diff --git a/.hgtags-top-repo b/.hgtags-top-repo index 07b5d34491..d1eca2c831 100644 --- a/.hgtags-top-repo +++ b/.hgtags-top-repo @@ -417,9 +417,40 @@ b25838a28195f4b6dab34668411eedd2d366a16c jdk-9+169 2c25fc24103251f9711a1c280c31e1e41016d90f jdk-9+172 88d7fd969e7df0e07a53b201cfd29393ca33ede9 jdk-9+173 5466f409346e0446ee9a6daeb7f5d75c8fc76823 jdk-9+174 +023f93e511bae768203c33bb8681f82ee75014da jdk-9.0.1+00 +023f93e511bae768203c33bb8681f82ee75014da jdk-9.0.3+00 8f7227c6012b0051ea4e0bcee040c627bf699b88 jdk-9+175 84777531d994ef70163d35078ec9c4127f2eadb5 jdk-9+176 a4371edb589c60db01142e45c317adb9ccbcb083 jdk-9+177 ec4159ebe7050fcc5dcee8a2d150cf948ecc97db jdk-9+178 252475ccfd84cc249f8d6faf4b7806b5e2c384ce jdk-9+179 d2982a786f53814367698e63efe6349c9128e1db jdk-9+180 +b656dea9398ef601f7fc08d1a5157a560e0ccbe0 jdk-9+181 +d73368c690d4f1ab188cf306f4b27218e28596b6 jdk-9.0.3+1 +ede48839f34b0b74210e2e081872a3c12d5339ab jdk-9.0.3+2 +086e9950ebfa8a0239018ade61f59b7c539bacc9 jdk-9.0.3+3 +2c95bee2722f2396b709b384473c07291a7d1e4b jdk-9.0.3+4 +d24281b60e0bb6d441ec3a9440e7daa322bbc822 jdk-9.0.3+5 +489c57f8e1c0f6fa34de86f8ed8f98a809cba4a9 jdk-9.0.3+6 +9d5aca497123931d52625b3539a8549d98728622 jdk-9.0.3+7 +eaa4ea516c7f1e31c8e0faaec3ef981eb2919ae3 jdk-9.0.3+8 +a31dfd85bee9c16aac1e65dfbe81d1c5fe443c2c jdk-9.0.3+9 +9acb1002f33e257e932a188632969e45cc32e66c jdk-9.0.1+10 +9acb1002f33e257e932a188632969e45cc32e66c jdk-9.0.1+10 +0000000000000000000000000000000000000000 jdk-9.0.1+10 +0000000000000000000000000000000000000000 jdk-9.0.1+10 +5a9191c980ca3ada63b234e2b9ec6dc23bd37595 jdk-9.0.1+10 +e6edc89f5b2dc6dacd6041305e942a3f04a25ce5 jdk-9.0.1+11 +3a64fdb24a8c26e2d7d32864dad4425a9496b90d jdk-9.0.4+00 +726bf8524f7d3780518ada8648488ad4a7bfe6a2 jdk-9.0.4+1 +8055b6778ac8fc6bb165082230951cc8f146f8fd jdk-9.0.4+2 +572ea0db1d87a1d2fcc01f73ffbcfb78bd5688f4 jdk-9.0.4+3 +0053ace2e9e484fb52d00ec961e24805d0aae04a jdk-9.0.4+4 +73d63ccf56f46f258f367ed72633f0f5cc229680 jdk-9.0.4+5 +86219e4c9f8cd730bacd2f6080b6ac1dea7a0226 jdk-9.0.4+6 +9aba57f3071362ed7f2326d737506863b9d2646f jdk-9.0.4+7 +a4f0515fe6da55cfe74dec3e6e30b69c9693d133 jdk-9.0.4+8 +a4f0515fe6da55cfe74dec3e6e30b69c9693d133 jdk-9.0.4+8 +0000000000000000000000000000000000000000 jdk-9.0.4+8 +0000000000000000000000000000000000000000 jdk-9.0.4+8 +953d306b203e7d0808cb842a51e006fddc41b6c2 jdk-9.0.4+8 diff --git a/.jcheck/conf b/.jcheck/conf index 5c6f62dc12..9bd9e92741 100644 --- a/.jcheck/conf +++ b/.jcheck/conf @@ -1 +1,2 @@ project=jdk9 +bugids=dup diff --git a/common/autoconf/basics.m4 b/common/autoconf/basics.m4 index 187ad8ac16..3e2ae6b80e 100644 --- a/common/autoconf/basics.m4 +++ b/common/autoconf/basics.m4 @@ -1090,10 +1090,6 @@ AC_DEFUN_ONCE([BASIC_SETUP_COMPLEX_TOOLS], # We can build without it. LDD="true" fi - BASIC_PATH_PROGS(OTOOL, otool) - if test "x$OTOOL" = "x"; then - OTOOL="true" - fi BASIC_PATH_PROGS(READELF, [greadelf readelf]) BASIC_PATH_PROGS(DOT, dot) BASIC_PATH_PROGS(HG, hg) diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh index ab0642affe..a78526170b 100644 --- a/common/autoconf/generated-configure.sh +++ b/common/autoconf/generated-configure.sh @@ -818,6 +818,8 @@ MSBUILD DUMPBIN RC MT +INSTALL_NAME_TOOL +OTOOL LIPO ac_ct_AR AR @@ -939,7 +941,6 @@ STAT HG DOT READELF -OTOOL LDD ZIPEXE UNZIP @@ -1293,7 +1294,6 @@ MAKE UNZIP ZIPEXE LDD -OTOOL READELF DOT HG @@ -1324,6 +1324,8 @@ CXXCPP AS AR LIPO +OTOOL +INSTALL_NAME_TOOL STRIP NM GNM @@ -2261,7 +2263,6 @@ Some influential environment variables: UNZIP Override default value for UNZIP ZIPEXE Override default value for ZIPEXE LDD Override default