *          the {@code Subject}.
      *
@@ -277,10 +273,13 @@
      *          if no {@code Subject} is associated
      *          with the provided {@code AccessControlContext}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to get the {@code Subject}. <p>
+     * @throws SecurityException if a security manager is installed and the
+     *          caller does not have an
+     *          {@link AuthPermission#AuthPermission(String)
+     *          AuthPermission("getSubject")} permission to get the
+     *          {@code Subject}.
      *
-     * @exception NullPointerException if the provided
+     * @throws NullPointerException if the provided
      *          {@code AccessControlContext} is {@code null}.
      */
     public static Subject getSubject(final AccessControlContext acc) {
@@ -321,26 +320,27 @@
      * passing it the provided {@code PrivilegedAction},
      * as well as the newly constructed {@code AccessControlContext}.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} that the specified
      *                  {@code action} will run as.  This parameter
-     *                  may be {@code null}. <p>
+     *                  may be {@code null}.
      *
      * @param <T> the type of the value returned by the PrivilegedAction's
      *                  {@code run} method.
      *
      * @param action the code to be run as the specified
-     *                  {@code Subject}. <p>
+     *                  {@code Subject}.
      *
      * @return the value returned by the PrivilegedAction's
      *                  {@code run} method.
      *
-     * @exception NullPointerException if the {@code PrivilegedAction}
-     *                  is {@code null}. <p>
+     * @throws NullPointerException if the {@code PrivilegedAction}
+     *                  is {@code null}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *                  to invoke this method.
+     * @throws SecurityException if a security manager is installed and the
+     *                  caller does not have an
+     *                  {@link AuthPermission#AuthPermission(String)
+     *                  AuthPermission("doAs")} permission to invoke this
+     *                  method.
      */
     public static <T> T doAs(final Subject subject,
                         final java.security.PrivilegedAction<T> action) {
@@ -377,31 +377,32 @@
      * passing it the provided {@code PrivilegedExceptionAction},
      * as well as the newly constructed {@code AccessControlContext}.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} that the specified
      *                  {@code action} will run as.  This parameter
-     *                  may be {@code null}. <p>
+     *                  may be {@code null}.
      *
      * @param <T> the type of the value returned by the
      *                  PrivilegedExceptionAction's {@code run} method.
      *
      * @param action the code to be run as the specified
-     *                  {@code Subject}. <p>
+     *                  {@code Subject}.
      *
      * @return the value returned by the
      *                  PrivilegedExceptionAction's {@code run} method.
      *
-     * @exception PrivilegedActionException if the
+     * @throws PrivilegedActionException if the
      *                  {@code PrivilegedExceptionAction.run}
-     *                  method throws a checked exception. <p>
+     *                  method throws a checked exception.
      *
-     * @exception NullPointerException if the specified
+     * @throws NullPointerException if the specified
      *                  {@code PrivilegedExceptionAction} is
-     *                  {@code null}. <p>
+     *                  {@code null}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *                  to invoke this method.
+     * @throws SecurityException if a security manager is installed and the
+     *                  caller does not have an
+     *                  {@link AuthPermission#AuthPermission(String)
+     *                  AuthPermission("doAs")} permission to invoke this
+     *                  method.
      */
     public static <T> T doAs(final Subject subject,
                         final java.security.PrivilegedExceptionAction<T> action)
@@ -435,29 +436,30 @@
      * this method instantiates a new {@code AccessControlContext}
      * with an empty collection of ProtectionDomains.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} that the specified
      *                  {@code action} will run as.  This parameter
-     *                  may be {@code null}. <p>
+     *                  may be {@code null}.
      *
      * @param <T> the type of the value returned by the PrivilegedAction's
      *                  {@code run} method.
      *
      * @param action the code to be run as the specified
-     *                  {@code Subject}. <p>
+     *                  {@code Subject}.
      *
      * @param acc the {@code AccessControlContext} to be tied to the
-     *                  specified <i>subject</i> and <i>action</i>. <p>
+     *                  specified <i>subject</i> and <i>action</i>.
      *
      * @return the value returned by the PrivilegedAction's
      *                  {@code run} method.
      *
-     * @exception NullPointerException if the {@code PrivilegedAction}
-     *                  is {@code null}. <p>
+     * @throws NullPointerException if the {@code PrivilegedAction}
+     *                  is {@code null}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *                  to invoke this method.
+     * @throws SecurityException if a security manager is installed and the
+     *                  caller does not have a
+     *                  {@link AuthPermission#AuthPermission(String)
+     *                  AuthPermission("doAsPrivileged")} permission to invoke
+     *                  this method.
      */
     public static <T> T doAsPrivileged(final Subject subject,
                         final java.security.PrivilegedAction<T> action,
@@ -495,34 +497,35 @@
      * this method instantiates a new {@code AccessControlContext}
      * with an empty collection of ProtectionDomains.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} that the specified
      *                  {@code action} will run as.  This parameter
-     *                  may be {@code null}. <p>
+     *                  may be {@code null}.
      *
      * @param <T> the type of the value returned by the
      *                  PrivilegedExceptionAction's {@code run} method.
      *
      * @param action the code to be run as the specified
-     *                  {@code Subject}. <p>
+     *                  {@code Subject}.
      *
      * @param acc the {@code AccessControlContext} to be tied to the
-     *                  specified <i>subject</i> and <i>action</i>. <p>
+     *                  specified <i>subject</i> and <i>action</i>.
      *
      * @return the value returned by the
      *                  PrivilegedExceptionAction's {@code run} method.
      *
-     * @exception PrivilegedActionException if the
+     * @throws PrivilegedActionException if the
      *                  {@code PrivilegedExceptionAction.run}
-     *                  method throws a checked exception. <p>
+     *                  method throws a checked exception.
      *
-     * @exception NullPointerException if the specified
+     * @throws NullPointerException if the specified
      *                  {@code PrivilegedExceptionAction} is
-     *                  {@code null}. <p>
+     *                  {@code null}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *                  to invoke this method.
+     * @throws SecurityException if a security manager is installed and the
+     *                  caller does not have a
+     *                  {@link AuthPermission#AuthPermission(String)
+     *                  AuthPermission("doAsPrivileged")} permission to invoke
+     *                  this method.
      */
     public static <T> T doAsPrivileged(final Subject subject,
                         final java.security.PrivilegedExceptionAction<T> action,
@@ -577,9 +580,12 @@
      * to the returned {@code Set} affects the internal
      * {@code Principal} {@code Set} as well.
      *
-     * <p>
+     * <p> If a security manager is installed, the caller must have a
+     * {@link AuthPermission#AuthPermission(String)
+     * AuthPermission("modifyPrincipals")} permission to modify
+     * the returned set, or a {@code SecurityException} will be thrown.
      *
-     * @return  The {@code Set} of Principals associated with this
+     * @return  the {@code Set} of Principals associated with this
      *          {@code Subject}.
      */
     public Set<Principal> getPrincipals() {
@@ -600,8 +606,6 @@
      * Modifications to the returned {@code Set}
      * will not affect the internal {@code Principal} {@code Set}.
      *
-     * <p>
-     *
      * @param <T> the type of the class modeled by {@code c}
      *
      * @param c the returned {@code Set} of Principals will all be
@@ -610,8 +614,8 @@
      * @return a {@code Set} of Principals that are instances of the
      *          specified {@code Class}.
      *
-     * @exception NullPointerException if the specified {@code Class}
-     *                  is {@code null}.
+     * @throws NullPointerException if the specified {@code Class}
+     *          is {@code null}.
      */
     public <T extends Principal> Set<T> getPrincipals(Class<T> c) {
 
@@ -632,9 +636,12 @@
      * to the returned {@code Set} affects the internal public
      * Credential {@code Set} as well.
      *
-     * <p>
+     * <p> If a security manager is installed, the caller must have a
+     * {@link AuthPermission#AuthPermission(String)
+     * AuthPermission("modifyPublicCredentials")} permission to modify
+     * the returned set, or a {@code SecurityException} will be thrown.
      *
-     * @return  A {@code Set} of public credentials held by this
+     * @return  a {@code Set} of public credentials held by this
      *          {@code Subject}.
      */
     public Set<Object> getPublicCredentials() {
@@ -653,20 +660,18 @@
      * to the returned {@code Set} affects the internal private
      * Credential {@code Set} as well.
      *
-     * <p> A caller requires permissions to access the Credentials
-     * in the returned {@code Set}, or to modify the
-     * {@code Set} itself.  A {@code SecurityException}
-     * is thrown if the caller does not have the proper permissions.
+     * <p> If a security manager is installed, the caller must have a
+     * {@link AuthPermission#AuthPermission(String)
+     * AuthPermission("modifyPrivateCredentials")} permission to modify
+     * the returned set, or a {@code SecurityException} will be thrown.
      *
      * <p> While iterating through the {@code Set},
-     * a {@code SecurityException} is thrown
-     * if the caller does not have permission to access a
-     * particular Credential.  The {@code Iterator}
-     * is nevertheless advanced to next element in the {@code Set}.
+     * a {@code SecurityException} is thrown if a security manager is installed
+     * and the caller does not have a {@link PrivateCredentialPermission}
+     * to access a particular Credential.  The {@code Iterator}
+     * is nevertheless advanced to the next element in the {@code Set}.
      *
-     * <p>
-     *
-     * @return  A {@code Set} of private credentials held by this
+     * @return  a {@code Set} of private credentials held by this
      *          {@code Subject}.
      */
     public Set<Object> getPrivateCredentials() {
@@ -695,8 +700,6 @@
      * Modifications to the returned {@code Set}
      * will not affect the internal public Credential {@code Set}.
      *
-     * <p>
-     *
      * @param <T> the type of the class modeled by {@code c}
      *
      * @param c the returned {@code Set} of public credentials will all be
@@ -705,7 +708,7 @@
      * @return a {@code Set} of public credentials that are instances
      *          of the  specified {@code Class}.
      *
-     * @exception NullPointerException if the specified {@code Class}
+     * @throws NullPointerException if the specified {@code Class}
      *          is {@code null}.
      */
     public <T> Set<T> getPublicCredentials(Class<T> c) {
@@ -723,9 +726,9 @@
      * {@code Subject} that are instances or subclasses of the specified
      * {@code Class}.
      *
-     * <p> The caller must have permission to access all of the
-     * requested Credentials, or a {@code SecurityException}
-     * will be thrown.
+     * <p> If a security manager is installed, the caller must have a
+     * {@link PrivateCredentialPermission} to access all of the requested
+     * Credentials, or a {@code SecurityException} will be thrown.
      *
      * <p> The returned {@code Set} is not backed by this Subject's
      * internal private Credential {@code Set}.  A new
@@ -733,8 +736,6 @@
      * Modifications to the returned {@code Set}
      * will not affect the internal private Credential {@code Set}.
      *
-     * <p>
-     *
      * @param <T> the type of the class modeled by {@code c}
      *
      * @param c the returned {@code Set} of private credentials will all be
@@ -743,7 +744,7 @@
      * @return a {@code Set} of private credentials that are instances
      *          of the  specified {@code Class}.
      *
-     * @exception NullPointerException if the specified {@code Class}
+     * @throws NullPointerException if the specified {@code Class}
      *          is {@code null}.
      */
     public <T> Set<T> getPrivateCredentials(Class<T> c) {
@@ -772,19 +773,18 @@
      * equal if their {@code Principal} and {@code Credential}
      * Sets are equal.
      *
-     * <p>
-     *
      * @param o Object to be compared for equality with this
      *          {@code Subject}.
      *
      * @return true if the specified Object is equal to this
      *          {@code Subject}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to access the private credentials for this {@code Subject},
-     *          or if the caller does not have permission to access the
-     *          private credentials for the provided {@code Subject}.
+     * @throws SecurityException if a security manager is installed and the
+     *         caller does not have a {@link PrivateCredentialPermission}
+     *         permission to access the private credentials for this
+     *         {@code Subject} or the provided {@code Subject}.
      */
+    @Override
     public boolean equals(Object o) {
 
         if (o == null) {
@@ -834,10 +834,9 @@
     /**
      * Return the String representation of this {@code Subject}.
      *
-     * <p>
-     *
      * @return the String representation of this {@code Subject}.
      */
+    @Override
     public String toString() {
         return toString(true);
     }
@@ -895,13 +894,13 @@
     /**
      * Returns a hashcode for this {@code Subject}.
      *
-     * <p>
-     *
      * @return a hashcode for this {@code Subject}.
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to access this Subject's private credentials.
+     * @throws SecurityException if a security manager is installed and the
+     *         caller does not have a {@link PrivateCredentialPermission}
+     *         permission to access this Subject's private credentials.
      */
+    @Override
     public int hashCode() {
 
         /**
@@ -996,7 +995,7 @@
      *
      * @param coll A {@code Collection} to be tested for null references
      *
-     * @exception NullPointerException if the specified collection is either
+     * @throws NullPointerException if the specified collection is either
      *            {@code null} or contains a {@code null} element
      */
     private static void collectionNullClean(Collection<?> coll) {
@@ -1546,7 +1545,7 @@
         }
     }
 
-    static class AuthPermissionHolder {
+    static final class AuthPermissionHolder {
         static final AuthPermission DO_AS_PERMISSION =
             new AuthPermission("doAs");
 
--- a/src/java.base/share/classes/sun/util/calendar/Era.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/sun/util/calendar/Era.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,20 +41,15 @@
  * <code>CalendarDate</code>.
  *
  * <p>The following era names are defined in this release.
- * <!-- TODO: use HTML table -->
- * <pre><tt>
+ * <pre>{@code
  *   Calendar system         Era name         Since (in Gregorian)
  *   -----------------------------------------------------------------------
- *   Japanese calendar       Meiji            1868-01-01 midnight local time
- *                           Taisho           1912-07-30 midnight local time
- *                           Showa            1926-12-26 midnight local time
- *                           Heisei           1989-01-08 midnight local time
- *   Julian calendar         BeforeCommonEra  -292275055-05-16T16:47:04.192Z
- *                           CommonEra        0000-12-30 midnight local time
- *   Taiwanese calendar      MinGuo           1911-01-01 midnight local time
- *   Thai Buddhist calendar  BuddhistEra      -543-01-01 midnight local time
+ *   Japanese calendar       Meiji            1868-01-01T00:00:00 local time
+ *                           Taisho           1912-07-30T00:00:00 local time
+ *                           Showa            1926-12-25T00:00:00 local time
+ *                           Heisei           1989-01-08T00:00:00 local time
  *   -----------------------------------------------------------------------
- * </tt></pre>
+ * }</pre>
  *
  * @author Masayoshi Okutsu
  * @since 1.5
--- a/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,11 +25,7 @@
 
 package sun.util.calendar;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Properties;
-import java.util.StringTokenizer;
+import java.security.AccessController;
 import java.util.TimeZone;
 
 /**
@@ -39,6 +35,28 @@
  */
 
 public class LocalGregorianCalendar extends BaseCalendar {
+    private static final Era[] JAPANESE_ERAS = {
+        new Era("Meiji",  "M", -3218832000000L, true),
+        new Era("Taisho", "T", -1812153600000L, true),
+        new Era("Showa",  "S", -1357603200000L, true),
+        new Era("Heisei", "H",   600220800000L, true),
+    };
+
+    private static boolean isValidEra(Era newEra, Era[] eras) {
+        Era last = eras[eras.length - 1];
+        if (last.getSinceDate().getYear() >= newEra.getSinceDate().getYear()) {
+            return false;
+        }
+        // The new era name should be unique. Its abbr may not.
+        String newName = newEra.getName();
+        for (Era era : eras) {
+            if (era.getName().equals(newName)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
     private String name;
     private Era[] eras;
 
@@ -118,58 +136,70 @@
     }
 
     static LocalGregorianCalendar getLocalGregorianCalendar(String name) {
-        Properties calendarProps;
-        try {
-            calendarProps = CalendarSystem.getCalendarProperties();
-        } catch (IOException | IllegalArgumentException e) {
-            throw new InternalError(e);
-        }
-        // Parse calendar.*.eras
-        String props = calendarProps.getProperty("calendar." + name + ".eras");
-        if (props == null) {
+        // Only the Japanese calendar is supported.
+        if (!"japanese".equals(name)) {
             return null;
         }
-        List<Era> eras = new ArrayList<>();
-        StringTokenizer eraTokens = new StringTokenizer(props, ";");
-        while (eraTokens.hasMoreTokens()) {
-            String items = eraTokens.nextToken().trim();
-            StringTokenizer itemTokens = new StringTokenizer(items, ",");
-            String eraName = null;
-            boolean localTime = true;
-            long since = 0;
-            String abbr = null;
 
-            while (itemTokens.hasMoreTokens()) {
-                String item = itemTokens.nextToken();
-                int index = item.indexOf('=');
-                // it must be in the key=value form.
-                if (index == -1) {
+        // Append an era to the predefined eras if it's given by the property.
+        String prop = AccessController.doPrivileged(
+                new sun.security.action.GetPropertyAction("jdk.calendar.japanese.supplemental.era"));
+        if (prop != null) {
+            Era era = parseEraEntry(prop);
+            if (era != null) {
+                if (isValidEra(era, JAPANESE_ERAS)) {
+                    int length = JAPANESE_ERAS.length;
+                    Era[] eras = new Era[length + 1];
+                    System.arraycopy(JAPANESE_ERAS, 0, eras, 0, length);
+                    eras[length] = era;
+                    return new LocalGregorianCalendar(name, eras);
+                }
+            }
+        }
+        return new LocalGregorianCalendar(name, JAPANESE_ERAS);
+    }
+
+    private static Era parseEraEntry(String entry) {
+        String[] keyValuePairs = entry.split(",");
+        String eraName = null;
+        boolean localTime = true;
+        long since = 0;
+        String abbr = null;
+
+        for (String item : keyValuePairs) {
+            String[] keyvalue = item.split("=");
+            if (keyvalue.length != 2) {
+                return null;
+            }
+            String key = keyvalue[0].trim();
+            String value = keyvalue[1].trim();
+            switch (key) {
+            case "name":
+                eraName = value;
+                break;
+            case "since":
+                if (value.endsWith("u")) {
+                    localTime = false;
+                    value = value.substring(0, value.length() - 1);
+                }
+                try {
+                    since = Long.parseLong(value);
+                } catch (NumberFormatException e) {
                     return null;
                 }
-                String key = item.substring(0, index);
-                String value = item.substring(index + 1);
-                if ("name".equals(key)) {
-                    eraName = value;
-                } else if ("since".equals(key)) {
-                    if (value.endsWith("u")) {
-                        localTime = false;
-                        since = Long.parseLong(value.substring(0, value.length() - 1));
-                    } else {
-                        since = Long.parseLong(value);
-                    }
-                } else if ("abbr".equals(key)) {
-                    abbr = value;
-                } else {
-                    throw new RuntimeException("Unknown key word: " + key);
-                }
+                break;
+            case "abbr":
+                abbr = value;
+                break;
+            default:
+                return null;
             }
-            Era era = new Era(eraName, abbr, since, localTime);
-            eras.add(era);
         }
-        Era[] eraArray = new Era[eras.size()];
-        eras.toArray(eraArray);
-
-        return new LocalGregorianCalendar(name, eraArray);
+        if (eraName == null || eraName.isEmpty()
+                || abbr == null || abbr.isEmpty()) {
+            return null;
+        }
+        return new Era(eraName, abbr, since, localTime);
     }
 
     private LocalGregorianCalendar(String name, Era[] eras) {
@@ -262,9 +292,8 @@
     }
 
     private boolean validateEra(Era era) {
-        // Validate the era
-        for (int i = 0; i < eras.length; i++) {
-            if (era == eras[i]) {
+        for (Era era1 : eras) {
+            if (era == era1) {
                 return true;
             }
         }
@@ -333,6 +362,7 @@
         }
         if (i >= 0) {
             ldate.setLocalEra(era);
+            @SuppressWarnings("null")
             int y = ldate.getNormalizedYear() - era.getSinceDate().getYear() + 1;
             ldate.setLocalYear(y);
         } else {
--- a/src/java.base/share/classes/sun/util/cldr/CLDRLocaleProviderAdapter.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/sun/util/cldr/CLDRLocaleProviderAdapter.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
 import java.security.PrivilegedAction;
 import java.text.spi.BreakIteratorProvider;
 import java.text.spi.CollatorProvider;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Locale;
 import java.util.ResourceBundle;
@@ -102,6 +103,9 @@
     @Override
     protected Set<String> createLanguageTagSet(String category) {
         ResourceBundle rb = ResourceBundle.getBundle("sun.util.cldr.CLDRLocaleDataMetaInfo", Locale.ROOT);
+        if (rb.containsKey(category)) {
+            return Collections.emptySet();
+        }
         String supportedLocaleString = rb.getString(category);
         Set<String> tagset = new HashSet<>();
         StringTokenizer tokens = new StringTokenizer(supportedLocaleString);
--- a/src/java.base/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,7 @@
 import java.text.spi.DateFormatSymbolsProvider;
 import java.text.spi.DecimalFormatSymbolsProvider;
 import java.text.spi.NumberFormatProvider;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Locale;
 import java.util.Set;
@@ -356,6 +357,9 @@
 
     protected Set<String> createLanguageTagSet(String category) {
         String supportedLocaleString = LocaleDataMetaInfo.getSupportedLocaleString(category);
+        if (supportedLocaleString == null) {
+            return Collections.emptySet();
+        }
         Set<String> tagset = new HashSet<>();
         StringTokenizer tokens = new StringTokenizer(supportedLocaleString);
         while (tokens.hasMoreTokens()) {
--- a/src/java.base/share/classes/sun/util/locale/provider/LocaleDataMetaInfo-XLocales.java.template	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/sun/util/locale/provider/LocaleDataMetaInfo-XLocales.java.template	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,12 @@
         resourceNameToLocales.put("CollationData",
                                   " #CollationData_ENLocales# | #CollationData_NonENLocales# ");
 
+        resourceNameToLocales.put("BreakIteratorInfo",
+                                  " #BreakIteratorInfo_ENLocales# | #BreakIteratorInfo_NonENLocales# ");
+
+        resourceNameToLocales.put("BreakIteratorRules",
+                                  " #BreakIteratorRules_ENLocales# | #BreakIteratorRules_NonENLocales# ");
+
         resourceNameToLocales.put("TimeZoneNames",
                                   " #TimeZoneNames_ENLocales# | #TimeZoneNames_NonENLocales# ");
 
--- a/src/java.base/share/classes/sun/util/locale/provider/LocaleProviderAdapter.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/sun/util/locale/provider/LocaleProviderAdapter.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -295,7 +295,7 @@
      * A utility method for implementing the default LocaleServiceProvider.isSupportedLocale
      * for the JRE, CLDR, and FALLBACK adapters.
      */
-    static boolean isSupportedLocale(Locale locale, LocaleProviderAdapter.Type type, Set<String> langtags) {
+    public static boolean isSupportedLocale(Locale locale, LocaleProviderAdapter.Type type, Set<String> langtags) {
         assert type == Type.JRE || type == Type.CLDR || type == Type.FALLBACK;
         if (Locale.ROOT.equals(locale)) {
             return true;
--- a/src/java.base/share/classes/sun/util/resources/LocaleData.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/classes/sun/util/resources/LocaleData.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,8 +48,11 @@
 import java.util.Locale;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
+import java.util.Set;
+import sun.util.locale.provider.JRELocaleProviderAdapter;
 import sun.util.locale.provider.LocaleDataMetaInfo;
 import sun.util.locale.provider.LocaleProviderAdapter;
+import static sun.util.locale.provider.LocaleProviderAdapter.Type.CLDR;
 import static sun.util.locale.provider.LocaleProviderAdapter.Type.JRE;
 
