path: root/java/openjdk8/files/patch-8u25-b17

--- ./.hgtags	Wed Jul 30 03:50:56 2014 -0700
+++ ./.hgtags	Wed Sep 17 11:23:18 2014 -0700
@@ -313,3 +313,21 @@
 b14daf2459c5430dfe5d435483d6f424cff09584 jdk8u20-b23
 1710841b0229403f4af85eac8b68ea5065a26c81 jdk8u20-b24
 1710841b0229403f4af85eac8b68ea5065a26c81 jdk8u20-b25
+d1a7ea2c3e1091e0df1285963328a96f475f240d jdk8u20-b26
+97c6d6a8e5bb3dfc24b9a32711aa0906ea110e23 jdk8u25-b00
+c4cfb4376f5916c5d7eb1f39a0e23402de0d9818 jdk8u25-b01
+b4d29a751077e5500e766b8104dd1cb7148a550f jdk8u25-b02
+d3df54be114a5c41d4881b61cd42fbb0e52aaf4a jdk8u25-b03
+64e7567a8539078a678853a384340eee469168b0 jdk8u25-b04
+6de13ae93be20b97f53e3837739947d59fb4fd65 jdk8u25-b05
+69d17ee59c0e77033aca293501a642d0abc20c85 jdk8u25-b06
+561d066eaa6428088b4f7e273a8caed90e8f6073 jdk8u25-b07
+c2a5ad21d01c5d921c4e928edcb14cc3d61eb62b jdk8u25-b08
+1249614d7f1d9bf8443f0abd0622b4d2a3ab0638 jdk8u25-b09
+0c5d41165be3f4bb989bd84283c2df3e37b9845d jdk8u25-b10
+cc5ab3e0fe815ae80bb52fa5affcb35ee0f51cff jdk8u25-b11
+c35e73e4acd8ed03e77e8e20023bac115c7dfe38 jdk8u25-b12
+5d990a43c996ef039c6619e55215d589e09d1022 jdk8u25-b13
+4429ea47ee6eca6b8a1dbda1950566ee821ba19d jdk8u25-b14
+09eaef69f384ecf8ec0342b87a8b150740941140 jdk8u25-b15
+f0a48c214c46b7351ff8e6d6b6dc533463a4be21 jdk8u25-b16
--- ./common/autoconf/generated-configure.sh	Wed Jul 30 03:50:56 2014 -0700
+++ ./common/autoconf/generated-configure.sh	Wed Sep 17 11:23:18 2014 -0700
@@ -3868,7 +3868,7 @@
 #CUSTOM_AUTOCONF_INCLUDE
 
 # Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1397150809
+DATE_WHEN_GENERATED=1410971760
 
 ###############################################################################
 #
--- ./make/Jprt.gmk	Wed Jul 30 03:50:56 2014 -0700
+++ ./make/Jprt.gmk	Wed Sep 17 11:23:18 2014 -0700
@@ -145,6 +145,9 @@
           ifdef ALT_INSTALL_UPX_FILENAME
 	    @$(ECHO) " --with-upx-filename=$(call UnixPath,$(ALT_INSTALL_UPX_FILENAME)) " >> $@.tmp
           endif
+          ifdef ALT_BSDIFF_DIR
+	    @$(ECHO) " --with-bsdiff-dir=$(call UnixPath,$(ALT_BSDIFF_DIR)) " >> $@.tmp
+          endif
           ifdef ALT_CCSS_SIGNING_DIR
 	    @$(ECHO) " --with-ccss-signing=$(call UnixPath,$(ALT_CCSS_SIGNING_DIR)) " >> $@.tmp
           endif
--- ./make/jprt.properties	Wed Jul 30 03:50:56 2014 -0700
+++ ./make/jprt.properties	Wed Sep 17 11:23:18 2014 -0700
@@ -25,8 +25,9 @@
 
 # Properties for jprt
 
-# Locked down to jdk8
-jprt.tools.default.release=jdk8
+# The current release name
+my.jdk.update.version=25
+jprt.tools.default.release=jdk8u${my.jdk.update.version}
 
 # Unix toolkit to use for building on windows
 jprt.windows.jdk8.build.unix.toolkit=cygwin
--- ./corba/.hgtags	Wed Jul 30 03:51:08 2014 -0700
+++ ./corba/.hgtags	Mon Sep 08 12:34:37 2014 -0700
@@ -311,3 +311,21 @@
 919405d7316dfcbddee5ad8dd08905916df88e04 jdk8u20-b23
 34c930eaa6b591621afde05ca2e24571c91cdc9b jdk8u20-b24
 34c930eaa6b591621afde05ca2e24571c91cdc9b jdk8u20-b25
+37bde23c96f66912c44b1b893c08d4ad4cff5f4e jdk8u20-b26
+08aa9f55fe5bce1f04cfd2958f71e8df18643e29 jdk8u25-b00
+31f50e3c0dcbdfa7f11a895179065e6888c2cf3c jdk8u25-b01
+162703b7c2f16ce00d1b54a8f95d12eda9753eba jdk8u25-b02
+ddaa2a3e452c8fbb1a7046e743096d0f9489290e jdk8u25-b03
+a76e6e02711edbfab4931dc679cbd3df6169ec84 jdk8u25-b04
+2fab01326282ee9033c089933b2dc46aef127abd jdk8u25-b05
+76068779ea16c40a9d3c14751a3bbd6c21f09cfd jdk8u25-b06
+db4d845d6a4d71ef5e48a8888f71375b0e21959f jdk8u25-b07
+afd9d9e1bbb5ab77c95a8750d2df164e05088d09 jdk8u25-b08
+1322b445ab39930c50c3901f6c439aad99a62fe8 jdk8u25-b09
+2e6da97d338ad5a65bf07f9d9648dcb74b5776b4 jdk8u25-b10
+11f77cdff0b2a07fd89f439b044d9f10a15f8fd5 jdk8u25-b11
+f560274aec4f42283c10070921afae403a153de2 jdk8u25-b12
+987bd55824c4794c8784a47fc45ecd18a9c2a5c8 jdk8u25-b13
+7e9a2027d0214019d66325fa7ca59cf8281fb43e jdk8u25-b14
+5b2cb4935667cd02d7974b3b6fb6bf4092b5acae jdk8u25-b15
+28d7f90e04e46ce8c633a2fbf0157d9e77db17c3 jdk8u25-b16
--- ./hotspot/.hgtags	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/.hgtags	Mon Sep 08 12:35:01 2014 -0700
@@ -500,3 +500,21 @@
 42ddd0bbcb6630fe463ec9bc1893c838d5edff1b jdk8u20-b24
 00cf2b6f51b9560b01030e8f4c28c466f0b21fe3 hs25.20-b23
 19408d5fd31c25ce60c43dd33e92b96e8df4a4ea jdk8u20-b25
+eaa4074a7e3975cd33ec55e6b584586e2ac681bd jdk8u20-b26
+a4d44dfb7d30eea54bc172e4429a655454ae0bbf jdk8u25-b00
+9a2152fbd929b0d8b2f5c326a5526214ae71731a jdk8u25-b01
+d3d5604ea0dea3812e87ba76ac199d0a8be6f49f jdk8u25-b02
+27348de6239bb527c37c0bf59e938ed127b619a7 jdk8u25-b03
+220eefb3609e250a0bb0ed26236c1213b8000050 jdk8u25-b04
+db8383148bc9417dd4c38fa4cea39510f17325f3 jdk8u25-b05
+605df8463453628df49351fa63632666f18698cd jdk8u25-b06
+520188d4bade17dbe75163d1f635c08168ea560c jdk8u25-b07
+f3f50c4f9ea5d3af40cb794b6f3f2a337c8873db jdk8u25-b08
+4f209b7a580c78bac255e69f4724c42584c32a7d jdk8u25-b09
+19c692f1e4c571a9285e33e7d3d15948769fcbdd jdk8u25-b10
+9e2bb00a81910776d5b16c49a3f4c5264ceab522 jdk8u25-b11
+2993491d47df8c4b096ea7fa534162bde8b53dcf jdk8u25-b12
+ca6d25be853b5c428c6228871316671843264666 jdk8u25-b13
+c77d5db189422e2eef0443ee212644e497113b18 jdk8u25-b14
+e62c06b887310b5bd23be9b817a9a6f0daf0d0e1 jdk8u25-b15
+6467bdd4d22d8b140844dc847c43b9ba7cb0bbd1 jdk8u25-b16
--- ./hotspot/make/bsd/makefiles/mapfile-vers-debug	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/make/bsd/makefiles/mapfile-vers-debug	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -82,6 +82,7 @@
                 _JVM_EnableCompiler
                 _JVM_Exit
                 _JVM_FillInStackTrace
+                _JVM_FindClassFromCaller
                 _JVM_FindClassFromClass
                 _JVM_FindClassFromClassLoader
                 _JVM_FindClassFromBootLoader
--- ./hotspot/make/bsd/makefiles/mapfile-vers-product	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/make/bsd/makefiles/mapfile-vers-product	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -82,6 +82,7 @@
                 _JVM_EnableCompiler
                 _JVM_Exit
                 _JVM_FillInStackTrace
+                _JVM_FindClassFromCaller
                 _JVM_FindClassFromClass
                 _JVM_FindClassFromClassLoader
                 _JVM_FindClassFromBootLoader
--- ./hotspot/make/hotspot_version	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/make/hotspot_version	Mon Sep 08 12:35:01 2014 -0700
@@ -34,8 +34,8 @@
 HOTSPOT_VM_COPYRIGHT=Copyright 2014
 
 HS_MAJOR_VER=25
-HS_MINOR_VER=20
-HS_BUILD_NUMBER=23
+HS_MINOR_VER=25
+HS_BUILD_NUMBER=02
 
 JDK_MAJOR_VER=1
 JDK_MINOR_VER=8
--- ./hotspot/make/linux/makefiles/mapfile-vers-debug	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/make/linux/makefiles/mapfile-vers-debug	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -84,6 +84,7 @@
                 JVM_EnableCompiler;
                 JVM_Exit;
                 JVM_FillInStackTrace;
+                JVM_FindClassFromCaller;
                 JVM_FindClassFromClass;
                 JVM_FindClassFromClassLoader;
                 JVM_FindClassFromBootLoader;
--- ./hotspot/make/linux/makefiles/mapfile-vers-product	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/make/linux/makefiles/mapfile-vers-product	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -84,6 +84,7 @@
                 JVM_EnableCompiler;
                 JVM_Exit;
                 JVM_FillInStackTrace;
+                JVM_FindClassFromCaller;
                 JVM_FindClassFromClass;
                 JVM_FindClassFromClassLoader;
                 JVM_FindClassFromBootLoader;
--- ./hotspot/make/solaris/makefiles/mapfile-vers	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/make/solaris/makefiles/mapfile-vers	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -84,6 +84,7 @@
                 JVM_EnableCompiler;
                 JVM_Exit;
                 JVM_FillInStackTrace;
+                JVM_FindClassFromCaller;
                 JVM_FindClassFromClass;
                 JVM_FindClassFromClassLoader;
                 JVM_FindClassFromBootLoader;
--- ./hotspot/src/share/vm/classfile/classFileParser.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/classFileParser.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -2780,11 +2780,6 @@
   ClassFileStream* cfs = stream();
   u1* current_start = cfs->current();
 
-  guarantee_property(attribute_byte_length > sizeof(u2),
-                     "Invalid BootstrapMethods attribute length %u in class file %s",
-                     attribute_byte_length,
-                     CHECK);
-
   cfs->guarantee_more(attribute_byte_length, CHECK);
 
   int attribute_array_length = cfs->get_u2_fast();
@@ -2831,6 +2826,11 @@
       "bootstrap_method_index %u has bad constant type in class file %s",
       bootstrap_method_index,
       CHECK);
+
+    guarantee_property((operand_fill_index + 1 + argument_count) < operands->length(),
+      "Invalid BootstrapMethods num_bootstrap_methods or num_bootstrap_arguments value in class file %s",
+      CHECK);
+
     operands->at_put(operand_fill_index++, bootstrap_method_index);
     operands->at_put(operand_fill_index++, argument_count);
 
@@ -2848,7 +2848,6 @@
   }
 
   assert(operand_fill_index == operands->length(), "exact fill");
-  assert(ConstantPool::operand_array_length(operands) == attribute_array_length, "correct decode");
 
   u1* current_end = cfs->current();
   guarantee_property(current_end == current_start + attribute_byte_length,
--- ./hotspot/src/share/vm/classfile/classLoader.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/classLoader.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -84,6 +84,7 @@
 typedef jboolean (JNICALL *ReadEntry_t)(jzfile *zip, jzentry *entry, unsigned char *buf, char *namebuf);
 typedef jboolean (JNICALL *ReadMappedEntry_t)(jzfile *zip, jzentry *entry, unsigned char **buf, char *namebuf);
 typedef jzentry* (JNICALL *GetNextEntry_t)(jzfile *zip, jint n);
+typedef jint     (JNICALL *Crc32_t)(jint crc, const jbyte *buf, jint len);
 
 static ZipOpen_t         ZipOpen            = NULL;
 static ZipClose_t        ZipClose           = NULL;
@@ -92,6 +93,7 @@
 static ReadMappedEntry_t ReadMappedEntry    = NULL;
 static GetNextEntry_t    GetNextEntry       = NULL;
 static canonicalize_fn_t CanonicalizeEntry  = NULL;
+static Crc32_t           Crc32              = NULL;
 
 // Globals
 
@@ -632,9 +634,11 @@
   ReadEntry    = CAST_TO_FN_PTR(ReadEntry_t, os::dll_lookup(handle, "ZIP_ReadEntry"));
   ReadMappedEntry = CAST_TO_FN_PTR(ReadMappedEntry_t, os::dll_lookup(handle, "ZIP_ReadMappedEntry"));
   GetNextEntry = CAST_TO_FN_PTR(GetNextEntry_t, os::dll_lookup(handle, "ZIP_GetNextEntry"));
+  Crc32        = CAST_TO_FN_PTR(Crc32_t, os::dll_lookup(handle, "ZIP_CRC32"));
 
   // ZIP_Close is not exported on Windows in JDK5.0 so don't abort if ZIP_Close is NULL
-  if (ZipOpen == NULL || FindEntry == NULL || ReadEntry == NULL || GetNextEntry == NULL) {
+  if (ZipOpen == NULL || FindEntry == NULL || ReadEntry == NULL ||
+      GetNextEntry == NULL || Crc32 == NULL) {
     vm_exit_during_initialization("Corrupted ZIP library", path);
   }
 
@@ -644,6 +648,11 @@
   // This lookup only works on 1.3. Do not check for non-null here
 }
 
+int ClassLoader::crc32(int crc, const char* buf, int len) {
+  assert(Crc32 != NULL, "ZIP_CRC32 is not found");
+  return (*Crc32)(crc, (const jbyte*)buf, len);
+}
+
 // PackageInfo data exists in order to support the java.lang.Package
 // class.  A Package object provides information about a java package
 // (version, vendor, etc.) which originates in the manifest of the jar
--- ./hotspot/src/share/vm/classfile/classLoader.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/classLoader.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -215,6 +215,7 @@
   // to avoid confusing the zip library
   static bool get_canonical_path(char* orig, char* out, int len);
  public:
+  static int crc32(int crc, const char* buf, int len);
   // Used by the kernel jvm.
   static void update_class_path_entry_list(char *path,
                                            bool check_for_duplicates);
--- ./hotspot/src/share/vm/classfile/stackMapFrame.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/stackMapFrame.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,21 +54,6 @@
   return frame;
 }
 
-bool StackMapFrame::has_new_object() const {
-  int32_t i;
-  for (i = 0; i < _max_locals; i++) {
-    if (_locals[i].is_uninitialized()) {
-      return true;
-    }
-  }
-  for (i = 0; i < _stack_size; i++) {
-    if (_stack[i].is_uninitialized()) {
-      return true;
-    }
-  }
-  return false;
-}
-
 void StackMapFrame::initialize_object(
     VerificationType old_object, VerificationType new_object) {
   int32_t i;
@@ -163,7 +148,7 @@
     VerificationType* from, VerificationType* to, int32_t len, TRAPS) const {
   int32_t i = 0;
   for (i = 0; i < len; i++) {
-    if (!to[i].is_assignable_from(from[i], verifier(), THREAD)) {
+    if (!to[i].is_assignable_from(from[i], verifier(), false, THREAD)) {
       break;
     }
   }
@@ -260,7 +245,7 @@
   }
   VerificationType top = _stack[--_stack_size];
   bool subtype = type.is_assignable_from(
-    top, verifier(), CHECK_(VerificationType::bogus_type()));
+    top, verifier(), false, CHECK_(VerificationType::bogus_type()));
   if (!subtype) {
     verifier()->verify_error(
         ErrorContext::bad_type(_offset, stack_top_ctx(),
@@ -280,7 +265,7 @@
     return VerificationType::bogus_type();
   }
   bool subtype = type.is_assignable_from(_locals[index],
-    verifier(), CHECK_(VerificationType::bogus_type()));
+    verifier(), false, CHECK_(VerificationType::bogus_type()));
   if (!subtype) {
     verifier()->verify_error(
         ErrorContext::bad_type(_offset,
@@ -303,14 +288,14 @@
         "get long/double overflows locals");
     return;
   }
-  bool subtype = type1.is_assignable_from(_locals[index], verifier(), CHECK);
+  bool subtype = type1.is_assignable_from(_locals[index], verifier(), false, CHECK);
   if (!subtype) {
     verifier()->verify_error(
         ErrorContext::bad_type(_offset,
             TypeOrigin::local(index, this), TypeOrigin::implicit(type1)),
         "Bad local variable type");
   } else {
-    subtype = type2.is_assignable_from(_locals[index + 1], verifier(), CHECK);
+    subtype = type2.is_assignable_from(_locals[index + 1], verifier(), false, CHECK);
     if (!subtype) {
       /* Unreachable? All local store routines convert a split long or double
        * into a TOP during the store.  So we should never end up seeing an
--- ./hotspot/src/share/vm/classfile/stackMapFrame.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/stackMapFrame.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -155,10 +155,6 @@
     const methodHandle m, VerificationType thisKlass, TRAPS);
 
   // Search local variable type array and stack type array.
-  // Return true if an uninitialized object is found.
-  bool has_new_object() const;
-
-  // Search local variable type array and stack type array.
   // Set every element with type of old_object to new_object.
   void initialize_object(
     VerificationType old_object, VerificationType new_object);
@@ -238,7 +234,7 @@
     if (_stack_size != 0) {
       VerificationType top = _stack[_stack_size - 1];
       bool subtype = type.is_assignable_from(
-        top, verifier(), CHECK_(VerificationType::bogus_type()));
+        top, verifier(), false, CHECK_(VerificationType::bogus_type()));
       if (subtype) {
         --_stack_size;
         return top;
@@ -253,9 +249,9 @@
     assert(type2.is_long() || type2.is_double(), "must be long/double_2");
     if (_stack_size >= 2) {
       VerificationType top1 = _stack[_stack_size - 1];
-      bool subtype1 = type1.is_assignable_from(top1, verifier(), CHECK);
+      bool subtype1 = type1.is_assignable_from(top1, verifier(), false, CHECK);
       VerificationType top2 = _stack[_stack_size - 2];
-      bool subtype2 = type2.is_assignable_from(top2, verifier(), CHECK);
+      bool subtype2 = type2.is_assignable_from(top2, verifier(), false, CHECK);
       if (subtype1 && subtype2) {
         _stack_size -= 2;
         return;
--- ./hotspot/src/share/vm/classfile/stackMapTable.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/stackMapTable.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -70,24 +70,26 @@
 
 bool StackMapTable::match_stackmap(
     StackMapFrame* frame, int32_t target,
-    bool match, bool update, ErrorContext* ctx, TRAPS) const {
+    bool match, bool update, bool handler, ErrorContext* ctx, TRAPS) const {
   int index = get_index_from_offset(target);
-  return match_stackmap(frame, target, index, match, update, ctx, THREAD);
+  return match_stackmap(frame, target, index, match, update, handler, ctx, THREAD);
 }
 
 // Match and/or update current_frame to the frame in stackmap table with
 // specified offset and frame index. Return true if the two frames match.
+// handler is true if the frame in stackmap_table is for an exception handler.
 //
-// The values of match and update are:                  _match__update_
+// The values of match and update are:                  _match__update__handler
 //
-// checking a branch target/exception handler:           true   false
+// checking a branch target:                             true   false   false
+// checking an exception handler:                        true   false   true
 // linear bytecode verification following an
-// unconditional branch:                                 false  true
+// unconditional branch:                                 false  true    false
 // linear bytecode verification not following an
-// unconditional branch:                                 true   true
+// unconditional branch:                                 true   true    false
 bool StackMapTable::match_stackmap(
     StackMapFrame* frame, int32_t target, int32_t frame_index,
-    bool match, bool update, ErrorContext* ctx, TRAPS) const {
+    bool match, bool update, bool handler, ErrorContext* ctx, TRAPS) const {
   if (frame_index < 0 || frame_index >= _frame_count) {
     *ctx = ErrorContext::missing_stackmap(frame->offset());
     frame->verifier()->verify_error(
@@ -98,11 +100,9 @@
   StackMapFrame *stackmap_frame = _frame_array[frame_index];
   bool result = true;
   if (match) {
-    // when checking handler target, match == true && update == false
-    bool is_exception_handler = !update;
     // Has direct control flow from last instruction, need to match the two
     // frames.
-    result = frame->is_assignable_to(stackmap_frame, is_exception_handler,
+    result = frame->is_assignable_to(stackmap_frame, handler,
         ctx, CHECK_VERIFY_(frame->verifier(), result));
   }
   if (update) {
@@ -126,24 +126,10 @@
     StackMapFrame* frame, int32_t target, TRAPS) const {
   ErrorContext ctx;
   bool match = match_stackmap(
-    frame, target, true, false, &ctx, CHECK_VERIFY(frame->verifier()));
+    frame, target, true, false, false, &ctx, CHECK_VERIFY(frame->verifier()));
   if (!match || (target < 0 || target >= _code_length)) {
     frame->verifier()->verify_error(ctx,
         "Inconsistent stackmap frames at branch target %d", target);
-    return;
-  }
-  // check if uninitialized objects exist on backward branches
-  check_new_object(frame, target, CHECK_VERIFY(frame->verifier()));
-  frame->verifier()->update_furthest_jump(target);
-}
-
-void StackMapTable::check_new_object(
-    const StackMapFrame* frame, int32_t target, TRAPS) const {
-  if (frame->offset() > target && frame->has_new_object()) {
-    frame->verifier()->verify_error(
-        ErrorContext::bad_code(frame->offset()),
-        "Uninitialized object exists on backward branch %d", target);
-    return;
   }
 }
 
--- ./hotspot/src/share/vm/classfile/stackMapTable.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/stackMapTable.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -74,12 +74,12 @@
   // specified offset. Return true if the two frames match.
   bool match_stackmap(
     StackMapFrame* current_frame, int32_t offset,
-    bool match, bool update, ErrorContext* ctx, TRAPS) const;
+    bool match, bool update, bool handler, ErrorContext* ctx, TRAPS) const;
   // Match and/or update current_frame to the frame in stackmap table with
   // specified offset and frame index. Return true if the two frames match.
   bool match_stackmap(
     StackMapFrame* current_frame, int32_t offset, int32_t frame_index,
-    bool match, bool update, ErrorContext* ctx, TRAPS) const;
+    bool match, bool update, bool handler, ErrorContext* ctx, TRAPS) const;
 
   // Check jump instructions. Make sure there are no uninitialized
   // instances on backward branch.
@@ -90,10 +90,6 @@
   // Returns the frame array index where the frame with offset is stored.
   int get_index_from_offset(int32_t offset) const;
 
-  // Make sure that there's no uninitialized object exist on backward branch.
-  void check_new_object(
-    const StackMapFrame* frame, int32_t target, TRAPS) const;
-
   void print_on(outputStream* str) const;
 };
 
--- ./hotspot/src/share/vm/classfile/verificationType.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/verificationType.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,8 @@
 }
 
 bool VerificationType::is_reference_assignable_from(
-    const VerificationType& from, ClassVerifier* context, TRAPS) const {
+    const VerificationType& from, ClassVerifier* context,
+    bool from_field_is_protected, TRAPS) const {
   instanceKlassHandle klass = context->current_class();
   if (from.is_null()) {
     // null is assignable to any reference
@@ -62,9 +63,11 @@
         Handle(THREAD, klass->protection_domain()), true, CHECK_false);
     KlassHandle this_class(THREAD, obj);
 
-    if (this_class->is_interface()) {
-      // We treat interfaces as java.lang.Object, including
-      // java.lang.Cloneable and java.io.Serializable
+    if (this_class->is_interface() && (!from_field_is_protected ||
+        from.name() != vmSymbols::java_lang_Object())) {
+      // If we are not trying to access a protected field or method in
+      // java.lang.Object then we treat interfaces as java.lang.Object,
+      // including java.lang.Cloneable and java.io.Serializable.
       return true;
     } else if (from.is_object()) {
       Klass* from_class = SystemDictionary::resolve_or_fail(
@@ -76,7 +79,8 @@
     VerificationType comp_this = get_component(context, CHECK_false);
     VerificationType comp_from = from.get_component(context, CHECK_false);
     if (!comp_this.is_bogus() && !comp_from.is_bogus()) {
-      return comp_this.is_assignable_from(comp_from, context, CHECK_false);
+      return comp_this.is_assignable_from(comp_from, context,
+                                          from_field_is_protected, CHECK_false);
     }
   }
   return false;
--- ./hotspot/src/share/vm/classfile/verificationType.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/verificationType.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -265,7 +265,8 @@
   // is assignable to another.  Returns true if one can assign 'from' to
   // this.
   bool is_assignable_from(
-      const VerificationType& from, ClassVerifier* context, TRAPS) const {
+      const VerificationType& from, ClassVerifier* context,
+      bool from_field_is_protected, TRAPS) const {
     if (equals(from) || is_bogus()) {
       return true;
     } else {
@@ -286,7 +287,9 @@
           return from.is_integer();
         default:
           if (is_reference() && from.is_reference()) {
-            return is_reference_assignable_from(from, context, CHECK_false);
+            return is_reference_assignable_from(from, context,
+                                                from_field_is_protected,
+                                                CHECK_false);
           } else {
             return false;
           }
@@ -308,7 +311,8 @@
  private:
 
   bool is_reference_assignable_from(
-    const VerificationType&, ClassVerifier*, TRAPS) const;
+    const VerificationType&, ClassVerifier*, bool from_field_is_protected,
+    TRAPS) const;
 };
 