 /**
@@ -204,35 +207,23 @@
         @Override
          public List<Locale> getCandidateLocales(String baseName, Locale locale) {
             List<Locale> candidates = super.getCandidateLocales(baseName, locale);
-            /* Get the locale string list from LocaleDataMetaInfo class. */
-            String localeString = LocaleDataMetaInfo.getSupportedLocaleString(baseName);
-
-            if (localeString != null && localeString.length() != 0) {
-                for (Iterator<Locale> l = candidates.iterator(); l.hasNext();) {
-                    Locale loc = l.next();
-                    String lstr;
-                    if (loc.getScript().length() > 0) {
-                        lstr = loc.toLanguageTag().replace('-', '_');
-                    } else {
-                        lstr = loc.toString();
-                        int idx = lstr.indexOf("_#");
-                        if (idx >= 0) {
-                            lstr = lstr.substring(0, idx);
-                        }
-                    }
-                    /* Every locale string in the locale string list returned from
-                     the above getSupportedLocaleString is enclosed
-                     within two white spaces so that we could check some locale
-                     such as "en".
-                     */
-                    if (lstr.length() != 0 && localeString.indexOf(" " + lstr + " ") == -1) {
-                        l.remove();
+            // Weed out Locales which are known to have no resource bundles
+            int lastDot = baseName.lastIndexOf('.');
+            String category = (lastDot >= 0) ? baseName.substring(lastDot + 1) : baseName;
+            LocaleProviderAdapter.Type type = baseName.contains(DOTCLDR) ? CLDR : JRE;
+            LocaleProviderAdapter adapter = LocaleProviderAdapter.forType(type);
+            Set<String> langtags = ((JRELocaleProviderAdapter)adapter).getLanguageTagSet(category);
+            if (!langtags.isEmpty()) {
+                for (Iterator<Locale> itr = candidates.iterator(); itr.hasNext();) {
+                    if (!LocaleProviderAdapter.isSupportedLocale(itr.next(), type, langtags)) {
+                        itr.remove();
                     }
                 }
             }
+
             // Force fallback to Locale.ENGLISH for CLDR time zone names support
             if (locale.getLanguage() != "en"
-                    && baseName.contains(CLDR) && baseName.endsWith("TimeZoneNames")) {
+                    && type == CLDR && category.equals("TimeZoneNames")) {
                 candidates.add(candidates.size() - 1, Locale.ENGLISH);
             }
             return candidates;
@@ -254,7 +245,7 @@
             return null;
         }
 
-        private static final String CLDR      = ".cldr";
+        private static final String DOTCLDR      = ".cldr";
 
         /**
          * Changes baseName to its per-language package name and
@@ -275,8 +266,8 @@
                     assert JRE.getUtilResourcesPackage().length()
                         == JRE.getTextResourcesPackage().length();
                     int index = JRE.getUtilResourcesPackage().length();
-                    if (baseName.indexOf(CLDR, index) > 0) {
-                        index += CLDR.length();
+                    if (baseName.indexOf(DOTCLDR, index) > 0) {
+                        index += DOTCLDR.length();
                     }
                     newBaseName = baseName.substring(0, index + 1) + lang
                                       + baseName.substring(index);
--- a/src/java.base/share/conf/calendars.properties	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/share/conf/calendars.properties	Thu Aug 28 14:54:07 2014 -0700
@@ -1,4 +1,4 @@
-# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -23,37 +23,6 @@
 #
 
 #
-# Japanese imperial calendar
-#
-#   Meiji  since 1868-01-01 00:00:00 local time (Gregorian)
-#   Taisho since 1912-07-30 00:00:00 local time (Gregorian)
-#   Showa  since 1926-12-25 00:00:00 local time (Gregorian)
-#   Heisei since 1989-01-08 00:00:00 local time (Gregorian)
-calendar.japanese.type: LocalGregorianCalendar
-calendar.japanese.eras: \
-	name=Meiji,abbr=M,since=-3218832000000;  \
-	name=Taisho,abbr=T,since=-1812153600000; \
-	name=Showa,abbr=S,since=-1357603200000;  \
-	name=Heisei,abbr=H,since=600220800000
-
-#
-# Taiwanese calendar
-#   Minguo since 1911-01-01 00:00:00 local time (Gregorian)
-calendar.taiwanese.type: LocalGregorianCalendar
-calendar.taiwanese.eras: \
-	name=MinGuo,since=-1830384000000
-
-#
-# Thai Buddhist calendar
-#   Buddhist Era since -542-01-01 00:00:00 local time (Gregorian)
-calendar.thai-buddhist.type: LocalGregorianCalendar
-calendar.thai-buddhist.eras: \
-	name=BuddhistEra,abbr=B.E.,since=-79302585600000
-calendar.thai-buddhist.year-boundary: \
-	day1=4-1,since=-79302585600000; \
-	day1=1-1,since=-915148800000
-
-#
 # Hijrah calendars
 #
 calendar.hijrah.Hijrah-umalqura: hijrah-config-umalqura.properties
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/conf/security/java.security	Thu Aug 28 14:54:07 2014 -0700
@@ -0,0 +1,517 @@
+#
+# This is the "master security properties file".
+#
+# An alternate java.security properties file may be specified
+# from the command line via the system property
+#
+#    -Djava.security.properties=<URL>
+#
+# This properties file appends to the master security properties file.
+# If both properties files specify values for the same key, the value
+# from the command-line properties file is selected, as it is the last
+# one loaded.
+#
+# Also, if you specify
+#
+#    -Djava.security.properties==<URL> (2 equals),
+#
+# then that properties file completely overrides the master security
+# properties file.
+#
+# To disable the ability to specify an additional properties file from
+# the command line, set the key security.overridePropertiesFile
+# to false in the master security properties file. It is set to true
+# by default.
+
+# In this file, various security properties are set for use by
+# java.security classes. This is where users can statically register
+# Cryptography Package Providers ("providers" for short). The term
+# "provider" refers to a package or set of packages that supply a
+# concrete implementation of a subset of the cryptography aspects of
+# the Java Security API. A provider may, for example, implement one or
+# more digital signature algorithms or message digest algorithms.
+#
+# Each provider must implement a subclass of the Provider class.
+# To register a provider in this master security properties file,
+# specify the Provider subclass name and priority in the format
+#
+#    security.provider.<n>=<className>
+#
+# This declares a provider, and specifies its preference
+# order n. The preference order is the order in which providers are
+# searched for requested algorithms (when no specific provider is
+# requested). The order is 1-based; 1 is the most preferred, followed
+# by 2, and so on.
+#
+# <className> must specify the subclass of the Provider class whose
+# constructor sets the values of various properties that are required
+# for the Java Security API to look up the algorithms or other
+# facilities implemented by the provider.
+#
+# There must be at least one provider specification in java.security.
+# There is a default provider that comes standard with the JDK. It
+# is called the "SUN" provider, and its Provider subclass
+# named Sun appears in the sun.security.provider package. Thus, the
+# "SUN" provider is registered via the following:
+#
+#    security.provider.1=sun.security.provider.Sun
+#
+# (The number 1 is used for the default provider.)
+#
+# Note: Providers can be dynamically registered instead by calls to
+# either the addProvider or insertProviderAt method in the Security
+# class.
+
+#
+# List of providers and their preference orders (see above):
+#
+#ifdef solaris
+security.provider.tbd=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
+security.provider.tbd=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
+#endif
+security.provider.tbd=sun.security.provider.Sun
+security.provider.tbd=sun.security.rsa.SunRsaSign
+security.provider.tbd=sun.security.ec.SunEC
+security.provider.tbd=com.sun.net.ssl.internal.ssl.Provider
+security.provider.tbd=com.sun.crypto.provider.SunJCE
+security.provider.tbd=sun.security.jgss.SunProvider
+security.provider.tbd=com.sun.security.sasl.Provider
+security.provider.tbd=org.jcp.xml.dsig.internal.dom.XMLDSigRI
+security.provider.tbd=sun.security.smartcardio.SunPCSC
+#ifdef windows
+security.provider.tbd=sun.security.mscapi.SunMSCAPI
+#endif
+#ifdef macosx
+security.provider.tbd=apple.security.AppleProvider
+#endif
+
+#
+# Sun Provider SecureRandom seed source.
+#
+# Select the primary source of seed data for the "SHA1PRNG" and
+# "NativePRNG" SecureRandom implementations in the "Sun" provider.
+# (Other SecureRandom implementations might also use this property.)
+#
+# On Unix-like systems (for example, Solaris/Linux/MacOS), the
+# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
+# special device files such as file:/dev/random.
+#
+# On Windows systems, specifying the URLs "file:/dev/random" or
+# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
+# mechanism for SHA1PRNG.
+#
+# By default, an attempt is made to use the entropy gathering device
+# specified by the "securerandom.source" Security property.  If an
+# exception occurs while accessing the specified URL:
+#
+#     SHA1PRNG:
+#         the traditional system/thread activity algorithm will be used.
+#
+#     NativePRNG:
+#         a default value of /dev/random will be used.  If neither
+#         are available, the implementation will be disabled.
+#         "file" is the only currently supported protocol type.
+#
+# The entropy gathering device can also be specified with the System
+# property "java.security.egd". For example:
+#
+#   % java -Djava.security.egd=file:/dev/random MainClass
+#
+# Specifying this System property will override the
+# "securerandom.source" Security property.
+#
+# In addition, if "file:/dev/random" or "file:/dev/urandom" is
+# specified, the "NativePRNG" implementation will be more preferred than
+# SHA1PRNG in the Sun provider.
+#
+securerandom.source=file:/dev/random
+
+#
+# A list of known strong SecureRandom implementations.
+#
+# To help guide applications in selecting a suitable strong
+# java.security.SecureRandom implementation, Java distributions should
+# indicate a list of known strong implementations using the property.
+#
+# This is a comma-separated list of algorithm and/or algorithm:provider
+# entries.
+#
+#ifdef windows
+securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN
+#endif
+#ifndef windows
+securerandom.strongAlgorithms=NativePRNGBlocking:SUN
+#endif
+
+#
+# Class to instantiate as the javax.security.auth.login.Configuration
+# provider.
+#
+login.configuration.provider=sun.security.provider.ConfigFile
+
+#
+# Default login configuration file
+#
+#login.config.url.1=file:${user.home}/.java.login.config
+
+#
+# Class to instantiate as the system Policy. This is the name of the class
+# that will be used as the Policy object.
+#
+policy.provider=sun.security.provider.PolicyFile
+
+# The default is to have a single system-wide policy file,
+# and a policy file in the user's home directory.
+policy.url.1=file:${java.home}/lib/security/java.policy
+policy.url.2=file:${user.home}/.java.policy
+
+# whether or not we expand properties in the policy file
+# if this is set to false, properties (${...}) will not be expanded in policy
+# files.
+policy.expandProperties=true
+
+# whether or not we allow an extra policy to be passed on the command line
+# with -Djava.security.policy=somefile. Comment out this line to disable
+# this feature.
+policy.allowSystemProperty=true
+
+# whether or not we look into the IdentityScope for trusted Identities
+# when encountering a 1.1 signed JAR file. If the identity is found
+# and is trusted, we grant it AllPermission.
+policy.ignoreIdentityScope=false
+
+#
+# Default keystore type.
+#
+keystore.type=jks
+
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageAccess unless the
+# corresponding RuntimePermission ("accessClassInPackage."+package) has
+# been granted.
+package.access=sun.,\
+               com.sun.xml.internal.,\
+               com.sun.imageio.,\
+               com.sun.istack.internal.,\
+               com.sun.jmx.,\
+               com.sun.media.sound.,\
+               com.sun.naming.internal.,\
+               com.sun.proxy.,\
+               com.sun.corba.se.,\
+               com.sun.org.apache.bcel.internal.,\
+               com.sun.org.apache.regexp.internal.,\
+               com.sun.org.apache.xerces.internal.,\
+               com.sun.org.apache.xpath.internal.,\
+               com.sun.org.apache.xalan.internal.extensions.,\
+               com.sun.org.apache.xalan.internal.lib.,\
+               com.sun.org.apache.xalan.internal.res.,\
+               com.sun.org.apache.xalan.internal.templates.,\
+               com.sun.org.apache.xalan.internal.utils.,\
+               com.sun.org.apache.xalan.internal.xslt.,\
+               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
+               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
+               com.sun.org.apache.xalan.internal.xsltc.trax.,\
+               com.sun.org.apache.xalan.internal.xsltc.util.,\
+               com.sun.org.apache.xml.internal.res.,\
+               com.sun.org.apache.xml.internal.security.,\
+               com.sun.org.apache.xml.internal.serializer.utils.,\
+               com.sun.org.apache.xml.internal.utils.,\
+               com.sun.org.glassfish.,\
+               com.oracle.xmlns.internal.,\
+               com.oracle.webservices.internal.,\
+               org.jcp.xml.dsig.internal.,\
+               jdk.internal.,\
+               jdk.nashorn.internal.,\
+               jdk.nashorn.tools.,\
+               com.sun.activation.registries.,\
+#ifdef macosx
+               apple.,\
+#endif
+
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageDefinition unless the
+# corresponding RuntimePermission ("defineClassInPackage."+package) has
+# been granted.
+#
+# by default, none of the class loaders supplied with the JDK call
+# checkPackageDefinition.
+#
+package.definition=sun.,\
+                   com.sun.xml.internal.,\
+                   com.sun.imageio.,\
+                   com.sun.istack.internal.,\
+                   com.sun.jmx.,\
+                   com.sun.media.sound.,\
+                   com.sun.naming.internal.,\
+                   com.sun.proxy.,\
+                   com.sun.corba.se.,\
+                   com.sun.org.apache.bcel.internal.,\
+                   com.sun.org.apache.regexp.internal.,\
+                   com.sun.org.apache.xerces.internal.,\
+                   com.sun.org.apache.xpath.internal.,\
+                   com.sun.org.apache.xalan.internal.extensions.,\
+                   com.sun.org.apache.xalan.internal.lib.,\
+                   com.sun.org.apache.xalan.internal.res.,\
+                   com.sun.org.apache.xalan.internal.templates.,\
+                   com.sun.org.apache.xalan.internal.utils.,\
+                   com.sun.org.apache.xalan.internal.xslt.,\
+                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
+                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
+                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
+                   com.sun.org.apache.xalan.internal.xsltc.util.,\
+                   com.sun.org.apache.xml.internal.res.,\
+                   com.sun.org.apache.xml.internal.security.,\
+                   com.sun.org.apache.xml.internal.serializer.utils.,\
+                   com.sun.org.apache.xml.internal.utils.,\
+                   com.sun.org.glassfish.,\
+                   com.oracle.xmlns.internal.,\
+                   com.oracle.webservices.internal.,\
+                   org.jcp.xml.dsig.internal.,\
+                   jdk.internal.,\
+                   jdk.nashorn.internal.,\
+                   jdk.nashorn.tools.,\
+                   com.sun.activation.registries.,\
+#ifdef macosx
+                   apple.,\
+#endif
+
+#
+# Determines whether this properties file can be appended to
+# or overridden on the command line via -Djava.security.properties
+#
+security.overridePropertiesFile=true
+
+#
+# Determines the default key and trust manager factory algorithms for
+# the javax.net.ssl package.
+#
+ssl.KeyManagerFactory.algorithm=SunX509
+ssl.TrustManagerFactory.algorithm=PKIX
+
+#
+# The Java-level namelookup cache policy for successful lookups:
+#
+# any negative value: caching forever
+# any positive value: the number of seconds to cache an address for
+# zero: do not cache
+#
+# default value is forever (FOREVER). For security reasons, this
+# caching is made forever when a security manager is set. When a security
+# manager is not set, the default behavior in this implementation
+# is to cache for 30 seconds.
+#
+# NOTE: setting this to anything other than the default value can have
+#       serious security implications. Do not set it unless
+#       you are sure you are not exposed to DNS spoofing attack.
+#
+#networkaddress.cache.ttl=-1
+
+# The Java-level namelookup cache policy for failed lookups:
+#
+# any negative value: cache forever
+# any positive value: the number of seconds to cache negative lookup results
+# zero: do not cache
+#
+# In some Microsoft Windows networking environments that employ
+# the WINS name service in addition to DNS, name service lookups
+# that fail may take a noticeably long time to return (approx. 5 seconds).
+# For this reason the default caching policy is to maintain these
+# results for 10 seconds.
+#
+#
+networkaddress.cache.negative.ttl=10
+
+#
+# Properties to configure OCSP for certificate revocation checking
+#
+
+# Enable OCSP
+#
+# By default, OCSP is not used for certificate revocation checking.
+# This property enables the use of OCSP when set to the value "true".
+#
+# NOTE: SocketPermission is required to connect to an OCSP responder.
+#
+# Example,
+#   ocsp.enable=true
+
+#
+# Location of the OCSP responder
+#
+# By default, the location of the OCSP responder is determined implicitly
+# from the certificate being validated. This property explicitly specifies
+# the location of the OCSP responder. The property is used when the
+# Authority Information Access extension (defined in RFC 3280) is absent
+# from the certificate or when it requires overriding.
+#
+# Example,
+#   ocsp.responderURL=http://ocsp.example.net:80
+
+#
+# Subject name of the OCSP responder's certificate
+#
+# By default, the certificate of the OCSP responder is that of the issuer
+# of the certificate being validated. This property identifies the certificate
+# of the OCSP responder when the default does not apply. Its value is a string
+# distinguished name (defined in RFC 2253) which identifies a certificate in
+# the set of certificates supplied during cert path validation. In cases where
+# the subject name alone is not sufficient to uniquely identify the certificate
+# then both the "ocsp.responderCertIssuerName" and
+# "ocsp.responderCertSerialNumber" properties must be used instead. When this
+# property is set then those two properties are ignored.
+#
+# Example,
+#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
+
+#
+# Issuer name of the OCSP responder's certificate
+#
+# By default, the certificate of the OCSP responder is that of the issuer
+# of the certificate being validated. This property identifies the certificate
+# of the OCSP responder when the default does not apply. Its value is a string
+# distinguished name (defined in RFC 2253) which identifies a certificate in
+# the set of certificates supplied during cert path validation. When this
+# property is set then the "ocsp.responderCertSerialNumber" property must also
+# be set. When the "ocsp.responderCertSubjectName" property is set then this
+# property is ignored.
+#
+# Example,
+#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
+
+#
+# Serial number of the OCSP responder's certificate
+#
+# By default, the certificate of the OCSP responder is that of the issuer
+# of the certificate being validated. This property identifies the certificate
+# of the OCSP responder when the default does not apply. Its value is a string
+# of hexadecimal digits (colon or space separators may be present) which
+# identifies a certificate in the set of certificates supplied during cert path
+# validation. When this property is set then the "ocsp.responderCertIssuerName"
+# property must also be set. When the "ocsp.responderCertSubjectName" property
+# is set then this property is ignored.
+#
+# Example,
+#   ocsp.responderCertSerialNumber=2A:FF:00
+
+#
+# Policy for failed Kerberos KDC lookups:
+#
+# When a KDC is unavailable (network error, service failure, etc), it is
+# put inside a blacklist and accessed less often for future requests. The
+# value (case-insensitive) for this policy can be:
+#
+# tryLast
+#    KDCs in the blacklist are always tried after those not on the list.
+#
+# tryLess[:max_retries,timeout]
+#    KDCs in the blacklist are still tried by their order in the configuration,
+#    but with smaller max_retries and timeout values. max_retries and timeout
+#    are optional numerical parameters (default 1 and 5000, which means once
+#    and 5 seconds). Please notes that if any of the values defined here is
+#    more than what is defined in krb5.conf, it will be ignored.
+#
+# Whenever a KDC is detected as available, it is removed from the blacklist.
+# The blacklist is reset when krb5.conf is reloaded. You can add
+# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
+# reloaded whenever a JAAS authentication is attempted.
+#
+# Example,
+#   krb5.kdc.bad.policy = tryLast
+#   krb5.kdc.bad.policy = tryLess:2,2000
+krb5.kdc.bad.policy = tryLast
+
+# Algorithm restrictions for certification path (CertPath) processing
+#
+# In some environments, certain algorithms or key lengths may be undesirable
+# for certification path building and validation.  For example, "MD2" is
+# generally no longer considered to be a secure hash algorithm.  This section
+# describes the mechanism for disabling algorithms based on algorithm name
+# and/or key length.  This includes algorithms used in certificates, as well
+# as revocation information such as CRLs and signed OCSP Responses.
+#
+# The syntax of the disabled algorithm string is described as this Java
+# BNF-style:
+#   DisabledAlgorithms:
+#       " DisabledAlgorithm { , DisabledAlgorithm } "
+#
+#   DisabledAlgorithm:
+#       AlgorithmName [Constraint]
+#
+#   AlgorithmName:
+#       (see below)
+#
+#   Constraint:
+#       KeySizeConstraint
+#
+#   KeySizeConstraint:
+#       keySize Operator DecimalInteger
+#
+#   Operator:
+#       <= | < | == | != | >= | >
+#
+#   DecimalInteger:
+#       DecimalDigits
+#
+#   DecimalDigits:
+#       DecimalDigit {DecimalDigit}
+#
+#   DecimalDigit: one of
+#       1 2 3 4 5 6 7 8 9 0
+#
+# The "AlgorithmName" is the standard algorithm name of the disabled
+# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
+# Documentation" for information about Standard Algorithm Names.  Matching
+# is performed using a case-insensitive sub-element matching rule.  (For
+# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
+# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
+# sub-element of the certificate algorithm name, the algorithm will be
+# rejected during certification path building and validation.  For example,
+# the assertion algorithm name "DSA" will disable all certificate algorithms
+# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
+# will not disable algorithms related to "ECDSA".
+#
+# A "Constraint" provides further guidance for the algorithm being specified.
+# The "KeySizeConstraint" requires a key of a valid size range if the
+# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
+# key size specified in number of bits.  For example, "RSA keySize <= 1024"
+# indicates that any RSA key with key size less than or equal to 1024 bits
+# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
+# that any RSA key with key size less than 1024 or greater than 2048 should
+# be disabled. Note that the "KeySizeConstraint" only makes sense to key
+# algorithms.
+#
+# Note: This property is currently used by Oracle's PKIX implementation. It
+# is not guaranteed to be examined and used by other implementations.
+#
+# Example:
+#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
+#
+#
+jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+
+# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
+# (SSL/TLS) processing
+#
+# In some environments, certain algorithms or key lengths may be undesirable
+# when using SSL/TLS.  This section describes the mechanism for disabling
+# algorithms during SSL/TLS security parameters negotiation, including cipher
+# suites selection, peer authentication and key exchange mechanisms.
+#
+# For PKI-based peer authentication and key exchange mechanisms, this list
+# of disabled algorithms will also be checked during certification path
+# building and validation, including algorithms used in certificates, as
+# well as revocation information such as CRLs and signed OCSP Responses.
+# This is in addition to the jdk.certpath.disabledAlgorithms property above.
+#
+# See the specification of "jdk.certpath.disabledAlgorithms" for the
+# syntax of the disabled algorithm string.
+#
+# Note: This property is currently used by Oracle's JSSE implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+# Example:
+#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/src/java.base/share/conf/security/java.security-aix	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,496 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=sun.security.provider.Sun
-security.provider.2=sun.security.rsa.SunRsaSign
-security.provider.3=sun.security.ec.SunEC
-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
-security.provider.5=com.sun.crypto.provider.SunJCE
-security.provider.6=sun.security.jgss.SunProvider
-security.provider.7=com.sun.security.sasl.Provider
-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.9=sun.security.smartcardio.SunPCSC
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=NativePRNGBlocking:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.
-
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.
-
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/src/java.base/share/conf/security/java.security-linux	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,496 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=sun.security.provider.Sun
-security.provider.2=sun.security.rsa.SunRsaSign
-security.provider.3=sun.security.ec.SunEC
-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
-security.provider.5=com.sun.crypto.provider.SunJCE
-security.provider.6=sun.security.jgss.SunProvider
-security.provider.7=com.sun.security.sasl.Provider
-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.9=sun.security.smartcardio.SunPCSC
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=NativePRNGBlocking:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.,\
-               com.sun.activation.registries.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.,\
-                   com.sun.activation.registries.
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/src/java.base/share/conf/security/java.security-macosx	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,499 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=sun.security.provider.Sun
-security.provider.2=sun.security.rsa.SunRsaSign
-security.provider.3=sun.security.ec.SunEC
-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
-security.provider.5=com.sun.crypto.provider.SunJCE
-security.provider.6=sun.security.jgss.SunProvider
-security.provider.7=com.sun.security.sasl.Provider
-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.9=sun.security.smartcardio.SunPCSC
-security.provider.10=apple.security.AppleProvider
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=NativePRNGBlocking:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.,\
-               com.sun.activation.registries.,\
-               apple.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.,\
-                   com.sun.activation.registries.,\
-                   apple.
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/src/java.base/share/conf/security/java.security-solaris	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,498 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
-security.provider.2=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
-security.provider.3=sun.security.provider.Sun
-security.provider.4=sun.security.rsa.SunRsaSign
-security.provider.5=sun.security.ec.SunEC
-security.provider.6=com.sun.net.ssl.internal.ssl.Provider
-security.provider.7=com.sun.crypto.provider.SunJCE
-security.provider.8=sun.security.jgss.SunProvider
-security.provider.9=com.sun.security.sasl.Provider
-security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.11=sun.security.smartcardio.SunPCSC
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=NativePRNGBlocking:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.,\
-               com.sun.activation.registries.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.,\
-                   com.sun.activation.registries.
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/src/java.base/share/conf/security/java.security-windows	Thu Aug 21 14:16:26 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,499 +0,0 @@
-#
-# This is the "master security properties file".
-#
-# An alternate java.security properties file may be specified
-# from the command line via the system property
-#
-#    -Djava.security.properties=<URL>
-#
-# This properties file appends to the master security properties file.
-# If both properties files specify values for the same key, the value
-# from the command-line properties file is selected, as it is the last
-# one loaded.
-#
-# Also, if you specify
-#
-#    -Djava.security.properties==<URL> (2 equals),
-#
-# then that properties file completely overrides the master security
-# properties file.
-#
-# To disable the ability to specify an additional properties file from
-# the command line, set the key security.overridePropertiesFile
-# to false in the master security properties file. It is set to true
-# by default.
-
-# In this file, various security properties are set for use by
-# java.security classes. This is where users can statically register
-# Cryptography Package Providers ("providers" for short). The term
-# "provider" refers to a package or set of packages that supply a
-# concrete implementation of a subset of the cryptography aspects of
-# the Java Security API. A provider may, for example, implement one or
-# more digital signature algorithms or message digest algorithms.
-#
-# Each provider must implement a subclass of the Provider class.
-# To register a provider in this master security properties file,
-# specify the Provider subclass name and priority in the format
-#
-#    security.provider.<n>=<className>
-#
-# This declares a provider, and specifies its preference
-# order n. The preference order is the order in which providers are
-# searched for requested algorithms (when no specific provider is
-# requested). The order is 1-based; 1 is the most preferred, followed
-# by 2, and so on.
-#
-# <className> must specify the subclass of the Provider class whose
-# constructor sets the values of various properties that are required
-# for the Java Security API to look up the algorithms or other
-# facilities implemented by the provider.
-#
-# There must be at least one provider specification in java.security.
-# There is a default provider that comes standard with the JDK. It
-# is called the "SUN" provider, and its Provider subclass
-# named Sun appears in the sun.security.provider package. Thus, the
-# "SUN" provider is registered via the following:
-#
-#    security.provider.1=sun.security.provider.Sun
-#
-# (The number 1 is used for the default provider.)
-#
-# Note: Providers can be dynamically registered instead by calls to
-# either the addProvider or insertProviderAt method in the Security
-# class.
-
-#
-# List of providers and their preference orders (see above):
-#
-security.provider.1=sun.security.provider.Sun
-security.provider.2=sun.security.rsa.SunRsaSign
-security.provider.3=sun.security.ec.SunEC
-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
-security.provider.5=com.sun.crypto.provider.SunJCE
-security.provider.6=sun.security.jgss.SunProvider
-security.provider.7=com.sun.security.sasl.Provider
-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.9=sun.security.smartcardio.SunPCSC
-security.provider.10=sun.security.mscapi.SunMSCAPI
-
-#
-# Sun Provider SecureRandom seed source.
-#
-# Select the primary source of seed data for the "SHA1PRNG" and
-# "NativePRNG" SecureRandom implementations in the "Sun" provider.
-# (Other SecureRandom implementations might also use this property.)
-#
-# On Unix-like systems (for example, Solaris/Linux/MacOS), the
-# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
-# special device files such as file:/dev/random.
-#
-# On Windows systems, specifying the URLs "file:/dev/random" or
-# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
-# mechanism for SHA1PRNG.
-#
-# By default, an attempt is made to use the entropy gathering device
-# specified by the "securerandom.source" Security property.  If an
-# exception occurs while accessing the specified URL:
-#
-#     SHA1PRNG:
-#         the traditional system/thread activity algorithm will be used.
-#
-#     NativePRNG:
-#         a default value of /dev/random will be used.  If neither
-#         are available, the implementation will be disabled.
-#         "file" is the only currently supported protocol type.
-#
-# The entropy gathering device can also be specified with the System
-# property "java.security.egd". For example:
-#
-#   % java -Djava.security.egd=file:/dev/random MainClass
-#
-# Specifying this System property will override the
-# "securerandom.source" Security property.
-#
-# In addition, if "file:/dev/random" or "file:/dev/urandom" is
-# specified, the "NativePRNG" implementation will be more preferred than
-# SHA1PRNG in the Sun provider.
-#
-securerandom.source=file:/dev/random
-
-#
-# A list of known strong SecureRandom implementations.
-#
-# To help guide applications in selecting a suitable strong
-# java.security.SecureRandom implementation, Java distributions should
-# indicate a list of known strong implementations using the property.
-#
-# This is a comma-separated list of algorithm and/or algorithm:provider
-# entries.
-#
-securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN
-
-#
-# Class to instantiate as the javax.security.auth.login.Configuration
-# provider.
-#
-login.configuration.provider=sun.security.provider.ConfigFile
-
-#
-# Default login configuration file
-#
-#login.config.url.1=file:${user.home}/.java.login.config
-
-#
-# Class to instantiate as the system Policy. This is the name of the class
-# that will be used as the Policy object.
-#
-policy.provider=sun.security.provider.PolicyFile
-
-# The default is to have a single system-wide policy file,
-# and a policy file in the user's home directory.
-policy.url.1=file:${java.home}/lib/security/java.policy
-policy.url.2=file:${user.home}/.java.policy
-
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
-policy.expandProperties=true
-
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
-policy.allowSystemProperty=true
-
-# whether or not we look into the IdentityScope for trusted Identities
-# when encountering a 1.1 signed JAR file. If the identity is found
-# and is trusted, we grant it AllPermission.
-policy.ignoreIdentityScope=false
-
-#
-# Default keystore type.
-#
-keystore.type=jks
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
-               com.sun.xml.internal.,\
-               com.sun.imageio.,\
-               com.sun.istack.internal.,\
-               com.sun.jmx.,\
-               com.sun.media.sound.,\
-               com.sun.naming.internal.,\
-               com.sun.proxy.,\
-               com.sun.corba.se.,\
-               com.sun.org.apache.bcel.internal.,\
-               com.sun.org.apache.regexp.internal.,\
-               com.sun.org.apache.xerces.internal.,\
-               com.sun.org.apache.xpath.internal.,\
-               com.sun.org.apache.xalan.internal.extensions.,\
-               com.sun.org.apache.xalan.internal.lib.,\
-               com.sun.org.apache.xalan.internal.res.,\
-               com.sun.org.apache.xalan.internal.templates.,\
-               com.sun.org.apache.xalan.internal.utils.,\
-               com.sun.org.apache.xalan.internal.xslt.,\
-               com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-               com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-               com.sun.org.apache.xalan.internal.xsltc.trax.,\
-               com.sun.org.apache.xalan.internal.xsltc.util.,\
-               com.sun.org.apache.xml.internal.res.,\
-               com.sun.org.apache.xml.internal.security.,\
-               com.sun.org.apache.xml.internal.serializer.utils.,\
-               com.sun.org.apache.xml.internal.utils.,\
-               com.sun.org.glassfish.,\
-               com.oracle.xmlns.internal.,\
-               com.oracle.webservices.internal.,\
-               org.jcp.xml.dsig.internal.,\
-               jdk.internal.,\
-               jdk.nashorn.internal.,\
-               jdk.nashorn.tools.,\
-               com.sun.activation.registries.,\
-               com.sun.java.accessibility.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, none of the class loaders supplied with the JDK call
-# checkPackageDefinition.
-#
-package.definition=sun.,\
-                   com.sun.xml.internal.,\
-                   com.sun.imageio.,\
-                   com.sun.istack.internal.,\
-                   com.sun.jmx.,\
-                   com.sun.media.sound.,\
-                   com.sun.naming.internal.,\
-                   com.sun.proxy.,\
-                   com.sun.corba.se.,\
-                   com.sun.org.apache.bcel.internal.,\
-                   com.sun.org.apache.regexp.internal.,\
-                   com.sun.org.apache.xerces.internal.,\
-                   com.sun.org.apache.xpath.internal.,\
-                   com.sun.org.apache.xalan.internal.extensions.,\
-                   com.sun.org.apache.xalan.internal.lib.,\
-                   com.sun.org.apache.xalan.internal.res.,\
-                   com.sun.org.apache.xalan.internal.templates.,\
-                   com.sun.org.apache.xalan.internal.utils.,\
-                   com.sun.org.apache.xalan.internal.xslt.,\
-                   com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
-                   com.sun.org.apache.xalan.internal.xsltc.compiler.,\
-                   com.sun.org.apache.xalan.internal.xsltc.trax.,\
-                   com.sun.org.apache.xalan.internal.xsltc.util.,\
-                   com.sun.org.apache.xml.internal.res.,\
-                   com.sun.org.apache.xml.internal.security.,\
-                   com.sun.org.apache.xml.internal.serializer.utils.,\
-                   com.sun.org.apache.xml.internal.utils.,\
-                   com.sun.org.glassfish.,\
-                   com.oracle.xmlns.internal.,\
-                   com.oracle.webservices.internal.,\
-                   org.jcp.xml.dsig.internal.,\
-                   jdk.internal.,\
-                   jdk.nashorn.internal.,\
-                   jdk.nashorn.tools.,\
-                   com.sun.activation.registries.,\
-                   com.sun.java.accessibility.
-
-#
-# Determines whether this properties file can be appended to
-# or overridden on the command line via -Djava.security.properties
-#
-security.overridePropertiesFile=true
-
-#
-# Determines the default key and trust manager factory algorithms for
-# the javax.net.ssl package.
-#
-ssl.KeyManagerFactory.algorithm=SunX509
-ssl.TrustManagerFactory.algorithm=PKIX
-
-#
-# The Java-level namelookup cache policy for successful lookups:
-#
-# any negative value: caching forever
-# any positive value: the number of seconds to cache an address for
-# zero: do not cache
-#
-# default value is forever (FOREVER). For security reasons, this
-# caching is made forever when a security manager is set. When a security
-# manager is not set, the default behavior in this implementation
-# is to cache for 30 seconds.
-#
-# NOTE: setting this to anything other than the default value can have
-#       serious security implications. Do not set it unless
-#       you are sure you are not exposed to DNS spoofing attack.
-#
-#networkaddress.cache.ttl=-1
-
-# The Java-level namelookup cache policy for failed lookups:
-#
-# any negative value: cache forever
-# any positive value: the number of seconds to cache negative lookup results
-# zero: do not cache
-#
-# In some Microsoft Windows networking environments that employ
-# the WINS name service in addition to DNS, name service lookups
-# that fail may take a noticeably long time to return (approx. 5 seconds).
-# For this reason the default caching policy is to maintain these
-# results for 10 seconds.
-#
-#
-networkaddress.cache.negative.ttl=10
-
-#
-# Properties to configure OCSP for certificate revocation checking
-#
-
-# Enable OCSP
-#
-# By default, OCSP is not used for certificate revocation checking.
-# This property enables the use of OCSP when set to the value "true".
-#
-# NOTE: SocketPermission is required to connect to an OCSP responder.
-#
-# Example,
-#   ocsp.enable=true
-
-#
-# Location of the OCSP responder
-#
-# By default, the location of the OCSP responder is determined implicitly
-# from the certificate being validated. This property explicitly specifies
-# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
-# from the certificate or when it requires overriding.
-#
-# Example,
-#   ocsp.responderURL=http://ocsp.example.net:80
-
-#
-# Subject name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. In cases where
-# the subject name alone is not sufficient to uniquely identify the certificate
-# then both the "ocsp.responderCertIssuerName" and
-# "ocsp.responderCertSerialNumber" properties must be used instead. When this
-# property is set then those two properties are ignored.
-#
-# Example,
-#   ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
-
-#
-# Issuer name of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# distinguished name (defined in RFC 2253) which identifies a certificate in
-# the set of certificates supplied during cert path validation. When this
-# property is set then the "ocsp.responderCertSerialNumber" property must also
-# be set. When the "ocsp.responderCertSubjectName" property is set then this
-# property is ignored.
-#
-# Example,
-#   ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
-
-#
-# Serial number of the OCSP responder's certificate
-#
-# By default, the certificate of the OCSP responder is that of the issuer
-# of the certificate being validated. This property identifies the certificate
-# of the OCSP responder when the default does not apply. Its value is a string
-# of hexadecimal digits (colon or space separators may be present) which
-# identifies a certificate in the set of certificates supplied during cert path
-# validation. When this property is set then the "ocsp.responderCertIssuerName"
-# property must also be set. When the "ocsp.responderCertSubjectName" property
-# is set then this property is ignored.
-#
-# Example,
-#   ocsp.responderCertSerialNumber=2A:FF:00
-
-#
-# Policy for failed Kerberos KDC lookups:
-#
-# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
-# value (case-insensitive) for this policy can be:
-#
-# tryLast
-#    KDCs in the blacklist are always tried after those not on the list.
-#
-# tryLess[:max_retries,timeout]
-#    KDCs in the blacklist are still tried by their order in the configuration,
-#    but with smaller max_retries and timeout values. max_retries and timeout
-#    are optional numerical parameters (default 1 and 5000, which means once
-#    and 5 seconds). Please notes that if any of the values defined here is
-#    more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
-# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
-# reloaded whenever a JAAS authentication is attempted.
-#
-# Example,
-#   krb5.kdc.bad.policy = tryLast
-#   krb5.kdc.bad.policy = tryLess:2,2000
-krb5.kdc.bad.policy = tryLast
-
-# Algorithm restrictions for certification path (CertPath) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# for certification path building and validation.  For example, "MD2" is
-# generally no longer considered to be a secure hash algorithm.  This section
-# describes the mechanism for disabling algorithms based on algorithm name
-# and/or key length.  This includes algorithms used in certificates, as well
-# as revocation information such as CRLs and signed OCSP Responses.
-#
-# The syntax of the disabled algorithm string is described as this Java
-# BNF-style:
-#   DisabledAlgorithms:
-#       " DisabledAlgorithm { , DisabledAlgorithm } "
-#
-#   DisabledAlgorithm:
-#       AlgorithmName [Constraint]
-#
-#   AlgorithmName:
-#       (see below)
-#
-#   Constraint:
-#       KeySizeConstraint
-#
-#   KeySizeConstraint:
-#       keySize Operator DecimalInteger
-#
-#   Operator:
-#       <= | < | == | != | >= | >
-#
-#   DecimalInteger:
-#       DecimalDigits
-#
-#   DecimalDigits:
-#       DecimalDigit {DecimalDigit}
-#
-#   DecimalDigit: one of
-#       1 2 3 4 5 6 7 8 9 0
-#
-# The "AlgorithmName" is the standard algorithm name of the disabled
-# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
-# Documentation" for information about Standard Algorithm Names.  Matching
-# is performed using a case-insensitive sub-element matching rule.  (For
-# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
-# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
-# sub-element of the certificate algorithm name, the algorithm will be
-# rejected during certification path building and validation.  For example,
-# the assertion algorithm name "DSA" will disable all certificate algorithms
-# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
-# will not disable algorithms related to "ECDSA".
-#
-# A "Constraint" provides further guidance for the algorithm being specified.
-# The "KeySizeConstraint" requires a key of a valid size range if the
-# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
-# key size specified in number of bits.  For example, "RSA keySize <= 1024"
-# indicates that any RSA key with key size less than or equal to 1024 bits
-# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
-# that any RSA key with key size less than 1024 or greater than 2048 should
-# be disabled. Note that the "KeySizeConstraint" only makes sense to key
-# algorithms.
-#
-# Note: This property is currently used by Oracle's PKIX implementation. It
-# is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
-#
-#
-jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-
-# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
-# (SSL/TLS) processing
-#
-# In some environments, certain algorithms or key lengths may be undesirable
-# when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
-#
-# For PKI-based peer authentication and key exchange mechanisms, this list
-# of disabled algorithms will also be checked during certification path
-# building and validation, including algorithms used in certificates, as
-# well as revocation information such as CRLs and signed OCSP Responses.
-# This is in addition to the jdk.certpath.disabledAlgorithms property above.
-#
-# See the specification of "jdk.certpath.disabledAlgorithms" for the
-# syntax of the disabled algorithm string.
-#
-# Note: This property is currently used by Oracle's JSSE implementation.
-# It is not guaranteed to be examined and used by other implementations.
-#
-# Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
--- a/src/java.base/unix/native/libjava/UNIXProcess_md.c	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.base/unix/native/libjava/UNIXProcess_md.c	Thu Aug 28 14:54:07 2014 -0700
@@ -599,9 +599,9 @@
      */
     assert(prog != NULL && argBlock != NULL);
     if ((phelperpath = getBytes(env, helperpath))   == NULL) goto Catch;
-    if ((pprog     = getBytes(env, prog))       == NULL) goto Catch;
-    if ((pargBlock = getBytes(env, argBlock))   == NULL) goto Catch;
-    if ((c->argv = NEW(const char *, argc + 3)) == NULL) goto Catch;
+    if ((pprog       = getBytes(env, prog))         == NULL) goto Catch;
+    if ((pargBlock   = getBytes(env, argBlock))     == NULL) goto Catch;
+    if ((c->argv     = NEW(const char *, argc + 3)) == NULL) goto Catch;
     c->argv[0] = pprog;
     c->argc = argc + 2;
     initVectorFromBlock(c->argv+1, pargBlock, argc);
@@ -690,10 +690,11 @@
     closeSafely(childenv[0]);
     closeSafely(childenv[1]);
 
-    releaseBytes(env, prog,     pprog);
-    releaseBytes(env, argBlock, pargBlock);
-    releaseBytes(env, envBlock, penvBlock);
-    releaseBytes(env, dir,      c->pdir);
+    releaseBytes(env, helperpath, phelperpath);
+    releaseBytes(env, prog,       pprog);
+    releaseBytes(env, argBlock,   pargBlock);
+    releaseBytes(env, envBlock,   penvBlock);
+    releaseBytes(env, dir,        c->pdir);
 
     free(c->argv);
     free(c->envv);
--- a/src/java.desktop/macosx/classes/apple/laf/JRSUIControl.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/classes/apple/laf/JRSUIControl.java	Thu Aug 28 14:54:07 2014 -0700
@@ -114,7 +114,7 @@
         changes.putAll(other.changes);
     }
 
-    protected synchronized final void finalize() throws Throwable {
+    protected synchronized void finalize() throws Throwable {
         if (cfDictionaryPtr == 0) return;
         disposeCFDictionary(cfDictionaryPtr);
         cfDictionaryPtr = 0;
--- a/src/java.desktop/macosx/classes/com/apple/laf/AquaInternalFrameUI.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/classes/com/apple/laf/AquaInternalFrameUI.java	Thu Aug 28 14:54:07 2014 -0700
@@ -938,7 +938,11 @@
             final Point pt = new Point();
             final Component c = getComponentToForwardTo(e, pt);
             if (c == null) return;
-            c.dispatchEvent(new MouseWheelEvent(c, e.getID(), e.getWhen(), e.getModifiers(), pt.x, pt.y, e.getClickCount(), e.isPopupTrigger(), e.getScrollType(), e.getScrollAmount(), e.getWheelRotation()));
+            c.dispatchEvent(new MouseWheelEvent(c, e.getID(), e.getWhen(),
+                    e.getModifiers(), pt.x, pt.y, e.getXOnScreen(), e.getYOnScreen(),
+                    e.getClickCount(), e.isPopupTrigger(), e.getScrollType(),
+                    e.getScrollAmount(), e.getWheelRotation(),
+                    e.getPreciseWheelRotation()));
         }
 
         public void componentResized(final ComponentEvent e) {
--- a/src/java.desktop/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/classes/com/apple/laf/AquaTabbedPaneCopyFromBasicUI.java	Thu Aug 28 14:54:07 2014 -0700
@@ -3307,7 +3307,7 @@
                 pane.repaint();
             } else if (name == "indexForTitle") {
                 calculatedBaseline = false;
-                updateHtmlViews((Integer) e.getNewValue());
+                updateHtmlViews((Integer) e.getNewValue(), false);
             } else if (name == "tabLayoutPolicy") {
                 AquaTabbedPaneCopyFromBasicUI.this.uninstallUI(pane);
                 AquaTabbedPaneCopyFromBasicUI.this.installUI(pane);
@@ -3345,7 +3345,7 @@
                 calculatedBaseline = false;
             } else if (name == "indexForNullComponent") {
                 isRunsDirty = true;
-                updateHtmlViews((Integer) e.getNewValue());
+                updateHtmlViews((Integer) e.getNewValue(), true);
             } else if (name == "font") {
                 calculatedBaseline = false;
             }
@@ -3464,10 +3464,10 @@
                 return;
             }
             isRunsDirty = true;
-            updateHtmlViews(tp.indexOfComponent(child));
+            updateHtmlViews(tp.indexOfComponent(child), true);
         }
 
-        private void updateHtmlViews(int index) {
+        private void updateHtmlViews(int index, boolean inserted) {
             final String title = tabPane.getTitleAt(index);
             final boolean isHTML = BasicHTML.isHTMLString(title);
             if (isHTML) {
@@ -3475,16 +3475,24 @@
                     htmlViews = createHTMLVector();
                 } else { // Vector already exists
                     final View v = BasicHTML.createHTMLView(tabPane, title);
-                    htmlViews.insertElementAt(v, index);
+                    setHtmlView(v, inserted, index);
                 }
             } else { // Not HTML
                 if (htmlViews != null) { // Add placeholder
-                    htmlViews.insertElementAt(null, index);
+                    setHtmlView(null, inserted, index);
                 } // else nada!
             }
             updateMnemonics();
         }
 