 #endif // SHARE_VM_CLASSFILE_VERIFICATIONTYPE_HPP
--- ./hotspot/src/share/vm/classfile/verifier.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/verifier.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -634,8 +634,6 @@
                                 // flow from current instruction to the next
                                 // instruction in sequence
 
-  set_furthest_jump(0);
-
   Bytecodes::Code opcode;
   while (!bcs.is_last_bytecode()) {
     // Check for recursive re-verification before each bytecode.
@@ -1736,7 +1734,7 @@
       VerificationType throwable =
         VerificationType::reference_type(vmSymbols::java_lang_Throwable());
       bool is_subclass = throwable.is_assignable_from(
-        catch_type, this, CHECK_VERIFY(this));
+        catch_type, this, false, CHECK_VERIFY(this));
       if (!is_subclass) {
         // 4286534: should throw VerifyError according to recent spec change
         verify_error(ErrorContext::bad_type(handler_pc,
@@ -1794,7 +1792,7 @@
       // If matched, current_frame will be updated by this method.
       bool matches = stackmap_table->match_stackmap(
         current_frame, this_offset, stackmap_index,
-        !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
+        !no_control_flow, true, false, &ctx, CHECK_VERIFY_(this, 0));
       if (!matches) {
         // report type error
         verify_error(ctx, "Instruction type does not match stack map");
@@ -1841,7 +1839,7 @@
       }
       ErrorContext ctx;
       bool matches = stackmap_table->match_stackmap(
-        new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
+        new_frame, handler_pc, true, false, true, &ctx, CHECK_VERIFY(this));
       if (!matches) {
         verify_error(ctx, "Stack map does not match the one at "
             "exception handler %d", handler_pc);
@@ -2191,7 +2189,7 @@
         stack_object_type = current_type();
       }
       is_assignable = target_class_type.is_assignable_from(
-        stack_object_type, this, CHECK_VERIFY(this));
+        stack_object_type, this, false, CHECK_VERIFY(this));
       if (!is_assignable) {
         verify_error(ErrorContext::bad_type(bci,
             current_frame->stack_top_ctx(),
@@ -2218,7 +2216,7 @@
         // It's protected access, check if stack object is assignable to
         // current class.
         is_assignable = current_type().is_assignable_from(
-          stack_object_type, this, CHECK_VERIFY(this));
+          stack_object_type, this, true, CHECK_VERIFY(this));
         if (!is_assignable) {
           verify_error(ErrorContext::bad_type(bci,
               current_frame->stack_top_ctx(),
@@ -2233,6 +2231,181 @@
   }
 }
 
+// Look at the method's handlers.  If the bci is in the handler's try block
+// then check if the handler_pc is already on the stack.  If not, push it.
+void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
+                                  GrowableArray<u4>* handler_stack,
+                                  u4 bci) {
+  int exlength = exhandlers->length();
+  for(int x = 0; x < exlength; x++) {
+    if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
+      handler_stack->append_if_missing(exhandlers->handler_pc(x));
+    }
+  }
+}
+
+// Return TRUE if all code paths starting with start_bc_offset end in
+// bytecode athrow or loop.
+bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
+  ResourceMark rm;
+  // Create bytecode stream.
+  RawBytecodeStream bcs(method());
+  u4 code_length = method()->code_size();
+  bcs.set_start(start_bc_offset);
+  u4 target;
+  // Create stack for storing bytecode start offsets for if* and *switch.
+  GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
+  // Create stack for handlers for try blocks containing this handler.
+  GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
+  // Create list of visited branch opcodes (goto* and if*).
+  GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
+  ExceptionTable exhandlers(_method());
+
+  while (true) {
+    if (bcs.is_last_bytecode()) {
+      // if no more starting offsets to parse or if at the end of the
+      // method then return false.
+      if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
+        return false;
+      // Pop a bytecode starting offset and scan from there.
+      bcs.set_start(bci_stack->pop());
+    }
+    Bytecodes::Code opcode = bcs.raw_next();
+    u4 bci = bcs.bci();
+
+    // If the bytecode is in a TRY block, push its handlers so they
+    // will get parsed.
+    push_handlers(&exhandlers, handler_stack, bci);
+
+    switch (opcode) {
+      case Bytecodes::_if_icmpeq:
+      case Bytecodes::_if_icmpne:
+      case Bytecodes::_if_icmplt:
+      case Bytecodes::_if_icmpge:
+      case Bytecodes::_if_icmpgt:
+      case Bytecodes::_if_icmple:
+      case Bytecodes::_ifeq:
+      case Bytecodes::_ifne:
+      case Bytecodes::_iflt:
+      case Bytecodes::_ifge:
+      case Bytecodes::_ifgt:
+      case Bytecodes::_ifle:
+      case Bytecodes::_if_acmpeq:
+      case Bytecodes::_if_acmpne:
+      case Bytecodes::_ifnull:
+      case Bytecodes::_ifnonnull:
+        target = bcs.dest();
+        if (visited_branches->contains(bci)) {
+          if (bci_stack->is_empty()) return true;
+          // Pop a bytecode starting offset and scan from there.
+          bcs.set_start(bci_stack->pop());
+        } else {
+          if (target > bci) { // forward branch
+            if (target >= code_length) return false;
+            // Push the branch target onto the stack.
+            bci_stack->push(target);
+            // then, scan bytecodes starting with next.
+            bcs.set_start(bcs.next_bci());
+          } else { // backward branch
+            // Push bytecode offset following backward branch onto the stack.
+            bci_stack->push(bcs.next_bci());
+            // Check bytecodes starting with branch target.
+            bcs.set_start(target);
+          }
+          // Record target so we don't branch here again.
+          visited_branches->append(bci);
+        }
+        break;
+
+      case Bytecodes::_goto:
+      case Bytecodes::_goto_w:
+        target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
+        if (visited_branches->contains(bci)) {
+          if (bci_stack->is_empty()) return true;
+          // Been here before, pop new starting offset from stack.
+          bcs.set_start(bci_stack->pop());
+        } else {
+          if (target >= code_length) return false;
+          // Continue scanning from the target onward.
+          bcs.set_start(target);
+          // Record target so we don't branch here again.
+          visited_branches->append(bci);
+        }
+        break;
+
+      // Check that all switch alternatives end in 'athrow' bytecodes. Since it
+      // is  difficult to determine where each switch alternative ends, parse
+      // each switch alternative until either hit a 'return', 'athrow', or reach
+      // the end of the method's bytecodes.  This is gross but should be okay
+      // because:
+      // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
+      //    constructor invocations should be rare.
+      // 2. if each switch alternative ends in an athrow then the parsing should be
+      //    short.  If there is no athrow then it is bogus code, anyway.
+      case Bytecodes::_lookupswitch:
+      case Bytecodes::_tableswitch:
+        {
+          address aligned_bcp = (address) round_to((intptr_t)(bcs.bcp() + 1), jintSize);
+          u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
+          int keys, delta;
+          if (opcode == Bytecodes::_tableswitch) {
+            jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
+            jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
+            // This is invalid, but let the regular bytecode verifier
+            // report this because the user will get a better error message.
+            if (low > high) return true;
+            keys = high - low + 1;
+            delta = 1;
+          } else {
+            keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
+            delta = 2;
+          }
+          // Invalid, let the regular bytecode verifier deal with it.
+          if (keys < 0) return true;
+
+          // Push the offset of the next bytecode onto the stack.
+          bci_stack->push(bcs.next_bci());
+
+          // Push the switch alternatives onto the stack.
+          for (int i = 0; i < keys; i++) {
+            u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
+            if (target > code_length) return false;
+            bci_stack->push(target);
+          }
+
+          // Start bytecode parsing for the switch at the default alternative.
+          if (default_offset > code_length) return false;
+          bcs.set_start(default_offset);
+          break;
+        }
+
+      case Bytecodes::_return:
+        return false;
+
+      case Bytecodes::_athrow:
+        {
+          if (bci_stack->is_empty()) {
+            if (handler_stack->is_empty()) {
+              return true;
+            } else {
+              // Parse the catch handlers for try blocks containing athrow.
+              bcs.set_start(handler_stack->pop());
+            }
+          } else {
+            // Pop a bytecode offset and starting scanning from there.
+            bcs.set_start(bci_stack->pop());
+          }
+        }
+        break;
+
+      default:
+        ;
+    } // end switch
+  } // end while loop
+
+  return false;
+}
+
 void ClassVerifier::verify_invoke_init(
     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
     StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
@@ -2252,25 +2425,26 @@
       return;
     }
 
-    // Make sure that this call is not jumped over.
-    if (bci < furthest_jump()) {
-      verify_error(ErrorContext::bad_code(bci),
-                   "Bad <init> method call from inside of a branch");
-      return;
-    }
-
-    // Make sure that this call is not done from within a TRY block because
-    // that can result in returning an incomplete object.  Simply checking
-    // (bci >= start_pc) also ensures that this call is not done after a TRY
-    // block.  That is also illegal because this call must be the first Java
-    // statement in the constructor.
+    // Check if this call is done from inside of a TRY block.  If so, make
+    // sure that all catch clause paths end in a throw.  Otherwise, this
+    // can result in returning an incomplete object.
     ExceptionTable exhandlers(_method());
     int exlength = exhandlers.length();
     for(int i = 0; i < exlength; i++) {
-      if (bci >= exhandlers.start_pc(i)) {
-        verify_error(ErrorContext::bad_code(bci),
-                     "Bad <init> method call from after the start of a try block");
-        return;
+      u2 start_pc = exhandlers.start_pc(i);
+      u2 end_pc = exhandlers.end_pc(i);
+
+      if (bci >= start_pc && bci < end_pc) {
+        if (!ends_in_athrow(exhandlers.handler_pc(i))) {
+          verify_error(ErrorContext::bad_code(bci),
+            "Bad <init> method call from after the start of a try block");
+          return;
+        } else if (VerboseVerification) {
+          ResourceMark rm;
+          tty->print_cr(
+            "Survived call to ends_in_athrow(): %s",
+                        current_class()->name()->as_C_string());
+        }
       }
     }
 
@@ -2315,7 +2489,7 @@
         instanceKlassHandle mh(THREAD, m->method_holder());
         if (m->is_protected() && !mh->is_same_class_package(_klass())) {
           bool assignable = current_type().is_assignable_from(
-            objectref_type, this, CHECK_VERIFY(this));
+            objectref_type, this, true, CHECK_VERIFY(this));
           if (!assignable) {
             verify_error(ErrorContext::bad_type(bci,
                 TypeOrigin::cp(new_class_index, objectref_type),
@@ -2490,11 +2664,11 @@
     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
     if (!current_class()->is_anonymous()) {
       subtype = ref_class_type.is_assignable_from(
-                 current_type(), this, CHECK_VERIFY(this));
+                 current_type(), this, false, CHECK_VERIFY(this));
     } else {
       VerificationType host_klass_type =
                         VerificationType::reference_type(current_class()->host_klass()->name());
-      subtype = ref_class_type.is_assignable_from(host_klass_type, this, CHECK_VERIFY(this));
+      subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
 
       // If invokespecial of IMR, need to recheck for same or
       // direct interface relative to the host class
@@ -2538,7 +2712,7 @@
           VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
           VerificationType hosttype =
             VerificationType::reference_type(current_class()->host_klass()->name());
-          bool subtype = hosttype.is_assignable_from(top, this, CHECK_VERIFY(this));
+          bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
           if (!subtype) {
             verify_error( ErrorContext::bad_type(current_frame->offset(),
               current_frame->stack_top_ctx(),
@@ -2563,7 +2737,7 @@
               // It's protected access, check if stack object is
               // assignable to current class.
               bool is_assignable = current_type().is_assignable_from(
-                stack_object_type, this, CHECK_VERIFY(this));
+                stack_object_type, this, true, CHECK_VERIFY(this));
               if (!is_assignable) {
                 if (ref_class_type.name() == vmSymbols::java_lang_Object()
                     && stack_object_type.is_array()
@@ -2746,7 +2920,7 @@
         "Method expects a return value");
     return;
   }
-  bool match = return_type.is_assignable_from(type, this, CHECK_VERIFY(this));
+  bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
   if (!match) {
     verify_error(ErrorContext::bad_type(bci,
         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
--- ./hotspot/src/share/vm/classfile/verifier.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/classfile/verifier.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -30,6 +30,7 @@
 #include "oops/klass.hpp"
 #include "oops/method.hpp"
 #include "runtime/handles.hpp"
+#include "utilities/growableArray.hpp"
 #include "utilities/exceptions.hpp"
 
 // The verifier class
@@ -258,9 +259,6 @@
 
   ErrorContext _error_context;  // contains information about an error
 
-  // Used to detect illegal jumps over calls to super() nd this() in ctors.
-  int32_t _furthest_jump;
-
   void verify_method(methodHandle method, TRAPS);
   char* generate_code_data(methodHandle m, u4 code_length, TRAPS);
   void verify_exception_handler_table(u4 code_length, char* code_data,
@@ -306,6 +304,16 @@
     StackMapFrame* current_frame, u4 code_length, bool* this_uninit,
     constantPoolHandle cp, TRAPS);
 
+  // Used by ends_in_athrow() to push all handlers that contain bci onto
+  // the handler_stack, if the handler is not already on the stack.
+  void push_handlers(ExceptionTable* exhandlers,
+                     GrowableArray<u4>* handler_stack,
+                     u4 bci);
+
+  // Returns true if all paths starting with start_bc_offset end in athrow
+  // bytecode or loop.
+  bool ends_in_athrow(u4 start_bc_offset);
+
   void verify_invoke_instructions(
     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
     bool* this_uninit, VerificationType return_type,
@@ -407,19 +415,6 @@
 
   TypeOrigin ref_ctx(const char* str, TRAPS);
 
-  // Keep track of the furthest branch done in a method to make sure that
-  // there are no branches over calls to super() or this() from inside of
-  // a constructor.
-  int32_t furthest_jump() { return _furthest_jump; }
-
-  void set_furthest_jump(int32_t target) {
-    _furthest_jump = target;
-  }
-
-  void update_furthest_jump(int32_t target) {
-    if (target > _furthest_jump) _furthest_jump = target;
-  }
-
 };
 
 inline int ClassVerifier::change_sig_to_verificationType(
--- ./hotspot/src/share/vm/interpreter/linkResolver.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/interpreter/linkResolver.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -246,6 +246,12 @@
   // Ignore overpasses so statics can be found during resolution
   Method* result_oop = klass->uncached_lookup_method(name, signature, Klass::skip_overpass);
 
+  if (klass->oop_is_array()) {
+    // Only consider klass and super klass for arrays
+    result = methodHandle(THREAD, result_oop);
+    return;
+  }
+
   // JDK 8, JVMS 5.4.3.4: Interface method resolution should
   // ignore static and non-public methods of java.lang.Object,
   // like clone, finalize, registerNatives.
@@ -290,6 +296,11 @@
     result = methodHandle(THREAD, super_klass->uncached_lookup_method(name, signature, Klass::normal));
   }
 
+  if (klass->oop_is_array()) {
+    // Only consider klass and super klass for arrays
+    return;
+  }
+
   if (result.is_null()) {
     Array<Method*>* default_methods = InstanceKlass::cast(klass())->default_methods();
     if (default_methods != NULL) {
@@ -546,7 +557,7 @@
   // 2. lookup method in resolved klass and its super klasses
   lookup_method_in_klasses(resolved_method, resolved_klass, method_name, method_signature, true, false, CHECK);
 
-  if (resolved_method.is_null()) { // not found in the class hierarchy
+  if (resolved_method.is_null() && !resolved_klass->oop_is_array()) { // not found in the class hierarchy
     // 3. lookup method in all the interfaces implemented by the resolved klass
     lookup_method_in_interfaces(resolved_method, resolved_klass, method_name, method_signature, CHECK);
 
@@ -559,16 +570,16 @@
         CLEAR_PENDING_EXCEPTION;
       }
     }
+  }
 
-    if (resolved_method.is_null()) {
-      // 4. method lookup failed
-      ResourceMark rm(THREAD);
-      THROW_MSG_CAUSE(vmSymbols::java_lang_NoSuchMethodError(),
-                      Method::name_and_sig_as_C_string(resolved_klass(),
-                                                              method_name,
-                                                              method_signature),
-                      nested_exception);
-    }
+  if (resolved_method.is_null()) {
+    // 4. method lookup failed
+    ResourceMark rm(THREAD);
+    THROW_MSG_CAUSE(vmSymbols::java_lang_NoSuchMethodError(),
+                    Method::name_and_sig_as_C_string(resolved_klass(),
+                                                            method_name,
+                                                            method_signature),
+                    nested_exception);
   }
 
   // 5. access checks, access checking may be turned off when calling from within the VM.
@@ -634,17 +645,18 @@
   // JDK8: also look for static methods
   lookup_method_in_klasses(resolved_method, resolved_klass, method_name, method_signature, false, true, CHECK);
 
-  if (resolved_method.is_null()) {
+  if (resolved_method.is_null() && !resolved_klass->oop_is_array()) {
     // lookup method in all the super-interfaces
     lookup_method_in_interfaces(resolved_method, resolved_klass, method_name, method_signature, CHECK);
-    if (resolved_method.is_null()) {
-      // no method found
-      ResourceMark rm(THREAD);
-      THROW_MSG(vmSymbols::java_lang_NoSuchMethodError(),
-                Method::name_and_sig_as_C_string(resolved_klass(),
-                                                        method_name,
-                                                        method_signature));
-    }
+  }
+
+  if (resolved_method.is_null()) {
+    // no method found
+    ResourceMark rm(THREAD);
+    THROW_MSG(vmSymbols::java_lang_NoSuchMethodError(),
+              Method::name_and_sig_as_C_string(resolved_klass(),
+                                                      method_name,
+                                                      method_signature));
   }
 
   if (check_access) {
@@ -776,7 +788,7 @@
   }
 
   // Resolve instance field
-  KlassHandle sel_klass(THREAD, InstanceKlass::cast(resolved_klass())->find_field(field, sig, &fd));
+  KlassHandle sel_klass(THREAD, resolved_klass->find_field(field, sig, &fd));
   // check if field exists; i.e., if a klass containing the field def has been selected
   if (sel_klass.is_null()) {
     ResourceMark rm(THREAD);
--- ./hotspot/src/share/vm/memory/filemap.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/memory/filemap.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -177,7 +177,14 @@
     fail_continue("The shared archive file has the wrong version.");
     return false;
   }
-  _file_offset = (long)n;
+  size_t len = lseek(fd, 0, SEEK_END);
+  struct FileMapInfo::FileMapHeader::space_info* si =
+    &_header._space[MetaspaceShared::mc];
+  if (si->_file_offset >= len || len - si->_file_offset < si->_used) {
+    fail_continue("The shared archive file has been truncated.");
+    return false;
+  }
+  _file_offset = n;
   return true;
 }
 
@@ -268,6 +275,7 @@
   si->_capacity = capacity;
   si->_read_only = read_only;
   si->_allow_exec = allow_exec;
+  si->_crc = ClassLoader::crc32(0, base, (jint)size);
   write_bytes_aligned(base, (int)size);
 }
 
@@ -292,14 +300,15 @@
 // Align file position to an allocation unit boundary.
 
 void FileMapInfo::align_file_position() {
-  long new_file_offset = align_size_up(_file_offset, os::vm_allocation_granularity());
+  size_t new_file_offset = align_size_up(_file_offset,
+                                         os::vm_allocation_granularity());
   if (new_file_offset != _file_offset) {
     _file_offset = new_file_offset;
     if (_file_open) {
       // Seek one byte back from the target and write a byte to insure
       // that the written file is the correct length.
       _file_offset -= 1;
-      if (lseek(_fd, _file_offset, SEEK_SET) < 0) {
+      if (lseek(_fd, (long)_file_offset, SEEK_SET) < 0) {
         fail_stop("Unable to seek.", NULL);
       }
       char zero = 0;
@@ -406,6 +415,19 @@
   return base;
 }
 
+bool FileMapInfo::verify_region_checksum(int i) {
+  if (!VerifySharedSpaces) {
+    return true;
+  }
+  const char* buf = _header._space[i]._base;
+  size_t sz = _header._space[i]._used;
+  int crc = ClassLoader::crc32(0, buf, (jint)sz);
+  if (crc != _header._space[i]._crc) {
+    fail_continue("Checksum verification failed.");
+    return false;
+  }
+  return true;
+}
 
 // Unmap a memory region in the address space.
 
@@ -457,8 +479,20 @@
   return true;
 }
 
+int FileMapInfo::compute_header_crc() {
+  char* header = (char*)&_header;
+  // start computing from the field after _crc
+  char* buf = (char*)&_header._crc + sizeof(int);
+  size_t sz = sizeof(FileMapInfo::FileMapHeader) - (buf - header);
+  int crc = ClassLoader::crc32(0, buf, (jint)sz);
+  return crc;
+}
 
 bool FileMapInfo::validate() {
+  if (VerifySharedSpaces && compute_header_crc() != _header._crc) {
+    fail_continue("Header checksum verification failed.");
+    return false;
+  }
   if (_header._version != current_version()) {
     fail_continue("The shared archive file is the wrong version.");
     return false;
--- ./hotspot/src/share/vm/memory/filemap.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/memory/filemap.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -54,7 +54,7 @@
 
   bool  _file_open;
   int   _fd;
-  long  _file_offset;
+  size_t  _file_offset;
 
   // FileMapHeader describes the shared space data in the file to be
   // mapped.  This structure gets written to a file.  It is not a class, so
@@ -62,12 +62,14 @@
 
   struct FileMapHeader {
     int    _magic;                    // identify file type.
+    int    _crc;                      // header crc checksum.
     int    _version;                  // (from enum, above.)
     size_t _alignment;                // how shared archive should be aligned
     int    _obj_alignment;            // value of ObjectAlignmentInBytes
 
     struct space_info {
-      int    _file_offset;   // sizeof(this) rounded to vm page size
+      int    _crc;           // crc checksum of the current space
+      size_t _file_offset;   // sizeof(this) rounded to vm page size
       char*  _base;          // copy-on-write base address
       size_t _capacity;      // for validity checking
       size_t _used;          // for setting space top on read
@@ -104,6 +106,8 @@
   }
 
   static int current_version()        { return _current_version; }
+  int    compute_header_crc();
+  void   set_header_crc(int crc)      { _header._crc = crc; }
   void   populate_header(size_t alignment);
   bool   validate();
   void   invalidate();
@@ -136,6 +140,7 @@
   void  write_bytes_aligned(const void* buffer, int count);
   char* map_region(int i);
   void  unmap_region(int i);
+  bool  verify_region_checksum(int i);
   void  close();
   bool  is_open() { return _file_open; }
   ReservedSpace reserve_shared_memory();
--- ./hotspot/src/share/vm/memory/metaspaceShared.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/memory/metaspaceShared.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -585,6 +585,7 @@
 
   // Pass 2 - write data.
   mapinfo->open_for_write();
+  mapinfo->set_header_crc(mapinfo->compute_header_crc());
   mapinfo->write_header();
   mapinfo->write_space(MetaspaceShared::ro, _loader_data->ro_metaspace(), true);
   mapinfo->write_space(MetaspaceShared::rw, _loader_data->rw_metaspace(), false);
@@ -863,9 +864,13 @@
 
   // Map each shared region
   if ((_ro_base = mapinfo->map_region(ro)) != NULL &&
+       mapinfo->verify_region_checksum(ro) &&
       (_rw_base = mapinfo->map_region(rw)) != NULL &&
+       mapinfo->verify_region_checksum(rw) &&
       (_md_base = mapinfo->map_region(md)) != NULL &&
+       mapinfo->verify_region_checksum(md) &&
       (_mc_base = mapinfo->map_region(mc)) != NULL &&
+       mapinfo->verify_region_checksum(mc) &&
       (image_alignment == (size_t)max_alignment())) {
     // Success (no need to do anything)
     return true;
--- ./hotspot/src/share/vm/oops/arrayKlass.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/oops/arrayKlass.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -64,6 +64,13 @@
   return NULL;
 }
 
+// find field according to JVM spec 5.4.3.2, returns the klass in which the field is defined
+Klass* ArrayKlass::find_field(Symbol* name, Symbol* sig, fieldDescriptor* fd) const {
+  // There are no fields in an array klass but look to the super class (Object)
+  assert(super(), "super klass must be present");
+  return super()->find_field(name, sig, fd);
+}
+
 Method* ArrayKlass::uncached_lookup_method(Symbol* name, Symbol* signature, MethodLookupMode mode) const {
   // There are no methods in an array klass but the super class (Object) has some
   assert(super(), "super klass must be present");
--- ./hotspot/src/share/vm/oops/arrayKlass.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/oops/arrayKlass.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -28,6 +28,7 @@
 #include "memory/universe.hpp"
 #include "oops/klass.hpp"
 
+class fieldDescriptor;
 class klassVtable;
 
 // ArrayKlass is the abstract baseclass for all array classes
@@ -85,6 +86,9 @@
   virtual oop multi_allocate(int rank, jint* sizes, TRAPS);
   objArrayOop allocate_arrayArray(int n, int length, TRAPS);
 