+        private void setHtmlView(View v, boolean inserted, int index) {
+            if (inserted || index >= htmlViews.size()) {
+                htmlViews.insertElementAt(v, index);
+            } else {
+                htmlViews.setElementAt(v, index);
+            }
+        }
+
         public void componentRemoved(final ContainerEvent e) {
             final JTabbedPane tp = (JTabbedPane)e.getContainer();
             final Component child = e.getChild();
--- a/src/java.desktop/macosx/classes/sun/font/CFontManager.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/classes/sun/font/CFontManager.java	Thu Aug 28 14:54:07 2014 -0700
@@ -43,7 +43,7 @@
 import sun.awt.util.ThreadGroupUtils;
 import sun.lwawt.macosx.*;
 
-public class CFontManager extends SunFontManager {
+public final class CFontManager extends SunFontManager {
     private FontConfigManager fcManager = null;
     private static Hashtable<String, Font2D> genericFonts = new Hashtable<String, Font2D>();
 
@@ -61,20 +61,14 @@
         return new CFontConfiguration(this, preferLocaleFonts, preferPropFonts);
     }
 
-    private static String[] defaultPlatformFont = null;
-
     /*
      * Returns an array of two strings. The first element is the
      * name of the font. The second element is the file name.
      */
     @Override
-    public synchronized String[] getDefaultPlatformFont() {
-        if (defaultPlatformFont == null) {
-            defaultPlatformFont = new String[2];
-            defaultPlatformFont[0] = "Lucida Grande";
-            defaultPlatformFont[1] = "/System/Library/Fonts/LucidaGrande.ttc";
-        }
-        return defaultPlatformFont;
+    protected String[] getDefaultPlatformFont() {
+        return new String[]{"Lucida Grande",
+                            "/System/Library/Fonts/LucidaGrande.ttc"};
     }
 
     // This is a way to register any kind of Font2D, not just files and composites.
--- a/src/java.desktop/macosx/classes/sun/lwawt/LWComponentPeer.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/classes/sun/lwawt/LWComponentPeer.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1233,11 +1233,13 @@
                     delegate, me.getID(), me.getWhen(),
                     me.getModifiers(),
                     me.getX(), me.getY(),
+                    me.getXOnScreen(), me.getYOnScreen(),
                     me.getClickCount(),
                     me.isPopupTrigger(),
                     me.getScrollType(),
                     me.getScrollAmount(),
-                    me.getWheelRotation());
+                    me.getWheelRotation(),
+                    me.getPreciseWheelRotation());
         } else if (e instanceof MouseEvent) {
             MouseEvent me = (MouseEvent) e;
 
--- a/src/java.desktop/macosx/classes/sun/lwawt/LWWindowPeer.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/classes/sun/lwawt/LWWindowPeer.java	Thu Aug 28 14:54:07 2014 -0700
@@ -105,6 +105,8 @@
 
     private final SecurityWarningWindow warningWindow;
 
+    private volatile boolean targetFocusable;
+
     /**
      * Current modal blocker or null.
      *
@@ -240,13 +242,12 @@
         if (!visible && warningWindow != null) {
             warningWindow.setVisible(false, false);
         }
-
+        updateFocusableWindowState();
         super.setVisibleImpl(visible);
         // TODO: update graphicsConfig, see 4868278
         platformWindow.setVisible(visible);
         if (isSimpleWindow()) {
             KeyboardFocusManagerPeer kfmPeer = LWKeyboardFocusManagerPeer.getInstance();
-
             if (visible) {
                 if (!getTarget().isAutoRequestFocus()) {
                     return;
@@ -397,6 +398,7 @@
 
     @Override
     public void updateFocusableWindowState() {
+        targetFocusable = getTarget().isFocusableWindow();
         platformWindow.updateFocusableWindowState();
     }
 
@@ -1220,13 +1222,13 @@
     }
 
     private boolean isFocusableWindow() {
-        boolean focusable = getTarget().isFocusableWindow();
+        boolean focusable  = targetFocusable;
         if (isSimpleWindow()) {
             LWWindowPeer ownerPeer = getOwnerFrameDialog(this);
             if (ownerPeer == null) {
                 return false;
             }
-            return focusable && ownerPeer.getTarget().isFocusableWindow();
+            return focusable && ownerPeer.targetFocusable;
         }
         return focusable;
     }
--- a/src/java.desktop/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java	Thu Aug 28 14:54:07 2014 -0700
@@ -38,7 +38,8 @@
 
     private CPlatformResponder responder;
     private static final Object classLock = new Object();
-    private static volatile CEmbeddedFrame focusedWindow;
+    private static volatile CEmbeddedFrame globalFocusedWindow;
+    private CEmbeddedFrame browserWindowFocusedApplet;
     private boolean parentWindowActive = true;
 
     public CEmbeddedFrame() {
@@ -111,10 +112,10 @@
         synchronized (classLock) {
             // In some cases an applet may not receive the focus lost event
             // from the parent window (see 8012330)
-            focusedWindow = (focused) ? this
-                    : ((focusedWindow == this) ? null : focusedWindow);
+            globalFocusedWindow = (focused) ? this
+                    : ((globalFocusedWindow == this) ? null : globalFocusedWindow);
         }
-        if (focusedWindow == this) {
+        if (globalFocusedWindow == this) {
             // see bug 8010925
             // we can't put this to handleWindowFocusEvent because
             // it won't be invoced if focuse is moved to a html element
@@ -145,9 +146,23 @@
     // non-focused applet. This method can be called from different threads.
     public void handleWindowFocusEvent(boolean parentWindowActive) {
         this.parentWindowActive = parentWindowActive;
+        // If several applets are running in different browser's windows, it is necessary to
+        // detect the switching between the parent windows and update globalFocusedWindow accordingly.
+        synchronized (classLock) {
+            if (!parentWindowActive) {
+                this.browserWindowFocusedApplet = globalFocusedWindow;
+            }
+            if (parentWindowActive && globalFocusedWindow != this && isParentWindowChanged()) {
+                // It looks like we have switched to another browser window, let's restore focus to
+                // the previously focused applet in this window. If no applets were focused in the
+                // window, we will set focus to the first applet in the window.
+                globalFocusedWindow = (this.browserWindowFocusedApplet != null) ? this.browserWindowFocusedApplet
+                        : this;
+            }
+        }
         // ignore focus "lost" native request as it may mistakenly
         // deactivate active window (see 8001161)
-        if (focusedWindow == this && parentWindowActive) {
+        if (globalFocusedWindow == this && parentWindowActive) {
             responder.handleWindowFocusEvent(parentWindowActive, null);
         }
     }
@@ -155,4 +170,10 @@
     public boolean isParentWindowActive() {
         return parentWindowActive;
     }
+
+    private boolean isParentWindowChanged() {
+        // If globalFocusedWindow is located at inactive parent window or null, we have swithed to
+        // another window.
+        return globalFocusedWindow != null ? !globalFocusedWindow.isParentWindowActive() : true;
+    }
 }
--- a/src/java.desktop/macosx/classes/sun/lwawt/macosx/NSPrintInfo.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/classes/sun/lwawt/macosx/NSPrintInfo.java	Thu Aug 28 14:54:07 2014 -0700
@@ -54,11 +54,11 @@
         return "" + fNSPrintInfo;
     }
 
-    public final Class<? extends Attribute> getCategory() {
+    public Class<? extends Attribute> getCategory() {
         return NSPrintInfo.class;
     }
 
-    public final String getName() {
+    public String getName() {
         return "nsPrintInfo";
     }
 }
--- a/src/java.desktop/macosx/native/libawt_lwawt/sun/awt/JavaComponentAccessibility.m	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/macosx/native/libawt_lwawt/sun/awt/JavaComponentAccessibility.m	Thu Aug 28 14:54:07 2014 -0700
@@ -1108,7 +1108,10 @@
     JNIEnv *env = [ThreadUtilities getJNIEnv];
     id value = nil;
 
+    NSWindow* hostWindow = [[self->fView window] retain];
     jobject focused = JNFCallStaticObjectMethod(env, jm_getFocusOwner, fComponent); // AWT_THREADING Safe (AWTRunLoop)
+    [hostWindow release];
+    
     if (focused != NULL) {
         if (JNFIsInstanceOf(env, focused, &sjc_Accessible)) {
             value = [JavaComponentAccessibility createWithAccessible:focused withEnv:env withView:fView];
--- a/src/java.desktop/share/classes/com/sun/media/sound/FFT.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/FFT.java	Thu Aug 28 14:54:07 2014 -0700
@@ -68,7 +68,7 @@
         calc(fftFrameSize, data, sign, w);
     }
 
-    private final static double[] computeTwiddleFactors(int fftFrameSize,
+    private static double[] computeTwiddleFactors(int fftFrameSize,
             int sign) {
 
         int imax = (int) (Math.log(fftFrameSize) / Math.log(2.));
@@ -122,7 +122,7 @@
         return warray;
     }
 
-    private final static void calc(int fftFrameSize, double[] data, int sign,
+    private static void calc(int fftFrameSize, double[] data, int sign,
             double[] w) {
 
         final int fftFrameSize2 = fftFrameSize << 1;
@@ -139,7 +139,7 @@
 
     }
 
-    private final static void calcF2E(int fftFrameSize, double[] data, int i,
+    private static void calcF2E(int fftFrameSize, double[] data, int i,
             int nstep, double[] w) {
         int jmax = nstep;
         for (int n = 0; n < jmax; n += 2) {
@@ -163,7 +163,7 @@
 
     // Perform Factor-4 Decomposition with 3 * complex operators and 8 +/-
     // complex operators
-    private final static void calcF4F(int fftFrameSize, double[] data, int i,
+    private static void calcF4F(int fftFrameSize, double[] data, int i,
             int nstep, double[] w) {
         final int fftFrameSize2 = fftFrameSize << 1; // 2*fftFrameSize;
         // Factor-4 Decomposition
@@ -331,7 +331,7 @@
 
     // Perform Factor-4 Decomposition with 3 * complex operators and 8 +/-
     // complex operators
-    private final static void calcF4I(int fftFrameSize, double[] data, int i,
+    private static void calcF4I(int fftFrameSize, double[] data, int i,
             int nstep, double[] w) {
         final int fftFrameSize2 = fftFrameSize << 1; // 2*fftFrameSize;
         // Factor-4 Decomposition
@@ -499,7 +499,7 @@
 
     // Perform Factor-4 Decomposition with 3 * complex operators and 8 +/-
     // complex operators
-    private final static void calcF4FE(int fftFrameSize, double[] data, int i,
+    private static void calcF4FE(int fftFrameSize, double[] data, int i,
             int nstep, double[] w) {
         final int fftFrameSize2 = fftFrameSize << 1; // 2*fftFrameSize;
         // Factor-4 Decomposition
@@ -593,7 +593,7 @@
 
     // Perform Factor-4 Decomposition with 3 * complex operators and 8 +/-
     // complex operators
-    private final static void calcF4IE(int fftFrameSize, double[] data, int i,
+    private static void calcF4IE(int fftFrameSize, double[] data, int i,
             int nstep, double[] w) {
         final int fftFrameSize2 = fftFrameSize << 1; // 2*fftFrameSize;
         // Factor-4 Decomposition
@@ -685,7 +685,7 @@
 
     }
 
-    private final void bitreversal(double[] data) {
+    private void bitreversal(double[] data) {
         if (fftFrameSize < 4)
             return;
 
--- a/src/java.desktop/share/classes/com/sun/media/sound/JDK13Services.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/JDK13Services.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.media.sound;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -176,11 +178,11 @@
                 && !Sequencer.class.equals(typeClass)) {
             return null;
         }
-        String value;
-        String propertyName = typeClass.getName();
-        value = JSSecurityManager.getProperty(propertyName);
+        String name = typeClass.getName();
+        String value = AccessController.doPrivileged(
+                (PrivilegedAction<String>) () -> System.getProperty(name));
         if (value == null) {
-            value = getProperties().getProperty(propertyName);
+            value = getProperties().getProperty(name);
         }
         if ("".equals(value)) {
             value = null;
--- a/src/java.desktop/share/classes/com/sun/media/sound/JSSecurityManager.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/JSSecurityManager.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -73,33 +73,6 @@
         }
     }
 
-    static String getProperty(final String propertyName) {
-        String propertyValue;
-        if (hasSecurityManager()) {
-            if(Printer.debug) Printer.debug("using JDK 1.2 security to get property");
-            try{
-                PrivilegedAction<String> action = new PrivilegedAction<String>() {
-                        public String run() {
-                            try {
-                                return System.getProperty(propertyName);
-                            } catch (Throwable t) {
-                                return null;
-                            }
-                        }
-                    };
-                propertyValue = AccessController.doPrivileged(action);
-            } catch( Exception e ) {
-                if(Printer.debug) Printer.debug("not using JDK 1.2 security to get properties");
-                propertyValue = System.getProperty(propertyName);
-            }
-        } else {
-            if(Printer.debug) Printer.debug("not using JDK 1.2 security to get properties");
-            propertyValue = System.getProperty(propertyName);
-        }
-        return propertyValue;
-    }
-
-
     /** Load properties from a file.
         This method tries to load properties from the filename give into
         the passed properties object.
--- a/src/java.desktop/share/classes/com/sun/media/sound/Platform.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/Platform.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -74,17 +74,6 @@
     // intel is little-endian.  sparc is big-endian.
     private static boolean bigEndian;
 
-    // this is the value of the "java.home" system property.  i am looking it up here
-    // for use when trying to load the soundbank, just so
-    // that all the privileged code is localized in this file....
-    private static String javahome;
-
-    // this is the value of the "java.class.path" system property
-    private static String classpath;
-
-
-
-
     static {
         if(Printer.trace)Printer.trace(">> Platform.java: static");
 
@@ -129,26 +118,6 @@
         return signed8;
     }
 
-
-    /**
-     * Obtain javahome.
-     * $$kk: 04.16.99: this is *bad*!!
-     */
-    static String getJavahome() {
-
-        return javahome;
-    }
-
-    /**
-     * Obtain classpath.
-     * $$jb: 04.21.99: this is *bad* too!!
-     */
-    static String getClasspath() {
-
-        return classpath;
-    }
-
-
     // PRIVATE METHODS
 
     /**
@@ -157,21 +126,13 @@
     private static void loadLibraries() {
         if(Printer.trace)Printer.trace(">>Platform.loadLibraries");
 
-        try {
-            // load the main library
-            AccessController.doPrivileged(new PrivilegedAction<Void>() {
-                @Override
-                public Void run() {
-                    System.loadLibrary(libNameMain);
-                    return null;
-                }
-            });
-            // just for the heck of it...
-            loadedLibs |= LIB_MAIN;
-        } catch (SecurityException e) {
-            if(Printer.err)Printer.err("Security exception loading main native library.  JavaSound requires access to these resources.");
-            throw(e);
-        }
+        // load the main library
+        AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+            System.loadLibrary(libNameMain);
+            return null;
+        });
+        // just for the heck of it...
+        loadedLibs |= LIB_MAIN;
 
         // now try to load extra libs. They are defined at compile time in the Makefile
         // with the define EXTRA_SOUND_JNI_LIBS
@@ -181,12 +142,9 @@
         while (st.hasMoreTokens()) {
             final String lib = st.nextToken();
             try {
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
-                    @Override
-                    public Void run() {
-                        System.loadLibrary(lib);
-                        return null;
-                    }
+                AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+                    System.loadLibrary(lib);
+                    return null;
                 });
 
                 if (lib.equals(libNameALSA)) {
@@ -239,7 +197,5 @@
         // $$fb 2002-03-06: implement check for endianness in native. Facilitates porting !
         bigEndian = nIsBigEndian();
         signed8 = nIsSigned8(); // Solaris on Sparc: signed, all others unsigned
-        javahome = JSSecurityManager.getProperty("java.home");
-        classpath = JSSecurityManager.getProperty("java.class.path");
     }
 }
--- a/src/java.desktop/share/classes/com/sun/media/sound/RIFFReader.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/RIFFReader.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,21 +39,20 @@
     private long filepointer = 0;
     private final String fourcc;
     private String riff_type = null;
-    private long ckSize = 0;
+    private long ckSize = Integer.MAX_VALUE;
     private InputStream stream;
-    private long avail;
+    private long avail = Integer.MAX_VALUE;
     private RIFFReader lastiterator = null;
 
     public RIFFReader(InputStream stream) throws IOException {
 
-        if (stream instanceof RIFFReader)
-            root = ((RIFFReader)stream).root;
-        else
+        if (stream instanceof RIFFReader) {
+            root = ((RIFFReader) stream).root;
+        } else {
             root = this;
+        }
 
         this.stream = stream;
-        avail = Integer.MAX_VALUE;
-        ckSize = Integer.MAX_VALUE;
 
         // Check for RIFF null paddings,
         int b;
@@ -76,10 +75,12 @@
         readFully(fourcc, 1, 3);
         this.fourcc = new String(fourcc, "ascii");
         ckSize = readUnsignedInt();
-
-        avail = this.ckSize;
+        avail = ckSize;
 
         if (getFormat().equals("RIFF") || getFormat().equals("LIST")) {
+            if (avail > Integer.MAX_VALUE) {
+                throw new RIFFInvalidDataException("Chunk size too big");
+            }
             byte[] format = new byte[4];
             readFully(format);
             this.riff_type = new String(format, "ascii");
@@ -118,19 +119,23 @@
     }
 
     public int read() throws IOException {
-        if (avail == 0)
+        if (avail == 0) {
             return -1;
+        }
         int b = stream.read();
-        if (b == -1)
+        if (b == -1) {
+            avail = 0;
             return -1;
+        }
         avail--;
         filepointer++;
         return b;
     }
 
     public int read(byte[] b, int offset, int len) throws IOException {
-        if (avail == 0)
+        if (avail == 0) {
             return -1;
+        }
         if (len > avail) {
             int rlen = stream.read(b, offset, (int)avail);
             if (rlen != -1)
@@ -139,19 +144,21 @@
             return rlen;
         } else {
             int ret = stream.read(b, offset, len);
-            if (ret == -1)
+            if (ret == -1) {
+                avail = 0;
                 return -1;
+            }
             avail -= ret;
             filepointer += ret;
             return ret;
         }
     }
 
-    public final void readFully(byte b[]) throws IOException {
+    public void readFully(byte b[]) throws IOException {
         readFully(b, 0, b.length);
     }
 
-    public final void readFully(byte b[], int off, int len) throws IOException {
+    public void readFully(byte b[], int off, int len) throws IOException {
         if (len < 0)
             throw new IndexOutOfBoundsException();
         while (len > 0) {
@@ -165,7 +172,7 @@
         }
     }
 
-    public final long skipBytes(long n) throws IOException {
+    public long skipBytes(long n) throws IOException {
         if (n < 0)
             return 0;
         long skipped = 0;
@@ -191,8 +198,10 @@
             return len;
         } else {
             long ret = stream.skip(n);
-            if (ret == -1)
+            if (ret == -1) {
+                avail = 0;
                 return -1;
+            }
             avail -= ret;
             filepointer += ret;
             return ret;
@@ -210,8 +219,13 @@
     }
 
     // Read ASCII chars from stream
-    public String readString(int len) throws IOException {
-        byte[] buff = new byte[len];
+    public String readString(final int len) throws IOException {
+        final byte[] buff;
+        try {
+            buff = new byte[len];
+        } catch (final OutOfMemoryError oom) {
+            throw new IOException("Length too big", oom);
+        }
         readFully(buff);
         for (int i = 0; i < buff.length; i++) {
             if (buff[i] == 0) {
--- a/src/java.desktop/share/classes/com/sun/media/sound/SF2Soundbank.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/SF2Soundbank.java	Thu Aug 28 14:54:07 2014 -0700
@@ -276,6 +276,9 @@
                     count--;
                 }
 
+                if (presets_bagNdx.isEmpty()) {
+                    throw new RIFFInvalidDataException();
+                }
                 int offset = presets_bagNdx.get(0);
                 // Offset should be 0 (but just case)
                 for (int i = 0; i < offset; i++) {
@@ -360,6 +363,9 @@
                     count--;
                 }
 
+                if (instruments_bagNdx.isEmpty()) {
+                    throw new RIFFInvalidDataException();
+                }
                 int offset = instruments_bagNdx.get(0);
                 // Offset should be 0 (but just case)
                 for (int i = 0; i < offset; i++) {
@@ -401,6 +407,9 @@
                     modulator.amount = chunk.readShort();
                     modulator.amountSourceOperator = chunk.readUnsignedShort();
                     modulator.transportOperator = chunk.readUnsignedShort();
+                    if (i < 0 || i >= instruments_splits_gen.size()) {
+                        throw new RIFFInvalidDataException();
+                    }
                     SF2LayerRegion split = instruments_splits_gen.get(i);
                     if (split != null)
                         split.modulators.add(modulator);
@@ -424,7 +433,8 @@
                     sample.name = chunk.readString(20);
                     long start = chunk.readUnsignedInt();
                     long end = chunk.readUnsignedInt();
-                    sample.data = sampleData.subbuffer(start * 2, end * 2, true);
+                    if (sampleData != null)
+                        sample.data = sampleData.subbuffer(start * 2, end * 2, true);
                     if (sampleData24 != null)
                         sample.data24 = sampleData24.subbuffer(start, end, true);
                     /*
@@ -462,6 +472,9 @@
                     int sampleid = split.generators.get(
                             SF2LayerRegion.GENERATOR_SAMPLEID);
                     split.generators.remove(SF2LayerRegion.GENERATOR_SAMPLEID);
+                    if (sampleid < 0 || sampleid >= samples.size()) {
+                        throw new RIFFInvalidDataException();
+                    }
                     split.sample = samples.get(sampleid);
                 } else {
                     globalsplit = split;
@@ -488,6 +501,9 @@
                     int instrumentid = split.generators.get(
                             SF2InstrumentRegion.GENERATOR_INSTRUMENT);
                     split.generators.remove(SF2LayerRegion.GENERATOR_INSTRUMENT);
+                    if (instrumentid < 0 || instrumentid >= layers.size()) {
+                        throw new RIFFInvalidDataException();
+                    }
                     split.layer = layers.get(instrumentid);
                 } else {
                     globalsplit = split;
--- a/src/java.desktop/share/classes/com/sun/media/sound/SoftMidiAudioFileReader.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/SoftMidiAudioFileReader.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,6 +22,7 @@
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */
+
 package com.sun.media.sound;
 
 import java.io.File;
@@ -39,14 +40,14 @@
 import javax.sound.midi.Sequence;
 import javax.sound.midi.Track;
 import javax.sound.sampled.AudioFileFormat;
+import javax.sound.sampled.AudioFileFormat.Type;
 import javax.sound.sampled.AudioFormat;
 import javax.sound.sampled.AudioInputStream;
 import javax.sound.sampled.UnsupportedAudioFileException;
-import javax.sound.sampled.AudioFileFormat.Type;
 import javax.sound.sampled.spi.AudioFileReader;
 
 /**
- * MIDI File Audio Renderer/Reader
+ * MIDI File Audio Renderer/Reader.
  *
  * @author Karl Helgason
  */
@@ -109,6 +110,9 @@
                 if (divtype == Sequence.PPQ) {
                     if (((MetaMessage) msg).getType() == 0x51) {
                         byte[] data = ((MetaMessage) msg).getData();
+                        if (data.length < 3) {
+                            throw new UnsupportedAudioFileException();
+                        }
                         mpq = ((data[0] & 0xff) << 16)
                                 | ((data[1] & 0xff) << 8) | (data[2] & 0xff);
                     }
--- a/src/java.desktop/share/classes/com/sun/media/sound/SoftSynthesizer.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/SoftSynthesizer.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
 import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -732,31 +733,28 @@
                  * Save generated soundbank to disk for faster future use.
                  */
                 OutputStream out = AccessController
-                        .doPrivileged(new PrivilegedAction<OutputStream>() {
-                            public OutputStream run() {
-                                try {
-                                    File userhome = new File(System
-                                            .getProperty("user.home"),
-                                            ".gervill");
-                                    if (!userhome.exists())
-                                        userhome.mkdirs();
-                                    File emg_soundbank_file = new File(
-                                            userhome, "soundbank-emg.sf2");
-                                    if (emg_soundbank_file.exists())
-                                        return null;
-                                    return new FileOutputStream(
-                                            emg_soundbank_file);
-                                } catch (IOException e) {
-                                } catch (SecurityException e) {
+                        .doPrivileged((PrivilegedAction<OutputStream>) () -> {
+                            try {
+                                File userhome = new File(System
+                                        .getProperty("user.home"), ".gervill");
+                                if (!userhome.exists()) {
+                                    userhome.mkdirs();
                                 }
-                                return null;
+                                File emg_soundbank_file = new File(
+                                        userhome, "soundbank-emg.sf2");
+                                if (emg_soundbank_file.exists()) {
+                                    return null;
+                                }
+                                return new FileOutputStream(emg_soundbank_file);
+                            } catch (final FileNotFoundException ignored) {
                             }
+                            return null;
                         });
                 if (out != null) {
                     try {
                         ((SF2Soundbank) defaultSoundBank).save(out);
                         out.close();
-                    } catch (IOException e) {
+                    } catch (final IOException ignored) {
                     }
                 }
             }
@@ -846,26 +844,24 @@
 
     private Properties getStoredProperties() {
         return AccessController
-                .doPrivileged(new PrivilegedAction<Properties>() {
-                    public Properties run() {
-                        Properties p = new Properties();
-                        String notePath = "/com/sun/media/sound/softsynthesizer";
-                        try {
-                            Preferences prefroot = Preferences.userRoot();
-                            if (prefroot.nodeExists(notePath)) {
-                                Preferences prefs = prefroot.node(notePath);
-                                String[] prefs_keys = prefs.keys();
-                                for (String prefs_key : prefs_keys) {
-                                    String val = prefs.get(prefs_key, null);
-                                    if (val != null)
-                                        p.setProperty(prefs_key, val);
+                .doPrivileged((PrivilegedAction<Properties>) () -> {
+                    Properties p = new Properties();
+                    String notePath = "/com/sun/media/sound/softsynthesizer";
+                    try {
+                        Preferences prefroot = Preferences.userRoot();
+                        if (prefroot.nodeExists(notePath)) {
+                            Preferences prefs = prefroot.node(notePath);
+                            String[] prefs_keys = prefs.keys();
+                            for (String prefs_key : prefs_keys) {
+                                String val = prefs.get(prefs_key, null);
+                                if (val != null) {
+                                    p.setProperty(prefs_key, val);
                                 }
                             }
-                        } catch (BackingStoreException e) {
-                        } catch (SecurityException e) {
                         }
-                        return p;
+                    } catch (final BackingStoreException ignored) {
                     }
+                    return p;
                 });
     }
 
@@ -1044,7 +1040,6 @@
             return;
         }
         synchronized (control_mutex) {
-            Throwable causeException = null;
             try {
                 if (line != null) {
                     // can throw IllegalArgumentException
@@ -1117,24 +1112,17 @@
                     weakstream.sourceDataLine = sourceDataLine;
                 }
 
-            } catch (LineUnavailableException e) {
-                causeException = e;
-            } catch (IllegalArgumentException e) {
-                causeException = e;
-            } catch (SecurityException e) {
-                causeException = e;
-            }
-
-            if (causeException != null) {
-                if (isOpen())
+            } catch (final LineUnavailableException | SecurityException
+                    | IllegalArgumentException e) {
+                if (isOpen()) {
                     close();
+                }
                 // am: need MidiUnavailableException(Throwable) ctor!
                 MidiUnavailableException ex = new MidiUnavailableException(
                         "Can not open line");
-                ex.initCause(causeException);
+                ex.initCause(e);
                 throw ex;
             }
-
         }
     }
 
--- a/src/java.desktop/share/classes/com/sun/media/sound/StandardMidiFileReader.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/com/sun/media/sound/StandardMidiFileReader.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,27 +25,25 @@
 
 package com.sun.media.sound;
 
+import java.io.BufferedInputStream;
 import java.io.DataInputStream;
+import java.io.EOFException;
 import java.io.File;
 import java.io.FileInputStream;
+import java.io.IOException;
 import java.io.InputStream;
-import java.io.IOException;
-import java.io.EOFException;
-import java.io.BufferedInputStream;
 import java.net.URL;
 
-import javax.sound.midi.MidiFileFormat;
 import javax.sound.midi.InvalidMidiDataException;
 import javax.sound.midi.MetaMessage;
 import javax.sound.midi.MidiEvent;
+import javax.sound.midi.MidiFileFormat;
 import javax.sound.midi.MidiMessage;
 import javax.sound.midi.Sequence;
 import javax.sound.midi.SysexMessage;
 import javax.sound.midi.Track;
 import javax.sound.midi.spi.MidiFileReader;
 
-
-
 /**
  * MIDI file reader.
  *
@@ -53,19 +51,23 @@
  * @author Jan Borgersen
  * @author Florian Bomers
  */
-
 public final class StandardMidiFileReader extends MidiFileReader {
 
     private static final int MThd_MAGIC = 0x4d546864;  // 'MThd'
 
     private static final int bisBufferSize = 1024; // buffer size in buffered input streams
 
-    public MidiFileFormat getMidiFileFormat(InputStream stream) throws InvalidMidiDataException, IOException {
+    public MidiFileFormat getMidiFileFormat(InputStream stream)
+            throws InvalidMidiDataException, IOException {
         return getMidiFileFormatFromStream(stream, MidiFileFormat.UNKNOWN_LENGTH, null);
     }
 
-    // $$fb 2002-04-17: part of fix for 4635286: MidiSystem.getMidiFileFormat() returns format having invalid length
-    private MidiFileFormat getMidiFileFormatFromStream(InputStream stream, int fileLength, SMFParser smfParser) throws InvalidMidiDataException, IOException {
+    // $$fb 2002-04-17: part of fix for 4635286: MidiSystem.getMidiFileFormat()
+    // returns format having invalid length
+    private MidiFileFormat getMidiFileFormatFromStream(InputStream stream,
+                                                       int fileLength,
+                                                       SMFParser smfParser)
+            throws InvalidMidiDataException, IOException{
         int maxReadLength = 16;
         int duration = MidiFileFormat.UNKNOWN_LENGTH;
         DataInputStream dis;
@@ -230,7 +232,7 @@
 //=============================================================================================================
 
 /**
- * State variables during parsing of a MIDI file
+ * State variables during parsing of a MIDI file.
  */
 final class SMFParser {
     private static final int MTrk_MAGIC = 0x4d54726b;  // 'MTrk'
@@ -297,7 +299,11 @@
             }
         }
         // now read track in a byte array
-        trackData = new byte[trackLength];
+        try {
+            trackData = new byte[trackLength];
+        } catch (final OutOfMemoryError oom) {
+            throw new IOException("Track length too big", oom);
+        }
         try {
             // $$fb 2003-08-20: fix for 4910986: MIDI file parser breaks up on http connection
             stream.readFully(trackData);
@@ -386,8 +392,13 @@
                         // meta
                         int metaType = readUnsigned();
                         int metaLength = (int) readVarInt();
+                        final byte[] metaData;
+                        try {
+                            metaData = new byte[metaLength];
+                        } catch (final OutOfMemoryError oom) {
+                            throw new IOException("Meta length too big", oom);
+                        }
 
-                        byte[] metaData = new byte[metaLength];
                         read(metaData);
 
                         MetaMessage metaMessage = new MetaMessage();
@@ -413,5 +424,4 @@
             throw new EOFException("invalid MIDI file");
         }
     }
-
 }
--- a/src/java.desktop/share/classes/java/awt/datatransfer/Clipboard.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/java/awt/datatransfer/Clipboard.java	Thu Aug 28 14:54:07 2014 -0700
@@ -25,7 +25,7 @@
 
 package java.awt.datatransfer;
 
-import java.awt.EventQueue;
+import sun.datatransfer.DataFlavorUtil;
 
 import java.util.Objects;
 import java.util.Set;
@@ -130,7 +130,8 @@
         this.contents = contents;
 
         if (oldOwner != null && oldOwner != owner) {
-            EventQueue.invokeLater(() -> oldOwner.lostOwnership(Clipboard.this, oldContents));
+            DataFlavorUtil.getDesktopService().invokeOnEventThread(() ->
+                    oldOwner.lostOwnership(Clipboard.this, oldContents));
         }
         fireFlavorsChanged();
     }
@@ -324,7 +325,7 @@
             return;
         }
         flavorListeners.forEach(listener ->
-                EventQueue.invokeLater(() ->
+                DataFlavorUtil.getDesktopService().invokeOnEventThread(() ->
                         listener.flavorsChanged(new FlavorEvent(Clipboard.this))));
     }
 
--- a/src/java.desktop/share/classes/java/awt/datatransfer/DataFlavor.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/java/awt/datatransfer/DataFlavor.java	Thu Aug 28 14:54:07 2014 -0700
@@ -25,7 +25,7 @@
 
 package java.awt.datatransfer;
 
-import sun.awt.datatransfer.DataTransferer;
+import sun.datatransfer.DataFlavorUtil;
 import sun.reflect.misc.ReflectUtil;
 
 import java.io.ByteArrayInputStream;
@@ -44,7 +44,6 @@
 import java.nio.CharBuffer;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Comparator;
 import java.util.Objects;
 
 import static sun.security.util.SecurityConstants.GET_CLASSLOADER_PERMISSION;
@@ -582,12 +581,12 @@
         } else {
            params += representationClass.getName();
         }
-        if (DataTransferer.isFlavorCharsetTextType(this) &&
+        if (DataFlavorUtil.isFlavorCharsetTextType(this) &&
             (isRepresentationClassInputStream() ||
              isRepresentationClassByteBuffer() ||
              byte[].class.equals(representationClass)))
         {
-            params += ";charset=" + DataTransferer.getTextCharset(this);
+            params += ";charset=" + DataFlavorUtil.getTextCharset(this);
         }
         return params;
     }
@@ -609,13 +608,8 @@
      * @since 1.3
      */
     public static final DataFlavor getTextPlainUnicodeFlavor() {
-        String encoding = null;
-        DataTransferer transferer = DataTransferer.getInstance();
-        if (transferer != null) {
-            encoding = transferer.getDefaultUnicodeEncoding();
-        }
         return new DataFlavor(
-            "text/plain;charset="+encoding
+            "text/plain;charset=" + DataFlavorUtil.getDesktopService().getDefaultUnicodeEncoding()
             +";class=java.io.InputStream", "Plain Text");
     }
 
@@ -741,12 +735,8 @@
             return null;
         }
 
-        if (textFlavorComparator == null) {
-            textFlavorComparator = new TextFlavorComparator();
-        }
-
         DataFlavor bestFlavor = Collections.max(Arrays.asList(availableFlavors),
-                                                textFlavorComparator);
+                                                DataFlavorUtil.getTextFlavorComparator());
 
         if (!bestFlavor.isFlavorTextType()) {
             return null;
@@ -755,46 +745,6 @@
         return bestFlavor;
     }
 
-    private static Comparator<DataFlavor> textFlavorComparator;
-
-    static class TextFlavorComparator
-            extends DataTransferer.DataFlavorComparator {
-
-        /**
-         * Compares two <code>DataFlavor</code> objects. Returns a negative
-         * integer, zero, or a positive integer as the first
-         * <code>DataFlavor</code> is worse than, equal to, or better than the
-         * second.
-         * <p>
-         * <code>DataFlavor</code>s are ordered according to the rules outlined
-         * for <code>selectBestTextFlavor</code>.
-         *
-         * @param flavor1 the first <code>DataFlavor</code> to be compared
-         * @param flavor2 the second <code>DataFlavor</code> to be compared
-         * @return a negative integer, zero, or a positive integer as the first
-         *         argument is worse, equal to, or better than the second
-         * @throws ClassCastException if either of the arguments is not an
-         *         instance of <code>DataFlavor</code>
-         * @throws NullPointerException if either of the arguments is
-         *         <code>null</code>
-         *
-         * @see #selectBestTextFlavor
-         */
-        public int compare(DataFlavor flavor1, DataFlavor flavor2) {
-            if (flavor1.isFlavorTextType()) {
-                if (flavor2.isFlavorTextType()) {
-                    return super.compare(flavor1, flavor2);
-                } else {
-                    return 1;
-                }
-            } else if (flavor2.isFlavorTextType()) {
-                return -1;
-            } else {
-                return 0;
-            }
-        }
-    }
-
     /**
      * Gets a Reader for a text flavor, decoded, if necessary, for the expected
      * charset (encoding). The supported representation classes are
@@ -1015,13 +965,13 @@
             }
 
             if ("text".equals(getPrimaryType())) {
-                if (DataTransferer.doesSubtypeSupportCharset(this)
+                if (DataFlavorUtil.doesSubtypeSupportCharset(this)
                         && representationClass != null
                         && !isStandardTextRepresentationClass()) {
                     String thisCharset =
-                            DataTransferer.canonicalName(this.getParameter("charset"));
+                            DataFlavorUtil.canonicalName(this.getParameter("charset"));
                     String thatCharset =
-                            DataTransferer.canonicalName(that.getParameter("charset"));
+                            DataFlavorUtil.canonicalName(that.getParameter("charset"));
                     if (!Objects.equals(thisCharset, thatCharset)) {
                         return false;
                     }
@@ -1088,10 +1038,10 @@
             // subTypes is '*', regardless of the other subType.
 
             if ("text".equals(primaryType)) {
-                if (DataTransferer.doesSubtypeSupportCharset(this)
+                if (DataFlavorUtil.doesSubtypeSupportCharset(this)
                         && representationClass != null
                         && !isStandardTextRepresentationClass()) {
-                    String charset = DataTransferer.canonicalName(getParameter("charset"));
+                    String charset = DataFlavorUtil.canonicalName(getParameter("charset"));
                     if (charset != null) {
                         total += charset.hashCode();
                     }
@@ -1280,9 +1230,8 @@
     * Returns true if the representation class is <code>Remote</code>.
     * @return true if the representation class is <code>Remote</code>
     */
-
     public boolean isRepresentationClassRemote() {
-        return DataTransferer.isRemote(representationClass);
+        return DataFlavorUtil.RMI.isRemote(representationClass);
     }
 
    /**
@@ -1356,8 +1305,8 @@
      * @since 1.4
      */
     public boolean isFlavorTextType() {
-        return (DataTransferer.isFlavorCharsetTextType(this) ||
-                DataTransferer.isFlavorNoncharsetTextType(this));
+        return (DataFlavorUtil.isFlavorCharsetTextType(this) ||
+                DataFlavorUtil.isFlavorNoncharsetTextType(this));
     }
 
    /**
--- a/src/java.desktop/share/classes/java/awt/datatransfer/SystemFlavorMap.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/java/awt/datatransfer/SystemFlavorMap.java	Thu Aug 28 14:54:07 2014 -0700
@@ -25,22 +25,15 @@
 
 package java.awt.datatransfer;
 
-import java.awt.Toolkit;
-
-import java.io.BufferedInputStream;
-import java.io.InputStream;
-import java.lang.ref.SoftReference;
+import sun.datatransfer.DataFlavorUtil;
+import sun.datatransfer.DesktopDatatransferService;
 
 import java.io.BufferedReader;
-import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.io.IOException;
-
-import java.net.URL;
-import java.net.MalformedURLException;
-
+import java.lang.ref.SoftReference;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -48,12 +41,8 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-import java.util.Properties;
 import java.util.Set;
 
-import sun.awt.AppContext;
-import sun.awt.datatransfer.DataTransferer;
-
 /**
  * The SystemFlavorMap is a configurable map between "natives" (Strings), which
  * correspond to platform-specific data formats, and "flavors" (DataFlavors),
@@ -74,13 +63,6 @@
     private static final Object FLAVOR_MAP_KEY = new Object();
 
     /**
-     * Copied from java.util.Properties.
-     */
-    private static final String keyValueSeparators = "=: \t\r\n\f";
-    private static final String strictKeyValueSeparators = "=:";
-    private static final String whiteSpaceChars = " \t\r\n\f";
-
-    /**
      * The list of valid, decoded text flavor representation classes, in order
      * from best to worst.
      */
@@ -198,16 +180,11 @@
 
     /**
      * Returns the default FlavorMap for this thread's ClassLoader.
+     *
      * @return the default FlavorMap for this thread's ClassLoader
      */
     public static FlavorMap getDefaultFlavorMap() {
-        AppContext context = AppContext.getAppContext();
-        FlavorMap fm = (FlavorMap) context.get(FLAVOR_MAP_KEY);
-        if (fm == null) {
-            fm = new SystemFlavorMap();
-            context.put(FLAVOR_MAP_KEY, fm);
-        }
-        return fm;
+        return DataFlavorUtil.getDesktopService().getFlavorMap(SystemFlavorMap::new);
     }
 
     private SystemFlavorMap() {
@@ -223,7 +200,7 @@
         }
         isMapInitialized = true;
 
-        InputStream is = SystemFlavorMap.class.getResourceAsStream("/sun/awt/datatransfer/flavormap.properties");
+        InputStream is = SystemFlavorMap.class.getResourceAsStream("/sun/datatransfer/resources/flavormap.properties");
         if (is == null) {
             throw new InternalError("Default flavor mapping not found");
         }
@@ -238,22 +215,25 @@
                     line = line.substring(0, line.length() - 1) + reader.readLine().trim();
                 }
                 int delimiterPosition = line.indexOf('=');
-                String key = line.substring(0, delimiterPosition).replace("\\ ", " ");
+                String key = line.substring(0, delimiterPosition).replaceAll("\\ ", " ");
                 String[] values = line.substring(delimiterPosition + 1, line.length()).split(",");
                 for (String value : values) {
                     try {
+                        value = loadConvert(value);
                         MimeType mime = new MimeType(value);
                         if ("text".equals(mime.getPrimaryType())) {
                             String charset = mime.getParameter("charset");
-                            if (DataTransferer.doesSubtypeSupportCharset(mime.getSubType(), charset))
+                            if (DataFlavorUtil.doesSubtypeSupportCharset(mime.getSubType(), charset))
                             {
                                 // We need to store the charset and eoln
                                 // parameters, if any, so that the
                                 // DataTransferer will have this information
                                 // for conversion into the native format.
-                                DataTransferer transferer = DataTransferer.getInstance();
-                                if (transferer != null) {
-                                    transferer.registerTextFlavorProperties(key, charset,
+                                DesktopDatatransferService desktopService =
+                                        DataFlavorUtil.getDesktopService();
+                                if (desktopService.isDesktopPresent()) {
+                                    desktopService.registerTextFlavorProperties(
+                                            key, charset,
                                             mime.getParameter("eoln"),
                                             mime.getParameter("terminators"));
                                 }
@@ -305,6 +285,63 @@
         }
     }
 
+    // Copied from java.util.Properties
+    private static String loadConvert(String theString) {
+        char aChar;
+        int len = theString.length();
+        StringBuilder outBuffer = new StringBuilder(len);
+
+        for (int x = 0; x < len; ) {
+            aChar = theString.charAt(x++);
+            if (aChar == '\\') {
+                aChar = theString.charAt(x++);
+                if (aChar == 'u') {
+                    // Read the xxxx
+                    int value = 0;
+                    for (int i = 0; i < 4; i++) {
+                        aChar = theString.charAt(x++);
+                        switch (aChar) {
+                            case '0': case '1': case '2': case '3': case '4':
+                            case '5': case '6': case '7': case '8': case '9': {
+                                value = (value << 4) + aChar - '0';
+                                break;
+                            }
+                            case 'a': case 'b': case 'c':
+                            case 'd': case 'e': case 'f': {
+                                value = (value << 4) + 10 + aChar - 'a';
+                                break;
+                            }
+                            case 'A': case 'B': case 'C':
+                            case 'D': case 'E': case 'F': {
+                                value = (value << 4) + 10 + aChar - 'A';
+                                break;
+                            }
+                            default: {
+                                throw new IllegalArgumentException(
+                                        "Malformed \\uxxxx encoding.");
+                            }
+                        }
+                    }
+                    outBuffer.append((char)value);
+                } else {
+                    if (aChar == 't') {
+                        aChar = '\t';
+                    } else if (aChar == 'r') {
+                        aChar = '\r';
+                    } else if (aChar == 'n') {
+                        aChar = '\n';
+                    } else if (aChar == 'f') {
+                        aChar = '\f';
+                    }
+                    outBuffer.append(aChar);
+                }
+            } else {
+                outBuffer.append(aChar);
+            }
+        }
+        return outBuffer.toString();
+    }
+
     /**
      * Stores the listed object under the specified hash key in map. Unlike a
      * standard map, the listed object will not replace any object already at
@@ -332,10 +369,10 @@
         LinkedHashSet<DataFlavor> flavors = getNativeToFlavor().get(nat);
 
         if (nat != null && !disabledMappingGenerationKeys.contains(nat)) {
-            DataTransferer transferer = DataTransferer.getInstance();
-            if (transferer != null) {
+            DesktopDatatransferService desktopService = DataFlavorUtil.getDesktopService();
+            if (desktopService.isDesktopPresent()) {
                 LinkedHashSet<DataFlavor> platformFlavors =
-                        transferer.getPlatformMappingsForNative(nat);
+                        desktopService.getPlatformMappingsForNative(nat);
                 if (!platformFlavors.isEmpty()) {
                     if (flavors != null) {
                         // Prepending the platform-specific mappings ensures
@@ -395,10 +432,10 @@
         LinkedHashSet<String> natives = getFlavorToNative().get(flav);
 
         if (flav != null && !disabledMappingGenerationKeys.contains(flav)) {
-            DataTransferer transferer = DataTransferer.getInstance();
-            if (transferer != null) {
+            DesktopDatatransferService desktopService = DataFlavorUtil.getDesktopService();
+            if (desktopService.isDesktopPresent()) {
                 LinkedHashSet<String> platformNatives =
-                    transferer.getPlatformMappingsForFlavor(flav);
+                        desktopService.getPlatformMappingsForFlavor(flav);
                 if (!platformNatives.isEmpty()) {
                     if (natives != null) {
                         // Prepend the platform-specific mappings to ensure
@@ -474,7 +511,7 @@
             // In this case we shouldn't synthesize a native for this flavor,
             // since its mappings were explicitly specified.
             retval = flavorToNativeLookup(flav, false);
-        } else if (DataTransferer.isFlavorCharsetTextType(flav)) {
+        } else if (DataFlavorUtil.isFlavorCharsetTextType(flav)) {
             retval = new LinkedHashSet<>(0);
 