+  // find field according to JVM spec 5.4.3.2, returns the klass in which the field is defined
+  Klass* find_field(Symbol* name, Symbol* sig, fieldDescriptor* fd) const;
+
   // Lookup operations
   Method* uncached_lookup_method(Symbol* name, Symbol* signature, MethodLookupMode mode) const;
 
--- ./hotspot/src/share/vm/oops/klass.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/oops/klass.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -128,6 +128,15 @@
   return is_subclass_of(k);
 }
 
+Klass* Klass::find_field(Symbol* name, Symbol* sig, fieldDescriptor* fd) const {
+#ifdef ASSERT
+  tty->print_cr("Error: find_field called on a klass oop."
+                " Likely error: reflection method does not correctly"
+                " wrap return value in a mirror object.");
+#endif
+  ShouldNotReachHere();
+  return NULL;
+}
 
 Method* Klass::uncached_lookup_method(Symbol* name, Symbol* signature, MethodLookupMode mode) const {
 #ifdef ASSERT
--- ./hotspot/src/share/vm/oops/klass.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/oops/klass.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -91,6 +91,7 @@
 class klassVtable;
 class ParCompactionManager;
 class KlassSizeStats;
+class fieldDescriptor;
 
 class Klass : public Metadata {
   friend class VMStructs;
@@ -423,6 +424,7 @@
   virtual void initialize(TRAPS);
   // lookup operation for MethodLookupCache
   friend class MethodLookupCache;
+  virtual Klass* find_field(Symbol* name, Symbol* signature, fieldDescriptor* fd) const;
   virtual Method* uncached_lookup_method(Symbol* name, Symbol* signature, MethodLookupMode mode) const;
  public:
   Method* lookup_method(Symbol* name, Symbol* signature) const {
--- ./hotspot/src/share/vm/prims/jvm.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/prims/jvm.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -803,6 +803,7 @@
   return (jclass) JNIHandles::make_local(env, k->java_mirror());
 JVM_END
 
+// Not used; JVM_FindClassFromCaller replaces this.
 JVM_ENTRY(jclass, JVM_FindClassFromClassLoader(JNIEnv* env, const char* name,
                                                jboolean init, jobject loader,
                                                jboolean throwError))
@@ -829,6 +830,42 @@
   return result;
 JVM_END
 
+// Find a class with this name in this loader, using the caller's protection domain.
+JVM_ENTRY(jclass, JVM_FindClassFromCaller(JNIEnv* env, const char* name,
+                                          jboolean init, jobject loader,
+                                          jclass caller))
+  JVMWrapper2("JVM_FindClassFromCaller %s throws ClassNotFoundException", name);
+  // Java libraries should ensure that name is never null...
+  if (name == NULL || (int)strlen(name) > Symbol::max_length()) {
+    // It's impossible to create this class;  the name cannot fit
+    // into the constant pool.
+    THROW_MSG_0(vmSymbols::java_lang_ClassNotFoundException(), name);
+  }
+
+  TempNewSymbol h_name = SymbolTable::new_symbol(name, CHECK_NULL);
+
+  oop loader_oop = JNIHandles::resolve(loader);
+  oop from_class = JNIHandles::resolve(caller);
+  oop protection_domain = NULL;
+  // If loader is null, shouldn't call ClassLoader.checkPackageAccess; otherwise get
+  // NPE. Put it in another way, the bootstrap class loader has all permission and
+  // thus no checkPackageAccess equivalence in the VM class loader.
+  // The caller is also passed as NULL by the java code if there is no security
+  // manager to avoid the performance cost of getting the calling class.
+  if (from_class != NULL && loader_oop != NULL) {
+    protection_domain = java_lang_Class::as_Klass(from_class)->protection_domain();
+  }
+
+  Handle h_loader(THREAD, loader_oop);
+  Handle h_prot(THREAD, protection_domain);
+  jclass result = find_class_from_class_loader(env, h_name, init, h_loader,
+                                               h_prot, false, THREAD);
+
+  if (TraceClassResolution && result != NULL) {
+    trace_class_resolution(java_lang_Class::as_Klass(JNIHandles::resolve_non_null(result)));
+  }
+  return result;
+JVM_END
 
 JVM_ENTRY(jclass, JVM_FindClassFromClass(JNIEnv *env, const char *name,
                                          jboolean init, jclass from))
@@ -3984,10 +4021,15 @@
 
 // Shared JNI/JVM entry points //////////////////////////////////////////////////////////////
 
-jclass find_class_from_class_loader(JNIEnv* env, Symbol* name, jboolean init, Handle loader, Handle protection_domain, jboolean throwError, TRAPS) {
+jclass find_class_from_class_loader(JNIEnv* env, Symbol* name, jboolean init,
+                                    Handle loader, Handle protection_domain,
+                                    jboolean throwError, TRAPS) {
   // Security Note:
   //   The Java level wrapper will perform the necessary security check allowing
-  //   us to pass the NULL as the initiating class loader.
+  //   us to pass the NULL as the initiating class loader.  The VM is responsible for
+  //   the checkPackageAccess relative to the initiating class loader via the
+  //   protection_domain. The protection_domain is passed as NULL by the java code
+  //   if there is no security manager in 3-arg Class.forName().
   Klass* klass = SystemDictionary::resolve_or_fail(name, loader, protection_domain, throwError != 0, CHECK_NULL);
 
   KlassHandle klass_handle(THREAD, klass);
--- ./hotspot/src/share/vm/prims/jvm.h	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/prims/jvm.h	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -420,6 +420,19 @@
 JVM_FindClassFromBootLoader(JNIEnv *env, const char *name);
 
 /*
+ * Find a class from a given class loader.  Throws ClassNotFoundException.
+ *  name:   name of class
+ *  init:   whether initialization is done
+ *  loader: class loader to look up the class. This may not be the same as the caller's
+ *          class loader.
+ *  caller: initiating class. The initiating class may be null when a security
+ *          manager is not installed.
+ */
+JNIEXPORT jclass JNICALL
+JVM_FindClassFromCaller(JNIEnv *env, const char *name, jboolean init,
+                        jobject loader, jclass caller);
+
+/*
  * Find a class from a given class.
  */
 JNIEXPORT jclass JNICALL
--- ./hotspot/src/share/vm/runtime/arguments.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/runtime/arguments.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -2387,6 +2387,10 @@
     warning("The VM option CICompilerCountPerCPU overrides CICompilerCount.");
   }
 
+#ifdef COMPILER1
+  status &= verify_interval(SafepointPollOffset, 0, os::vm_page_size() - BytesPerWord, "SafepointPollOffset");
+#endif
+
   return status;
 }
 
@@ -3577,6 +3581,11 @@
     return JNI_ENOMEM;
   }
 
+  // Set up VerifySharedSpaces
+  if (FLAG_IS_DEFAULT(VerifySharedSpaces) && SharedArchiveFile != NULL) {
+    VerifySharedSpaces = true;
+  }
+
   // Delay warning until here so that we've had a chance to process
   // the -XX:-PrintWarnings flag
   if (needs_hotspotrc_warning) {
--- ./hotspot/src/share/vm/runtime/globals.hpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/runtime/globals.hpp	Mon Sep 08 12:35:01 2014 -0700
@@ -1142,11 +1142,11 @@
           "Prevent spurious or premature wakeups from object.wait "         \
           "(Solaris only)")                                                 \
                                                                             \
-  product(intx, NativeMonitorTimeout, -1, "(Unstable)")                     \
-                                                                            \
-  product(intx, NativeMonitorFlags, 0, "(Unstable)")                        \
-                                                                            \
-  product(intx, NativeMonitorSpinLimit, 20, "(Unstable)")                   \
+  experimental(intx, NativeMonitorTimeout, -1, "(Unstable)")                \
+                                                                            \
+  experimental(intx, NativeMonitorFlags, 0, "(Unstable)")                   \
+                                                                            \
+  experimental(intx, NativeMonitorSpinLimit, 20, "(Unstable)")              \
                                                                             \
   develop(bool, UsePthreads, false,                                         \
           "Use pthread-based instead of libthread-based synchronization "   \
@@ -3745,6 +3745,10 @@
   product(bool, UseSharedSpaces, true,                                      \
           "Use shared spaces for metadata")                                 \
                                                                             \
+  product(bool, VerifySharedSpaces, false,                                  \
+          "Verify shared spaces (false for default archive, true for "      \
+          "archive specified by -XX:SharedArchiveFile)")                    \
+                                                                            \
   product(bool, RequireSharedSpaces, false,                                 \
           "Require shared spaces for metadata")                             \
                                                                             \
--- ./hotspot/src/share/vm/runtime/reflection.cpp	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/src/share/vm/runtime/reflection.cpp	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -482,7 +482,7 @@
     ik = InstanceKlass::cast(hc);
 
     // There's no way to make a host class loop short of patching memory.
-    // Therefore there cannot be a loop here unles there's another bug.
+    // Therefore there cannot be a loop here unless there's another bug.
     // Still, let's check for it.
     assert(--inf_loop_check > 0, "no host_klass loop");
   }
@@ -551,7 +551,8 @@
   if (access.is_protected()) {
     if (!protected_restriction) {
       // See if current_class (or outermost host class) is a subclass of field_class
-      if (host_class->is_subclass_of(field_class)) {
+      // An interface may not access protected members of j.l.Object
+      if (!host_class->is_interface() && host_class->is_subclass_of(field_class)) {
         if (access.is_static() || // static fields are ok, see 6622385
             current_class == resolved_class ||
             field_class == resolved_class ||
--- ./hotspot/test/runtime/7116786/Test7116786.java	Wed Jul 30 03:51:43 2014 -0700
+++ ./hotspot/test/runtime/7116786/Test7116786.java	Mon Sep 08 12:35:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -147,7 +147,8 @@
                  "no stackmap frame at jump location or bad jump",
                  "Inconsistent stackmap frames at branch target "),
 
-        new Case("case15", "stackMapTable.cpp", true, "check_new_object",
+        /* Backward jump with uninit is allowed starting with JDK 8 */
+        new Case("case15", "stackMapTable.cpp", false, "check_new_object",
                  "backward jump with uninit",
                  "Uninitialized object exists on backward branch "),
 
--- ./jaxp/.hgtags	Wed Jul 30 03:53:11 2014 -0700
+++ ./jaxp/.hgtags	Mon Sep 08 12:36:00 2014 -0700
@@ -313,3 +313,21 @@
 d6ded60cfdc53861ae7d1a010f95b5036d610e80 jdk8u20-b23
 dd09d8b9edefb5684941941e5d9b35c84ee066f3 jdk8u20-b24
 dd09d8b9edefb5684941941e5d9b35c84ee066f3 jdk8u20-b25
+938b9d502c2b0f9684151e1b1f47cf7052db1502 jdk8u20-b26
+65e5ee249ebc81c0ccfff23946a0a2a6d4becdcc jdk8u25-b00
+b29277565edfdece4e3928b135d4fd86ae141e4f jdk8u25-b01
+09df5bda467090041090873f71d418eebcadf516 jdk8u25-b02
+f3567e6bed22eaf89c3c7d64e0b1fa308707260f jdk8u25-b03
+a4d0f11cf08d5dae91c5e9ad387b1ff88388503d jdk8u25-b04
+0c4917cea678dc2a3745baca74016f0d6f169012 jdk8u25-b05
+e84d78dd9e0533eb11c26b69727c044898d19f60 jdk8u25-b06
+7aaaec31a0331ad091abedf81c928b47a982222d jdk8u25-b07
+e48a4594f19ad119bc27d89c53dd35d11ed6da7d jdk8u25-b08
+a09893b8f617912569196d7bd64a96c349796be0 jdk8u25-b09
+85de91b6e953c8c21ac5e6d9a5e284f86d759680 jdk8u25-b10
+5c1ac461fef7fe0f810bd9d6051db5a24247de1d jdk8u25-b11
+c078e904db0a7be650e4ba2d665277785e2216b0 jdk8u25-b12
+24184cfe0f8b0da0f349933ae7b5cc16455a52b8 jdk8u25-b13
+90f3b8b970a8bb3173083111248372afdc61652d jdk8u25-b14
+f5ac2e242bb95be0a3deddf37362178202086137 jdk8u25-b15
+df68b132a471ed1e825a79bd1d8acb47d2bcc04f jdk8u25-b16
--- ./jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ja.java	Wed Jul 30 03:53:11 2014 -0700
+++ ./jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ja.java	Mon Sep 08 12:36:00 2014 -0700
@@ -679,7 +679,7 @@
          * documentation.
          */
         {ErrorMsg.COMPILE_USAGE_STR,
-        "SYNOPSIS\n   java com.sun.org.apache.xalan.internal.xsltc.cmdline.Compile [-o <output>]\n      [-d <directory>] [-j <jarfile>] [-p <package>]\n      [-n] [-x] [-u] [-v] [-h] { <stylesheet> | -i }\n\nOPTIONS\n   -o <output>    \u540D\u524D<output>\u3092\u751F\u6210\u6E08translet\u306B\n                  \u5272\u308A\u5F53\u3066\u308B\u3002\u30C7\u30D5\u30A9\u30EB\u30C8\u3067\u306F\u3001translet\u540D\u306F\n                  <stylesheet>\u540D\u306B\u7531\u6765\u3057\u307E\u3059\u3002\u3053\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\n                  \u8907\u6570\u306E\u30B9\u30BF\u30A4\u30EB\u30B7\u30FC\u30C8\u3092\u30B3\u30F3\u30D1\u30A4\u30EB\u3059\u308B\u5834\u5408\u306F\u7121\u8996\u3055\u308C\u307E\u3059\u3002\n   -d <directory> translet\u306E\u5B9B\u5148\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3092\u6307\u5B9A\u3059\u308B\n   -j <jarfile>   <jarfile>\u3067\u6307\u5B9A\u3055\u308C\u308B\u540D\u524D\u306Ejar\u30D5\u30A1\u30A4\u30EB\u306Btranslet\u30AF\u30E9\u30B9\u3092\n                  \u30D1\u30C3\u30B1\u30FC\u30B8\u3059\u308B\n   -p <package>   \u751F\u6210\u3055\u308C\u308B\u3059\u3079\u3066\u306Etranslet\u30AF\u30E9\u30B9\u306E\u30D1\u30C3\u30B1\u30FC\u30B8\u540D\n                  \u63A5\u982D\u8F9E\u3092\u6307\u5B9A\u3059\u308B\u3002\n   -n             \u30C6\u30F3\u30D7\u30EC\u30FC\u30C8\u306E\u30A4\u30F3\u30E9\u30A4\u30F3\u5316\u3092\u6709\u52B9\u306B\u3059\u308B(\u5E73\u5747\u3057\u3066\u30C7\u30D5\u30A9\u30EB\u30C8\u52D5\u4F5C\u306E\u65B9\u304C\n                  \u512A\u308C\u3066\u3044\u307E\u3059)\u3002\n   -x             \u8FFD\u52A0\u306E\u30C7\u30D0\u30C3\u30B0\u30FB\u30E1\u30C3\u30BB\u30FC\u30B8\u51FA\u529B\u3092\u30AA\u30F3\u306B\u3059\u308B\n   -u             <stylesheet>\u5F15\u6570\u3092URL\u3068\u3057\u3066\u89E3\u91C8\u3059\u308B\n   -i             \u30B9\u30BF\u30A4\u30EB\u30B7\u30FC\u30C8\u3092stdin\u304B\u3089\u8AAD\u307F\u8FBC\u3080\u3053\u3068\u3092\u30B3\u30F3\u30D1\u30A4\u30E9\u306B\u5F37\u5236\u3059\u308B\n   -v             \u30B3\u30F3\u30D1\u30A4\u30E9\u306E\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u51FA\u529B\u3059\u308B\n   -h             \u3053\u306E\u4F7F\u7528\u65B9\u6CD5\u306E\u6587\u3092\u51FA\u529B\u3059\u308B\n"},
+        "\u5F62\u5F0F\n   java com.sun.org.apache.xalan.internal.xsltc.cmdline.Compile [-o <output>]\n      [-d <directory>] [-j <jarfile>] [-p <package>]\n      [-n] [-x] [-u] [-v] [-h] { <stylesheet> | -i }\n\nOPTIONS\n   -o <output>    \u540D\u524D<output>\u3092\u751F\u6210\u6E08translet\u306B\n                  \u5272\u308A\u5F53\u3066\u308B\u3002\u30C7\u30D5\u30A9\u30EB\u30C8\u3067\u306F\u3001translet\u540D\u306F\n                  <stylesheet>\u540D\u306B\u7531\u6765\u3057\u307E\u3059\u3002\u3053\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\n                  \u8907\u6570\u306E\u30B9\u30BF\u30A4\u30EB\u30B7\u30FC\u30C8\u3092\u30B3\u30F3\u30D1\u30A4\u30EB\u3059\u308B\u5834\u5408\u306F\u7121\u8996\u3055\u308C\u307E\u3059\u3002\n   -d <directory> translet\u306E\u5B9B\u5148\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3092\u6307\u5B9A\u3059\u308B\n   -j <jarfile>   <jarfile>\u3067\u6307\u5B9A\u3055\u308C\u308B\u540D\u524D\u306Ejar\u30D5\u30A1\u30A4\u30EB\u306Btranslet\u30AF\u30E9\u30B9\u3092\n                  \u30D1\u30C3\u30B1\u30FC\u30B8\u3059\u308B\n   -p <package>   \u751F\u6210\u3055\u308C\u308B\u3059\u3079\u3066\u306Etranslet\u30AF\u30E9\u30B9\u306E\u30D1\u30C3\u30B1\u30FC\u30B8\u540D\n                  \u63A5\u982D\u8F9E\u3092\u6307\u5B9A\u3059\u308B\u3002\n   -n             \u30C6\u30F3\u30D7\u30EC\u30FC\u30C8\u306E\u30A4\u30F3\u30E9\u30A4\u30F3\u5316\u3092\u6709\u52B9\u306B\u3059\u308B(\u5E73\u5747\u3057\u3066\u30C7\u30D5\u30A9\u30EB\u30C8\u52D5\u4F5C\u306E\u65B9\u304C\n                  \u512A\u308C\u3066\u3044\u307E\u3059)\u3002\n   -x             \u8FFD\u52A0\u306E\u30C7\u30D0\u30C3\u30B0\u30FB\u30E1\u30C3\u30BB\u30FC\u30B8\u51FA\u529B\u3092\u30AA\u30F3\u306B\u3059\u308B\n   -u             <stylesheet>\u5F15\u6570\u3092URL\u3068\u3057\u3066\u89E3\u91C8\u3059\u308B\n   -i             \u30B9\u30BF\u30A4\u30EB\u30B7\u30FC\u30C8\u3092stdin\u304B\u3089\u8AAD\u307F\u8FBC\u3080\u3053\u3068\u3092\u30B3\u30F3\u30D1\u30A4\u30E9\u306B\u5F37\u5236\u3059\u308B\n   -v             \u30B3\u30F3\u30D1\u30A4\u30E9\u306E\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u51FA\u529B\u3059\u308B\n   -h             \u3053\u306E\u4F7F\u7528\u65B9\u6CD5\u306E\u6587\u3092\u51FA\u529B\u3059\u308B\n"},
 
         /*
          * Note to translators:  This message contains usage information for a
@@ -691,7 +691,7 @@
          * documentation.
          */
         {ErrorMsg.TRANSFORM_USAGE_STR,
-        "SYNOPSIS \n   java com.sun.org.apache.xalan.internal.xsltc.cmdline.Transform [-j <jarfile>]\n      [-x] [-n <iterations>] {-u <document_url> | <document>}\n      <class> [<param1>=<value1> ...]\n\n   translet <class>\u3092\u4F7F\u7528\u3057\u3066\u3001<document>\u3067\u6307\u5B9A\u3055\u308C\u308B\n   XML\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u5909\u63DB\u3059\u308B\u3002translet <class>\u306F\n   \u30E6\u30FC\u30B6\u30FC\u306ECLASSPATH\u5185\u304B\u3001\u30AA\u30D7\u30B7\u30E7\u30F3\u3067\u6307\u5B9A\u3055\u308C\u305F<jarfile>\u5185\u306B\u3042\u308A\u307E\u3059\u3002\nOPTIONS\n   -j <jarfile>    translet\u3092\u30ED\u30FC\u30C9\u3059\u308Bjarfile\u3092\u6307\u5B9A\u3059\u308B\n   -x              \u8FFD\u52A0\u306E\u30C7\u30D0\u30C3\u30B0\u30FB\u30E1\u30C3\u30BB\u30FC\u30B8\u51FA\u529B\u3092\u30AA\u30F3\u306B\u3059\u308B\n   -n <iterations> \u5909\u63DB\u3092<iterations>\u56DE\u5B9F\u884C\u3057\u3001\n                   \u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u60C5\u5831\u3092\u8868\u793A\u3059\u308B\n   -u <document_url> XML\u5165\u529B\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092URL\u3068\u3057\u3066\u6307\u5B9A\u3059\u308B\n"},
+        "\u5F62\u5F0F \n   java com.sun.org.apache.xalan.internal.xsltc.cmdline.Transform [-j <jarfile>]\n      [-x] [-n <iterations>] {-u <document_url> | <document>}\n      <class> [<param1>=<value1> ...]\n\n   translet <class>\u3092\u4F7F\u7528\u3057\u3066\u3001<document>\u3067\u6307\u5B9A\u3055\u308C\u308B\n   XML\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u5909\u63DB\u3059\u308B\u3002translet <class>\u306F\n   \u30E6\u30FC\u30B6\u30FC\u306ECLASSPATH\u5185\u304B\u3001\u30AA\u30D7\u30B7\u30E7\u30F3\u3067\u6307\u5B9A\u3055\u308C\u305F<jarfile>\u5185\u306B\u3042\u308A\u307E\u3059\u3002\nOPTIONS\n   -j <jarfile>    translet\u3092\u30ED\u30FC\u30C9\u3059\u308Bjarfile\u3092\u6307\u5B9A\u3059\u308B\n   -x              \u8FFD\u52A0\u306E\u30C7\u30D0\u30C3\u30B0\u30FB\u30E1\u30C3\u30BB\u30FC\u30B8\u51FA\u529B\u3092\u30AA\u30F3\u306B\u3059\u308B\n   -n <iterations> \u5909\u63DB\u3092<iterations>\u56DE\u5B9F\u884C\u3057\u3001\n                   \u30D7\u30ED\u30D5\u30A1\u30A4\u30EA\u30F3\u30B0\u60C5\u5831\u3092\u8868\u793A\u3059\u308B\n   -u <document_url> XML\u5165\u529B\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092URL\u3068\u3057\u3066\u6307\u5B9A\u3059\u308B\n"},
 
 
 
--- ./jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java	Wed Jul 30 03:53:11 2014 -0700
+++ ./jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java	Mon Sep 08 12:36:00 2014 -0700
@@ -612,9 +612,9 @@
         //fElementStack2.clear();
         //fReplaceEntityReferences = true;
         //fSupportExternalEntities = true;
-        Boolean bo = (Boolean)propertyManager.getProperty(XMLInputFactoryImpl.IS_REPLACING_ENTITY_REFERENCES);
+        Boolean bo = (Boolean)propertyManager.getProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES);
         fReplaceEntityReferences = bo.booleanValue();
-        bo = (Boolean)propertyManager.getProperty(XMLInputFactoryImpl.IS_SUPPORTING_EXTERNAL_ENTITIES);
+        bo = (Boolean)propertyManager.getProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES);
         fSupportExternalEntities = bo.booleanValue();
         Boolean cdata = (Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.STAX_REPORT_CDATA_EVENT) ;
         if(cdata != null)
--- ./jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java	Wed Jul 30 03:53:11 2014 -0700
+++ ./jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java	Mon Sep 08 12:36:00 2014 -0700
@@ -53,6 +53,7 @@
 import java.util.Map;
 import java.util.Stack;
 import javax.xml.XMLConstants;
+import javax.xml.stream.XMLInputFactory;
 
 
 /**
@@ -305,6 +306,11 @@
     /** Property Manager. This is used from Stax */
     protected PropertyManager fPropertyManager ;
 
+    /** StAX properties */
+    boolean fSupportDTD = true;
+    boolean fReplaceEntityReferences = true;
+    boolean fSupportExternalEntities = true;
+
     /** used to restrict external access */
     protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
 
@@ -1136,7 +1142,8 @@
             boolean parameter = entityName.startsWith("%");
             boolean general = !parameter;
             if (unparsed || (general && !fExternalGeneralEntities) ||
-                    (parameter && !fExternalParameterEntities)) {
+                    (parameter && !fExternalParameterEntities) ||
+                    !fSupportDTD || !fSupportExternalEntities) {
 
                 if (fEntityHandler != null) {
                     fResourceIdentifier.clear();
@@ -1431,6 +1438,10 @@
             fStaxEntityResolver = null;
         }
 
+        fSupportDTD = ((Boolean)propertyManager.getProperty(XMLInputFactory.SUPPORT_DTD)).booleanValue();
+        fReplaceEntityReferences = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES)).booleanValue();
+        fSupportExternalEntities = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES)).booleanValue();
+
         // Zephyr feature ignore-external-dtd is the opposite of Xerces' load-external-dtd
         fLoadExternalDTD = !((Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD)).booleanValue();
 
@@ -1502,6 +1513,11 @@
         fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER, null);
         entityExpansionIndex = fSecurityManager.getIndex(Constants.JDK_ENTITY_EXPANSION_LIMIT);
 
+        //StAX Property
+        fSupportDTD = true;
+        fReplaceEntityReferences = true;
+        fSupportExternalEntities = true;
+
         // JAXP 1.5 feature
         XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
         if (spm == null) {
--- ./jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/DOMMessages_de.properties	Wed Jul 30 03:53:11 2014 -0700
+++ ./jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/DOMMessages_de.properties	Mon Sep 08 12:36:00 2014 -0700
@@ -26,7 +26,7 @@
 SYNTAX_ERR = Ung\u00FCltige Zeichenfolge angegeben. 
 VALIDATION_ERR = Aufruf einer Methode wie insertBefore oder removeChild w\u00FCrde die Dokumentgrammatik des Knotens ung\u00FCltig machen.
 WRONG_DOCUMENT_ERR = Ein Knoten wird in einem anderen Dokument verwendet als dem, von dem er erstellt wurde.
-TYPE_MISMATCH_ERR = Der Wertetyp f\u00FCr diesen Parameternamen ist nicht mit dem erwarteten Wertetyp kompatibel. 
+TYPE_MISMATCH_ERR = Der Werttyp f\u00FCr diesen Parameternamen ist nicht mit dem erwarteten Werttyp kompatibel. 
  
 #error messages or exceptions
 FEATURE_NOT_SUPPORTED = Parameter {0} wird erkannt, aber der angeforderte Wert kann nicht festgelegt werden.
--- ./jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_de.properties	Wed Jul 30 03:53:11 2014 -0700
+++ ./jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_de.properties	Mon Sep 08 12:36:00 2014 -0700
@@ -27,7 +27,7 @@
 UnexpandedEntityReferenceIllegal = Der Ersatz eines "include"-Elements, das als Dokumentelement im Quell-Infoset der obersten Ebene angezeigt wird, darf keine nicht erweiterten Entit\u00E4tsreferenzen enthalten.
 HrefFragmentIdentifierIllegal = Fragment-IDs d\u00FCrfen nicht verwendet werden. Der "href"-Attributwert "{0}" ist nicht zul\u00E4ssig.
 HrefSyntacticallyInvalid = "href"-Attributwert "{0}" hat eine ung\u00FCltige Syntax. Nach Anwenden der Escape-Regeln ist der Wert kein syntaktisch korrekter URI oder IRI.
-XPointerStreamability = Es wurde ein xpointer angegeben, der auf eine Stelle im Quell-Infoset verweist. Auf diese Stelle kann aufgrund des Streaming-Charakters des Prozessors nicht zugegriffen werden.
+XPointerStreamability = Es wurde ein xpointer angegeben, der auf eine Stelle im Quell-Infoset verweist. Auf diese Stelle kann aufgrund des Streamingcharakters des Prozessors nicht zugegriffen werden.
 
 XPointerResolutionUnsuccessful = XPointer-Aufl\u00F6sung nicht erfolgreich.
 
--- ./jaxp/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_de.java	Wed Jul 30 03:53:11 2014 -0700
+++ ./jaxp/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_de.java	Mon Sep 08 12:36:00 2014 -0700
@@ -3,7 +3,7 @@
  * DO NOT REMOVE OR ALTER!
  */
 /*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2005 The Apache Software Foundation.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -878,7 +878,7 @@
   { "optionIN", "   [-in inputXMLURL]"},
   { "optionSelect", "   [-select xpath expression]"},
   { "optionMatch", "   [-match match pattern (f\u00FCr Vergleichsdiagnose)]"},
-  { "optionAnyExpr", "Oder nur ein XPath-Ausdruck f\u00FChrt einen Diagnose-Dump aus"},
+  { "optionAnyExpr", "Oder nur ein XPath-Ausdruck f\u00FChrt einen Diagnosedump aus"},
   { "noParsermsg1", "XSL-Prozess war nicht erfolgreich."},
   { "noParsermsg2", "** Parser konnte nicht gefunden werden **"},
   { "noParsermsg3", "Pr\u00FCfen Sie den Classpath."},
--- ./jaxws/.hgtags	Wed Jul 30 03:53:36 2014 -0700
+++ ./jaxws/.hgtags	Mon Sep 08 12:36:09 2014 -0700
@@ -311,3 +311,21 @@
 f3bf1b270fea8b17aa2846f962f7514b6f772ab4 jdk8u20-b23
 1277c0d492fd9253f1ea2730eb160953397bd939 jdk8u20-b24
 1277c0d492fd9253f1ea2730eb160953397bd939 jdk8u20-b25
+7025a2c10ea4116ce8f31bb1e305f732aa1025f0 jdk8u20-b26
+efc85d318f4697f40bdd1f3757677be97f1758d9 jdk8u25-b00
+a76779e1b0376650dfc29a1f3b14760f05e0fc6d jdk8u25-b01
+3d31955043b9f1807c9d695c7b5d604d11c132cf jdk8u25-b02
+c67cb85b249c69a96d7ac72734c35bc18644befe jdk8u25-b03
+81129354f0e821f3d41dbcf8a68ce82f9d776127 jdk8u25-b04
+5f78130b0a64df9568a827f9ea589fdc3a7c080c jdk8u25-b05
+433da54f73257545d95edbc356fdb0e37a9d95eb jdk8u25-b06
+cccfc3f8dec888c8fe86c212a51af2fba1e11aef jdk8u25-b07
+c758be4c3cac65a2744bf4e7ed9bdabb85234de2 jdk8u25-b08
+73423d29fe362e843cdccad510e2e44e2899bc9e jdk8u25-b09
+391b45e0081afcf3db709878916063a63dca7b05 jdk8u25-b10
+57cd66833abf44f499faaaed2c16bdf94b258ca9 jdk8u25-b11
+56b97127afa66fa01eec0fcf467a77cd2e445b4f jdk8u25-b12
+0ebb9d8c3dd49559b716f02825924801be55b3e7 jdk8u25-b13
+392a9579cc95d27806c1dde16eee776524a49761 jdk8u25-b14
+d3a96bbb88521188a3af1a34dd9523f13afa521d jdk8u25-b15
+4570a7d00aa9bd3df028f52d6f9d8c434163b689 jdk8u25-b16
--- ./jdk/.hgtags	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/.hgtags	Tue Sep 09 12:00:58 2014 -0700
@@ -311,3 +311,24 @@
 be30cb2a3088f2b7b334b499f7eddbd5312312a7 jdk8u20-b23
 dfb9f24d56b51e5a2ca26e77fc69a2464d51a4d3 jdk8u20-b24
 dfb9f24d56b51e5a2ca26e77fc69a2464d51a4d3 jdk8u20-b25
+dd229c5f57bff4e75a70908294a13072b9a48385 jdk8u20-b26
+abca9f6f1a10e9f91b2538bbe7870f54f550d986 jdk8u25-b00
+7d0627679c9fdeaaaa9fe15c7cc11af0763621ec jdk8u25-b01
+b0277ec994b751ebb761814675352506cd56bcd6 jdk8u25-b02
+5606d84f30bab5ed4bc5776572edd469fb013e13 jdk8u25-b03
+40630cd55da8a2db7980249dc31af285965cb5e9 jdk8u25-b04
+75b48287a1b3fc5757ac473f72c8918c7f345ffc jdk8u25-b05
+5b80b4b22b4ca0b630c7f1cec3605da7694168e2 jdk8u25-b06
+0e0a35b0bf0ff5852026c50038d5c2ecb26c075c jdk8u25-b07
+d7d221f56fd17b96bab4440448641a844f9e92cd jdk8u25-b08
+0c6cf43c5bcf0917d07a1bc94adb7a091f18f32c jdk8u25-b09
+1317d94e95861a47fee8258903b652af70a3493c jdk8u25-b10
+2104dfd9a4c2b519cdca019aec938db539bf4f3f jdk8u25-b11
+eaaa9a04b9fdcfa4a830b811ed209eb2c45a4a6b jdk8u25-b12
+c3a855402b923d3ba819b05292a971953fc8ed0b jdk8u25-b13
+2a6df63ca0f0f59bb730638b05c72d77a23f93c8 jdk8u25-b14
+412d9ade90401d098f3662bd688ab393008423bd jdk8u25-b15
+f07bc5dab84c67f5d1dccbab318ee1c5485c852d jdk8u25-b16
+0000000000000000000000000000000000000000 jdk8u25-b16
+0000000000000000000000000000000000000000 jdk8u25-b16
+d067890f970f3a712f870f6311d20f3359b6eaf0 jdk8u25-b16
--- ./jdk/make/lib/CoreLibraries.gmk	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/make/lib/CoreLibraries.gmk	Tue Sep 09 12:00:58 2014 -0700
@@ -264,7 +264,7 @@
         $(call SET_SHARED_LIBRARY_ORIGIN) \
         $(EXPORT_ZIP_FUNCS), \
     LDFLAGS_windows := -export:ZIP_Open -export:ZIP_Close -export:ZIP_FindEntry \
-        -export:ZIP_ReadEntry -export:ZIP_GetNextEntry jvm.lib \
+        -export:ZIP_ReadEntry -export:ZIP_GetNextEntry -export:ZIP_CRC32 jvm.lib \
         $(WIN_JAVA_LIB), \
     LDFLAGS_SUFFIX_linux := -ljvm -ljava $(LIBZ), \
     LDFLAGS_SUFFIX_solaris := -ljvm -ljava $(LIBZ) -lc, \
--- ./jdk/make/mapfiles/libnet/mapfile-vers	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/make/mapfiles/libnet/mapfile-vers	Tue Sep 09 12:00:58 2014 -0700
@@ -28,6 +28,8 @@
 SUNWprivate_1.1 {
 	global:
 		JNI_OnLoad;
+		Java_java_net_AbstractPlainDatagramSocketImpl_init;
+		Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable;
 		Java_java_net_PlainSocketImpl_socketListen;
 		Java_java_net_PlainDatagramSocketImpl_getTTL;
 		Java_java_net_PlainDatagramSocketImpl_init;
--- ./jdk/src/macosx/classes/sun/lwawt/LWWindowPeer.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/macosx/classes/sun/lwawt/LWWindowPeer.java	Tue Sep 09 12:00:58 2014 -0700
@@ -105,6 +105,8 @@
 
     private final SecurityWarningWindow warningWindow;
 
+    private volatile boolean targetFocusable;
+
     /**
      * Current modal blocker or null.
      *
@@ -240,13 +242,12 @@
         if (!visible && warningWindow != null) {
             warningWindow.setVisible(false, false);
         }
-
+        updateFocusableWindowState();
         super.setVisibleImpl(visible);
         // TODO: update graphicsConfig, see 4868278
         platformWindow.setVisible(visible);
         if (isSimpleWindow()) {
             KeyboardFocusManagerPeer kfmPeer = LWKeyboardFocusManagerPeer.getInstance();
-
             if (visible) {
                 if (!getTarget().isAutoRequestFocus()) {
                     return;
@@ -397,6 +398,7 @@
 
     @Override
     public void updateFocusableWindowState() {
+        targetFocusable = getTarget().isFocusableWindow();
         platformWindow.updateFocusableWindowState();
     }
 
@@ -1220,13 +1222,13 @@
     }
 
     private boolean isFocusableWindow() {
-        boolean focusable = getTarget().isFocusableWindow();
+        boolean focusable  = targetFocusable;
         if (isSimpleWindow()) {
             LWWindowPeer ownerPeer = getOwnerFrameDialog(this);
             if (ownerPeer == null) {
                 return false;
             }
-            return focusable && ownerPeer.getTarget().isFocusableWindow();
+            return focusable && ownerPeer.targetFocusable;
         }
         return focusable;
     }
--- ./jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifScrollPaneUI.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifScrollPaneUI.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,19 +56,22 @@
 
     private PropertyChangeListener propertyChangeHandler;
 
+    @Override
     protected void installListeners(JScrollPane scrollPane) {
         super.installListeners(scrollPane);
         propertyChangeHandler = createPropertyChangeHandler();
         scrollPane.addPropertyChangeListener(propertyChangeHandler);
     }
 
-    protected void uninstallListeners(JScrollPane scrollPane) {
+    @Override
+    protected void uninstallListeners(JComponent scrollPane) {
         super.uninstallListeners(scrollPane);
         scrollPane.removePropertyChangeListener(propertyChangeHandler);
     }
 
     private PropertyChangeListener createPropertyChangeHandler() {
         return new PropertyChangeListener() {
+            @Override
             public void propertyChange(PropertyChangeEvent e) {
                   String propertyName = e.getPropertyName();
 
@@ -92,6 +95,7 @@
         }};
     }
 
+    @Override
     protected void installDefaults(JScrollPane scrollpane) {
         super.installDefaults(scrollpane);
 
@@ -115,7 +119,7 @@
         }
     }
 
-
+    @Override
     protected void uninstallDefaults(JScrollPane c) {
         super.uninstallDefaults(c);
 
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java	Tue Sep 09 12:00:58 2014 -0700
@@ -25,6 +25,8 @@
 import java.io.InputStream;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -35,6 +37,7 @@
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
+import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver;
 import com.sun.org.apache.xml.internal.security.transforms.Transform;
 import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
@@ -118,43 +121,50 @@
             log.log(java.util.logging.Level.FINE, "Registering default algorithms");
         }
         try {
-            //
-            // Bind the default prefixes
-            //
-            ElementProxy.registerDefaultPrefixes();
+            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>(){
+                @Override public Void run() throws XMLSecurityException {
+                    //
+                    // Bind the default prefixes
+                    //
+                    ElementProxy.registerDefaultPrefixes();
 
-            //
-            // Set the default Transforms
-            //
-            Transform.registerDefaultAlgorithms();
+                    //
+                    // Set the default Transforms
+                    //
+                    Transform.registerDefaultAlgorithms();
 
-            //
-            // Set the default signature algorithms
-            //
-            SignatureAlgorithm.registerDefaultAlgorithms();
+                    //
+                    // Set the default signature algorithms
+                    //
+                    SignatureAlgorithm.registerDefaultAlgorithms();
 
-            //
-            // Set the default JCE algorithms
-            //
-            JCEMapper.registerDefaultAlgorithms();
+                    //
+                    // Set the default JCE algorithms
+                    //
+                    JCEMapper.registerDefaultAlgorithms();
 
-            //
-            // Set the default c14n algorithms
-            //
-            Canonicalizer.registerDefaultAlgorithms();
+                    //
+                    // Set the default c14n algorithms
+                    //
+                    Canonicalizer.registerDefaultAlgorithms();
 
-            //
-            // Register the default resolvers
-            //
-            ResourceResolver.registerDefaultResolvers();
+                    //
+                    // Register the default resolvers
+                    //
+                    ResourceResolver.registerDefaultResolvers();
 
-            //
-            // Register the default key resolvers
-            //
-            KeyResolver.registerDefaultResolvers();
-        } catch (Exception ex) {
-            log.log(java.util.logging.Level.SEVERE, ex.getMessage(), ex);
-            ex.printStackTrace();
+                    //
+                    // Register the default key resolvers
+                    //
+                    KeyResolver.registerDefaultResolvers();
+
+                    return null;
+                }
+           });
+        } catch (PrivilegedActionException ex) {
+            XMLSecurityException xse = (XMLSecurityException)ex.getException();
+            log.log(java.util.logging.Level.SEVERE, xse.getMessage(), xse);
+            xse.printStackTrace();
         }
     }
 
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java	Tue Sep 09 12:00:58 2014 -0700
@@ -27,6 +27,7 @@
 
 import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Element;
 
 
@@ -49,8 +50,11 @@
      *
      * @param id
      * @param algorithm
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the JCE algorithm
      */
     public static void register(String id, Algorithm algorithm) {
+        JavaUtils.checkRegisterPermission();
         algorithmsMap.put(id, algorithm);
     }
 
@@ -292,8 +296,11 @@
     /**
      * Sets the default Provider for obtaining the security algorithms
      * @param provider the default providerId.
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the JCE provider
      */
     public static void setProviderId(String provider) {
+        JavaUtils.checkRegisterPermission();
         providerName = provider;
     }
 
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java	Tue Sep 09 12:00:58 2014 -0700
@@ -37,6 +37,7 @@
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -314,18 +315,21 @@
     }
 
     /**
-     * Registers implementing class of the Transform algorithm with algorithmURI
+     * Registers implementing class of the SignatureAlgorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
+     * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
      * @param implementingClass <code>implementingClass</code> the implementing class of
      * {@link SignatureAlgorithmSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
      * @throws XMLSignatureException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the signature algorithm
      */
     @SuppressWarnings("unchecked")
     public static void register(String algorithmURI, String implementingClass)
        throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
            XMLSignatureException {
+        JavaUtils.checkRegisterPermission();
         if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
         }
@@ -352,15 +356,18 @@
     /**
      * Registers implementing class of the Transform algorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
+     * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
      * @param implementingClass <code>implementingClass</code> the implementing class of
      * {@link SignatureAlgorithmSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
      * @throws XMLSignatureException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the signature algorithm
      */
     public static void register(String algorithmURI, Class<? extends SignatureAlgorithmSpi> implementingClass)
        throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
            XMLSignatureException {
+        JavaUtils.checkRegisterPermission();
         if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
         }
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java	Tue Sep 09 12:00:58 2014 -0700
@@ -41,6 +41,7 @@
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315WithComments;
 import com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerPhysical;
 import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
@@ -142,10 +143,13 @@
      * @param algorithmURI
      * @param implementingClass
      * @throws AlgorithmAlreadyRegisteredException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the canonicalizer
      */
     @SuppressWarnings("unchecked")
     public static void register(String algorithmURI, String implementingClass)
         throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
+        JavaUtils.checkRegisterPermission();
         // check whether URI is already registered
         Class<? extends CanonicalizerSpi> registeredClass =
             canonicalizerHash.get(algorithmURI);
@@ -166,9 +170,12 @@
      * @param algorithmURI
      * @param implementingClass
      * @throws AlgorithmAlreadyRegisteredException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the canonicalizer
      */
-    public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass)
+    public static void register(String algorithmURI, Class<? extends CanonicalizerSpi> implementingClass)
         throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
+        JavaUtils.checkRegisterPermission();
         // check whether URI is already registered
         Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
 
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java	Tue Sep 09 12:00:58 2014 -0700
@@ -42,6 +42,7 @@
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SKIResolver;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SubjectNameResolver;
 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
@@ -175,9 +176,12 @@
      * @throws InstantiationException
      * @throws IllegalAccessException
      * @throws ClassNotFoundException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the key resolver
      */
     public static void register(String className, boolean globalResolver)
         throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+        JavaUtils.checkRegisterPermission();
         KeyResolverSpi keyResolverSpi =
             (KeyResolverSpi) Class.forName(className).newInstance();
         keyResolverSpi.setGlobalResolver(globalResolver);
@@ -195,8 +199,11 @@
      *
      * @param className
      * @param globalResolver Whether the KeyResolverSpi is a global resolver or not
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the key resolver
      */
     public static void registerAtStart(String className, boolean globalResolver) {
+        JavaUtils.checkRegisterPermission();
         KeyResolverSpi keyResolverSpi = null;
         Exception ex = null;
         try {
@@ -228,11 +235,14 @@
      *
      * @param keyResolverSpi a KeyResolverSpi instance to register
      * @param start whether to register the KeyResolverSpi at the start of the list or not
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the key resolver
      */
     public static void register(
         KeyResolverSpi keyResolverSpi,
         boolean start
     ) {
+        JavaUtils.checkRegisterPermission();
         KeyResolver resolver = new KeyResolver(keyResolverSpi);
         if (start) {
             resolverVector.add(0, resolver);
@@ -254,9 +264,12 @@
      * @throws InstantiationException
      * @throws IllegalAccessException
      * @throws ClassNotFoundException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the key resolver
      */
     public static void registerClassNames(List<String> classNames)
         throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+        JavaUtils.checkRegisterPermission();
         List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>(classNames.size());
         for (String className : classNames) {
             KeyResolverSpi keyResolverSpi =
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java	Tue Sep 09 12:00:58 2014 -0700
@@ -46,6 +46,7 @@
 import com.sun.org.apache.xml.internal.security.transforms.implementations.TransformXSLT;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.HelperNodeList;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
@@ -181,11 +182,14 @@
      * class of {@link TransformSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
      * is already registered
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the transform
      */
     @SuppressWarnings("unchecked")
     public static void register(String algorithmURI, String implementingClass)
         throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
             InvalidTransformException {
+        JavaUtils.checkRegisterPermission();
         // are we already registered?
         Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
         if (transformSpi != null) {
@@ -206,9 +210,12 @@
      * class of {@link TransformSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
      * is already registered
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the transform
      */
     public static void register(String algorithmURI, Class<? extends TransformSpi> implementingClass)
         throws AlgorithmAlreadyRegisteredException {
+        JavaUtils.checkRegisterPermission();
         // are we already registered?
         Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
         if (transformSpi != null) {
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java	Tue Sep 09 12:00:58 2014 -0700
@@ -468,9 +468,12 @@
      * @param namespace
      * @param prefix
      * @throws XMLSecurityException
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the default prefix
      */
     public static void setDefaultPrefix(String namespace, String prefix)
         throws XMLSecurityException {
+        JavaUtils.checkRegisterPermission();
         if (prefixMappings.containsValue(prefix)) {
             String storedPrefix = prefixMappings.get(namespace);
             if (!storedPrefix.equals(prefix)) {
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java	Tue Sep 09 12:00:58 2014 -0700
@@ -28,6 +28,7 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.SecurityPermission;
 
 /**
  * A collection of different, general-purpose methods for JAVA-specific things
@@ -39,6 +40,10 @@
     private static java.util.logging.Logger log =
         java.util.logging.Logger.getLogger(JavaUtils.class.getName());
 
+    private static final SecurityPermission REGISTER_PERMISSION =
+        new SecurityPermission(
+            "com.sun.org.apache.xml.internal.security.register");
+
     private JavaUtils() {
         // we don't allow instantiation
     }
@@ -145,4 +150,21 @@
 
         return retBytes;
     }
+
+    /**
+     * Throws a {@code SecurityException} if a security manager is installed
+     * and the caller is not allowed to register an implementation of an
+     * algorithm, transform, or other security sensitive XML Signature function.
+     *
+     * @throws SecurityException if a security manager is installed and the
+     *    caller has not been granted the
+     *    {@literal "com.sun.org.apache.xml.internal.security.register"}
+     *    {@code SecurityPermission}
+     */
+    public static void checkRegisterPermission() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(REGISTER_PERMISSION);
+        }
+    }
 }
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java	Tue Sep 09 12:00:58 2014 -0700
@@ -80,32 +80,44 @@
     /**
      * Set the prefix for the digital signature namespace
      * @param prefix the new prefix for the digital signature namespace
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the prefix
      */
     public static void setDsPrefix(String prefix) {
+        JavaUtils.checkRegisterPermission();
         dsPrefix = prefix;
     }
 
     /**
      * Set the prefix for the digital signature 1.1 namespace
      * @param prefix the new prefix for the digital signature 1.1 namespace
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the prefix
      */
     public static void setDs11Prefix(String prefix) {
+        JavaUtils.checkRegisterPermission();
         ds11Prefix = prefix;
     }
 
     /**
      * Set the prefix for the encryption namespace
      * @param prefix the new prefix for the encryption namespace
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the prefix
      */
     public static void setXencPrefix(String prefix) {
+        JavaUtils.checkRegisterPermission();
         xencPrefix = prefix;
     }
 
     /**
      * Set the prefix for the encryption namespace 1.1
      * @param prefix the new prefix for the encryption namespace 1.1
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to set the prefix
      */
     public static void setXenc11Prefix(String prefix) {
+        JavaUtils.checkRegisterPermission();
         xenc11Prefix = prefix;
     }
 
--- ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java	Tue Sep 09 12:00:58 2014 -0700
@@ -27,6 +27,7 @@
 import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP;
 import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment;
 import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverLocalFilesystem;
@@ -199,9 +200,12 @@
      * the class cannot be registered.
      *
      * @param className the name of the ResourceResolverSpi class to be registered
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register a resource resolver
      */
     @SuppressWarnings("unchecked")
     public static void register(String className) {
+        JavaUtils.checkRegisterPermission();
         try {
             Class<ResourceResolverSpi> resourceResolverClass =
                 (Class<ResourceResolverSpi>) Class.forName(className);
@@ -216,9 +220,12 @@
      * list. This method logs a warning if the class cannot be registered.
      *
      * @param className the name of the ResourceResolverSpi class to be registered
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register a resource resolver
      */
     @SuppressWarnings("unchecked")
     public static void registerAtStart(String className) {
+        JavaUtils.checkRegisterPermission();
         try {
             Class<ResourceResolverSpi> resourceResolverClass =
                 (Class<ResourceResolverSpi>) Class.forName(className);
@@ -233,8 +240,11 @@
      * cannot be registered.
      * @param className
      * @param start
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register a resource resolver
      */
     public static void register(Class<? extends ResourceResolverSpi> className, boolean start) {
+        JavaUtils.checkRegisterPermission();
         try {
             ResourceResolverSpi resourceResolverSpi = className.newInstance();
             register(resourceResolverSpi, start);
@@ -250,8 +260,11 @@
      * cannot be registered.
      * @param resourceResolverSpi
      * @param start
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register a resource resolver
      */
     public static void register(ResourceResolverSpi resourceResolverSpi, boolean start) {
+        JavaUtils.checkRegisterPermission();
         synchronized(resolverList) {
             if (start) {
                 resolverList.add(0, new ResourceResolver(resourceResolverSpi));
--- ./jdk/src/share/classes/java/lang/Class.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/lang/Class.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -256,8 +256,8 @@
     @CallerSensitive
     public static Class<?> forName(String className)
                 throws ClassNotFoundException {
-        return forName0(className, true,
-                        ClassLoader.getClassLoader(Reflection.getCallerClass()));
+        Class<?> caller = Reflection.getCallerClass();
+        return forName0(className, true, ClassLoader.getClassLoader(caller), caller);
     }
 