             // For text/* flavors, flavor-to-native mappings specified in
@@ -502,7 +539,7 @@
                 // addUnencodedNativeForFlavor(), so they have lower priority.
                 retval.addAll(flavorToNativeLookup(flav, false));
             }
-        } else if (DataTransferer.isFlavorNoncharsetTextType(flav)) {
+        } else if (DataFlavorUtil.isFlavorNoncharsetTextType(flav)) {
             retval = getTextTypeToNative().get(flav.mimeType.getBaseType());
 
             if (retval == null || retval.isEmpty()) {
@@ -602,7 +639,7 @@
             // on load from flavormap.properties.
         }
 
-        if (DataTransferer.doesSubtypeSupportCharset(subType, null)) {
+        if (DataFlavorUtil.doesSubtypeSupportCharset(subType, null)) {
             if (TEXT_PLAIN_BASE_TYPE.equals(baseType))
             {
                 returnValue.add(DataFlavor.stringFlavor);
@@ -624,7 +661,7 @@
                 }
             }
 
-            for (String charset : DataTransferer.standardEncodings()) {
+            for (String charset : DataFlavorUtil.standardEncodings()) {
 
                 for (String encodedTextClass : ENCODED_TEXT_CLASSES) {
                     final String mimeType =
--- a/src/java.desktop/share/classes/java/awt/font/TextLayout.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/java/awt/font/TextLayout.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1811,7 +1811,7 @@
      * should be logical or visual counterparts.  They are not
      * checked for validity.
      */
-    private final TextHitInfo getStrongHit(TextHitInfo hit1, TextHitInfo hit2) {
+    private TextHitInfo getStrongHit(TextHitInfo hit1, TextHitInfo hit2) {
 
         // right now we're using the following rule for strong hits:
         // A hit on a character with a lower level
--- a/src/java.desktop/share/classes/java/beans/PropertyChangeSupport.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/java/beans/PropertyChangeSupport.java	Thu Aug 28 14:54:07 2014 -0700
@@ -544,7 +544,7 @@
         /**
          * {@inheritDoc}
          */
-        public final PropertyChangeListener extract(PropertyChangeListener listener) {
+        public PropertyChangeListener extract(PropertyChangeListener listener) {
             while (listener instanceof PropertyChangeListenerProxy) {
                 listener = ((PropertyChangeListenerProxy) listener).getListener();
             }
--- a/src/java.desktop/share/classes/java/beans/VetoableChangeSupport.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/java/beans/VetoableChangeSupport.java	Thu Aug 28 14:54:07 2014 -0700
@@ -533,7 +533,7 @@
         /**
          * {@inheritDoc}
          */
-        public final VetoableChangeListener extract(VetoableChangeListener listener) {
+        public VetoableChangeListener extract(VetoableChangeListener listener) {
             while (listener instanceof VetoableChangeListenerProxy) {
                 listener = ((VetoableChangeListenerProxy) listener).getListener();
             }
--- a/src/java.desktop/share/classes/javax/sound/midi/ControllerEventListener.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/javax/sound/midi/ControllerEventListener.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,38 +27,35 @@
 
 import java.util.EventListener;
 
-
 /**
- * The <code>ControllerEventListener</code> interface should be implemented
- * by classes whose instances need to be notified when a <code>Sequencer</code>
- * has processed a requested type of MIDI control-change event.
- * To register a <code>ControllerEventListener</code> object to receive such
- * notifications, invoke the
+ * The {@code ControllerEventListener} interface should be implemented by
+ * classes whose instances need to be notified when a {@link Sequencer} has
+ * processed a requested type of MIDI control-change event. To register a
+ * {@code ControllerEventListener} object to receive such notifications, invoke
+ * the
  * {@link Sequencer#addControllerEventListener(ControllerEventListener, int[])
- * addControllerEventListener} method of <code>Sequencer</code>,
- * specifying the types of MIDI controllers about which you are interested in
- * getting control-change notifications.
- *
- * @see MidiChannel#controlChange(int, int)
+ * addControllerEventListener} method of {@code Sequencer}, specifying the types
+ * of MIDI controllers about which you are interested in getting control-change
+ * notifications.
  *
  * @author Kara Kytle
+ * @see MidiChannel#controlChange(int, int)
  */
 public interface ControllerEventListener extends EventListener {
 
     /**
-     * Invoked when a <code>Sequencer</code> has encountered and processed
-     * a control-change event of interest to this listener.  The event passed
-     * in is a <code>ShortMessage</code> whose first data byte indicates
-     * the controller number and whose second data byte is the value to which
-     * the controller was set.
+     * Invoked when a {@link Sequencer} has encountered and processed a
+     * control-change event of interest to this listener. The event passed in is
+     * a {@code ShortMessage} whose first data byte indicates the controller
+     * number and whose second data byte is the value to which the controller
+     * was set.
      *
-     * @param event the control-change event that the sequencer encountered in
-     * the sequence it is processing
-     *
+     * @param  event the control-change event that the sequencer encountered in
+     *         the sequence it is processing
      * @see Sequencer#addControllerEventListener(ControllerEventListener, int[])
      * @see MidiChannel#controlChange(int, int)
      * @see ShortMessage#getData1
      * @see ShortMessage#getData2
      */
-    public void controlChange(ShortMessage event);
+    void controlChange(ShortMessage event);
 }
--- a/src/java.desktop/share/classes/javax/sound/midi/Instrument.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/javax/sound/midi/Instrument.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,49 +25,41 @@
 
 package javax.sound.midi;
 
-import java.net.URL;
-
-
-
 /**
- * An instrument is a sound-synthesis algorithm with certain parameter
- * settings, usually designed to emulate a specific real-world
- * musical instrument or to achieve a specific sort of sound effect.
- * Instruments are typically stored in collections called soundbanks.
- * Before the instrument can be used to play notes, it must first be loaded
- * onto a synthesizer, and then it must be selected for use on
- * one or more channels, via a program-change command.  MIDI notes
- * that are subsequently received on those channels will be played using
+ * An instrument is a sound-synthesis algorithm with certain parameter settings,
+ * usually designed to emulate a specific real-world musical instrument or to
+ * achieve a specific sort of sound effect. Instruments are typically stored in
+ * collections called soundbanks. Before the instrument can be used to play
+ * notes, it must first be loaded onto a synthesizer, and then it must be
+ * selected for use on one or more channels, via a program-change command. MIDI
+ * notes that are subsequently received on those channels will be played using
  * the sound of the selected instrument.
  *
+ * @author Kara Kytle
  * @see Soundbank
  * @see Soundbank#getInstruments
  * @see Patch
  * @see Synthesizer#loadInstrument(Instrument)
  * @see MidiChannel#programChange(int, int)
- * @author Kara Kytle
  */
-
 public abstract class Instrument extends SoundbankResource {
 
-
     /**
-     * Instrument patch
+     * Instrument patch.
      */
     private final Patch patch;
 
-
     /**
-     * Constructs a new MIDI instrument from the specified <code>Patch</code>.
-     * When a subsequent request is made to load the
-     * instrument, the sound bank will search its contents for this instrument's <code>Patch</code>,
-     * and the instrument will be loaded into the synthesizer at the
-     * bank and program location indicated by the <code>Patch</code> object.
-     * @param soundbank sound bank containing the instrument
-     * @param patch the patch of this instrument
-     * @param name the name of this instrument
-     * @param dataClass the class used to represent the sample's data.
+     * Constructs a new MIDI instrument from the specified {@code Patch}. When a
+     * subsequent request is made to load the instrument, the sound bank will
+     * search its contents for this instrument's {@code Patch}, and the
+     * instrument will be loaded into the synthesizer at the bank and program
+     * location indicated by the {@code Patch} object.
      *
+     * @param  soundbank sound bank containing the instrument
+     * @param  patch the patch of this instrument
+     * @param  name the name of this instrument
+     * @param  dataClass the class used to represent the sample's data
      * @see Synthesizer#loadInstrument(Instrument)
      */
     protected Instrument(Soundbank soundbank, Patch patch, String name, Class<?> dataClass) {
@@ -76,10 +68,10 @@
         this.patch = patch;
     }
 
-
     /**
-     * Obtains the <code>Patch</code> object that indicates the bank and program
+     * Obtains the {@code Patch} object that indicates the bank and program
      * numbers where this instrument is to be stored in the synthesizer.
+     *
      * @return this instrument's patch
      */
     public Patch getPatch() {
--- a/src/java.desktop/share/classes/javax/sound/midi/InvalidMidiDataException.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/javax/sound/midi/InvalidMidiDataException.java	Thu Aug 28 14:54:07 2014 -0700
@@ -25,25 +25,25 @@
 
 package javax.sound.midi;
 
-
 /**
- * An <code>InvalidMidiDataException</code> indicates that inappropriate MIDI
- * data was encountered. This often means that the data is invalid in and of
- * itself, from the perspective of the MIDI specification.  An example would
- * be an undefined status byte.  However, the exception might simply
- * mean that the data was invalid in the context it was used, or that
- * the object to which the data was given was unable to parse or use it.
- * For example, a file reader might not be able to parse a Type 2 MIDI file, even
- * though that format is defined in the MIDI specification.
+ * An {@code InvalidMidiDataException} indicates that inappropriate MIDI data
+ * was encountered. This often means that the data is invalid in and of itself,
+ * from the perspective of the MIDI specification. An example would be an
+ * undefined status byte. However, the exception might simply mean that the data
+ * was invalid in the context it was used, or that the object to which the data
+ * was given was unable to parse or use it. For example, a file reader might not
+ * be able to parse a Type 2 MIDI file, even though that format is defined in
+ * the MIDI specification.
  *
  * @author Kara Kytle
  */
 public class InvalidMidiDataException extends Exception {
+
     private static final long serialVersionUID = 2780771756789932067L;
 
     /**
-     * Constructs an <code>InvalidMidiDataException</code> with
-     * <code>null</code> for its error detail message.
+     * Constructs an {@code InvalidMidiDataException} with {@code null} for its
+     * error detail message.
      */
     public InvalidMidiDataException() {
 
@@ -51,10 +51,10 @@
     }
 
     /**
-     *  Constructs an <code>InvalidMidiDataException</code> with the
-     * specified detail message.
+     * Constructs an {@code InvalidMidiDataException} with the specified detail
+     * message.
      *
-     * @param message the string to display as an error detail message
+     * @param  message the string to display as an error detail message
      */
     public InvalidMidiDataException(String message) {
 
--- a/src/java.desktop/share/classes/javax/sound/midi/MetaEventListener.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/javax/sound/midi/MetaEventListener.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,24 +27,23 @@
 
 import java.util.EventListener;
 
-
 /**
- * The <code>MetaEventListener</code> interface should be implemented
- * by classes whose instances need to be notified when a <code>{@link Sequencer}</code>
- * has processed a <code>{@link MetaMessage}</code>.
- * To register a <code>MetaEventListener</code> object to receive such
- * notifications, pass it as the argument to the
- * <code>{@link Sequencer#addMetaEventListener(MetaEventListener) addMetaEventListener}</code>
- * method of <code>Sequencer</code>.
+ * The {@code MetaEventListener} interface should be implemented by classes
+ * whose instances need to be notified when a {@link Sequencer} has processed a
+ * {@link MetaMessage}. To register a {@code MetaEventListener} object to
+ * receive such notifications, pass it as the argument to the
+ * {@link Sequencer#addMetaEventListener(MetaEventListener)
+ * addMetaEventListener} method of {@code Sequencer}.
  *
  * @author Kara Kytle
  */
 public interface MetaEventListener extends EventListener {
 
     /**
-     * Invoked when a <code>{@link Sequencer}</code> has encountered and processed
-     * a <code>MetaMessage</code> in the <code>{@link Sequence}</code> it is processing.
-     * @param meta the meta-message that the sequencer encountered
+     * Invoked when a {@link Sequencer} has encountered and processed a
+     * {@code MetaMessage} in the {@code Sequence} it is processing.
+     *
+     * @param  meta the meta-message that the sequencer encountered
      */
-    public void meta(MetaMessage meta);
+    void meta(MetaMessage meta);
 }
--- a/src/java.desktop/share/classes/javax/sound/midi/MetaMessage.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/javax/sound/midi/MetaMessage.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,65 +25,54 @@
 
 package javax.sound.midi;
 
-
 /**
- * A <code>MetaMessage</code> is a <code>{@link MidiMessage}</code> that is not meaningful to synthesizers, but
- * that can be stored in a MIDI file and interpreted by a sequencer program.
- * (See the discussion in the <code>MidiMessage</code>
- * class description.)  The Standard MIDI Files specification defines
- * various types of meta-events, such as sequence number, lyric, cue point,
- * and set tempo.  There are also meta-events
- * for such information as lyrics, copyrights, tempo indications, time and key
- * signatures, markers, etc.  For more information, see the Standard MIDI Files 1.0
- * specification, which is part of the Complete MIDI 1.0 Detailed Specification
- * published by the MIDI Manufacturer's Association
+ * A {@code MetaMessage} is a {@link MidiMessage} that is not meaningful to
+ * synthesizers, but that can be stored in a MIDI file and interpreted by a
+ * sequencer program. (See the discussion in the {@code MidiMessage} class
+ * description.) The Standard MIDI Files specification defines various types of
+ * meta-events, such as sequence number, lyric, cue point, and set tempo. There
+ * are also meta-events for such information as lyrics, copyrights, tempo
+ * indications, time and key signatures, markers, etc. For more information, see
+ * the Standard MIDI Files 1.0 specification, which is part of the Complete MIDI
+ * 1.0 Detailed Specification published by the MIDI Manufacturer's Association
  * (<a href = http://www.midi.org>http://www.midi.org</a>).
- *
  * <p>
- * When data is being transported using MIDI wire protocol,
- * a <code>{@link ShortMessage}</code> with the status value <code>0xFF</code> represents
- * a system reset message.  In MIDI files, this same status value denotes a <code>MetaMessage</code>.
- * The types of meta-message are distinguished from each other by the first byte
- * that follows the status byte <code>0xFF</code>.  The subsequent bytes are data
- * bytes.  As with system exclusive messages, there are an arbitrary number of
- * data bytes, depending on the type of <code>MetaMessage</code>.
- *
- * @see MetaEventListener
+ * When data is being transported using MIDI wire protocol, a
+ * {@link ShortMessage} with the status value {@code 0xFF} represents a system
+ * reset message. In MIDI files, this same status value denotes a
+ * {@code MetaMessage}. The types of meta-message are distinguished from each
+ * other by the first byte that follows the status byte {@code 0xFF}. The
+ * subsequent bytes are data bytes. As with system exclusive messages, there are
+ * an arbitrary number of data bytes, depending on the type of
+ * {@code MetaMessage}.
  *
  * @author David Rivas
  * @author Kara Kytle
+ * @see MetaEventListener
  */
-
 public class MetaMessage extends MidiMessage {
 
-
-    // Status byte defines
-
     /**
-     * Status byte for <code>MetaMessage</code> (0xFF, or 255), which is used
-     * in MIDI files.  It has the same value as SYSTEM_RESET, which
-     * is used in the real-time "MIDI wire" protocol.
+     * Status byte for {@code MetaMessage} (0xFF, or 255), which is used in MIDI
+     * files. It has the same value as SYSTEM_RESET, which is used in the
+     * real-time "MIDI wire" protocol.
+     *
      * @see MidiMessage#getStatus
      */
     public static final int META                                                = 0xFF; // 255
 
-    // Instance variables
-
     /**
-     * The length of the actual message in the data array.
-     * This is used to determine how many bytes of the data array
-     * is the message, and how many are the status byte, the
-     * type byte, and the variable-length-int describing the
-     * length of the message.
+     * The length of the actual message in the data array. This is used to
+     * determine how many bytes of the data array is the message, and how many
+     * are the status byte, the type byte, and the variable-length-int
+     * describing the length of the message.
      */
     private int dataLength = 0;
 
-
     /**
-     * Constructs a new <code>MetaMessage</code>. The contents of
-     * the message are not set here; use
-     * {@link #setMessage(int, byte[], int) setMessage}
-     * to set them subsequently.
+     * Constructs a new {@code MetaMessage}. The contents of the message are not
+     * set here; use {@link #setMessage(int, byte[], int) setMessage} to set
+     * them subsequently.
      */
     public MetaMessage() {
         // Default meta message data: just the META status byte value
@@ -91,17 +80,17 @@
     }
 
     /**
-     * Constructs a new {@code MetaMessage} and sets the message parameters.
-     * The contents of the message can be changed by using
-     * the {@code setMessage} method.
+     * Constructs a new {@code MetaMessage} and sets the message parameters. The
+     * contents of the message can be changed by using the {@code setMessage}
+     * method.
      *
-     * @param type   meta-message type (must be less than 128)
-     * @param data   the data bytes in the MIDI message
-     * @param length an amount of bytes in the {@code data} byte array;
-     *     it should be non-negative and less than or equal to
-     *     {@code data.length}
-     * @throws InvalidMidiDataException if the parameter values do not specify
-     *     a valid MIDI meta message
+     * @param  type meta-message type (must be less than 128)
+     * @param  data the data bytes in the MIDI message
+     * @param  length an amount of bytes in the {@code data} byte array; it
+     *         should be non-negative and less than or equal to
+     *         {@code data.length}
+     * @throws InvalidMidiDataException if the parameter values do not specify a
+     *         valid MIDI meta message
      * @see #setMessage(int, byte[], int)
      * @see #getType()
      * @see #getData()
@@ -113,12 +102,11 @@
         setMessage(type, data, length); // can throw InvalidMidiDataException
     }
 
-
     /**
-     * Constructs a new <code>MetaMessage</code>.
-     * @param data an array of bytes containing the complete message.
-     * The message data may be changed using the <code>setMessage</code>
-     * method.
+     * Constructs a new {@code MetaMessage}.
+     *
+     * @param  data an array of bytes containing the complete message. The
+     *         message data may be changed using the {@code setMessage} method.
      * @see #setMessage
      */
     protected MetaMessage(byte[] data) {
@@ -133,24 +121,24 @@
         }
     }
 
-
     /**
-     * Sets the message parameters for a <code>MetaMessage</code>.
-     * Since only one status byte value, <code>0xFF</code>, is allowed for meta-messages,
-     * it does not need to be specified here.  Calls to <code>{@link MidiMessage#getStatus getStatus}</code> return
-     * <code>0xFF</code> for all meta-messages.
+     * Sets the message parameters for a {@code MetaMessage}. Since only one
+     * status byte value, {@code 0xFF}, is allowed for meta-messages, it does
+     * not need to be specified here. Calls to
+     * {@link MidiMessage#getStatus getStatus} return {@code 0xFF} for all
+     * meta-messages.
      * <p>
-     * The <code>type</code> argument should be a valid value for the byte that
-     * follows the status byte in the <code>MetaMessage</code>.  The <code>data</code> argument
-     * should contain all the subsequent bytes of the <code>MetaMessage</code>.  In other words,
-     * the byte that specifies the type of <code>MetaMessage</code> is not considered a data byte.
+     * The {@code type} argument should be a valid value for the byte that
+     * follows the status byte in the {@code MetaMessage}. The {@code data}
+     * argument should contain all the subsequent bytes of the
+     * {@code MetaMessage}. In other words, the byte that specifies the type of
+     * {@code MetaMessage} is not considered a data byte.
      *
-     * @param type              meta-message type (must be less than 128)
-     * @param data              the data bytes in the MIDI message
-     * @param length    the number of bytes in the <code>data</code>
-     * byte array
-     * @throws                  InvalidMidiDataException  if the
-     * parameter values do not specify a valid MIDI meta message
+     * @param  type meta-message type (must be less than 128)
+     * @param  data the data bytes in the MIDI message
+     * @param  length the number of bytes in the {@code data} byte array
+     * @throws InvalidMidiDataException if the parameter values do not specify a
+     *         valid MIDI meta message
      */
     public void setMessage(int type, byte[] data, int length) throws InvalidMidiDataException {
 
@@ -172,10 +160,10 @@
         }
     }
 
-
     /**
-     * Obtains the type of the <code>MetaMessage</code>.
-     * @return an integer representing the <code>MetaMessage</code> type
+     * Obtains the type of the {@code MetaMessage}.
+     *
+     * @return an integer representing the {@code MetaMessage} type
      */
     public int getType() {
         if (length>=2) {
@@ -184,16 +172,15 @@
         return 0;
     }
 
-
-
     /**
-     * Obtains a copy of the data for the meta message.  The returned
-     * array of bytes does not include the status byte or the message
-     * length data.  The length of the data for the meta message is
-     * the length of the array.  Note that the length of the entire
-     * message includes the status byte and the meta message type
-     * byte, and therefore may be longer than the returned array.
-     * @return array containing the meta message data.
+     * Obtains a copy of the data for the meta message. The returned array of
+     * bytes does not include the status byte or the message length data. The
+     * length of the data for the meta message is the length of the array. Note
+     * that the length of the entire message includes the status byte and the
+     * meta message type byte, and therefore may be longer than the returned
+     * array.
+     *
+     * @return array containing the meta message data
      * @see MidiMessage#getLength
      */
     public byte[] getData() {
@@ -202,10 +189,10 @@
         return returnedArray;
     }
 
-
     /**
-     * Creates a new object of the same class and with the same contents
-     * as this object.
+     * Creates a new object of the same class and with the same contents as this
+     * object.
+     *
      * @return a clone of this instance
      */
     public Object clone() {
@@ -240,5 +227,4 @@
         }
         data[off] = (byte) (value & mask);
     }
-
 }
--- a/src/java.desktop/share/classes/javax/sound/midi/MidiChannel.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/javax/sound/midi/MidiChannel.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,513 +25,450 @@
 
 package javax.sound.midi;
 
-
 /**
- * A <code>MidiChannel</code> object represents a single MIDI channel.
- * Generally, each <code>MidiChannel</code> method processes a like-named MIDI
- * "channel voice" or "channel mode" message as defined by the MIDI specification. However,
- * <code>MidiChannel</code> adds some "get" methods  that retrieve the value
- * most recently set by one of the standard MIDI channel messages.  Similarly,
- * methods for per-channel solo and mute have been added.
+ * A {@code MidiChannel} object represents a single MIDI channel. Generally,
+ * each {@code MidiChannel} method processes a like-named MIDI "channel voice"
+ * or "channel mode" message as defined by the MIDI specification. However,
+ * {@code MidiChannel} adds some "get" methods that retrieve the value most
+ * recently set by one of the standard MIDI channel messages. Similarly, methods
+ * for per-channel solo and mute have been added.
  * <p>
- * A <code>{@link Synthesizer}</code> object has a collection
- * of <code>MidiChannels</code>, usually one for each of the 16 channels
- * prescribed by the MIDI 1.0 specification.  The <code>Synthesizer</code>
- * generates sound when its <code>MidiChannels</code> receive
- * <code>noteOn</code> messages.
+ * A {@link Synthesizer} object has a collection of {@code MidiChannels},
+ * usually one for each of the 16 channels prescribed by the MIDI 1.0
+ * specification. The {@code Synthesizer} generates sound when its
+ * {@code MidiChannels} receive {@code noteOn} messages.
  * <p>
  * See the MIDI 1.0 Specification for more information about the prescribed
- * behavior of the MIDI channel messages, which are not exhaustively
- * documented here.  The specification is titled <code>MIDI Reference:
- * The Complete MIDI 1.0 Detailed Specification</code>, and is published by
- * the MIDI Manufacturer's Association (<a href = http://www.midi.org>
- * http://www.midi.org</a>).
+ * behavior of the MIDI channel messages, which are not exhaustively documented
+ * here. The specification is titled
+ * {@code MIDI Reference: The Complete MIDI 1.0 Detailed Specification}, and is
+ * published by the MIDI Manufacturer's Association
+ * (<a href = http://www.midi.org>http://www.midi.org</a>).
  * <p>
  * MIDI was originally a protocol for reporting the gestures of a keyboard
- * musician.  This genesis is visible in the <code>MidiChannel</code> API, which
+ * musician. This genesis is visible in the {@code MidiChannel} API, which
  * preserves such MIDI concepts as key number, key velocity, and key pressure.
  * It should be understood that the MIDI data does not necessarily originate
  * with a keyboard player (the source could be a different kind of musician, or
- * software).  Some devices might generate constant values for velocity
- * and pressure, regardless of how the note was performed.
- * Also, the MIDI specification often leaves it up to the
- * synthesizer to use the data in the way the implementor sees fit.  For
- * example, velocity data need not always be mapped to volume and/or brightness.
- *
- * @see Synthesizer#getChannels
+ * software). Some devices might generate constant values for velocity and
+ * pressure, regardless of how the note was performed. Also, the MIDI
+ * specification often leaves it up to the synthesizer to use the data in the
+ * way the implementor sees fit. For example, velocity data need not always be
+ * mapped to volume and/or brightness.
  *
  * @author David Rivas
  * @author Kara Kytle
+ * @see Synthesizer#getChannels
  */
-
 public interface MidiChannel {
 