 
@@ -327,22 +327,27 @@
                                    ClassLoader loader)
         throws ClassNotFoundException
     {
-        if (sun.misc.VM.isSystemDomainLoader(loader)) {
-            SecurityManager sm = System.getSecurityManager();
-            if (sm != null) {
-                ClassLoader ccl = ClassLoader.getClassLoader(Reflection.getCallerClass());
+        Class<?> caller = null;
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            // Reflective call to get caller class is only needed if a security manager
+            // is present.  Avoid the overhead of making this call otherwise.
+            caller = Reflection.getCallerClass();
+            if (sun.misc.VM.isSystemDomainLoader(loader)) {
+                ClassLoader ccl = ClassLoader.getClassLoader(caller);
                 if (!sun.misc.VM.isSystemDomainLoader(ccl)) {
                     sm.checkPermission(
                         SecurityConstants.GET_CLASSLOADER_PERMISSION);
                 }
             }
         }
-        return forName0(name, initialize, loader);
+        return forName0(name, initialize, loader, caller);
     }
 
-    /** Called after security checks have been made. */
+    /** Called after security check for system loader access checks have been made. */
     private static native Class<?> forName0(String name, boolean initialize,
-                                            ClassLoader loader)
+                                            ClassLoader loader,
+                                            Class<?> caller)
         throws ClassNotFoundException;
 
     /**
--- ./jdk/src/share/classes/java/lang/invoke/MethodType.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/lang/invoke/MethodType.java	Tue Sep 09 12:00:58 2014 -0700
@@ -653,7 +653,7 @@
      * @return the parameter types (as an immutable list)
      */
     public List<Class<?>> parameterList() {
-        return Collections.unmodifiableList(Arrays.asList(ptypes));
+        return Collections.unmodifiableList(Arrays.asList(ptypes.clone()));
     }
 
     /*non-public*/ Class<?> lastParameterType() {
--- ./jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java	Tue Sep 09 12:00:58 2014 -0700
@@ -68,6 +68,7 @@
                     return null;
                 }
             });
+        init();
     }
 
     /**
@@ -362,4 +363,7 @@
     protected boolean nativeConnectDisabled() {
         return connectDisabled;
     }
+
+    native int dataAvailable();
+    private static native void init();
 }
--- ./jdk/src/share/classes/java/net/DatagramSocket.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/net/DatagramSocket.java	Tue Sep 09 12:00:58 2014 -0700
@@ -83,6 +83,17 @@
      */
     boolean oldImpl = false;
 
+    /**
+     * Set when a socket is ST_CONNECTED until we are certain
+     * that any packets which might have been received prior
+     * to calling connect() but not read by the application
+     * have been read. During this time we check the source
+     * address of all packets received to be sure they are from
+     * the connected destination. Other packets are read but
+     * silently dropped.
+     */
+    private boolean explicitFilter = false;
+    private int bytesLeftToFilter;
     /*
      * Connection state:
      * ST_NOT_CONNECTED = socket not connected
@@ -142,6 +153,15 @@
 
                 // socket is now connected by the impl
                 connectState = ST_CONNECTED;
+                // Do we need to filter some packets?
+                int avail = getImpl().dataAvailable();
+                if (avail == -1) {
+                    throw new SocketException();
+                }
+                explicitFilter = avail > 0;
+                if (explicitFilter) {
+                    bytesLeftToFilter = getReceiveBufferSize();
+                }
             } catch (SocketException se) {
 
                 // connection will be emulated by DatagramSocket
@@ -490,6 +510,7 @@
             connectedAddress = null;
             connectedPort = -1;
             connectState = ST_NOT_CONNECTED;
+            explicitFilter = false;
         }
     }
 
@@ -748,10 +769,13 @@
                     } // end of while
                 }
             }
-            if (connectState == ST_CONNECTED_NO_IMPL) {
+            DatagramPacket tmp = null;
+            if ((connectState == ST_CONNECTED_NO_IMPL) || explicitFilter) {
                 // We have to do the filtering the old fashioned way since
                 // the native impl doesn't support connect or the connect
-                // via the impl failed.
+                // via the impl failed, or .. "explicitFilter" may be set when
+                // a socket is connected via the impl, for a period of time
+                // when packets from other sources might be queued on socket.
                 boolean stop = false;
                 while (!stop) {
                     InetAddress peekAddress = null;
@@ -770,8 +794,14 @@
                     if ((!connectedAddress.equals(peekAddress)) ||
                         (connectedPort != peekPort)) {
                         // throw the packet away and silently continue
-                        DatagramPacket tmp = new DatagramPacket(new byte[1], 1);
+                        tmp = new DatagramPacket(
+                                                new byte[1024], 1024);
                         getImpl().receive(tmp);
+                        if (explicitFilter) {
+                            if (checkFiltering(tmp)) {
+                                stop = true;
+                            }
+                        }
                     } else {
                         stop = true;
                     }
@@ -780,9 +810,22 @@
             // If the security check succeeds, or the datagram is
             // connected then receive the packet
             getImpl().receive(p);
+            if (explicitFilter && tmp == null) {
+                // packet was not filtered, account for it here
+                checkFiltering(p);
+            }
         }
     }
 
+    private boolean checkFiltering(DatagramPacket p) throws SocketException {
+        bytesLeftToFilter -= p.getLength();
+        if (bytesLeftToFilter <= 0 || getImpl().dataAvailable() <= 0) {
+            explicitFilter = false;
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Gets the local address to which the socket is bound.
      *
--- ./jdk/src/share/classes/java/net/DatagramSocketImpl.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/net/DatagramSocketImpl.java	Tue Sep 09 12:00:58 2014 -0700
@@ -47,6 +47,12 @@
      */
     protected FileDescriptor fd;
 
+    int dataAvailable() {
+        // default impl returns zero, which disables the calling
+        // functionality
+        return 0;
+    }
+
     /**
      * The DatagramSocket or MulticastSocket
      * that owns this impl
--- ./jdk/src/share/classes/java/security/Signature.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/security/Signature.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -590,6 +590,9 @@
         if (outbuf == null) {
             throw new IllegalArgumentException("No output buffer given");
         }
+        if (offset < 0 || len < 0) {
+            throw new IllegalArgumentException("offset or len is less than 0");
+        }
         if (outbuf.length - offset < len) {
             throw new IllegalArgumentException
                 ("Output buffer too small for specified offset and length");
@@ -658,9 +661,16 @@
     public final boolean verify(byte[] signature, int offset, int length)
         throws SignatureException {
         if (state == VERIFY) {
-            if ((signature == null) || (offset < 0) || (length < 0) ||
-                (length > signature.length - offset)) {
-                throw new IllegalArgumentException("Bad arguments");
+            if (signature == null) {
+                throw new IllegalArgumentException("signature is null");
+            }
+            if (offset < 0 || length < 0) {
+                throw new IllegalArgumentException
+                    ("offset or length is less than 0");
+            }
+            if (signature.length - offset < length) {
+                throw new IllegalArgumentException
+                    ("signature too small for specified offset and length");
             }
 
             return engineVerify(signature, offset, length);
@@ -713,6 +723,16 @@
     public final void update(byte[] data, int off, int len)
             throws SignatureException {
         if (state == SIGN || state == VERIFY) {
+            if (data == null) {
+                throw new IllegalArgumentException("data is null");
+            }
+            if (off < 0 || len < 0) {
+                throw new IllegalArgumentException("off or len is less than 0");
+            }
+            if (data.length - off < len) {
+                throw new IllegalArgumentException
+                    ("data too small for specified offset and length");
+            }
             engineUpdate(data, off, len);
         } else {
             throw new SignatureException("object not initialized for "
--- ./jdk/src/share/classes/java/security/cert/CertificateRevokedException.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/security/cert/CertificateRevokedException.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -94,7 +94,10 @@
         this.revocationDate = new Date(revocationDate.getTime());
         this.reason = reason;
         this.authority = authority;
-        this.extensions = new HashMap<String, Extension>(extensions);
+        // make sure Map only contains correct types
+        this.extensions = Collections.checkedMap(new HashMap<>(),
+                                                 String.class, Extension.class);
+        this.extensions.putAll(extensions);
     }
 
     /**
@@ -172,7 +175,8 @@
     public String getMessage() {
         return "Certificate has been revoked, reason: "
                + reason + ", revocation date: " + revocationDate
-               + ", authority: " + authority + ", extensions: " + extensions;
+               + ", authority: " + authority + ", extension OIDs: "
+               + extensions.keySet();
     }
 
     /**
--- ./jdk/src/share/classes/java/util/Collections.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/util/Collections.java	Tue Sep 09 12:00:58 2014 -0700
@@ -3077,10 +3077,7 @@
                 public void remove()     {        it.remove(); }};
         }
 
-        public boolean add(E e) {
-            typeCheck(e);
-            return c.add(e);
-        }
+        public boolean add(E e)          { return c.add(typeCheck(e)); }
 
         private E[] zeroLengthElementArray; // Lazily initialized
 
@@ -3187,11 +3184,7 @@
         public E peek()                 {return queue.peek();}
         public E poll()                 {return queue.poll();}
         public E remove()               {return queue.remove();}
-
-        public boolean offer(E e) {
-            typeCheck(e);
-            return add(e);
-        }
+        public boolean offer(E e)       {return queue.offer(typeCheck(e));}
     }
 
     /**
@@ -3440,13 +3433,11 @@
         public int lastIndexOf(Object o) { return list.lastIndexOf(o); }
 
         public E set(int index, E element) {
-            typeCheck(element);
-            return list.set(index, element);
+            return list.set(index, typeCheck(element));
         }
 
         public void add(int index, E element) {
-            typeCheck(element);
-            list.add(index, element);
+            list.add(index, typeCheck(element));
         }
 
         public boolean addAll(int index, Collection<? extends E> c) {
@@ -3467,13 +3458,11 @@
                 public void remove()         {        i.remove(); }
 
                 public void set(E e) {
-                    typeCheck(e);
-                    i.set(e);
+                    i.set(typeCheck(e));
                 }
 
                 public void add(E e) {
-                    typeCheck(e);
-                    i.add(e);
+                    i.add(typeCheck(e));
                 }
 
                 @Override
--- ./jdk/src/share/classes/java/util/ResourceBundle.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/util/ResourceBundle.java	Tue Sep 09 12:00:58 2014 -0700
@@ -2650,7 +2650,10 @@
                 } catch (ClassNotFoundException e) {
                 }
             } else if (format.equals("java.properties")) {
-                final String resourceName = toResourceName(bundleName, "properties");
+                final String resourceName = toResourceName0(bundleName, "properties");
+                if (resourceName == null) {
+                    return bundle;
+                }
                 final ClassLoader classLoader = loader;
                 final boolean reloadFlag = reload;
                 InputStream stream = null;
@@ -2804,7 +2807,10 @@
             }
             boolean result = false;
             try {
-                String resourceName = toResourceName(toBundleName(baseName, locale), format);
+                String resourceName = toResourceName0(toBundleName(baseName, locale), format);
+                if (resourceName == null) {
+                    return result;
+                }
                 URL url = loader.getResource(resourceName);
                 if (url != null) {
                     long lastModified = 0;
@@ -2938,6 +2944,15 @@
             sb.append(bundleName.replace('.', '/')).append('.').append(suffix);
             return sb.toString();
         }
+
+        private String toResourceName0(String bundleName, String suffix) {
+            // application protocol check
+            if (bundleName.contains("://")) {
+                return null;
+            } else {
+                return toResourceName(bundleName, suffix);
+            }
+        }
     }
 
     private static class SingleFormatControl extends Control {
--- ./jdk/src/share/classes/java/util/logging/LogRecord.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/util/logging/LogRecord.java	Tue Sep 09 12:00:58 2014 -0700
@@ -513,7 +513,13 @@
         // If necessary, try to regenerate the resource bundle.
         if (resourceBundleName != null) {
             try {
-                resourceBundle = ResourceBundle.getBundle(resourceBundleName);
+                // use system class loader to ensure the ResourceBundle
+                // instance is a different instance than null loader uses
+                final ResourceBundle bundle =
+                        ResourceBundle.getBundle(resourceBundleName,
+                                Locale.getDefault(),
+                                ClassLoader.getSystemClassLoader());
+                resourceBundle = bundle;
             } catch (MissingResourceException ex) {
                 // This is not a good place to throw an exception,
                 // so we simply leave the resourceBundle null.
--- ./jdk/src/share/classes/java/util/logging/Logger.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/java/util/logging/Logger.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1934,6 +1934,9 @@
         }
 
         setCallersClassLoaderRef(callersClass);
+        if (isSystemLogger && getCallersClassLoader() != null) {
+            checkPermission();
+        }
         if (findResourceBundle(name, true) == null) {
             // We've failed to find an expected ResourceBundle.
             // unset the caller's ClassLoader since we were unable to find the
@@ -2168,11 +2171,13 @@
                 return trb;
             }
             final String rbName = isSystemLogger
-                ? trb.resourceBundleName
+                // ancestor of a system logger is expected to be a system logger.
+                // ignore resource bundle name if it's not.
+                ? (target.isSystemLogger ? trb.resourceBundleName : null)
                 : target.getResourceBundleName();
             if (rbName != null) {
                 return LoggerBundle.get(rbName,
-                            findResourceBundle(rbName, true));
+                        findResourceBundle(rbName, true));
             }
             target = isSystemLogger ? target.parent : target.getParent();
         }
--- ./jdk/src/share/classes/javax/crypto/CipherInputStream.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/javax/crypto/CipherInputStream.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,6 +88,8 @@
     private int ofinish = 0;
     // stream status
     private boolean closed = false;
+    // The stream has been read from.  False if the stream has never been read.
+    private boolean read = false;
 
     /**
      * private convenience function.
@@ -103,13 +105,15 @@
     private int getMoreData() throws IOException {
         if (done) return -1;
         int readin = input.read(ibuffer);
+        read = true;
         if (readin == -1) {
             done = true;
             try {
                 obuffer = cipher.doFinal();
+            } catch (IllegalBlockSizeException | BadPaddingException e) {
+                obuffer = null;
+                throw new IOException(e);
             }
-            catch (IllegalBlockSizeException e) {obuffer = null;}
-            catch (BadPaddingException e) {obuffer = null;}
             if (obuffer == null)
                 return -1;
             else {
@@ -120,7 +124,10 @@
         }
         try {
             obuffer = cipher.update(ibuffer, 0, readin);
-        } catch (IllegalStateException e) {obuffer = null;};
+        } catch (IllegalStateException e) {
+            obuffer = null;
+            throw e;
+        }
         ostart = 0;
         if (obuffer == null)
             ofinish = 0;
@@ -308,6 +315,11 @@
             }
         }
         catch (BadPaddingException | IllegalBlockSizeException ex) {
+            /* If no data has been read from the stream to be en/decrypted,
+               we supress any exceptions, and close quietly. */
+            if (read) {
+                throw new IOException(ex);
+            }
         }
         ostart = 0;
         ofinish = 0;
--- ./jdk/src/share/classes/javax/swing/JDesktopPane.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/javax/swing/JDesktopPane.java	Tue Sep 09 12:00:58 2014 -0700
@@ -43,6 +43,7 @@
 import java.beans.PropertyVetoException;
 import java.util.Set;
 import java.util.TreeSet;
+import java.util.LinkedHashSet;
 /**
  * A container used to create a multiple-document interface or a virtual desktop.
  * You create <code>JInternalFrame</code> objects and add them to the
@@ -266,7 +267,7 @@
 
     private static Collection<JInternalFrame> getAllFrames(Container parent) {
         int i, count;
-        Collection<JInternalFrame> results = new ArrayList<JInternalFrame>();
+        Collection<JInternalFrame> results = new LinkedHashSet<>();
         count = parent.getComponentCount();
         for (i = 0; i < count; i++) {
             Component next = parent.getComponent(i);
--- ./jdk/src/share/classes/sun/awt/ComponentFactory.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/awt/ComponentFactory.java	Tue Sep 09 12:00:58 2014 -0700
@@ -25,6 +25,8 @@
 
 package sun.awt;
 
+import sun.awt.datatransfer.DataTransferer;
+
 import java.awt.*;
 import java.awt.dnd.*;
 import java.awt.dnd.peer.DragSourceContextPeer;
@@ -93,4 +95,6 @@
     RobotPeer createRobot(Robot target, GraphicsDevice screen)
         throws AWTException, HeadlessException;
 
+    DataTransferer getDataTransferer();
+
 }
--- ./jdk/src/share/classes/sun/awt/HeadlessToolkit.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/awt/HeadlessToolkit.java	Tue Sep 09 12:00:58 2014 -0700
@@ -25,6 +25,8 @@
 
 package sun.awt;
 
+import sun.awt.datatransfer.DataTransferer;
+
 import java.awt.*;
 import java.awt.dnd.*;
 import java.awt.dnd.peer.DragSourceContextPeer;
@@ -401,6 +403,11 @@
         return null;
     }
 
+    @Override
+    public DataTransferer getDataTransferer() {
+        return null;
+    }
+
     @SuppressWarnings("deprecation")
     public FontMetrics getFontMetrics(Font font) {
         return tk.getFontMetrics(font);
--- ./jdk/src/share/classes/sun/awt/SunToolkit.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/awt/SunToolkit.java	Tue Sep 09 12:00:58 2014 -0700
@@ -205,8 +205,6 @@
 
     public abstract boolean isTraySupported();
 
-    public abstract DataTransferer getDataTransferer();
-
     @SuppressWarnings("deprecation")
     public abstract FontPeer getFontPeer(String name, int style);
 
--- ./jdk/src/share/classes/sun/awt/datatransfer/DataTransferer.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/awt/datatransfer/DataTransferer.java	Tue Sep 09 12:00:58 2014 -0700
@@ -86,6 +86,7 @@
 import java.util.TreeMap;
 import java.util.TreeSet;
 
+import sun.awt.ComponentFactory;
 import sun.util.logging.PlatformLogger;
 
 import sun.awt.AppContext;
@@ -272,7 +273,7 @@
      * instead, null will be returned.
      */
     public static synchronized DataTransferer getInstance() {
-        return ((SunToolkit) Toolkit.getDefaultToolkit()).getDataTransferer();
+        return ((ComponentFactory) Toolkit.getDefaultToolkit()).getDataTransferer();
     }
 
     /**
--- ./jdk/src/share/classes/sun/awt/image/BytePackedRaster.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/awt/image/BytePackedRaster.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1408,10 +1408,10 @@
             }
         }
 
-        int lastbit = (dataBitOffset
-                       + (height-1) * scanlineStride * 8
-                       + (width-1) * pixelBitStride
-                       + pixelBitStride - 1);
+        long lastbit = (long) dataBitOffset
+                       + (long) (height - 1) * (long) scanlineStride * 8
+                       + (long) (width - 1) * (long) pixelBitStride
+                       + (long) pixelBitStride - 1;
         if (lastbit < 0 || lastbit / 8 >= data.length) {
             throw new RasterFormatException("raster dimensions overflow " +
                                             "array bounds");
--- ./jdk/src/share/classes/sun/invoke/util/VerifyAccess.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/invoke/util/VerifyAccess.java	Tue Sep 09 12:00:58 2014 -0700
@@ -102,19 +102,24 @@
         case PUBLIC:
             return true;  // already checked above
         case PROTECTED:
+            assert !defc.isInterface(); // protected members aren't allowed in interfaces
             if ((allowedModes & PROTECTED_OR_PACKAGE_ALLOWED) != 0 &&
                 isSamePackage(defc, lookupClass))
                 return true;
             if ((allowedModes & PROTECTED) == 0)
                 return false;
+            // Protected members are accessible by subclasses, which does not include interfaces.
+            // Interfaces are types, not classes. They should not have access to
+            // protected members in j.l.Object, even though it is their superclass.
             if ((mods & STATIC) != 0 &&
                 !isRelatedClass(refc, lookupClass))
                 return false;
             if ((allowedModes & PROTECTED) != 0 &&
-                isSuperClass(defc, lookupClass))
+                isSubClass(lookupClass, defc))
                 return true;
             return false;
         case PACKAGE_ONLY:  // That is, zero.  Unmarked member is package-only access.
+            assert !defc.isInterface(); // package-private members aren't allowed in interfaces
             return ((allowedModes & PACKAGE_ALLOWED) != 0 &&
                     isSamePackage(defc, lookupClass));
         case PRIVATE:
@@ -129,12 +134,13 @@
 
     static boolean isRelatedClass(Class<?> refc, Class<?> lookupClass) {
         return (refc == lookupClass ||
-                refc.isAssignableFrom(lookupClass) ||
-                lookupClass.isAssignableFrom(refc));
+                isSubClass(refc, lookupClass) ||
+                isSubClass(lookupClass, refc));
     }
 
-    static boolean isSuperClass(Class<?> defc, Class<?> lookupClass) {
-        return defc.isAssignableFrom(lookupClass);
+    static boolean isSubClass(Class<?> lookupClass, Class<?> defc) {
+        return defc.isAssignableFrom(lookupClass) &&
+               !lookupClass.isInterface(); // interfaces are types, not classes.
     }
 
     static int getClassModifiers(Class<?> c) {
--- ./jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java	Tue Sep 09 12:00:58 2014 -0700
@@ -755,6 +755,26 @@
 
                     // set or refresh local address
                     localAddress = Net.localAddress(fd);
+
+                    // flush any packets already received.
+                    boolean blocking = false;
+                    synchronized (blockingLock()) {
+                        try {
+                            blocking = isBlocking();
+                            // remainder of each packet thrown away
+                            ByteBuffer tmpBuf = ByteBuffer.allocate(1);
+                            if (blocking) {
+                                configureBlocking(false);
+                            }
+                            do {
+                                tmpBuf.clear();
+                            } while (receive(tmpBuf) != null);
+                        } finally {
+                            if (blocking) {
+                                configureBlocking(true);
+                            }
+                        }
+                    }
                 }
             }
         }
--- ./jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,6 @@
 import java.lang.reflect.*;
 import java.io.Serializable;
 import java.util.*;
-import java.lang.annotation.*;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 
@@ -45,6 +44,11 @@
     private final Map<String, Object> memberValues;
 
     AnnotationInvocationHandler(Class<? extends Annotation> type, Map<String, Object> memberValues) {
+        Class<?>[] superInterfaces = type.getInterfaces();
+        if (!type.isAnnotation() ||
+            superInterfaces.length != 1 ||
+            superInterfaces[0] != java.lang.annotation.Annotation.class)
+            throw new AnnotationFormatError("Attempt to create proxy for a non-annotation type.");
         this.type = type;
         this.memberValues = memberValues;
     }
@@ -57,13 +61,17 @@
         if (member.equals("equals") && paramTypes.length == 1 &&
             paramTypes[0] == Object.class)
             return equalsImpl(args[0]);
-        assert paramTypes.length == 0;
-        if (member.equals("toString"))
+        if (paramTypes.length != 0)
+            throw new AssertionError("Too many parameters for an annotation method");
+
+        switch(member) {
+        case "toString":
             return toStringImpl();
-        if (member.equals("hashCode"))
+        case "hashCode":
             return hashCodeImpl();
-        if (member.equals("annotationType"))
+        case "annotationType":
             return type;
+        }
 
         // Handle annotation member accessors
         Object result = memberValues.get(member);
@@ -129,7 +137,7 @@
      * Implementation of dynamicProxy.toString()
      */
     private String toStringImpl() {
-        StringBuffer result = new StringBuffer(128);
+        StringBuilder result = new StringBuilder(128);
         result.append('@');
         result.append(type.getName());
         result.append('(');
@@ -277,6 +285,7 @@
                 new PrivilegedAction<Method[]>() {
                     public Method[] run() {
                         final Method[] mm = type.getDeclaredMethods();
+                        validateAnnotationMethods(mm);
                         AccessibleObject.setAccessible(mm, true);
                         return mm;
                     }
@@ -287,6 +296,94 @@
     private transient volatile Method[] memberMethods = null;
 
     /**
+     * Validates that a method is structurally appropriate for an
+     * annotation type. As of Java SE 8, annotation types cannot
+     * contain static methods and the declared methods of an
+     * annotation type must take zero arguments and there are
+     * restrictions on the return type.
+     */
+    private void validateAnnotationMethods(Method[] memberMethods) {
+        /*
+         * Specification citations below are from JLS
+         * 9.6.1. Annotation Type Elements
+         */
+        boolean valid = true;
+        for(Method method : memberMethods) {
+            /*
+             * "By virtue of the AnnotationTypeElementDeclaration
+             * production, a method declaration in an annotation type
+             * declaration cannot have formal parameters, type
+             * parameters, or a throws clause.
+             *
+             * "By virtue of the AnnotationTypeElementModifier
+             * production, a method declaration in an annotation type
+             * declaration cannot be default or static."
+             */
+            if (method.getModifiers() != (Modifier.PUBLIC | Modifier.ABSTRACT) ||
+                method.isDefault() ||
+                method.getParameterCount() != 0 ||
+                method.getExceptionTypes().length != 0) {
+                valid = false;
+                break;
+            }
+
+            /*
+             * "It is a compile-time error if the return type of a
+             * method declared in an annotation type is not one of the
+             * following: a primitive type, String, Class, any
+             * parameterized invocation of Class, an enum type
+             * (section 8.9), an annotation type, or an array type
+             * (chapter 10) whose element type is one of the preceding
+             * types."
+             */
+            Class<?> returnType = method.getReturnType();
+            if (returnType.isArray()) {
+                returnType = returnType.getComponentType();
+                if (returnType.isArray()) { // Only single dimensional arrays
+                    valid = false;
+                    break;
+                }
+            }
+
+            if (!((returnType.isPrimitive() && returnType != void.class) ||
+                  returnType == java.lang.String.class ||
+                  returnType == java.lang.Class.class ||
+                  returnType.isEnum() ||
+                  returnType.isAnnotation())) {
+                valid = false;
+                break;
+            }
+
+            /*
+             * "It is a compile-time error if any method declared in an
+             * annotation type has a signature that is
+             * override-equivalent to that of any public or protected
+             * method declared in class Object or in the interface
+             * java.lang.annotation.Annotation."
+             *
+             * The methods in Object or Annotation meeting the other
+             * criteria (no arguments, contrained return type, etc.)
+             * above are:
+             *
+             * String toString()
+             * int hashCode()
+             * Class<? extends Annotation> annotationType()
+             */
+            String methodName = method.getName();
+            if ((methodName.equals("toString") && returnType == java.lang.String.class) ||
+                (methodName.equals("hashCode") && returnType == int.class) ||
+                (methodName.equals("annotationType") && returnType == java.lang.Class.class)) {
+                valid = false;
+                break;
+            }
+        }
+        if (valid)
+            return;
+        else
+            throw new AnnotationFormatError("Malformed method on an annotation type");
+    }
+
+    /**
      * Implementation of dynamicProxy.hashCode()
      */
     private int hashCodeImpl() {
@@ -330,7 +427,6 @@
         throws java.io.IOException, ClassNotFoundException {
         s.defaultReadObject();
 