     /**
-     * Starts the specified note sounding.  The key-down velocity
-     * usually controls the note's volume and/or brightness.
-     * If <code>velocity</code> is zero, this method instead acts like
-     * {@link #noteOff(int)}, terminating the note.
+     * Starts the specified note sounding. The key-down velocity usually
+     * controls the note's volume and/or brightness. If {@code velocity} is
+     * zero, this method instead acts like {@link #noteOff(int)}, terminating
+     * the note.
      *
-     * @param noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
-     * @param velocity the speed with which the key was depressed
-     *
+     * @param  noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
+     * @param  velocity the speed with which the key was depressed
      * @see #noteOff(int, int)
      */
-    public void noteOn(int noteNumber, int velocity);
+    void noteOn(int noteNumber, int velocity);
 
     /**
-     * Turns the specified note off.  The key-up velocity, if not ignored, can
-     * be used to affect how quickly the note decays.
-     * In any case, the note might not die away instantaneously; its decay
-     * rate is determined by the internals of the <code>Instrument</code>.
-     * If the Hold Pedal (a controller; see
-     * {@link #controlChange(int, int) controlChange})
-     * is down, the effect of this method is deferred until the pedal is
-     * released.
+     * Turns the specified note off. The key-up velocity, if not ignored, can be
+     * used to affect how quickly the note decays. In any case, the note might
+     * not die away instantaneously; its decay rate is determined by the
+     * internals of the {@code Instrument}. If the Hold Pedal (a controller; see
+     * {@link #controlChange(int, int) controlChange}) is down, the effect of
+     * this method is deferred until the pedal is released.
      *
-     *
-     * @param noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
-     * @param velocity the speed with which the key was released
-     *
+     * @param  noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
+     * @param  velocity the speed with which the key was released
      * @see #noteOff(int)
      * @see #noteOn
      * @see #allNotesOff
      * @see #allSoundOff
      */
-    public void noteOff(int noteNumber, int velocity);
+    void noteOff(int noteNumber, int velocity);
 
     /**
      * Turns the specified note off.
      *
-     * @param noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
-     *
+     * @param  noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
      * @see #noteOff(int, int)
      */
-    public void noteOff(int noteNumber);
+    void noteOff(int noteNumber);
 
     /**
-     * Reacts to a change in the specified note's key pressure.
-     * Polyphonic key pressure
-     * allows a keyboard player to press multiple keys simultaneously, each
-     * with a different amount of pressure.  The pressure, if not ignored,
-     * is typically used to vary such features as the volume, brightness,
-     * or vibrato of the note.
+     * Reacts to a change in the specified note's key pressure. Polyphonic key
+     * pressure allows a keyboard player to press multiple keys simultaneously,
+     * each with a different amount of pressure. The pressure, if not ignored,
+     * is typically used to vary such features as the volume, brightness, or
+     * vibrato of the note.
+     * <p>
+     * It is possible that the underlying synthesizer does not support this MIDI
+     * message. In order to verify that {@code setPolyPressure} was successful,
+     * use {@code getPolyPressure}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support this MIDI message. In order
-     * to verify that <code>setPolyPressure</code>
-     * was successful, use <code>getPolyPressure</code>.
-     *
-     * @param noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
-     * @param pressure value for the specified key, from 0 to 127 (127 =
-     * maximum pressure)
-     *
+     * @param  noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
+     * @param  pressure value for the specified key, from 0 to 127
+     *         (127 = maximum pressure)
      * @see #getPolyPressure(int)
      */
-    public void setPolyPressure(int noteNumber, int pressure);
+    void setPolyPressure(int noteNumber, int pressure);
 
     /**
      * Obtains the pressure with which the specified key is being depressed.
+     * <p>
+     * If the device does not support setting poly pressure, this method always
+     * returns 0. Calling {@code setPolyPressure} will have no effect then.
      *
-     * @param noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
-     *
-     * If the device does not support setting poly pressure,
-     * this method always returns 0. Calling
-     * <code>setPolyPressure</code> will have no effect then.
-     *
+     * @param  noteNumber the MIDI note number, from 0 to 127 (60 = Middle C)
      * @return the amount of pressure for that note, from 0 to 127
-     * (127 = maximum pressure)
-     *
+     *         (127 = maximum pressure)
      * @see #setPolyPressure(int, int)
      */
-    public int getPolyPressure(int noteNumber);
+    int getPolyPressure(int noteNumber);
 
     /**
-     * Reacts to a change in the keyboard pressure.  Channel
-     * pressure indicates how hard the keyboard player is depressing
-     * the entire keyboard.  This can be the maximum or
-     * average of the per-key pressure-sensor values, as set by
-     * <code>setPolyPressure</code>.  More commonly, it is a measurement of
-     * a single sensor on a device that doesn't implement polyphonic key
-     * pressure.  Pressure can be used to control various aspects of the sound,
-     * as described under {@link #setPolyPressure(int, int) setPolyPressure}.
+     * Reacts to a change in the keyboard pressure. Channel pressure indicates
+     * how hard the keyboard player is depressing the entire keyboard. This can
+     * be the maximum or average of the per-key pressure-sensor values, as set
+     * by {@code setPolyPressure}. More commonly, it is a measurement of a
+     * single sensor on a device that doesn't implement polyphonic key pressure.
+     * Pressure can be used to control various aspects of the sound, as
+     * described under {@link #setPolyPressure(int, int) setPolyPressure}.
+     * <p>
+     * It is possible that the underlying synthesizer does not support this MIDI
+     * message. In order to verify that {@code setChannelPressure} was
+     * successful, use {@code getChannelPressure}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support this MIDI message. In order
-     * to verify that <code>setChannelPressure</code>
-     * was successful, use <code>getChannelPressure</code>.
-     *
-     * @param pressure the pressure with which the keyboard is being depressed,
-     * from 0 to 127 (127 = maximum pressure)
+     * @param  pressure the pressure with which the keyboard is being depressed,
+     *         from 0 to 127 (127 = maximum pressure)
      * @see #setPolyPressure(int, int)
      * @see #getChannelPressure
      */
-    public void setChannelPressure(int pressure);
+    void setChannelPressure(int pressure);
 
     /**
      * Obtains the channel's keyboard pressure.
-     * If the device does not support setting channel pressure,
-     * this method always returns 0. Calling
-     * <code>setChannelPressure</code> will have no effect then.
+     * <p>
+     * If the device does not support setting channel pressure, this method
+     * always returns 0. Calling {@code setChannelPressure} will have no effect
+     * then.
      *
-     * @return the amount of pressure for that note,
-     *         from 0 to 127 (127 = maximum pressure)
-     *
+     * @return the amount of pressure for that note, from 0 to 127
+     *         (127 = maximum pressure)
      * @see #setChannelPressure(int)
      */
-    public int getChannelPressure();
+    int getChannelPressure();
 
     /**
-     * Reacts to a change in the specified controller's value.  A controller
-     * is some control other than a keyboard key, such as a
-     * switch, slider, pedal, wheel, or breath-pressure sensor.
-     * The MIDI 1.0 Specification provides standard numbers for typical
-     * controllers on MIDI devices, and describes the intended effect
-     * for some of the controllers.
-     * The way in which an
-     * <code>Instrument</code> reacts to a controller change may be
-     * specific to the <code>Instrument</code>.
+     * Reacts to a change in the specified controller's value. A controller is
+     * some control other than a keyboard key, such as a switch, slider, pedal,
+     * wheel, or breath-pressure sensor. The MIDI 1.0 Specification provides
+     * standard numbers for typical controllers on MIDI devices, and describes
+     * the intended effect for some of the controllers. The way in which an
+     * {@code Instrument} reacts to a controller change may be specific to the
+     * {@code Instrument}.
      * <p>
-     * The MIDI 1.0 Specification defines both 7-bit controllers
-     * and 14-bit controllers.  Continuous controllers, such
-     * as wheels and sliders, typically have 14 bits (two MIDI bytes),
-     * while discrete controllers, such as switches, typically have 7 bits
-     * (one MIDI byte).  Refer to the specification to see the
-     * expected resolution for each type of control.
+     * The MIDI 1.0 Specification defines both 7-bit controllers and 14-bit
+     * controllers. Continuous controllers, such as wheels and sliders,
+     * typically have 14 bits (two MIDI bytes), while discrete controllers, such
+     * as switches, typically have 7 bits (one MIDI byte). Refer to the
+     * specification to see the expected resolution for each type of control.
      * <p>
-     * Controllers 64 through 95 (0x40 - 0x5F) allow 7-bit precision.
-     * The value of a 7-bit controller is set completely by the
-     * <code>value</code> argument.  An additional set of controllers
-     * provide 14-bit precision by using two controller numbers, one
-     * for the most significant 7 bits and another for the least significant
-     * 7 bits.  Controller numbers 0 through 31 (0x00 - 0x1F) control the
-     * most significant 7 bits of 14-bit controllers; controller numbers
-     * 32 through 63 (0x20 - 0x3F) control the least significant 7 bits of
-     * these controllers.  For example, controller number 7 (0x07) controls
-     * the upper 7 bits of the channel volume controller, and controller
-     * number 39 (0x27) controls the lower 7 bits.
-     * The value of a 14-bit controller is determined
-     * by the interaction of the two halves.  When the most significant 7 bits
-     * of a controller are set (using controller numbers 0 through 31), the
-     * lower 7 bits are automatically set to 0.  The corresponding controller
-     * number for the lower 7 bits may then be used to further modulate the
-     * controller value.
+     * Controllers 64 through 95 (0x40 - 0x5F) allow 7-bit precision. The value
+     * of a 7-bit controller is set completely by the {@code value} argument. An
+     * additional set of controllers provide 14-bit precision by using two
+     * controller numbers, one for the most significant 7 bits and another for
+     * the least significant 7 bits. Controller numbers 0 through 31
+     * (0x00 - 0x1F) control the most significant 7 bits of 14-bit controllers;
+     * controller numbers 32 through 63 (0x20 - 0x3F) control the least
+     * significant 7 bits of these controllers. For example, controller number 7
+     * (0x07) controls the upper 7 bits of the channel volume controller, and
+     * controller number 39 (0x27) controls the lower 7 bits. The value of a
+     * 14-bit controller is determined by the interaction of the two halves.
+     * When the most significant 7 bits of a controller are set (using
+     * controller numbers 0 through 31), the lower 7 bits are automatically set
+     * to 0. The corresponding controller number for the lower 7 bits may then
+     * be used to further modulate the controller value.
+     * <p>
+     * It is possible that the underlying synthesizer does not support a
+     * specific controller message. In order to verify that a call to
+     * {@code controlChange} was successful, use {@code getController}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support a specific controller message. In order
-     * to verify that a call to <code>controlChange</code>
-     * was successful, use <code>getController</code>.
-     *
-     * @param controller the controller number (0 to 127; see the MIDI
-     * 1.0 Specification for the interpretation)
-     * @param value the value to which the specified controller is changed (0 to 127)
-     *
+     * @param  controller the controller number (0 to 127; see the MIDI 1.0
+     *         Specification for the interpretation)
+     * @param  value the value to which the specified controller is changed
+     *         (0 to 127)
      * @see #getController(int)
      */
-    public void controlChange(int controller, int value);
+    void controlChange(int controller, int value);
 
     /**
-     * Obtains the current value of the specified controller.  The return
-     * value is represented with 7 bits. For 14-bit controllers, the MSB and
-     * LSB controller value needs to be obtained separately. For example,
-     * the 14-bit value of the volume controller can be calculated by
-     * multiplying the value of controller 7 (0x07, channel volume MSB)
-     * with 128 and adding the
-     * value of controller 39 (0x27, channel volume LSB).
+     * Obtains the current value of the specified controller. The return value
+     * is represented with 7 bits. For 14-bit controllers, the MSB and LSB
+     * controller value needs to be obtained separately. For example, the 14-bit
+     * value of the volume controller can be calculated by multiplying the value
+     * of controller 7 (0x07, channel volume MSB) with 128 and adding the value
+     * of controller 39 (0x27, channel volume LSB).
+     * <p>
+     * If the device does not support setting a specific controller, this method
+     * returns 0 for that controller. Calling {@code controlChange} will have no
+     * effect then.
      *
-     * If the device does not support setting a specific controller,
-     * this method returns 0 for that controller.
-     * Calling <code>controlChange</code> will have no effect then.
-     *
-     * @param controller the number of the controller whose value is desired.
-     * The allowed range is 0-127; see the MIDI
-     * 1.0 Specification for the interpretation.
-     *
+     * @param  controller the number of the controller whose value is desired.
+     *         The allowed range is 0-127; see the MIDI 1.0 Specification for
+     *         the interpretation.
      * @return the current value of the specified controller (0 to 127)
-     *
      * @see #controlChange(int, int)
      */
-    public int getController(int controller);
+    int getController(int controller);
 
     /**
-     * Changes a program (patch).  This selects a specific
-     * instrument from the currently selected bank of instruments.
+     * Changes a program (patch). This selects a specific instrument from the
+     * currently selected bank of instruments.
      * <p>
-     * The MIDI specification does not
-     * dictate whether notes that are already sounding should switch
-     * to the new instrument (timbre) or continue with their original timbre
-     * until terminated by a note-off.
+     * The MIDI specification does not dictate whether notes that are already
+     * sounding should switch to the new instrument (timbre) or continue with
+     * their original timbre until terminated by a note-off.
      * <p>
-     * The program number is zero-based (expressed from 0 to 127).
-     * Note that MIDI hardware displays and literature about MIDI
-     * typically use the range 1 to 128 instead.
+     * The program number is zero-based (expressed from 0 to 127). Note that
+     * MIDI hardware displays and literature about MIDI typically use the range
+     * 1 to 128 instead.
+     * <p>
+     * It is possible that the underlying synthesizer does not support a
+     * specific program. In order to verify that a call to {@code programChange}
+     * was successful, use {@code getProgram}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support a specific program. In order
-     * to verify that a call to <code>programChange</code>
-     * was successful, use <code>getProgram</code>.
-     *
-     * @param program the program number to switch to (0 to 127)
-     *
+     * @param  program the program number to switch to (0 to 127)
      * @see #programChange(int, int)
      * @see #getProgram()
      */
-    public void programChange(int program);
+    void programChange(int program);
 
     /**
      * Changes the program using bank and program (patch) numbers.
-     *
-     * It is possible that the underlying synthesizer
-     * does not support a specific bank, or program. In order
-     * to verify that a call to <code>programChange</code>
-     * was successful, use <code>getProgram</code> and
-     * <code>getController</code>.
-     * Since banks are changed by way of control changes,
-     * you can verify the current bank with the following
-     * statement:
+     * <p>
+     * It is possible that the underlying synthesizer does not support a
+     * specific bank, or program. In order to verify that a call to
+     * {@code programChange} was successful, use {@code getProgram} and
+     * {@code getController}. Since banks are changed by way of control changes,
+     * you can verify the current bank with the following statement:
      * <pre>
-     *   int bank = (getController(0) * 128)
-     *              + getController(32);
+     *   int bank = (getController(0) * 128) + getController(32);
      * </pre>
      *
-     * @param bank the bank number to switch to (0 to 16383)
-     * @param program the program (patch) to use in the specified bank (0 to 127)
+     * @param  bank the bank number to switch to (0 to 16383)
+     * @param  program the program (patch) to use in the specified bank
+     *         (0 to 127)
      * @see #programChange(int)
      * @see #getProgram()
      */
-    public void programChange(int bank, int program);
+    void programChange(int bank, int program);
 
     /**
      * Obtains the current program number for this channel.
+     *
      * @return the program number of the currently selected patch
      * @see Patch#getProgram
      * @see Synthesizer#loadInstrument
      * @see #programChange(int)
      */
-    public int getProgram();
+    int getProgram();
 
     /**
-     * Changes the pitch offset for all notes on this channel.
-     * This affects all currently sounding notes as well as subsequent ones.
-     * (For pitch bend to cease, the value needs to be reset to the
-     * center position.)
-     * <p> The MIDI specification
-     * stipulates that pitch bend be a 14-bit value, where zero
-     * is maximum downward bend, 16383 is maximum upward bend, and
-     * 8192 is the center (no pitch bend).  The actual
-     * amount of pitch change is not specified; it can be changed by
-     * a pitch-bend sensitivity setting.  However, the General MIDI
-     * specification says that the default range should be two semitones
-     * up and down from center.
+     * Changes the pitch offset for all notes on this channel. This affects all
+     * currently sounding notes as well as subsequent ones. (For pitch bend to
+     * cease, the value needs to be reset to the center position.)
+     * <p>
+     * The MIDI specification stipulates that pitch bend be a 14-bit value,
+     * where zero is maximum downward bend, 16383 is maximum upward bend, and
+     * 8192 is the center (no pitch bend). The actual amount of pitch change is
+     * not specified; it can be changed by a pitch-bend sensitivity setting.
+     * However, the General MIDI specification says that the default range
+     * should be two semitones up and down from center.
+     * <p>
+     * It is possible that the underlying synthesizer does not support this MIDI
+     * message. In order to verify that {@code setPitchBend} was successful, use
+     * {@code getPitchBend}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support this MIDI message. In order
-     * to verify that <code>setPitchBend</code>
-     * was successful, use <code>getPitchBend</code>.
-     *
-     * @param bend the amount of pitch change, as a nonnegative 14-bit value
-     * (8192 = no bend)
-     *
+     * @param  bend the amount of pitch change, as a nonnegative 14-bit value
+     *         (8192 = no bend)
      * @see #getPitchBend
      */
-    public void setPitchBend(int bend);
+    void setPitchBend(int bend);
 
     /**
-     * Obtains the upward or downward pitch offset for this channel.
-     * If the device does not support setting pitch bend,
-     * this method always returns 8192. Calling
-     * <code>setPitchBend</code> will have no effect then.
+     * Obtains the upward or downward pitch offset for this channel. If the
+     * device does not support setting pitch bend, this method always returns
+     * 8192. Calling {@code setPitchBend} will have no effect then.
      *
      * @return bend amount, as a nonnegative 14-bit value (8192 = no bend)
-     *
      * @see #setPitchBend(int)
      */
-    public int getPitchBend();
+    int getPitchBend();
 
     /**
      * Resets all the implemented controllers to their default values.
      *
      * @see #controlChange(int, int)
      */
-    public void resetAllControllers();
+    void resetAllControllers();
 
     /**
-     * Turns off all notes that are currently sounding on this channel.
-     * The notes might not die away instantaneously; their decay
-     * rate is determined by the internals of the <code>Instrument</code>.
-     * If the Hold Pedal controller (see
-     * {@link #controlChange(int, int) controlChange})
-     * is down, the effect of this method is deferred until the pedal is
-     * released.
+     * Turns off all notes that are currently sounding on this channel. The
+     * notes might not die away instantaneously; their decay rate is determined
+     * by the internals of the {@code Instrument}. If the Hold Pedal controller
+     * (see {@link #controlChange(int, int) controlChange}) is down, the effect
+     * of this method is deferred until the pedal is released.
      *
      * @see #allSoundOff
      * @see #noteOff(int)
      */
-    public void allNotesOff();
+    void allNotesOff();
 
     /**
      * Immediately turns off all sounding notes on this channel, ignoring the
      * state of the Hold Pedal and the internal decay rate of the current
-     * <code>Instrument</code>.
+     * {@code Instrument}.
      *
      * @see #allNotesOff
      */
-    public void allSoundOff();
+    void allSoundOff();
 
     /**
-     * Turns local control on or off.  The default is for local control
-     * to be on.  The "on" setting means that if a device is capable
-     * of both synthesizing sound and transmitting MIDI messages,
-     * it will synthesize sound in response to the note-on and
-     * note-off messages that it itself transmits.  It will also respond
-     * to messages received from other transmitting devices.
-     * The "off" setting means that the synthesizer will ignore its
-     * own transmitted MIDI messages, but not those received from other devices.
+     * Turns local control on or off. The default is for local control to be on.
+     * The "on" setting means that if a device is capable of both synthesizing
+     * sound and transmitting MIDI messages, it will synthesize sound in
+     * response to the note-on and note-off messages that it itself transmits.
+     * It will also respond to messages received from other transmitting
+     * devices. The "off" setting means that the synthesizer will ignore its own
+     * transmitted MIDI messages, but not those received from other devices.
+     * <p>
+     * It is possible that the underlying synthesizer does not support local
+     * control. In order to verify that a call to {@code localControl} was
+     * successful, check the return value.
      *
-     * It is possible that the underlying synthesizer
-     * does not support local control. In order
-     * to verify that a call to <code>localControl</code>
-     * was successful, check the return value.
-     *
-     * @param on <code>true</code> to turn local control on, <code>false</code>
-     *  to turn local control off
-     * @return the new local-control value, or false
-     *         if local control is not supported
-     *
+     * @param  on {@code true} to turn local control on, {@code false} to turn
+     *         local control off
+     * @return the new local-control value, or false if local control is not
+     *         supported
      */
-    public boolean localControl(boolean on);
+    boolean localControl(boolean on);
 