-
         // Check to make sure that types have not evolved incompatibly
 
         AnnotationType annotationType = null;
@@ -343,7 +439,6 @@
 
         Map<String, Class<?>> memberTypes = annotationType.memberTypes();
 
-
         // If there are annotation members without values, that
         // situation is handled by the invoke method.
         for (Map.Entry<String, Object> memberValue : memberValues.entrySet()) {
--- ./jdk/src/share/classes/sun/security/provider/SecureRandom.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/security/provider/SecureRandom.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@
 import java.security.MessageDigest;
 import java.security.SecureRandomSpi;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 
 /**
  * <p>This class provides a crytpographically strong pseudo-random number
@@ -94,9 +95,19 @@
      */
     private void init(byte[] seed) {
         try {
-            digest = MessageDigest.getInstance("SHA");
-        } catch (NoSuchAlgorithmException e) {
-            throw new InternalError("internal error: SHA-1 not available.", e);
+            /*
+             * Use the local SUN implementation to avoid native
+             * performance overhead.
+             */
+            digest = MessageDigest.getInstance("SHA", "SUN");
+        } catch (NoSuchProviderException | NoSuchAlgorithmException e) {
+            // Fallback to any available.
+            try {
+                digest = MessageDigest.getInstance("SHA");
+            } catch (NoSuchAlgorithmException exc) {
+                throw new InternalError(
+                    "internal error: SHA-1 not available.", exc);
+            }
         }
 
         if (seed != null) {
@@ -265,9 +276,19 @@
         s.defaultReadObject ();
 
         try {
-            digest = MessageDigest.getInstance("SHA");
-        } catch (NoSuchAlgorithmException e) {
-            throw new InternalError("internal error: SHA-1 not available.", e);
+            /*
+             * Use the local SUN implementation to avoid native
+             * performance overhead.
+             */
+            digest = MessageDigest.getInstance("SHA", "SUN");
+        } catch (NoSuchProviderException | NoSuchAlgorithmException e) {
+            // Fallback to any available.
+            try {
+                digest = MessageDigest.getInstance("SHA");
+            } catch (NoSuchAlgorithmException exc) {
+                throw new InternalError(
+                    "internal error: SHA-1 not available.", exc);
+            }
         }
     }
 }
--- ./jdk/src/share/classes/sun/security/ssl/CipherSuite.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/CipherSuite.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -968,7 +968,7 @@
          * 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
          *    changed later, see below).
          * 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
-         *    AES_128(GCM), AES_256, AES_128, RC-4, 3DES-EDE.
+         *    AES_128(GCM), AES_256, AES_128, 3DES-EDE, RC-4.
          * 3. Prefer the stronger MAC algorithm, in the order of SHA384,
          *    SHA256, SHA, MD5.
          * 4. Prefer the better performance of key exchange and digital
@@ -1055,18 +1055,6 @@
         add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
             0x0032, --p, K_DHE_DSS,     B_AES_128, T);
 
-        // RC-4
-        add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-            0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
-        add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-            0xC011, --p, K_ECDHE_RSA,   B_RC4_128, N);
-        add("SSL_RSA_WITH_RC4_128_SHA",
-            0x0005, --p, K_RSA,         B_RC4_128, N);
-        add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-            0xC002, --p, K_ECDH_ECDSA,  B_RC4_128, N);
-        add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
-            0xC00C, --p, K_ECDH_RSA,    B_RC4_128, N);
-
         // Cipher suites in GCM mode, see RFC 5288/5289.
         //
         // We may increase the priority of cipher suites in GCM mode when
@@ -1127,6 +1115,17 @@
         add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
             0x0013, --p, K_DHE_DSS,     B_3DES,    N);
 
+        // RC-4
+        add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+            0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
+        add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+            0xC011, --p, K_ECDHE_RSA,   B_RC4_128, N);
+        add("SSL_RSA_WITH_RC4_128_SHA",
+            0x0005, --p, K_RSA,         B_RC4_128, N);
+        add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+            0xC002, --p, K_ECDH_ECDSA,  B_RC4_128, N);
+        add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
+            0xC00C, --p, K_ECDH_RSA,    B_RC4_128, N);
         add("SSL_RSA_WITH_RC4_128_MD5",
             0x0004, --p, K_RSA,         B_RC4_128, N);
 
@@ -1146,7 +1145,7 @@
          * 2. If a cipher suite has been obsoleted, we put it at the end of
          *    the list.
          * 3. Prefer the stronger bulk cipher, in the order of AES_256,
-         *    AES_128, RC-4, 3DES-EDE, DES, RC4_40, DES40, NULL.
+         *    AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
          * 4. Prefer the stronger MAC algorithm, in the order of SHA384,
          *    SHA256, SHA, MD5.
          * 5. Prefer the better performance of key exchange and digital
@@ -1174,15 +1173,40 @@
         add("TLS_DH_anon_WITH_AES_128_CBC_SHA",
             0x0034, --p, K_DH_ANON,     B_AES_128, N);
 
+        add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+            0xC017, --p, K_ECDH_ANON,   B_3DES,    N);
+        add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+            0x001b, --p, K_DH_ANON,     B_3DES,    N);
+
         add("TLS_ECDH_anon_WITH_RC4_128_SHA",
             0xC016, --p, K_ECDH_ANON,   B_RC4_128, N);
         add("SSL_DH_anon_WITH_RC4_128_MD5",
             0x0018, --p, K_DH_ANON,     B_RC4_128, N);
 
-        add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
-            0xC017, --p, K_ECDH_ANON,   B_3DES,    N);
-        add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
-            0x001b, --p, K_DH_ANON,     B_3DES,    N);
+        // weak cipher suites obsoleted in TLS 1.2
+        add("SSL_RSA_WITH_DES_CBC_SHA",
+            0x0009, --p, K_RSA,         B_DES,     N, tls12);
+        add("SSL_DHE_RSA_WITH_DES_CBC_SHA",
+            0x0015, --p, K_DHE_RSA,     B_DES,     N, tls12);
+        add("SSL_DHE_DSS_WITH_DES_CBC_SHA",
+            0x0012, --p, K_DHE_DSS,     B_DES,     N, tls12);
+        add("SSL_DH_anon_WITH_DES_CBC_SHA",
+            0x001a, --p, K_DH_ANON,     B_DES,     N, tls12);
+
+        // weak cipher suites obsoleted in TLS 1.1
+        add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+            0x0008, --p, K_RSA_EXPORT,  B_DES_40,  N, tls11);
+        add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+            0x0014, --p, K_DHE_RSA,     B_DES_40,  N, tls11);
+        add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+            0x0011, --p, K_DHE_DSS,     B_DES_40,  N, tls11);
+        add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+            0x0019, --p, K_DH_ANON,     B_DES_40,  N, tls11);
+
+        add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+            0x0003, --p, K_RSA_EXPORT,  B_RC4_40,  N, tls11);
+        add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+            0x0017, --p, K_DH_ANON,     B_RC4_40,  N, tls11);
 
         add("TLS_RSA_WITH_NULL_SHA256",
             0x003b, --p, K_RSA,         B_NULL,    N, max, tls12, P_SHA256);
@@ -1201,52 +1225,27 @@
         add("SSL_RSA_WITH_NULL_MD5",
             0x0001, --p, K_RSA,         B_NULL,    N);
 
-        // weak cipher suites obsoleted in TLS 1.2
-        add("SSL_RSA_WITH_DES_CBC_SHA",
-            0x0009, --p, K_RSA,         B_DES,     N, tls12);
-        add("SSL_DHE_RSA_WITH_DES_CBC_SHA",
-            0x0015, --p, K_DHE_RSA,     B_DES,     N, tls12);
-        add("SSL_DHE_DSS_WITH_DES_CBC_SHA",
-            0x0012, --p, K_DHE_DSS,     B_DES,     N, tls12);
-        add("SSL_DH_anon_WITH_DES_CBC_SHA",
-            0x001a, --p, K_DH_ANON,     B_DES,     N, tls12);
-
-        // weak cipher suites obsoleted in TLS 1.1
-        add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",
-            0x0003, --p, K_RSA_EXPORT,  B_RC4_40,  N, tls11);
-        add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
-            0x0017, --p, K_DH_ANON,     B_RC4_40,  N, tls11);
-
-        add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
-            0x0008, --p, K_RSA_EXPORT,  B_DES_40,  N, tls11);
-        add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
-            0x0014, --p, K_DHE_RSA,     B_DES_40,  N, tls11);
-        add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
-            0x0011, --p, K_DHE_DSS,     B_DES_40,  N, tls11);
-        add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
-            0x0019, --p, K_DH_ANON,     B_DES_40,  N, tls11);
-
         // Supported Kerberos ciphersuites from RFC2712
+        add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+            0x001f, --p, K_KRB5,        B_3DES,    N);
+        add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+            0x0023, --p, K_KRB5,        B_3DES,    N);
         add("TLS_KRB5_WITH_RC4_128_SHA",
             0x0020, --p, K_KRB5,        B_RC4_128, N);
         add("TLS_KRB5_WITH_RC4_128_MD5",
             0x0024, --p, K_KRB5,        B_RC4_128, N);
-        add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
-            0x001f, --p, K_KRB5,        B_3DES,    N);
-        add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
-            0x0023, --p, K_KRB5,        B_3DES,    N);
         add("TLS_KRB5_WITH_DES_CBC_SHA",
             0x001e, --p, K_KRB5,        B_DES,     N, tls12);
         add("TLS_KRB5_WITH_DES_CBC_MD5",
             0x0022, --p, K_KRB5,        B_DES,     N, tls12);
+        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+            0x0026, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
+        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+            0x0029, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
         add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
             0x0028, --p, K_KRB5_EXPORT, B_RC4_40,  N, tls11);
         add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
             0x002b, --p, K_KRB5_EXPORT, B_RC4_40,  N, tls11);
-        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
-            0x0026, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
-        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
-            0x0029, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
 
         /*
          * Other values from the TLS Cipher Suite Registry, as of August 2010.
--- ./jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,8 @@
 
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateParsingException;
+import javax.security.auth.x500.X500Principal;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -89,12 +91,66 @@
     private final static boolean enableSNIExtension =
             Debug.getBooleanProperty("jsse.enableSNIExtension", true);
 
+    /*
+     * Allow unsafe server certificate change?
+     *
+     * Server certificate change during SSL/TLS renegotiation may be considered
+     * unsafe, as described in the Triple Handshake attacks:
+     *
+     *     https://secure-resumption.com/tlsauth.pdf
+     *
+     * Endpoint identification (See
+     * SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice
+     * guarantee that the server certificate change in renegotiation is legal.
+     * However, endpoing identification is only enabled for HTTPS and LDAP
+     * over SSL/TLS by default.  It is not enough to protect SSL/TLS
+     * connections other than HTTPS and LDAP.
+     *
+     * The renegotiation indication extension (See RFC 5764) is a pretty
+     * strong guarantee that the endpoints on both client and server sides
+     * are identical on the same connection.  However, the Triple Handshake
+     * attacks can bypass this guarantee if there is a session-resumption
+     * handshake between the initial full handshake and the renegotiation
+     * full handshake.
+     *
+     * Server certificate change may be unsafe and should be restricted if
+     * endpoint identification is not enabled and the previous handshake is
+     * a session-resumption abbreviated initial handshake, unless the
+     * identities represented by both certificates can be regraded as the
+     * same (See isIdentityEquivalent()).
+     *
+     * Considering the compatibility impact and the actual requirements to
+     * support server certificate change in practice, the system property,
+     * jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe
+     * server certificate change in renegotiation is allowed or not.  The
+     * default value of the system property is "false".  To mitigate the
+     * compactibility impact, applications may want to set the system
+     * property to "true" at their own risk.
+     *
+     * If the value of the system property is "false", server certificate
+     * change in renegotiation after a session-resumption abbreviated initial
+     * handshake is restricted (See isIdentityEquivalent()).
+     *
+     * If the system property is set to "true" explicitly, the restriction on
+     * server certificate change in renegotiation is disabled.
+     */
+    private final static boolean allowUnsafeServerCertChange =
+        Debug.getBooleanProperty("jdk.tls.allowUnsafeServerCertChange", false);
+
     private List<SNIServerName> requestedServerNames =
             Collections.<SNIServerName>emptyList();
 
     private boolean serverNamesAccepted = false;
 
     /*
+     * the reserved server certificate chain in previous handshaking
+     *
+     * The server certificate chain is only reserved if the previous
+     * handshake is a session-resumption abbreviated initial handshake.
+     */
+    private X509Certificate[] reservedServerCerts = null;
+
+    /*
      * Constructors
      */
     ClientHandshaker(SSLSocketImpl socket, SSLContextImpl context,
@@ -555,14 +611,19 @@
                 // we wanted to resume, but the server refused
                 session = null;
                 if (!enableNewSession) {
-                    throw new SSLException
-                        ("New session creation is disabled");
+                    throw new SSLException("New session creation is disabled");
                 }
             }
         }
 
         if (resumingSession && session != null) {
             setHandshakeSessionSE(session);
+            // Reserve the handshake state if this is a session-resumption
+            // abbreviated initial handshake.
+            if (isInitialHandshake) {
+                session.setAsSessionResumption(true);
+            }
+
             return;
         }
 
@@ -1064,6 +1125,13 @@
         }
 
         /*
+         * Reset the handshake state if this is not an initial handshake.
+         */
+        if (!isInitialHandshake) {
+            session.setAsSessionResumption(false);
+        }
+
+        /*
          * OK, it verified.  If we're doing the fast handshake, add that
          * "Finished" message to the hash of handshake messages, then send
          * our own change_cipher_spec and Finished message for the server
@@ -1161,8 +1229,23 @@
                 System.out.println("%% No cached client session");
             }
         }
-        if ((session != null) && (session.isRejoinable() == false)) {
-            session = null;
+        if (session != null) {
+            // If unsafe server certificate change is not allowed, reserve
+            // current server certificates if the previous handshake is a
+            // session-resumption abbreviated initial handshake.
+            if (!allowUnsafeServerCertChange && session.isSessionResumption()) {
+                try {
+                    // If existing, peer certificate chain cannot be null.
+                    reservedServerCerts =
+                        (X509Certificate[])session.getPeerCertificates();
+                } catch (SSLPeerUnverifiedException puve) {
+                    // Maybe not certificate-based, ignore the exception.
+                }
+            }
+
+            if (!session.isRejoinable()) {
+                session = null;
+            }
         }
 
         if (session != null) {
@@ -1331,9 +1414,28 @@
         }
         X509Certificate[] peerCerts = mesg.getCertificateChain();
         if (peerCerts.length == 0) {
-            fatalSE(Alerts.alert_bad_certificate,
-                "empty certificate chain");
+            fatalSE(Alerts.alert_bad_certificate, "empty certificate chain");
         }
+
+        // Allow server certificate change in client side during renegotiation
+        // after a session-resumption abbreviated initial handshake?
+        //
+        // DO NOT need to check allowUnsafeServerCertChange here. We only
+        // reserve server certificates when allowUnsafeServerCertChange is
+        // flase.
+        if (reservedServerCerts != null) {
+            // It is not necessary to check the certificate update if endpoint
+            // identification is enabled.
+            String identityAlg = getEndpointIdentificationAlgorithmSE();
+            if ((identityAlg == null || identityAlg.length() == 0) &&
+                !isIdentityEquivalent(peerCerts[0], reservedServerCerts[0])) {
+
+                fatalSE(Alerts.alert_bad_certificate,
+                        "server certificate change is restricted " +
+                        "during renegotiation");
+            }
+        }
+
         // ask the trust manager to verify the chain
         X509TrustManager tm = sslContext.getX509TrustManager();
         try {
@@ -1370,4 +1472,81 @@
         }
         session.setPeerCertificates(peerCerts);
     }
+
+    /*
+     * Whether the certificates can represent the same identity?
+     *
+     * The certificates can be used to represent the same identity:
+     *     1. If the subject alternative names of IP address are present in
+     *        both certificates, they should be identical; otherwise,
+     *     2. if the subject alternative names of DNS name are present in
+     *        both certificates, they should be identical; otherwise,
+     *     3. if the subject fields are present in both certificates, the
+     *        certificate subjects and issuers should be identical.
+     */
+    private static boolean isIdentityEquivalent(X509Certificate thisCert,
+            X509Certificate prevCert) {
+        if (thisCert.equals(prevCert)) {
+            return true;
+        }
+
+        // check the iPAddress field in subjectAltName extension
+        Object thisIPAddress = getSubjectAltName(thisCert, 7);  // 7: iPAddress
+        Object prevIPAddress = getSubjectAltName(prevCert, 7);
+        if (thisIPAddress != null && prevIPAddress!= null) {
+            // only allow the exactly match
+            return Objects.equals(thisIPAddress, prevIPAddress);
+        }
+
+        // check the dNSName field in subjectAltName extension
+        Object thisDNSName = getSubjectAltName(thisCert, 2);    // 2: dNSName
+        Object prevDNSName = getSubjectAltName(prevCert, 2);
+        if (thisDNSName != null && prevDNSName!= null) {
+            // only allow the exactly match
+            return Objects.equals(thisDNSName, prevDNSName);
+        }
+
+        // check the certificate subject and issuer
+        X500Principal thisSubject = thisCert.getSubjectX500Principal();
+        X500Principal prevSubject = prevCert.getSubjectX500Principal();
+        X500Principal thisIssuer = thisCert.getIssuerX500Principal();
+        X500Principal prevIssuer = prevCert.getIssuerX500Principal();
+        if (!thisSubject.getName().isEmpty() &&
+                !prevSubject.getName().isEmpty() &&
+                thisSubject.equals(prevSubject) &&
+                thisIssuer.equals(prevIssuer)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /*
+     * Returns the subject alternative name of the specified type in the
+     * subjectAltNames extension of a certificate.
+     */
+    private static Object getSubjectAltName(X509Certificate cert, int type) {
+        Collection<List<?>> subjectAltNames;
+
+        try {
+            subjectAltNames = cert.getSubjectAlternativeNames();
+        } catch (CertificateParsingException cpe) {
+            if (debug != null && Debug.isOn("handshake")) {
+                System.out.println(
+                        "Attempt to obtain subjectAltNames extension failed!");
+            }
+            return null;
+        }
+
+        if (subjectAltNames != null) {
+            for (List<?> subjectAltName : subjectAltNames) {
+                int subjectAltNameType = (Integer)subjectAltName.get(0);
+                if (subjectAltNameType == type) {
+                    return subjectAltName.get(1);
+                }
+            }
+        }
+
+        return null;
+    }
 }
--- ./jdk/src/share/classes/sun/security/ssl/Handshaker.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/Handshaker.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -359,6 +359,17 @@
         }
     }
 
+    String getEndpointIdentificationAlgorithmSE() {
+        SSLParameters paras;
+        if (conn != null) {
+            paras = conn.getSSLParameters();
+        } else {
+            paras = engine.getSSLParameters();
+        }
+
+        return paras.getEndpointIdentificationAlgorithm();
+    }
+
     private void setVersionSE(ProtocolVersion protocolVersion) {
         if (conn != null) {
             conn.setVersion(protocolVersion);
--- ./jdk/src/share/classes/sun/security/ssl/SSLSessionImpl.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/SSLSessionImpl.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -115,6 +115,14 @@
     private Principal localPrincipal;
 
     /*
+     * Is the session currently re-established with a session-resumption
+     * abbreviated initial handshake?
+     *
+     * Note that currently we only set this variable in client side.
+     */
+    private boolean isSessionResumption = false;
+
+    /*
      * We count session creations, eventually for statistical data but
      * also since counters make shorter debugging IDs than the big ones
      * we use in the protocol for uniqueness-over-time.
@@ -325,6 +333,22 @@
     }
 
     /**
+     * Return true if the session is currently re-established with a
+     * session-resumption abbreviated initial handshake.
+     */
+    boolean isSessionResumption() {
+        return isSessionResumption;
+    }
+
+    /**
+     * Resets whether the session is re-established with a session-resumption
+     * abbreviated initial handshake.
+     */
+    void setAsSessionResumption(boolean flag) {
+        isSessionResumption = flag;
+    }
+
+    /**
      * Returns the name of the cipher suite in use on this session
      */
     @Override
--- ./jdk/src/share/classes/sun/tools/jconsole/resources/messages_ja.properties	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/tools/jconsole/resources/messages_ja.properties	Tue Sep 09 12:00:58 2014 -0700
@@ -103,7 +103,7 @@
 HELP_ABOUT_DIALOG_JAVA_VERSION=Java VM\u30D0\u30FC\u30B8\u30E7\u30F3:<br>{0}
 HELP_ABOUT_DIALOG_MASTHEAD_ACCESSIBLE_NAME=\u30DE\u30B9\u30C8\u30D8\u30C3\u30C9\u56F3\u5F62
 HELP_ABOUT_DIALOG_MASTHEAD_TITLE=JConsole\u306B\u3064\u3044\u3066
-HELP_ABOUT_DIALOG_TITLE=JConsole: \u8A73\u7D30
+HELP_ABOUT_DIALOG_TITLE=JConsole: \u60C5\u5831
 HELP_ABOUT_DIALOG_USER_GUIDE_LINK_URL=http://docs.oracle.com/javase/{0}/docs/technotes/guides/management/jconsole.html
 HELP_MENU_ABOUT_TITLE=JConsole\u306B\u3064\u3044\u3066(&A)
 HELP_MENU_USER_GUIDE_TITLE=\u30AA\u30F3\u30E9\u30A4\u30F3\u30FB\u30E6\u30FC\u30B6\u30FC\u30FB\u30AC\u30A4\u30C9(&U)
--- ./jdk/src/share/classes/sun/util/locale/BaseLocale.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/util/locale/BaseLocale.java	Tue Sep 09 12:00:58 2014 -0700
@@ -31,6 +31,7 @@
  */
 
 package sun.util.locale;
+import java.lang.ref.SoftReference;
 
 
 public final class BaseLocale {
@@ -163,11 +164,11 @@
         return h;
     }
 
-    private static final class Key implements Comparable<Key> {
-        private final String lang;
-        private final String scrt;
-        private final String regn;
-        private final String vart;
+    private static final class Key {
+        private final SoftReference<String> lang;
+        private final SoftReference<String> scrt;
+        private final SoftReference<String> regn;
+        private final SoftReference<String> vart;
         private final boolean normalized;
         private final int hash;
 
@@ -179,10 +180,10 @@
             assert language.intern() == language
                    && region.intern() == region;
 
-            lang = language;
-            scrt = "";
-            regn = region;
-            vart = "";
+            lang = new SoftReference(language);
+            scrt = new SoftReference("");
+            regn = new SoftReference(region);
+            vart = new SoftReference("");
             this.normalized = true;
 
             int h = language.hashCode();
@@ -203,40 +204,40 @@
                     String variant, boolean normalized) {
             int h = 0;
             if (language != null) {
-                lang = language;
+                lang = new SoftReference(language);
                 int len = language.length();
                 for (int i = 0; i < len; i++) {
                     h = 31*h + LocaleUtils.toLower(language.charAt(i));
                 }
             } else {
-                lang = "";
+                lang = new SoftReference("");
             }
             if (script != null) {
-                scrt = script;
+                scrt = new SoftReference(script);
                 int len = script.length();
                 for (int i = 0; i < len; i++) {
                     h = 31*h + LocaleUtils.toLower(script.charAt(i));
                 }
             } else {
-                scrt = "";
+                scrt = new SoftReference("");
             }
             if (region != null) {
-                regn = region;
+                regn = new SoftReference(region);
                 int len = region.length();
                 for (int i = 0; i < len; i++) {
                     h = 31*h + LocaleUtils.toLower(region.charAt(i));
                 }
             } else {
-                regn = "";
+                regn = new SoftReference("");
             }
             if (variant != null) {
-                vart = variant;
+                vart = new SoftReference(variant);
                 int len = variant.length();
                 for (int i = 0; i < len; i++) {
                     h = 31*h + variant.charAt(i);
                 }
             } else {
-                vart = "";
+                vart = new SoftReference("");
             }
             hash = h;
             this.normalized = normalized;
@@ -244,28 +245,31 @@
 
         @Override
         public boolean equals(Object obj) {
-            return (this == obj) ||
-                    (obj instanceof Key)
-                    && this.hash == ((Key)obj).hash
-                    && LocaleUtils.caseIgnoreMatch(((Key)obj).lang, this.lang)
-                    && LocaleUtils.caseIgnoreMatch(((Key)obj).scrt, this.scrt)
-                    && LocaleUtils.caseIgnoreMatch(((Key)obj).regn, this.regn)
-                    && ((Key)obj).vart.equals(vart); // variant is case sensitive in JDK!
+            if (this == obj) {
+                return true;
         }
 
-        @Override
-        public int compareTo(Key other) {
-            int res = LocaleUtils.caseIgnoreCompare(this.lang, other.lang);
-            if (res == 0) {
-                res = LocaleUtils.caseIgnoreCompare(this.scrt, other.scrt);
-                if (res == 0) {
-                    res = LocaleUtils.caseIgnoreCompare(this.regn, other.regn);
-                    if (res == 0) {
-                        res = this.vart.compareTo(other.vart);
+            if (obj instanceof Key && this.hash == ((Key)obj).hash) {
+                String tl = this.lang.get();
+                String ol = ((Key)obj).lang.get();
+                if (tl != null && ol != null &&
+                    LocaleUtils.caseIgnoreMatch(ol, tl)) {
+                    String ts = this.scrt.get();
+                    String os = ((Key)obj).scrt.get();
+                    if (ts != null && os != null &&
+                        LocaleUtils.caseIgnoreMatch(os, ts)) {
+                        String tr = this.regn.get();
+                        String or = ((Key)obj).regn.get();
+                        if (tr != null && or != null &&
+                            LocaleUtils.caseIgnoreMatch(or, tr)) {
+                            String tv = this.vart.get();
+                            String ov = ((Key)obj).vart.get();
+                            return (ov != null && ov.equals(tv));
                     }
                 }
             }
-            return res;
+            }
+            return false;
         }
 
         @Override
@@ -278,10 +282,10 @@
                 return key;
             }
 
-            String lang = LocaleUtils.toLowerString(key.lang).intern();
-            String scrt = LocaleUtils.toTitleString(key.scrt).intern();
-            String regn = LocaleUtils.toUpperString(key.regn).intern();
-            String vart = key.vart.intern(); // preserve upper/lower cases
+            String lang = LocaleUtils.toLowerString(key.lang.get()).intern();
+            String scrt = LocaleUtils.toTitleString(key.scrt.get()).intern();
+            String regn = LocaleUtils.toUpperString(key.regn.get()).intern();
+            String vart = key.vart.get().intern(); // preserve upper/lower cases
 
             return new Key(lang, scrt, regn, vart, true);
         }
@@ -294,12 +298,18 @@
 
         @Override
         protected Key normalizeKey(Key key) {
+            assert key.lang.get() != null &&
+                   key.scrt.get() != null &&
+                   key.regn.get() != null &&
+                   key.vart.get() != null;
+
             return Key.normalize(key);
         }
 
         @Override
         protected BaseLocale createObject(Key key) {
-            return new BaseLocale(key.lang, key.scrt, key.regn, key.vart);
+            return new BaseLocale(key.lang.get(), key.scrt.get(),
+                                  key.regn.get(), key.vart.get());
         }
     }
 }
--- ./jdk/src/share/classes/sun/util/locale/LocaleObjectCache.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/classes/sun/util/locale/LocaleObjectCache.java	Tue Sep 09 12:00:58 2014 -0700
@@ -57,8 +57,10 @@
             value = entry.get();
         }
         if (value == null) {
+            V newVal = createObject(key);
+            // make sure key is normalized *after* the object creation
+            // so that newVal is assured to be created from a valid key.
             key = normalizeKey(key);
-            V newVal = createObject(key);
             if (key == null || newVal == null) {
                 // subclass must return non-null key/value object
                 return null;
--- ./jdk/src/share/javavm/export/jvm.h	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/javavm/export/jvm.h	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -386,6 +386,19 @@
 JVM_FindClassFromBootLoader(JNIEnv *env, const char *name);
 
 /*
+ * Find a class from a given class loader.  Throws ClassNotFoundException.
+ *  name:   name of class
+ *  init:   whether initialization is done
+ *  loader: class loader to look up the class. This may not be the same as the caller's
+ *          class loader.
+ *  caller: initiating class. The initiating class may be null when a security
+ *          manager is not installed.
+ */
+JNIEXPORT jclass JNICALL
+JVM_FindClassFromCaller(JNIEnv *env, const char *name, jboolean init,
+                        jobject loader, jclass caller);
+
+/*
  * Find a class from a given class loader. Throw ClassNotFoundException
  * or NoClassDefFoundError depending on the value of the last
  * argument.
--- ./jdk/src/share/native/java/lang/Class.c	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/native/java/lang/Class.c	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -97,7 +97,7 @@
 
 JNIEXPORT jclass JNICALL
 Java_java_lang_Class_forName0(JNIEnv *env, jclass this, jstring classname,
-                              jboolean initialize, jobject loader)
+                              jboolean initialize, jobject loader, jclass caller)
 {
     char *clname;
     jclass cls = 0;
@@ -135,8 +135,7 @@
         goto done;
     }
 
-    cls = JVM_FindClassFromClassLoader(env, clname, initialize,
-                                       loader, JNI_FALSE);
+    cls = JVM_FindClassFromCaller(env, clname, initialize, loader, caller);
 
  done:
     if (clname != buf) {
--- ./jdk/src/share/native/java/util/zip/CRC32.c	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/native/java/util/zip/CRC32.c	Tue Sep 09 12:00:58 2014 -0700
@@ -54,7 +54,8 @@
     return crc;
 }
 
-JNIEXPORT jint ZIP_CRC32(jint crc, const jbyte *buf, jint len)
+JNIEXPORT jint JNICALL
+ZIP_CRC32(jint crc, const jbyte *buf, jint len)
 {
     return crc32(crc, (Bytef*)buf, len);
 }
--- ./jdk/src/share/native/java/util/zip/ZipFile.c	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/native/java/util/zip/ZipFile.c	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -172,11 +172,7 @@
     }
     (*env)->GetByteArrayRegion(env, name, 0, ulen, (jbyte *)path);
     path[ulen] = '\0';
-    if (addSlash == JNI_FALSE) {
-        ze = ZIP_GetEntry(zip, path, 0);
-    } else {
-        ze = ZIP_GetEntry(zip, path, (jint)ulen);
-    }
+    ze = ZIP_GetEntry2(zip, path, (jint)ulen, addSlash);
     if (path != buf) {
         free(path);
     }
@@ -269,7 +265,7 @@
     switch (type) {
     case java_util_zip_ZipFile_JZENTRY_NAME:
         if (ze->name != 0) {
-            len = (int)strlen(ze->name);
+            len = (int)ze->nlen;
             if (len == 0 || (jba = (*env)->NewByteArray(env, len)) == NULL)
                 break;
             (*env)->SetByteArrayRegion(env, jba, 0, len, (jbyte *)ze->name);
--- ./jdk/src/share/native/java/util/zip/zip_util.c	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/native/java/util/zip/zip_util.c	Tue Sep 09 12:00:58 2014 -0700
@@ -1021,6 +1021,7 @@
     if ((ze->name = malloc(nlen + 1)) == NULL) goto Catch;
     memcpy(ze->name, cen + CENHDR, nlen);
     ze->name[nlen] = '\0';
+    ze->nlen = nlen;
     if (elen > 0) {
         char *extra = cen + CENHDR + nlen;
 
@@ -1118,7 +1119,34 @@
 jzentry *
 ZIP_GetEntry(jzfile *zip, char *name, jint ulen)
 {
-    unsigned int hsh = hash(name);
+    if (ulen == 0) {
+        return ZIP_GetEntry2(zip, name, strlen(name), JNI_FALSE);
+    }
+    return ZIP_GetEntry2(zip, name, ulen, JNI_TRUE);
+}
+
+jboolean equals(char* name1, int len1, char* name2, int len2) {
+    if (len1 != len2) {
+        return JNI_FALSE;
+    }
+    while (len1-- > 0) {
+        if (*name1++ != *name2++) {
+            return JNI_FALSE;
+        }
+    }
+    return JNI_TRUE;
+}
+
+/*
+ * Returns the zip entry corresponding to the specified name, or
+ * NULL if not found.
+ * This method supports embedded null character in "name", use ulen
+ * for the length of "name".
+ */
+jzentry *
+ZIP_GetEntry2(jzfile *zip, char *name, jint ulen, jboolean addSlash)
+{
+    unsigned int hsh = hashN(name, ulen);
     jint idx;
     jzentry *ze = 0;
 
@@ -1139,7 +1167,7 @@
 
         /* Check the cached entry first */
         ze = zip->cache;
-        if (ze && strcmp(ze->name,name) == 0) {
+        if (ze && equals(ze->name, ze->nlen, name, ulen)) {
             /* Cache hit!  Remove and return the cached entry. */
             zip->cache = 0;
             ZIP_Unlock(zip);
@@ -1165,7 +1193,7 @@
                  * we keep searching.
                  */
                 ze = newEntry(zip, zc, ACCESS_RANDOM);
-                if (ze && strcmp(ze->name, name)==0) {
+                if (ze && equals(ze->name, ze->nlen, name, ulen)) {
                     break;
                 }
                 if (ze != 0) {
@@ -1184,8 +1212,8 @@
             break;
         }
 
-        /* If no real length was passed in, we are done */
-        if (ulen == 0) {
+        /* If no need to try appending slash, we are done */
+        if (!addSlash) {
             break;
         }
 
@@ -1195,11 +1223,11 @@
         }
 
         /* Add slash and try once more */
-        name[ulen] = '/';
-        name[ulen+1] = '\0';
+        name[ulen++] = '/';
+        name[ulen] = '\0';
         hsh = hash_append(hsh, '/');
         idx = zip->table[hsh % zip->tablelen];
-        ulen = 0;
+        addSlash = JNI_FALSE;
     }
 
 Finally:
--- ./jdk/src/share/native/java/util/zip/zip_util.h	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/native/java/util/zip/zip_util.h	Tue Sep 09 12:00:58 2014 -0700
@@ -154,6 +154,7 @@
  * - If pos <= 0 then it is the position of entry LOC header.
  *   If pos > 0 then it is the position of entry data.
  *   pos should not be accessed directly, but only by ZIP_GetEntryDataOffset.
+ * - entry name may include embedded null character, use nlen for length
  */
 
 typedef struct jzentry {  /* Zip file entry */
@@ -166,6 +167,7 @@
     jbyte *extra;         /* optional extra data */
     jlong pos;            /* position of LOC header or entry data */
     jint flag;            /* general purpose flag */
+    jint nlen;            /* length of the entry name */
 } jzentry;
 
 /*
@@ -269,5 +271,5 @@
 jint ZIP_Read(jzfile *zip, jzentry *entry, jlong pos, void *buf, jint len);
 void ZIP_FreeEntry(jzfile *zip, jzentry *ze);
 jlong ZIP_GetEntryDataOffset(jzfile *zip, jzentry *entry);
-
+jzentry * ZIP_GetEntry2(jzfile *zip, char *name, jint ulen, jboolean addSlash);
 #endif /* !_ZIP_H_ */
--- ./jdk/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp	Tue Sep 09 12:00:58 2014 -0700
@@ -243,12 +243,22 @@
         le_uint16 srSetCount = SWAPW(subRuleSetCount);
 
         if (coverageIndex < srSetCount) {
+            LEReferenceToArrayOf<Offset> subRuleSetTableOffsetArrayRef(base, success,
+                    &subRuleSetTableOffsetArray[coverageIndex], 1);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             Offset subRuleSetTableOffset = SWAPW(subRuleSetTableOffsetArray[coverageIndex]);
             LEReferenceTo<SubRuleSetTable>
                  subRuleSetTable(base, success, (const SubRuleSetTable *) ((char *) this + subRuleSetTableOffset));
             le_uint16 subRuleCount = SWAPW(subRuleSetTable->subRuleCount);
             le_int32 position = glyphIterator->getCurrStreamPosition();
 
+            LEReferenceToArrayOf<Offset> subRuleTableOffsetArrayRef(base, success,
+                    subRuleSetTable->subRuleTableOffsetArray, subRuleCount);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             for (le_uint16 subRule = 0; subRule < subRuleCount; subRule += 1) {
                 Offset subRuleTableOffset =
                     SWAPW(subRuleSetTable->subRuleTableOffsetArray[subRule]);
@@ -301,13 +311,22 @@
                                                                 glyphIterator->getCurrGlyphID(),
                                                                 success);
 
-        if (setClass < scSetCount && subClassSetTableOffsetArray[setClass] != 0) {
+        if (setClass < scSetCount) {
+            LEReferenceToArrayOf<Offset>
+                 subClassSetTableOffsetArrayRef(base, success, subClassSetTableOffsetArray, setClass);
+            if (LE_FAILURE(success)) { return 0; }
+            if (subClassSetTableOffsetArray[setClass] != 0) {
+
             Offset subClassSetTableOffset = SWAPW(subClassSetTableOffsetArray[setClass]);
             LEReferenceTo<SubClassSetTable>
                  subClassSetTable(base, success, (const SubClassSetTable *) ((char *) this + subClassSetTableOffset));
             le_uint16 subClassRuleCount = SWAPW(subClassSetTable->subClassRuleCount);
             le_int32 position = glyphIterator->getCurrStreamPosition();
-
+                LEReferenceToArrayOf<Offset>
+                    subClassRuleTableOffsetArrayRef(base, success, subClassSetTable->subClassRuleTableOffsetArray, subClassRuleCount);
+                if (LE_FAILURE(success)) {
+                    return 0;
+                }
             for (le_uint16 scRule = 0; scRule < subClassRuleCount; scRule += 1) {
                 Offset subClassRuleTableOffset =
                     SWAPW(subClassSetTable->subClassRuleTableOffsetArray[scRule]);
@@ -331,6 +350,7 @@
                 glyphIterator->setCurrStreamPosition(position);
             }
         }
+        }
 
         // XXX If we get here, the table is mal-formed...
     }
@@ -442,13 +462,22 @@
         le_uint16 srSetCount = SWAPW(chainSubRuleSetCount);
 
         if (coverageIndex < srSetCount) {
+            LEReferenceToArrayOf<Offset>
+                chainSubRuleSetTableOffsetArrayRef(base, success, chainSubRuleSetTableOffsetArray, coverageIndex);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             Offset chainSubRuleSetTableOffset = SWAPW(chainSubRuleSetTableOffsetArray[coverageIndex]);
             LEReferenceTo<ChainSubRuleSetTable>
                  chainSubRuleSetTable(base, success, (const ChainSubRuleSetTable *) ((char *) this + chainSubRuleSetTableOffset));
             le_uint16 chainSubRuleCount = SWAPW(chainSubRuleSetTable->chainSubRuleCount);
             le_int32 position = glyphIterator->getCurrStreamPosition();
             GlyphIterator tempIterator(*glyphIterator, emptyFeatureList);
-
+            LEReferenceToArrayOf<Offset>
+                chainSubRuleTableOffsetArrayRef(base, success, chainSubRuleSetTable->chainSubRuleTableOffsetArray, chainSubRuleCount);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             for (le_uint16 subRule = 0; subRule < chainSubRuleCount; subRule += 1) {
                 Offset chainSubRuleTableOffset =
                     SWAPW(chainSubRuleSetTable->chainSubRuleTableOffsetArray[subRule]);
@@ -530,6 +559,11 @@
         le_int32 setClass = inputClassDefinitionTable->getGlyphClass(inputClassDefinitionTable,
                                                                      glyphIterator->getCurrGlyphID(),
                                                                      success);
+        LEReferenceToArrayOf<Offset>
+            chainSubClassSetTableOffsetArrayRef(base, success, chainSubClassSetTableOffsetArray, setClass);
+        if (LE_FAILURE(success)) {
+            return 0;
+        }
 
         if (setClass < scSetCount && chainSubClassSetTableOffsetArray[setClass] != 0) {
             Offset chainSubClassSetTableOffset = SWAPW(chainSubClassSetTableOffsetArray[setClass]);
@@ -538,7 +572,11 @@
             le_uint16 chainSubClassRuleCount = SWAPW(chainSubClassSetTable->chainSubClassRuleCount);
             le_int32 position = glyphIterator->getCurrStreamPosition();
             GlyphIterator tempIterator(*glyphIterator, emptyFeatureList);
-
+            LEReferenceToArrayOf<Offset>
+                chainSubClassRuleTableOffsetArrayRef(base, success, chainSubClassSetTable->chainSubClassRuleTableOffsetArray, chainSubClassRuleCount);
+            if (LE_FAILURE(success)) {
+                return 0;
+            }
             for (le_uint16 scRule = 0; scRule < chainSubClassRuleCount; scRule += 1) {
                 Offset chainSubClassRuleTableOffset =
                     SWAPW(chainSubClassSetTable->chainSubClassRuleTableOffsetArray[scRule]);
@@ -603,12 +641,14 @@
     }
 
     le_uint16 backtrkGlyphCount = SWAPW(backtrackGlyphCount);
+    LEReferenceToArrayOf<Offset> backtrackGlyphArrayRef(base, success, backtrackCoverageTableOffsetArray, backtrkGlyphCount);
+    if (LE_FAILURE(success)) {
+        return 0;
+    }
     le_uint16 inputGlyphCount = (le_uint16) SWAPW(backtrackCoverageTableOffsetArray[backtrkGlyphCount]);
     LEReferenceToArrayOf<Offset>   inputCoverageTableOffsetArray(base, success, &backtrackCoverageTableOffsetArray[backtrkGlyphCount + 1], inputGlyphCount+2); // offset
     if (LE_FAILURE(success)) { return 0; }
     const le_uint16 lookaheadGlyphCount = (le_uint16) SWAPW(inputCoverageTableOffsetArray[inputGlyphCount]);
-
-    if( LE_FAILURE(success)) { return 0; }
     LEReferenceToArrayOf<Offset>   lookaheadCoverageTableOffsetArray(base, success, inputCoverageTableOffsetArray.getAlias(inputGlyphCount + 1, success), lookaheadGlyphCount+2);
 
     if( LE_FAILURE(success) ) { return 0; }
--- ./jdk/src/solaris/classes/sun/awt/X11/XTextAreaPeer.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/solaris/classes/sun/awt/X11/XTextAreaPeer.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1024,7 +1024,8 @@
             }
         }
 
-        protected void uninstallListeners(JScrollPane scrollPane) {
+        @Override
+        protected void uninstallListeners(JComponent scrollPane) {
             super.uninstallListeners(scrollPane);
             scrollPane.removePropertyChangeListener(propertyChangeHandler);
         }
--- ./jdk/src/solaris/classes/sun/print/CUPSPrinter.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/solaris/classes/sun/print/CUPSPrinter.java	Tue Sep 09 12:00:58 2014 -0700
@@ -126,7 +126,7 @@
     /**
      * Returns array of MediaSizeNames derived from PPD.
      */
-    public MediaSizeName[] getMediaSizeNames() {
+    MediaSizeName[] getMediaSizeNames() {
         initMedia();
         return cupsMediaSNames;
     }
@@ -135,7 +135,7 @@
     /**
      * Returns array of Custom MediaSizeNames derived from PPD.
      */
-    public CustomMediaSizeName[] getCustomMediaSizeNames() {
+    CustomMediaSizeName[] getCustomMediaSizeNames() {
         initMedia();
         return cupsCustomMediaSNames;
     }
@@ -144,7 +144,7 @@
     /**
      * Returns array of MediaPrintableArea derived from PPD.
      */
-    public MediaPrintableArea[] getMediaPrintableArea() {
+    MediaPrintableArea[] getMediaPrintableArea() {
         initMedia();
         return cupsMediaPrintables;
     }
@@ -152,7 +152,7 @@
     /**
      * Returns array of MediaTrays derived from PPD.
      */
-    public MediaTray[] getMediaTrays() {
+    MediaTray[] getMediaTrays() {
         initMedia();
         return cupsMediaTrays;
     }
--- ./jdk/src/solaris/classes/sun/print/IPPPrintService.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/solaris/classes/sun/print/IPPPrintService.java	Tue Sep 09 12:00:58 2014 -0700
@@ -993,7 +993,9 @@
 
     public synchronized Class[] getSupportedAttributeCategories() {
         if (supportedCats != null) {
-            return supportedCats;
+            Class<?> [] copyCats = new Class<?>[supportedCats.length];
+            System.arraycopy(supportedCats, 0, copyCats, 0, copyCats.length);
+            return copyCats;
         }
 
         initAttributes();
@@ -1050,7 +1052,9 @@
         }
         supportedCats = new Class[catList.size()];
         catList.toArray(supportedCats);
-        return supportedCats;
+        Class<?>[] copyCats = new Class<?>[supportedCats.length];
+        System.arraycopy(supportedCats, 0, copyCats, 0, copyCats.length);
+        return copyCats;
     }
 
 
--- ./jdk/src/solaris/native/java/net/AbstractPlainDatagramSocketImpl.c	Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/src/solaris/native/java/net/AbstractPlainDatagramSocketImpl.c	Tue Sep 09 12:00:58 2014 -0700
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#ifdef __solaris__
+#include <unistd.h>
+#include <stropts.h>
+
+#ifndef BSD_COMP
+#define BSD_COMP
+#endif
+
+#endif
+
+#include <sys/ioctl.h>
+
+#include "jvm.h"
+#include "jni_util.h"
+#include "net_util.h"
+
+#include "java_net_AbstractPlainDatagramSocketImpl.h"
+
+static jfieldID IO_fd_fdID;
+
+static jfieldID apdsi_fdID;
+
+
+/*
+ * Class:     java_net_AbstractPlainDatagramSocketImpl
+ * Method:    init
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_java_net_AbstractPlainDatagramSocketImpl_init(JNIEnv *env, jclass cls) {
+
+    apdsi_fdID = (*env)->GetFieldID(env, cls, "fd",
+                                   "Ljava/io/FileDescriptor;");
+    CHECK_NULL(apdsi_fdID);
+
+    IO_fd_fdID = NET_GetFileDescriptorID(env);
+}
+
+/*
+ * Class:     java_net_AbstractPlainDatagramSocketImpl
+ * Method:    dataAvailable
+ * Signature: ()I
+ */
+JNIEXPORT jint JNICALL Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable
+(JNIEnv *env, jobject this) {
+    int fd, retval;
+
+    jobject fdObj = (*env)->GetObjectField(env, this, apdsi_fdID);
+
+    if (IS_NULL(fdObj)) {
+        JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException",
+                        "Socket closed");
+        return -1;
+    }
+    fd = (*env)->GetIntField(env, fdObj, IO_fd_fdID);
+
+    if (ioctl(fd, FIONREAD, &retval) < 0) {
+        return -1;
+    }
+    return retval;
+}
--- ./jdk/src/windows/native/java/net/AbstractPlainDatagramSocketImpl.c	Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/src/windows/native/java/net/AbstractPlainDatagramSocketImpl.c	Tue Sep 09 12:00:58 2014 -0700
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <windows.h>
+#include <winsock2.h>
+
+#include "jvm.h"
+#include "jni_util.h"
+#include "net_util.h"
+
+#include "java_net_AbstractPlainDatagramSocketImpl.h"
+
+static jfieldID IO_fd_fdID = NULL;
+static jfieldID apdsi_fdID = NULL;
+
+static jfieldID apdsi_fd1ID = NULL;
+static jclass two_stacks_clazz = NULL;
+
+
+/*
+ * Class:     java_net_AbstractPlainDatagramSocketImpl
+ * Method:    init
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_java_net_AbstractPlainDatagramSocketImpl_init(JNIEnv *env, jclass cls) {
+
+    apdsi_fdID = (*env)->GetFieldID(env, cls, "fd",
+                                   "Ljava/io/FileDescriptor;");
+    CHECK_NULL(apdsi_fdID);
+    IO_fd_fdID = NET_GetFileDescriptorID(env);
+    CHECK_NULL(IO_fd_fdID);
+
+    two_stacks_clazz = (*env)->FindClass(env, "java/net/TwoStacksPlainDatagramSocketImpl");
+    CHECK_NULL(two_stacks_clazz);
+
+    /* Handle both TwoStacks and DualStack here */
+
+    if (JNU_Equals(env, cls, two_stacks_clazz)) {
+        /* fd1 present only in TwoStack.. */
+        apdsi_fd1ID = (*env)->GetFieldID(env, cls, "fd1",
+                                   "Ljava/io/FileDescriptor;");
+        CHECK_NULL(apdsi_fd1ID);
+    }
+
+    JNU_CHECK_EXCEPTION(env);
+}
+
+/*
+ * Class:     java_net_AbstractPlainDatagramSocketImpl
+ * Method:    dataAvailable
+ * Signature: ()I
+ */
+JNIEXPORT jint JNICALL Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable
+(JNIEnv *env, jobject this) {
+    SOCKET fd;
+    SOCKET fd1;
+    int  rv = -1, rv1 = -1;
+    jobject fdObj = (*env)->GetObjectField(env, this, apdsi_fdID);
+
+    if (!IS_NULL(fdObj)) {
+        int retval = 0;
+        fd = (SOCKET)(*env)->GetIntField(env, fdObj, IO_fd_fdID);
+        rv = ioctlsocket(fd, FIONREAD, &retval);
+        if (retval > 0) {
+            return retval;
+        }
+    }
+
+    if (!IS_NULL(apdsi_fd1ID)) {
+        /* TwoStacks */
+        jobject fd1Obj = (*env)->GetObjectField(env, this, apdsi_fd1ID);
+        if (!IS_NULL(fd1Obj)) {
+            int retval = 0;
+            fd1 = (SOCKET)(*env)->GetIntField(env, fd1Obj, IO_fd_fdID);
+            rv1 = ioctlsocket(fd1, FIONREAD, &retval);
+            if (retval > 0) {
+                return retval;
+            }
+        }
+    }
+
+    if (rv < 0 && rv1 < 0) {
+        JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException",
+                            "Socket closed");
+        return -1;
+    }
+
+    return 0;
+}
+
--- ./jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -213,6 +213,14 @@
 void
 SplashRedrawWindow(Splash * splash)
 {
+    if (!SplashIsStillLooping(splash)) {
+        KillTimer(splash->hWnd, 0);
+    }
+
+    if (splash->currentFrame < 0) {
+        return;
+    }
+
     SplashUpdateScreenData(splash);
     if (splash->isLayered) {
         BLENDFUNCTION bf;
@@ -303,9 +311,6 @@
             time = 0;
         SetTimer(splash->hWnd, 0, time, NULL);
     }
-    else {
-        KillTimer(splash->hWnd, 0);
-    }
 }
 
 void SplashReconfigureNow(Splash * splash) {
--- ./jdk/src/windows/native/sun/windows/awt_Component.cpp	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/windows/native/sun/windows/awt_Component.cpp	Tue Sep 09 12:00:58 2014 -0700
@@ -6930,9 +6930,9 @@
 {
     TRY;
 