     /**
-     * Turns mono mode on or off.  In mono mode, the channel synthesizes
-     * only one note at a time.  In poly mode (identical to mono mode off),
-     * the channel can synthesize multiple notes simultaneously.
-     * The default is mono off (poly mode on).
+     * Turns mono mode on or off. In mono mode, the channel synthesizes only one
+     * note at a time. In poly mode (identical to mono mode off), the channel
+     * can synthesize multiple notes simultaneously. The default is mono off
+     * (poly mode on).
      * <p>
-     * "Mono" is short for the word "monophonic," which in this context
-     * is opposed to the word "polyphonic" and refers to a single synthesizer
-     * voice per MIDI channel.  It
-     * has nothing to do with how many audio channels there might be
-     * (as in "monophonic" versus "stereophonic" recordings).
+     * "Mono" is short for the word "monophonic," which in this context is
+     * opposed to the word "polyphonic" and refers to a single synthesizer voice
+     * per MIDI channel. It has nothing to do with how many audio channels there
+     * might be (as in "monophonic" versus "stereophonic" recordings).
+     * <p>
+     * It is possible that the underlying synthesizer does not support mono
+     * mode. In order to verify that a call to {@code setMono} was successful,
+     * use {@code getMono}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support mono mode. In order
-     * to verify that a call to <code>setMono</code>
-     * was successful, use <code>getMono</code>.
-     *
-     * @param on <code>true</code> to turn mono mode on, <code>false</code> to
-     * turn it off (which means turning poly mode on).
-     *
+     * @param  on {@code true} to turn mono mode on, {@code false} to turn it
+     *         off (which means turning poly mode on)
      * @see #getMono
      * @see VoiceStatus
      */
-    public void setMono(boolean on);
+    void setMono(boolean on);
 
     /**
-     * Obtains the current mono/poly mode.
-     * Synthesizers that do not allow changing mono/poly mode
-     * will always return the same value, regardless
-     * of calls to <code>setMono</code>.
-     * @return <code>true</code> if mono mode is on, otherwise
-     * <code>false</code> (meaning poly mode is on).
+     * Obtains the current mono/poly mode. Synthesizers that do not allow
+     * changing mono/poly mode will always return the same value, regardless of
+     * calls to {@code setMono}.
      *
+     * @return {@code true} if mono mode is on, otherwise {@code false} (meaning
+     *         poly mode is on)
      * @see #setMono(boolean)
      */
-    public boolean getMono();
+    boolean getMono();
 
     /**
-     * Turns omni mode on or off.  In omni mode, the channel responds
-     * to messages sent on all channels.  When omni is off, the channel
-     * responds only to messages sent on its channel number.
-     * The default is omni off.
+     * Turns omni mode on or off. In omni mode, the channel responds to messages
+     * sent on all channels. When omni is off, the channel responds only to
+     * messages sent on its channel number. The default is omni off.
+     * <p>
+     * It is possible that the underlying synthesizer does not support omni
+     * mode. In order to verify that {@code setOmni} was successful, use
+     * {@code getOmni}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support omni mode. In order
-     * to verify that <code>setOmni</code>
-     * was successful, use <code>getOmni</code>.
-     *
-     * @param on <code>true</code> to turn omni mode on, <code>false</code> to
-     * turn it off.
-     *
+     * @param  on {@code true} to turn omni mode on, {@code false} to turn it
+     *         off
      * @see #getOmni
      * @see VoiceStatus
      */
-    public void setOmni(boolean on);
+    void setOmni(boolean on);
 
     /**
-     * Obtains the current omni mode.
-     * Synthesizers that do not allow changing the omni mode
-     * will always return the same value, regardless
-     * of calls to <code>setOmni</code>.
-     * @return <code>true</code> if omni mode is on, otherwise
-     * <code>false</code> (meaning omni mode is off).
+     * Obtains the current omni mode. Synthesizers that do not allow changing
+     * the omni mode will always return the same value, regardless of calls to
+     * {@code setOmni}.
      *
+     * @return {@code true} if omni mode is on, otherwise {@code false} (meaning
+     *         omni mode is off)
      * @see #setOmni(boolean)
      */
-    public boolean getOmni();
+    boolean getOmni();
 
     /**
-     * Sets the mute state for this channel. A value of
-     * <code>true</code> means the channel is to be muted, <code>false</code>
-     * means the channel can sound (if other channels are not soloed).
+     * Sets the mute state for this channel. A value of {@code true} means the
+     * channel is to be muted, {@code false} means the channel can sound (if
+     * other channels are not soloed).
      * <p>
-     * Unlike {@link #allSoundOff()}, this method
-     * applies to only a specific channel, not to all channels.  Further, it
-     * silences not only currently sounding notes, but also subsequently
-     * received notes.
+     * Unlike {@link #allSoundOff()}, this method applies to only a specific
+     * channel, not to all channels. Further, it silences not only currently
+     * sounding notes, but also subsequently received notes.
+     * <p>
+     * It is possible that the underlying synthesizer does not support muting
+     * channels. In order to verify that a call to {@code setMute} was
+     * successful, use {@code getMute}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support muting channels. In order
-     * to verify that a call to <code>setMute</code>
-     * was successful, use <code>getMute</code>.
-     *
-     * @param mute the new mute state
-     *
+     * @param  mute the new mute state
      * @see #getMute
      * @see #setSolo(boolean)
      */
-    public void setMute(boolean mute);
+    void setMute(boolean mute);
 
     /**
-     * Obtains the current mute state for this channel.
-     * If the underlying synthesizer does not support
-     * muting this channel, this method always returns
-     * <code>false</code>.
+     * Obtains the current mute state for this channel. If the underlying
+     * synthesizer does not support muting this channel, this method always
+     * returns {@code false}.
      *
-     * @return <code>true</code> the channel is muted,
-     *         or <code>false</code> if not
-     *
+     * @return {@code true} the channel is muted, or {@code false} if not
      * @see #setMute(boolean)
      */
-    public boolean getMute();
+    boolean getMute();
 
     /**
-     * Sets the solo state for this channel.
-     * If <code>solo</code> is <code>true</code> only this channel
-     * and other soloed channels will sound. If <code>solo</code>
-     * is <code>false</code> then only other soloed channels will
-     * sound, unless no channels are soloed, in which case all
-     * unmuted channels will sound.
+     * Sets the solo state for this channel. If {@code solo} is {@code true}
+     * only this channel and other soloed channels will sound. If {@code solo}
+     * is {@code false} then only other soloed channels will sound, unless no
+     * channels are soloed, in which case all unmuted channels will sound.
+     * <p>
+     * It is possible that the underlying synthesizer does not support solo
+     * channels. In order to verify that a call to {@code setSolo} was
+     * successful, use {@code getSolo}.
      *
-     * It is possible that the underlying synthesizer
-     * does not support solo channels. In order
-     * to verify that a call to <code>setSolo</code>
-     * was successful, use <code>getSolo</code>.
-     *
-     * @param soloState new solo state for the channel
+     * @param  soloState new solo state for the channel
      * @see #getSolo()
      */
-    public void setSolo(boolean soloState);
+    void setSolo(boolean soloState);
 
     /**
-     * Obtains the current solo state for this channel.
-     * If the underlying synthesizer does not support
-     * solo on this channel, this method always returns
-     * <code>false</code>.
+     * Obtains the current solo state for this channel. If the underlying
+     * synthesizer does not support solo on this channel, this method always
+     * returns {@code false}.
      *
-     * @return <code>true</code> the channel is solo,
-     *         or <code>false</code> if not
-     *
+     * @return {@code true} the channel is solo, or {@code false} if not
      * @see #setSolo(boolean)
      */
-    public boolean getSolo();
+    boolean getSolo();
 }
--- a/src/java.desktop/share/classes/javax/sound/midi/MidiDevice.java	Thu Aug 21 14:16:26 2014 -0700
+++ b/src/java.desktop/share/classes/javax/sound/midi/MidiDevice.java	Thu Aug 28 14:54:07 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,64 +27,52 @@
 
 import java.util.List;
 
- /**
- * <code>MidiDevice</code> is the base interface for all MIDI devices.
- * Common devices include synthesizers, sequencers, MIDI input ports, and MIDI
- * output ports.
- *
- * <p>A <code>MidiDevice</code> can be a transmitter or a receiver of
- * MIDI events, or both. Therefore, it can provide {@link Transmitter}
- * or {@link Receiver} instances (or both). Typically, MIDI IN ports
- * provide transmitters, MIDI OUT ports and synthesizers provide
- * receivers. A Sequencer typically provides transmitters for playback
- * and receivers for recording.
- *
- * <p>A <code>MidiDevice</code> can be opened and closed explicitly as
- * well as implicitly. Explicit opening is accomplished by calling
- * {@link #open}, explicit closing is done by calling {@link
- * #close} on the <code>MidiDevice</code> instance.
- * If an application opens a <code>MidiDevice</code>
- * explicitly, it has to close it explicitly to free system resources
- * and enable the application to exit cleanly. Implicit opening is
- * done by calling {@link javax.sound.midi.MidiSystem#getReceiver
- * MidiSystem.getReceiver} and {@link
- * javax.sound.midi.MidiSystem#getTransmitter
- * MidiSystem.getTransmitter}. The <code>MidiDevice</code> used by
- * <code>MidiSystem.getReceiver</code> and
- * <code>MidiSystem.getTransmitter</code> is implementation-dependant
- * unless the properties <code>javax.sound.midi.Receiver</code>
- * and <code>javax.sound.midi.Transmitter</code> are used (see the
- * description of properties to select default providers in
- * {@link javax.sound.midi.MidiSystem}). A <code>MidiDevice</code>
- * that was opened implicitly, is closed implicitly by closing the
- * <code>Receiver</code> or <code>Transmitter</code> that resulted in
- * opening it. If more than one implicitly opening
- * <code>Receiver</code> or <code>Transmitter</code> were obtained by
- * the application, the device is closed after the last
- * <code>Receiver</code> or <code>Transmitter</code> has been
- * closed. On the other hand, calling <code>getReceiver</code> or
- * <code>getTransmitter</code> on the device instance directly does
- * not open the device implicitly. Closing these
- * <code>Transmitter</code>s and <code>Receiver</code>s does not close
- * the device implicitly. To use a device with <code>Receiver</code>s
- * or <code>Transmitter</code>s obtained this way, the device has to
- * be opened and closed explicitly.
- *
- * <p>If implicit and explicit opening and closing are mixed on the
- * same <code>MidiDevice</code> instance, the following rules apply:
+/**
+ * {@code MidiDevice} is the base interface for all MIDI devices. Common devices
+ * include synthesizers, sequencers, MIDI input ports, and MIDI output ports.
+ * <p>
+ * A {@code MidiDevice} can be a transmitter or a receiver of MIDI events, or
+ * both. Therefore, it can provide {@link Transmitter} or {@link Receiver}
+ * instances (or both). Typically, MIDI IN ports provide transmitters, MIDI OUT
+ * ports and synthesizers provide receivers. A Sequencer typically provides
+ * transmitters for playback and receivers for recording.
+ * <p>
+ * A {@code MidiDevice} can be opened and closed explicitly as well as
+ * implicitly. Explicit opening is accomplished by calling {@link #open},
+ * explicit closing is done by calling {@link #close} on the {@code MidiDevice}
+ * instance. If an application opens a {@code MidiDevice} explicitly, it has to
+ * close it explicitly to free system resources and enable the application to
+ * exit cleanly. Implicit opening is done by calling
+ * {@link MidiSystem#getReceiver} and {@link MidiSystem#getTransmitter}. The
+ * {@code MidiDevice} used by {@code MidiSystem.getReceiver} and
+ * {@code MidiSystem.getTransmitter} is implementation-dependant unless the
+ * properties {@code javax.sound.midi.Receiver} and
+ * {@code javax.sound.midi.Transmitter} are used (see the description of
+ * properties to select default providers in {@link MidiSystem}). A
+ * {@code MidiDevice} that was opened implicitly, is closed implicitly by
+ * closing the {@code Receiver} or {@code Transmitter} that resulted in opening
+ * it. If more than one implicitly opening {@code Receiver} or
+ * {@code Transmitter} were obtained by the application, the device is closed
+ * after the last {@code Receiver} or {@code Transmitter} has been closed. On
+ * the other hand, calling {@code getReceiver} or {@code getTransmitter} on the
+ * device instance directly does not open the device implicitly. Closing these
+ * {@code Transmitter}s and {@code Receiver}s does not close the device
+ * implicitly. To use a device with {@code Receiver}s or {@code Transmitter}s
+ * obtained this way, the device has to be opened and closed explicitly.
+ * <p>
+ * If implicit and explicit opening and closing are mixed on the same
+ * {@code MidiDevice} instance, the following rules apply:
  *
  * <ul>
- * <li>After an explicit open (either before or after implicit
- * opens), the device will not be closed by implicit closing. The only
- * way to close an explicitly opened device is an explicit close.</li>
- *
- * <li>An explicit close always closes the device, even if it also has
- * been opened implicitly. A subsequent implicit close has no further
- * effect.</li>
+ * <li>After an explicit open (either before or after implicit opens), the
+ * device will not be closed by implicit closing. The only way to close an
+ * explicitly opened device is an explicit close.</li>
+ * <li>An explicit close always closes the device, even if it also has been
+ * opened implicitly. A subsequent implicit close has no further effect.</li>
  * </ul>
  *
- * To detect if a MidiDevice represents a hardware MIDI port, the
- * following programming technique can be used:
+ * To detect if a MidiDevice represents a hardware MIDI port, the following
+ * programming technique can be used:
  *
  * <pre>{@code
  * MidiDevice device = ...;
@@ -95,193 +83,171 @@
  * }</pre>
  *
  * <p>
- * A <code>MidiDevice</code> includes a <code>{@link MidiDevice.Info}</code> object
- * to provide manufacturer information and so on.
+ * A {@code MidiDevice} includes a {@link Info} object to provide manufacturer
+ * information and so on.
  *
+ * @author Kara Kytle
+ * @author Florian Bomers
  * @see Synthesizer
  * @see Sequencer
  * @see Receiver
  * @see Transmitter
- *
- * @author Kara Kytle
- * @author Florian Bomers
  */
-
 public interface MidiDevice extends AutoCloseable {
 
-
     /**
      * Obtains information about the device, including its Java class and
-     * <code>Strings</code> containing its name, vendor, and description.
+     * {@code Strings} containing its name, vendor, and description.
      *
      * @return device info
      */
-    public Info getDeviceInfo();
-
+    Info getDeviceInfo();
 
     /**
-     * Opens the device, indicating that it should now acquire any
-     * system resources it requires and become operational.
+     * Opens the device, indicating that it should now acquire any system
+     * resources it requires and become operational.
+     * <p>
+     * An application opening a device explicitly with this call has to close
+     * the device by calling {@link #close}. This is necessary to release system
+     * resources and allow applications to exit cleanly.
+     * <p>
+     * Note that some devices, once closed, cannot be reopened. Attempts to
+     * reopen such a device will always result in a MidiUnavailableException.
      *
-     * <p>An application opening a device explicitly with this call
-     * has to close the device by calling {@link #close}. This is
-     * necessary to release system resources and allow applications to
-     * exit cleanly.
-     *
-     * <p>
-     * Note that some devices, once closed, cannot be reopened.  Attempts
-     * to reopen such a device will always result in a MidiUnavailableException.
-     *
-     * @throws MidiUnavailableException thrown if the device cannot be
-     * opened due to resource restrictions.
-     * @throws SecurityException thrown if the device cannot be
-     * opened due to security restrictions.
-     *
+     * @throws MidiUnavailableException thrown if the device cannot be opened
+     *         due to resource restrictions
+     * @throws SecurityException thrown if the device cannot be opened due to
+     *         security restrictions
      * @see #close
      * @see #isOpen
      */
-    public void open() throws MidiUnavailableException;
-
+    void open() throws MidiUnavailableException;
 
     /**
-     * Closes the device, indicating that the device should now release
-     * any system resources it is using.
-     *
-     * <p>All <code>Receiver</code> and <code>Transmitter</code> instances
-     * open from this device are closed. This includes instances retrieved
-     * via <code>MidiSystem</code>.
+     * Closes the device, indicating that the device should now release any
+     * system resources it is using.
+     * <p>
+     * All {@code Receiver} and {@code Transmitter} instances open from this
+     * device are closed. This includes instances retrieved via
+     * {@code MidiSystem}.
      *
      * @see #open
      * @see #isOpen
      */
-    public void close();
-
+    void close();
 
     /**
      * Reports whether the device is open.
      *
-     * @return <code>true</code> if the device is open, otherwise
-     * <code>false</code>
+     * @return {@code true} if the device is open, otherwise {@code false}
      * @see #open
      * @see #close
      */
-    public boolean isOpen();
-
+    boolean isOpen();
 
     /**
-     * Obtains the current time-stamp of the device, in microseconds.
-     * If a device supports time-stamps, it should start counting at
-     * 0 when the device is opened and continue incrementing its
-     * time-stamp in microseconds until the device is closed.
-     * If it does not support time-stamps, it should always return
-     * -1.
-     * @return the current time-stamp of the device in microseconds,
-     * or -1 if time-stamping is not supported by the device.
+     * Obtains the current time-stamp of the device, in microseconds. If a
+     * device supports time-stamps, it should start counting at 0 when the
+     * device is opened and continue incrementing its time-stamp in microseconds
+     * until the device is closed. If it does not support time-stamps, it should
+     * always return -1.
+     *
+     * @return the current time-stamp of the device in microseconds, or -1 if
+     *         time-stamping is not supported by the device
      */
-    public long getMicrosecondPosition();
-
+    long getMicrosecondPosition();
 
     /**
-     * Obtains the maximum number of MIDI IN connections available on this
-     * MIDI device for receiving MIDI data.
-     * @return maximum number of MIDI IN connections,
-     * or -1 if an unlimited number of connections is available.
+     * Obtains the maximum number of MIDI IN connections available on this MIDI
+     * device for receiving MIDI data.
+     *
+     * @return maximum number of MIDI IN connections, or -1 if an unlimited
+     *         number of connections is available
      */
-    public int getMaxReceivers();
-
+    int getMaxReceivers();
 
     /**
-     * Obtains the maximum number of MIDI OUT connections available on this
-     * MIDI device for transmitting MIDI data.
-     * @return maximum number of MIDI OUT connections,
-     * or -1 if an unlimited number of connections is available.
+     * Obtains the maximum number of MIDI OUT connections available on this MIDI
+     * device for transmitting MIDI data.
+     *
+     * @return maximum number of MIDI OUT connections, or -1 if an unlimited
+     *         number of connections is available
      */
-    public int getMaxTransmitters();
-
+    int getMaxTransmitters();
 
     /**
-     * Obtains a MIDI IN receiver through which the MIDI device may receive
-     * MIDI data.  The returned receiver must be closed when the application
-     * has finished using it.
+     * Obtains a MIDI IN receiver through which the MIDI device may receive MIDI
+     * data. The returned receiver must be closed when the application has
+     * finished using it.
+     * <p>
+     * Usually the returned receiver implements the {@code MidiDeviceReceiver}
+     * interface.
+     * <p>
+     * Obtaining a {@code Receiver} with this method does not open the device.
+     * To be able to use the device, it has to be opened explicitly by calling
+     * {@link #open}. Also, closing the {@code Receiver} does not close the
+     * device. It has to be closed explicitly by calling {@link #close}.
      *
-     * <p>Usually the returned receiver implements
-     * the {@code MidiDeviceReceiver} interface.
-     *
-     * <p>Obtaining a <code>Receiver</code> with this method does not
-     * open the device. To be able to use the device, it has to be
-     * opened explicitly by calling {@link #open}. Also, closing the
-     * <code>Receiver</code> does not close the device. It has to be
-     * closed explicitly by calling {@link #close}.
-     *
-     * @return a receiver for the device.
+     * @return a receiver for the device
      * @throws MidiUnavailableException thrown if a receiver is not available
-     * due to resource restrictions
+     *         due to resource restrictions
      * @see Receiver#close()
      */
-    public Receiver getReceiver() throws MidiUnavailableException;
-
+    Receiver getReceiver() throws MidiUnavailableException;
 
     /**
-     * Returns all currently active, non-closed receivers
-     * connected with this MidiDevice.
-     * A receiver can be removed
-     * from the device by closing it.
-     *
-     * <p>Usually the returned receivers implement
-     * the {@code MidiDeviceReceiver} interface.
+     * Returns all currently active, non-closed receivers connected with this
+     * MidiDevice. A receiver can be removed from the device by closing it.
+     * <p>
+     * Usually the returned receivers implement the {@code MidiDeviceReceiver}
+     * interface.
      *
      * @return an unmodifiable list of the open receivers
      * @since 1.5
      */
     List<Receiver> getReceivers();
 
+    /**
+     * Obtains a MIDI OUT connection from which the MIDI device will transmit
+     * MIDI data. The returned transmitter must be closed when the application
+     * has finished using it.
+     * <p>
+     * Usually the returned transmitter implements the
+     * {@code MidiDeviceTransmitter} interface.
+     * <p>
+     * Obtaining a {@code Transmitter} with this method does not open the
+     * device. To be able to use the device, it has to be opened explicitly by
+     * calling {@link #open}. Also, closing the {@code Transmitter} does not
+     * close the device. It has to be closed explicitly by calling
+     * {@link #close}.
+     *
+     * @return a MIDI OUT transmitter for the device
+     * @throws MidiUnavailableException thrown if a transmitter is not available
+     *         due to resource restrictions
+     * @see Transmitter#close()
+     */
+    Transmitter getTransmitter() throws MidiUnavailableException;
 
     /**
-     * Obtains a MIDI OUT connection from which the MIDI device will transmit
-     * MIDI data  The returned transmitter must be closed when the application
-     * has finished using it.
-     *
-     * <p>Usually the returned transmitter implements
-     * the {@code MidiDeviceTransmitter} interface.
-     *
-     * <p>Obtaining a <code>Transmitter</code> with this method does not
-     * open the device. To be able to use the device, it has to be
-     * opened explicitly by calling {@link #open}. Also, closing the
-     * <code>Transmitter</code> does not close the device. It has to be
-     * closed explicitly by calling {@link #close}.
-     *
-     * @return a MIDI OUT transmitter for the device.
-     * @throws MidiUnavailableException thrown if a transmitter is not available
-     * due to resource restrictions
-     * @see Transmitter#close()
-     */
-    public Transmitter getTransmitter() throws MidiUnavailableException;
-
-
-    /**
-     * Returns all currently active, non-closed transmitters
-     * connected with this MidiDevice.
-     * A transmitter can be removed
-     * from the device by closing it.
-     *
-     * <p>Usually the returned transmitters implement
-     * the {@code MidiDeviceTransmitter} interface.
+     * Returns all currently active, non-closed transmitters connected with this
+     * MidiDevice. A transmitter can be removed from the device by closing it.
+     * <p>
+     * Usually the returned transmitters implement the
+     * {@code MidiDeviceTransmitter} interface.
      *
      * @return an unmodifiable list of the open transmitters
      * @since 1.5
      */
     List<Transmitter> getTransmitters();
 
-
-
     /**
-     * A <code>MidiDevice.Info</code> object contains assorted
-     * data about a <code>{@link MidiDevice}</code>, including its
-     * name, the company who created it, and descriptive text.
+     * A {@code MidiDevice.Info} object contains assorted data about a
+     * {@link MidiDevice}, including its name, the company who created it, and
+     * descriptive text.
      *
      * @see MidiDevice#getDeviceInfo
      */
-    public static class Info {
+    class Info {
 
         /**
          * The device's name.
@@ -303,16 +269,16 @@
          */
         private String version;
 
-
         /**
          * Constructs a device info object.
          *
-         * @param name the name of the device
-         * @param vendor the name of the company who provides the device
-         * @param description a description of the device
-         * @param version version information for the device
+         * @param  name the name of the device
+         * @param  vendor the name of the company who provides the device
+         * @param  description a description of the device
+         * @param  version version information for the device
          */
-        protected Info(String name, String vendor, String description, String version) {
+        protected Info(String name, String vendor, String description,
+                       String version) {
 
             this.name = name;
             this.vendor = vendor;
@@ -320,20 +286,18 @@
             this.version = version;
         }
 
-
         /**
-         * Reports whether t