-    return JNI_IS_TRUE(AwtToolkit::GetInstance().SyncCall(
+    return (jboolean)AwtToolkit::GetInstance().SyncCall(
         (void *(*)(void *))AwtComponent::_NativeHandlesWheelScrolling,
-        env->NewGlobalRef(self)));
+        env->NewGlobalRef(self));
     // global ref is deleted in _NativeHandlesWheelScrolling
 
     CATCH_BAD_ALLOC_RET(NULL);
@@ -6951,9 +6951,9 @@
 
     jobject selfGlobalRef = env->NewGlobalRef(self);
 
-    return JNI_IS_TRUE(AwtToolkit::GetInstance().SyncCall(
+    return (jboolean)AwtToolkit::GetInstance().SyncCall(
         (void*(*)(void*))AwtComponent::_IsObscured,
-        (void *)selfGlobalRef));
+        (void *)selfGlobalRef);
     // selfGlobalRef is deleted in _IsObscured
 
     CATCH_BAD_ALLOC_RET(NULL);
--- ./jdk/src/windows/native/sun/windows/awt_List.cpp	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/src/windows/native/sun/windows/awt_List.cpp	Tue Sep 09 12:00:58 2014 -0700
@@ -1018,8 +1018,8 @@
     ses->list = env->NewGlobalRef(self);
     ses->index = index;
 
-    return JNI_IS_TRUE(AwtToolkit::GetInstance().SyncCall(
-                       (void *(*)(void *))AwtList::_IsSelected, ses));
+    return (jboolean)AwtToolkit::GetInstance().SyncCall(
+        (void *(*)(void *))AwtList::_IsSelected, ses);
     // global ref and ses are deleted in _IsSelected
 
     CATCH_BAD_ALLOC_RET(FALSE);
--- ./jdk/test/java/awt/Focus/WindowIsFocusableAccessByThreadsTest/WindowIsFocusableAccessByThreadsTest.java	Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/java/awt/Focus/WindowIsFocusableAccessByThreadsTest/WindowIsFocusableAccessByThreadsTest.java	Tue Sep 09 12:00:58 2014 -0700
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2014 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+  @test
+  @bug      8047288
+  @summary  Tests method isFocusable of Window component. It should be accessed only from EDT
+  @author   artem.malinko@oracle.com
+  @library  ../../regtesthelpers
+  @build    Util
+  @run      main WindowIsFocusableAccessByThreadsTest
+*/
+
+import test.java.awt.regtesthelpers.Util;
+
+import javax.swing.*;
+import java.awt.*;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+public class WindowIsFocusableAccessByThreadsTest {
+    private static AtomicBoolean testPassed = new AtomicBoolean(true);
+    private static volatile TestFrame frame;
+    private static volatile TestWindow window;
+    private static volatile Button openWindowBtn;
+
+    public static void main(String[] args) {
+        frame = new TestFrame("Test EDT access to Window components");
+        window = new TestWindow(frame);
+
+        SwingUtilities.invokeLater(WindowIsFocusableAccessByThreadsTest::init);
+
+        Util.waitTillShown(frame);
+        Robot robot = Util.createRobot();
+        Util.clickOnComp(frame, robot, 100);
+        Util.clickOnComp(openWindowBtn, robot, 100);
+
+        Util.waitTillShown(window);
+
+        if (!testPassed.get()) {
+            throw new RuntimeException("Window component methods has been accessed not " +
+                    "from Event Dispatching Thread");
+        }
+    }
+
+    private static void init() {
+        frame.setSize(400, 400);
+        frame.setLayout(new FlowLayout());
+        openWindowBtn = new Button("open window");
+        openWindowBtn.addActionListener(e -> {
+            window.setSize(100, 100);
+            window.setLocation(400, 100);
+            window.setVisible(true);
+        });
+        frame.add(openWindowBtn);
+        frame.setVisible(true);
+    }
+
+    private static void testThread() {
+        if (!SwingUtilities.isEventDispatchThread()) {
+            testPassed.set(false);
+        }
+    }
+
+    private static class TestWindow extends Window {
+        public TestWindow(Frame owner) {
+            super(owner);
+        }
+
+        // isFocusable method is final and we can't add this test to it.
+        // But it invokes getFocusableWindowState and here we can check
+        // if thread is EDT.
+        @Override
+        public boolean getFocusableWindowState() {
+            testThread();
+            return super.getFocusableWindowState();
+        }
+    }
+
+    private static class TestFrame extends Frame {
+        private TestFrame(String title) throws HeadlessException {
+            super(title);
+        }
+
+        // isFocusable method is final and we can't add this test to it.
+        // But it invokes getFocusableWindowState and here we can check
+        // if thread is EDT.
+        @Override
+        public boolean getFocusableWindowState() {
+            testThread();
+            return super.getFocusableWindowState();
+        }
+    }
+}
--- ./jdk/test/java/util/Collections/CheckedQueue.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/test/java/util/Collections/CheckedQueue.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,55 +23,40 @@
 
 /*
  * @test
- * @bug 5020931
+ * @bug 5020931 8048207
  * @summary Unit test for Collections.checkedQueue
+ * @run testng CheckedQueue
  */
 
-import java.lang.reflect.Method;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.Queue;
 import java.util.concurrent.ArrayBlockingQueue;
 
+import org.testng.annotations.Test;
+import static org.testng.Assert.fail;
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertTrue;
+import static org.testng.Assert.assertFalse;
+
+
 public class CheckedQueue {
-    static int status = 0;
-
-    public static void main(String[] args) throws Exception {
-        new CheckedQueue();
-    }
-
-    public CheckedQueue() throws Exception {
-        run();
-    }
-
-    private void run() throws Exception {
-        Method[] methods = this.getClass().getDeclaredMethods();
-
-        for (int i = 0; i < methods.length; i++) {
-            Method method = methods[i];
-            String methodName = method.getName();
-
-            if (methodName.startsWith("test")) {
-                try {
-                    Object obj = method.invoke(this, new Object[0]);
-                } catch(Exception e) {
-                    throw new Exception(this.getClass().getName() + "." +
-                            methodName + " test failed, test exception "
-                            + "follows\n" + e.getCause());
-                }
-            }
-        }
-    }
 
     /**
      * This test adds items to a queue.
      */
-    private void test00() {
+    @Test
+    public void testAdd() {
         int arrayLength = 10;
-        ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(arrayLength);
+        Queue<String> abq = Collections.checkedQueue(new ArrayBlockingQueue<>(arrayLength), String.class);
 
         for (int i = 0; i < arrayLength; i++) {
-            abq.add(new String(Integer.toString(i)));
+            abq.add(Integer.toString(i));
+        }
+
+        try {
+            abq.add("full");
+        } catch (IllegalStateException full) {
+
         }
     }
 
@@ -80,23 +65,17 @@
      * {@code String}s gets the checked queue, and attempt to add an Integer to
      * the checked queue.
      */
-    private void test01() throws Exception {
+    @Test(expectedExceptions = ClassCastException.class)
+    public void testAddFail1() {
         int arrayLength = 10;
         ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(arrayLength + 1);
 
         for (int i = 0; i < arrayLength; i++) {
-            abq.add(new String(Integer.toString(i)));
+            abq.add(Integer.toString(i));
         }
 
         Queue q = Collections.checkedQueue(abq, String.class);
-
-        try {
-            q.add(new Integer(0));
-            throw new Exception(this.getClass().getName() + "." + "test01 test"
-                    + " failed, should throw ClassCastException.");
-        } catch(ClassCastException cce) {
-            // Do nothing.
-        }
+        q.add(0);
     }
 
     /**
@@ -104,47 +83,40 @@
      * {@code String}, gets the checked queue, and attempt to add an Integer to
      * the checked queue.
      */
-    private void test02() throws Exception {
+    @Test(expectedExceptions = ClassCastException.class)
+    public void testAddFail2() {
         ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
         Queue q = Collections.checkedQueue(abq, String.class);
 
-        try {
-            q.add(new Integer(0));
-            throw new Exception(this.getClass().getName() + "." + "test02 test"
-                    + " failed, should throw ClassCastException.");
-        } catch(ClassCastException e) {
-            // Do nothing.
-        }
+        q.add(0);
     }
 
     /**
      * This test tests the Collections.checkedQueue method call for nulls in
      * each and both of the parameters.
      */
-    private void test03() throws Exception {
+    @Test
+    public void testArgs() {
         ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
         Queue q;
 
         try {
             q = Collections.checkedQueue(null, String.class);
-            throw new Exception(this.getClass().getName() + "." + "test03 test"
-                    + " failed, should throw NullPointerException.");
+            fail( "should throw NullPointerException.");
         } catch(NullPointerException npe) {
             // Do nothing
         }
 
         try {
             q = Collections.checkedQueue(abq, null);
-            throw new Exception(this.getClass().getName() + "." + "test03 test"
-                    + " failed, should throw NullPointerException.");
+            fail( "should throw NullPointerException.");
         } catch(Exception e) {
             // Do nothing
         }
 
         try {
             q = Collections.checkedQueue(null, null);
-            throw new Exception(this.getClass().getName() + "." + "test03 test"
-                    + " failed, should throw NullPointerException.");
+            fail( "should throw NullPointerException.");
         } catch(Exception e) {
             // Do nothing
         }
@@ -153,38 +125,28 @@
     /**
      * This test tests the CheckedQueue.offer method.
      */
-    private void test04() throws Exception {
+    @Test
+    public void testOffer() {
         ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
         Queue q = Collections.checkedQueue(abq, String.class);
 
         try {
             q.offer(null);
-            throw new Exception(this.getClass().getName() + "." + "test04 test"
-                    + " failed, should throw NullPointerException.");
+            fail("should throw NullPointerException.");
         } catch (NullPointerException npe) {
             // Do nothing
         }
 
         try {
-            q.offer(new Integer(0));
-            throw new Exception(this.getClass().getName() + "." + "test04 test"
-                    + " failed, should throw ClassCastException.");
+            q.offer(0);
+            fail("should throw ClassCastException.");
         } catch (ClassCastException cce) {
             // Do nothing
         }
 
-        q.offer(new String("0"));
+        assertTrue(q.offer("0"), "queue should have room");
 
-        try {
-            q.offer(new String("1"));
-            throw new Exception(this.getClass().getName() + "." + "test04 test"
-                    + " failed, should throw IllegalStateException.");
-        } catch(IllegalStateException ise) {
-            // Do nothing
-        }
-    }
-
-    private void test05() {
-
+        // no room at the inn!
+        assertFalse(q.offer("1"), "queue should be full");
     }
 }
--- ./jdk/test/sun/java2d/cmm/ColorConvertOp/ColConvCCMTest.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/test/sun/java2d/cmm/ColorConvertOp/ColConvCCMTest.java	Tue Sep 09 12:00:58 2014 -0700
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 6476665 7033534 6830714
+ * @bug 6476665 7033534 6830714 8052162
  * @summary Verifies color conversion of Component Color Model based images
  * @run main ColConvCCMTest
  */
--- ./jdk/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java	Tue Sep 09 12:00:58 2014 -0700
@@ -69,11 +69,6 @@
         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
-        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-        "SSL_RSA_WITH_RC4_128_SHA",
-        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
 
         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
@@ -97,6 +92,12 @@
         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+
+        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+        "SSL_RSA_WITH_RC4_128_SHA",
+        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
         "SSL_RSA_WITH_RC4_128_MD5",
 
         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
@@ -110,10 +111,20 @@
         "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
         "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+        "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
         "TLS_ECDH_anon_WITH_RC4_128_SHA",
         "SSL_DH_anon_WITH_RC4_128_MD5",
-        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
-        "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+        "SSL_RSA_WITH_DES_CBC_SHA",
+        "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+        "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+        "SSL_DH_anon_WITH_DES_CBC_SHA",
+        "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+        "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+        "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+        "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+        "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+        "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
         "TLS_RSA_WITH_NULL_SHA256",
         "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
         "TLS_ECDHE_RSA_WITH_NULL_SHA",
@@ -122,26 +133,16 @@
         "TLS_ECDH_RSA_WITH_NULL_SHA",
         "TLS_ECDH_anon_WITH_NULL_SHA",
         "SSL_RSA_WITH_NULL_MD5",
-        "SSL_RSA_WITH_DES_CBC_SHA",
-        "SSL_DHE_RSA_WITH_DES_CBC_SHA",
-        "SSL_DHE_DSS_WITH_DES_CBC_SHA",
-        "SSL_DH_anon_WITH_DES_CBC_SHA",
-        "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
-        "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
-        "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
-        "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
-        "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
-        "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+        "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+        "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
         "TLS_KRB5_WITH_RC4_128_SHA",
         "TLS_KRB5_WITH_RC4_128_MD5",
-        "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
-        "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
         "TLS_KRB5_WITH_DES_CBC_SHA",
         "TLS_KRB5_WITH_DES_CBC_MD5",
+        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
         "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
-        "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
-        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
-        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
+        "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
     );
 
     private final static String[] protocols = {
--- ./jdk/test/sun/tools/native2ascii/NativeErrors.java	Wed Jul 30 18:42:59 2014 +0100
+++ ./jdk/test/sun/tools/native2ascii/NativeErrors.java	Tue Sep 09 12:00:58 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,12 +25,18 @@
  * @test
  * @bug 4136352
  * @summary Test Native2ASCII error messages
- *
+ * @library /lib/testlibrary
+ * @build jdk.testlibrary.* NativeErrors
+ * @run main NativeErrors
  */
 
-import java.io.*;
-import sun.tools.native2ascii.*;
-import java.util.*;
+
+import java.io.File;
+import java.util.ResourceBundle;
+import java.util.MissingResourceException;
+import jdk.testlibrary.OutputAnalyzer;
+import jdk.testlibrary.JDKToolLauncher;
+import jdk.testlibrary.ProcessTools;
 
 public class NativeErrors {
 
@@ -45,30 +51,18 @@
         }
     }
 
-    public static void main(String args[]) throws Exception {
-        String[] command;
-        Process p = null;
-        BufferedReader in = null;
+    public static void main(String args[]) throws Throwable {
+        // Execute command in another vm. Verify stdout for expected err msg.
 
-        // Construct a command that runs the test in other vm
-        // Exec another vm to run test in
-        // Read the result to determine if test failed
-
-        command = getComString("-encoding");
-        p = Runtime.getRuntime().exec(command);
-        in = new BufferedReader(new InputStreamReader(p.getInputStream()));
-        checkResult(in, "err.bad.arg");
+        // Test with no input file given.
+        checkResult(executeCmd("-encoding"), "err.bad.arg");
 
         File f0 = new File(System.getProperty("test.src", "."), "test123");
         String path0 = f0.getPath();
         if ( f0.exists() ) {
             throw new Error("Input file should not exist: " + path0);
         }
-
-        command = getComString(path0);
-        p = Runtime.getRuntime().exec(command);
-        in = new BufferedReader(new InputStreamReader(p.getInputStream()));
-        checkResult(in, "err.cannot.read");
+        checkResult(executeCmd(path0), "err.cannot.read");
 
         File f1 = new File(System.getProperty("test.src", "."), "test1");
         File f2 = File.createTempFile("test2", ".tmp");
@@ -81,71 +75,38 @@
             throw new Error("Output file cannot be made read only: " + path2);
         }
         f2.deleteOnExit();
-
-        command = getComString(path1, path2);
-        p = Runtime.getRuntime().exec(command);
-        in = new BufferedReader(new InputStreamReader(p.getInputStream()));
-        checkResult(in, "err.cannot.write");
+        checkResult(executeCmd(path1, path2), "err.cannot.write");
     }
 
-
-    private static void checkResult(BufferedReader in, String errorExpected)
-                                                           throws Exception {
-        String errorReceived;
-        errorReceived = in.readLine();
-        assert errorReceived != null : "First readline cannot be null";
-        errorExpected = rsrc.getString(errorExpected);
-        assert errorExpected != null : "Expected message cannot be null";
-        StringBuffer error = new StringBuffer(errorExpected);
-        int start = errorExpected.indexOf("{0}");
-        if (start >= 0) {
-            error.delete(start, start+3);
-            errorExpected = error.toString();
+    private static String executeCmd(String... toolArgs) throws Throwable {
+        JDKToolLauncher cmd = JDKToolLauncher.createUsingTestJDK("native2ascii");
+        for (String s : toolArgs) {
+            cmd.addToolArg(s);
         }
-        //System.out.println("received: " + errorReceived);
-        //System.out.println("expected: " + errorExpected);
-        if (!errorReceived.endsWith(errorExpected))
-            throw new RuntimeException("Native2ascii bad arg error broken.");
+        OutputAnalyzer output = ProcessTools.executeProcess(cmd.getCommand());
+        if (output == null || output.getStdout() == null) {
+            throw new Exception("Output was null. Process did not finish correctly.");
+        }
+        if (output.getExitValue() == 0) {
+            throw new Exception("Process exit code was 0, but error was expected.");
+        }
+        return output.getStdout();
     }
 
-    private static String[] getComString(String arg2) {
-        String[] coms = new String[2];
-        coms[0] = getPathString();
-        coms[1] = arg2;
-        return coms;
-    }
+    private static void checkResult(
+            String errorReceived, String errorKey) throws Exception {
+        String errorExpected = rsrc.getString(errorKey);
+        if (errorExpected == null) {
+            throw new Exception("No error message for key: " + errorKey);
+        }
+        // Remove template tag from error message.
+        errorExpected = errorExpected.replaceAll("\\{0\\}", "");
 
-    private static String[] getComString(String arg2, String arg3) {
-        String[] coms = new String[3];
-        coms[0] = getPathString();
-        coms[1] = arg2;
-        coms[2] = arg3;
-        return coms;
-    }
-
-    /*
-     * Search for path to native2ascii
-     */
-    private static String getPathString() {
-        String path = System.getProperty("java.home") + File.separator +
-            "bin" + File.separator + "native2ascii";
-        if (File.separatorChar == '\\') {
-            path = path + ".exe";
+        System.out.println("received: " + errorReceived);
+        System.out.println("expected: " + errorExpected);
+        if (errorReceived.indexOf(errorExpected) < 0) {
+            throw new RuntimeException("Native2ascii bad arg error broken.");
         }
-        File f = new File(path);
-        if (!f.exists()) {
-            System.out.println("Cannot find native2ascii at "+path);
-            path = System.getProperty("java.home") + File.separator + ".." +
-                   File.separator + "bin" + File.separator + "native2ascii";
-            if (File.separatorChar == '\\') {
-                path = path + ".exe";
-            }
-            f = new File(path);
-            if (!f.exists())
-                throw new RuntimeException("Cannot find native2ascii at "+path);
-            System.out.println("Using native2ascii at "+path);
-        }
-        return path;
     }
 
 }
--- ./langtools/.hgtags	Wed Jul 30 03:55:11 2014 -0700
+++ ./langtools/.hgtags	Mon Sep 08 12:38:00 2014 -0700
@@ -311,3 +311,21 @@
 5c1d6da1445aa3a2e5cf6101c70e79bfbe2745a5 jdk8u20-b23
 9239118487dfb47ee850d2cc9b10a0a2e510da3c jdk8u20-b24
 9239118487dfb47ee850d2cc9b10a0a2e510da3c jdk8u20-b25
+5e6d409a72327a31b8a8f9aa0b32ef213c8b629c jdk8u20-b26
+f491f1581f196950c2cb858508dd06601968c417 jdk8u25-b00
+5bc865e0a2e3c59c1c8bc41e731509e1737ddea1 jdk8u25-b01
+4dec0c684a9ead80ea2bca6b042682367c1abf90 jdk8u25-b02
+1d039298d33f8062a0aa75442bd39434e16ee2df jdk8u25-b03
+5c806c4b2830056caaca3329e634ff040bfe1c7b jdk8u25-b04
+f1625806cabab809993fbc650b77c5a28d70035d jdk8u25-b05
+7a6309461a7294cc78789f547b0a652757d17156 jdk8u25-b06
+aad835b33337c22f4d632c2531c453de00a8f778 jdk8u25-b07
+224b8260b2c72e2902e48522240c97de11b3570a jdk8u25-b08
+a5fa1a2bd63cfcce67dae074c07cd0f2baa8ddc0 jdk8u25-b09
+0dfd4099658397efa118918cd43f79e194c320ea jdk8u25-b10
+eee8277448304f5d785310edff072d993a0c1868 jdk8u25-b11
+664a10268f61616b682985855015663c30d0476f jdk8u25-b12
+89b2f04998c7a1f987cadb4c42801d1ec500a870 jdk8u25-b13
+a340d68b020585cad7aa6e38d1aafb19ad0e4e07 jdk8u25-b14
+6e0c19cd42d7c4d307bea26840ee831cbd14e2fc jdk8u25-b15
+7fa6fa7cc204de988e224c6f8f75e62128fa84cd jdk8u25-b16
--- ./langtools/src/share/classes/com/sun/tools/javac/resources/compiler_ja.properties	Wed Jul 30 03:55:11 2014 -0700
+++ ./langtools/src/share/classes/com/sun/tools/javac/resources/compiler_ja.properties	Mon Sep 08 12:38:00 2014 -0700
@@ -1677,6 +1677,9 @@
 # 0: string
 compiler.err.static.intf.methods.not.supported.in.source=static\u30A4\u30F3\u30BF\u30D5\u30A7\u30FC\u30B9\u306F-source {0}\u3067\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u3066\u3044\u307E\u305B\u3093\n(static\u30A4\u30F3\u30BF\u30D5\u30A7\u30FC\u30B9\u3092\u4F7F\u7528\u53EF\u80FD\u306B\u3059\u308B\u306B\u306F\u3001-source 8\u4EE5\u4E0A\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044)
 
+# 0: string
+compiler.err.static.intf.method.invoke.not.supported.in.source=static\u30A4\u30F3\u30BF\u30D5\u30A7\u30FC\u30B9\u30FB\u30E1\u30BD\u30C3\u30C9\u547C\u51FA\u3057\u306F-source {0}\u3067\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u3066\u3044\u307E\u305B\u3093\n(static\u30A4\u30F3\u30BF\u30D5\u30A7\u30FC\u30B9\u30FB\u30E1\u30BD\u30C3\u30C9\u547C\u51FA\u3057\u3092\u4F7F\u7528\u53EF\u80FD\u306B\u3059\u308B\u306B\u306F\u3001-source 8\u4EE5\u4E0A\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044)
+
 ########################################
 # Diagnostics for verbose resolution
 # used by Resolve (debug only)
--- ./langtools/src/share/classes/com/sun/tools/javac/resources/compiler_zh_CN.properties	Wed Jul 30 03:55:11 2014 -0700
+++ ./langtools/src/share/classes/com/sun/tools/javac/resources/compiler_zh_CN.properties	Mon Sep 08 12:38:00 2014 -0700
@@ -1677,6 +1677,9 @@
 # 0: string
 compiler.err.static.intf.methods.not.supported.in.source=-source {0} \u4E2D\u4E0D\u652F\u6301\u9759\u6001\u63A5\u53E3\u65B9\u6CD5\n(\u8BF7\u4F7F\u7528 -source 8 \u6216\u66F4\u9AD8\u7248\u672C\u4EE5\u542F\u7528\u9759\u6001\u63A5\u53E3\u65B9\u6CD5)
 
+# 0: string
+compiler.err.static.intf.method.invoke.not.supported.in.source=-source {0} \u4E2D\u4E0D\u652F\u6301\u9759\u6001\u63A5\u53E3\u65B9\u6CD5\u8C03\u7528\n(\u8BF7\u4F7F\u7528 -source 8 \u6216\u66F4\u9AD8\u7248\u672C\u4EE5\u542F\u7528\u9759\u6001\u63A5\u53E3\u65B9\u6CD5\u8C03\u7528)
+
 ########################################
 # Diagnostics for verbose resolution
 # used by Resolve (debug only)
--- ./nashorn/.hgtags	Wed Jul 30 03:55:26 2014 -0700
+++ ./nashorn/.hgtags	Mon Sep 08 12:38:15 2014 -0700
@@ -299,3 +299,21 @@
 ad36f9454ce38d78be39fc819902e1223765ee5e jdk8u20-b23
 d3da140e179343011017669a6dbfcc52b0e56f52 jdk8u20-b24
 d3da140e179343011017669a6dbfcc52b0e56f52 jdk8u20-b25
+a23ac9db4227d78b3389e01fa94a8cb695a8fb0a jdk8u20-b26
+7001e9f95b443a75e432205a29974c05b88e0fdc jdk8u25-b00
+a9f77bd14874d5f8fdf935704dd54a0451f2bc69 jdk8u25-b01
+895e47783e2ee6823496a5ae84039a4f50311c7d jdk8u25-b02
+b84d92194c367411fcd8b5f510d4589709a8e71e jdk8u25-b03
+894ab2f06c93987f8596f5906985ff0a452f2fb2 jdk8u25-b04
+25b89ca363c41e1a1d90d7e95d5227d23e4292f3 jdk8u25-b05
+0a50d568a901700213fe40c38089748ca1d1af88 jdk8u25-b06
+25b719b33ac8f8ffb7e4353fddcda93ca6027b0d jdk8u25-b07
+0f74f65763a300cfe5f897b6b21f36d64f9d2115 jdk8u25-b08
+158837f537e45fc4664a56ad4759f8a1b30cab73 jdk8u25-b09
+7e00c05fc54b0404bf2eedda35dd38ae1ad23e50 jdk8u25-b10
+8cd6af10dd4de9e28ffe30c9107954fffd15dc99 jdk8u25-b11
+f76715cd4e902602bdbb4ba9a3774c10afeee012 jdk8u25-b12
+34c95bcacff79a5794416a8e715a8e63bfe7fc58 jdk8u25-b13
+6a93467eaa36f732b84ecd463e046c4066fef40c jdk8u25-b14
+71e8403a2f8279315419adf5f4e9d6b232b6835c jdk8u25-b15
+1500138ce513600457be6bfa10979ecce6515aa6 jdk8u25-b16