value for LDD - OTOOL Override default value for OTOOL READELF Override default value for READELF DOT Override default value for DOT HG Override default value for HG @@ -2293,6 +2294,9 @@ Some influential environment variables: AS Override default value for AS AR Override default value for AR LIPO Override default value for LIPO + OTOOL Override default value for OTOOL + INSTALL_NAME_TOOL + Override default value for INSTALL_NAME_TOOL STRIP Override default value for STRIP NM Override default value for NM GNM Override default value for GNM @@ -5186,7 +5190,7 @@ VS_SDK_PLATFORM_NAME_2013= #CUSTOM_AUTOCONF_INCLUDE # Do not change or remove the following line, it is needed for consistency checks: -DATE_WHEN_GENERATED=1496926402 +DATE_WHEN_GENERATED=1512412485 ############################################################################### # @@ -22094,206 +22098,6 @@ $as_echo "$tool_specified" >&6; } # Publish this variable in the help. - if [ -z "${OTOOL+x}" ]; then - # The variable is not set by user, try to locate tool using the code snippet - for ac_prog in otool -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $OTOOL in - [\\/]* | ?:[\\/]*) - ac_cv_path_OTOOL="$OTOOL" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_OTOOL="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -OTOOL=$ac_cv_path_OTOOL -if test -n "$OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 -$as_echo "$OTOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$OTOOL" && break -done - - else - # The variable is set, but is it from the command line or the environment? - - # Try to remove the string !OTOOL! from our list. - try_remove_var=${CONFIGURE_OVERRIDDEN_VARIABLES//!OTOOL!/} - if test "x$try_remove_var" = "x$CONFIGURE_OVERRIDDEN_VARIABLES"; then - # If it failed, the variable was not from the command line. Ignore it, - # but warn the user (except for BASH, which is always set by the calling BASH). - if test "xOTOOL" != xBASH; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring value of OTOOL from the environment. Use command line variables instead." >&5 -$as_echo "$as_me: WARNING: Ignoring value of OTOOL from the environment. Use command line variables instead." >&2;} - fi - # Try to locate tool using the code snippet - for ac_prog in otool -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $OTOOL in - [\\/]* | ?:[\\/]*) - ac_cv_path_OTOOL="$OTOOL" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_OTOOL="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -OTOOL=$ac_cv_path_OTOOL -if test -n "$OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 -$as_echo "$OTOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$OTOOL" && break -done - - else - # If it succeeded, then it was overridden by the user. We will use it - # for the tool. - - # First remove it from the list of overridden variables, so we can test - # for unknown variables in the end. - CONFIGURE_OVERRIDDEN_VARIABLES="$try_remove_var" - - # Check if we try to supply an empty value - if test "x$OTOOL" = x; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Setting user supplied tool OTOOL= (no value)" >&5 -$as_echo "$as_me: Setting user supplied tool OTOOL= (no value)" >&6;} - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OTOOL" >&5 -$as_echo_n "checking for OTOOL... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 -$as_echo "disabled" >&6; } - else - # Check if the provided tool contains a complete path. - tool_specified="$OTOOL" - tool_basename="${tool_specified##*/}" - if test "x$tool_basename" = "x$tool_specified"; then - # A command without a complete path is provided, search $PATH. - { $as_echo "$as_me:${as_lineno-$LINENO}: Will search for user supplied tool OTOOL=$tool_basename" >&5 -$as_echo "$as_me: Will search for user supplied tool OTOOL=$tool_basename" >&6;} - # Extract the first word of "$tool_basename", so it can be a program name with args. -set dummy $tool_basename; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $OTOOL in - [\\/]* | ?:[\\/]*) - ac_cv_path_OTOOL="$OTOOL" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_OTOOL="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -OTOOL=$ac_cv_path_OTOOL -if test -n "$OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 -$as_echo "$OTOOL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test "x$OTOOL" = x; then - as_fn_error $? "User supplied tool $tool_basename could not be found" "$LINENO" 5 - fi - else - # Otherwise we believe it is a complete path. Use it as it is. - { $as_echo "$as_me:${as_lineno-$LINENO}: Will use user supplied tool OTOOL=$tool_specified" >&5 -$as_echo "$as_me: Will use user supplied tool OTOOL=$tool_specified" >&6;} - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OTOOL" >&5 -$as_echo_n "checking for OTOOL... " >&6; } - if test ! -x "$tool_specified"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } - as_fn_error $? "User supplied tool OTOOL=$tool_specified does not exist or is not executable" "$LINENO" 5 - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tool_specified" >&5 -$as_echo "$tool_specified" >&6; } - fi - fi - fi - - fi - - - if test "x$OTOOL" = "x"; then - OTOOL="true" - fi - - - # Publish this variable in the help. - - if [ -z "${READELF+x}" ]; then # The variable is not set by user, try to locate tool using the code snippet for ac_prog in greadelf readelf @@ -39301,6 +39105,986 @@ $as_echo "$as_me: Rewriting LIPO to \"$new_complete\"" >&6;} fi fi + + + + # Publish this variable in the help. + + + if [ -z "${OTOOL+x}" ]; then + # The variable is not set by user, try to locate tool using the code snippet + for ac_prog in otool +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $OTOOL in + [\\/]* | ?:[\\/]*) + ac_cv_path_OTOOL="$OTOOL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_OTOOL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +OTOOL=$ac_cv_path_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$OTOOL" && break +done + + else + # The variable is set, but is it from the command line or the environment? + + # Try to remove the string !OTOOL! from our list. + try_remove_var=${CONFIGURE_OVERRIDDEN_VARIABLES//!OTOOL!/} + if test "x$try_remove_var" = "x$CONFIGURE_OVERRIDDEN_VARIABLES"; then + # If it failed, the variable was not from the command line. Ignore it, + # but warn the user (except for BASH, which is always set by the calling BASH). + if test "xOTOOL" != xBASH; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring value of OTOOL from the environment. Use command line variables instead." >&5 +$as_echo "$as_me: WARNING: Ignoring value of OTOOL from the environment. Use command line variables instead." >&2;} + fi + # Try to locate tool using the code snippet + for ac_prog in otool +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $OTOOL in + [\\/]* | ?:[\\/]*) + ac_cv_path_OTOOL="$OTOOL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_OTOOL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +OTOOL=$ac_cv_path_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$OTOOL" && break +done + + else + # If it succeeded, then it was overridden by the user. We will use it + # for the tool. + + # First remove it from the list of overridden variables, so we can test + # for unknown variables in the end. + CONFIGURE_OVERRIDDEN_VARIABLES="$try_remove_var" + + # Check if we try to supply an empty value + if test "x$OTOOL" = x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Setting user supplied tool OTOOL= (no value)" >&5 +$as_echo "$as_me: Setting user supplied tool OTOOL= (no value)" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OTOOL" >&5 +$as_echo_n "checking for OTOOL... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +$as_echo "disabled" >&6; } + else + # Check if the provided tool contains a complete path. + tool_specified="$OTOOL" + tool_basename="${tool_specified##*/}" + if test "x$tool_basename" = "x$tool_specified"; then + # A command without a complete path is provided, search $PATH. + { $as_echo "$as_me:${as_lineno-$LINENO}: Will search for user supplied tool OTOOL=$tool_basename" >&5 +$as_echo "$as_me: Will search for user supplied tool OTOOL=$tool_basename" >&6;} + # Extract the first word of "$tool_basename", so it can be a program name with args. +set dummy $tool_basename; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $OTOOL in + [\\/]* | ?:[\\/]*) + ac_cv_path_OTOOL="$OTOOL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_OTOOL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +OTOOL=$ac_cv_path_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "x$OTOOL" = x; then + as_fn_error $? "User supplied tool $tool_basename could not be found" "$LINENO" 5 + fi + else + # Otherwise we believe it is a complete path. Use it as it is. + { $as_echo "$as_me:${as_lineno-$LINENO}: Will use user supplied tool OTOOL=$tool_specified" >&5 +$as_echo "$as_me: Will use user supplied tool OTOOL=$tool_specified" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OTOOL" >&5 +$as_echo_n "checking for OTOOL... " >&6; } + if test ! -x "$tool_specified"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + as_fn_error $? "User supplied tool OTOOL=$tool_specified does not exist or is not executable" "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tool_specified" >&5 +$as_echo "$tool_specified" >&6; } + fi + fi + fi + + fi + + + + if test "x$OTOOL" = x; then + as_fn_error $? "Could not find required tool for OTOOL" "$LINENO" 5 + fi + + + + # Only process if variable expands to non-empty + + if test "x$OTOOL" != x; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + + # First separate the path from the arguments. This will split at the first + # space. + complete="$OTOOL" + path="${complete%% *}" + tmp="$complete EOL" + arguments="${tmp#* }" + + # Input might be given as Windows format, start by converting to + # unix format. + new_path=`$CYGPATH -u "$path"` + + # Now try to locate executable using which + new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in cygwin causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path=`$CYGPATH -u "$path"` + fi + if test "x$new_path" = x; then + # Oops. Which didn't find the executable. + # The splitting of arguments from the executable at a space might have been incorrect, + # since paths with space are more likely in Windows. Give it another try with the whole + # argument. + path="$complete" + arguments="EOL" + new_path=`$CYGPATH -u "$path"` + new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in cygwin causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path=`$CYGPATH -u "$path"` + fi + if test "x$new_path" = x; then + # It's still not found. Now this is an unrecoverable error. + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of OTOOL, which resolves as \"$complete\", is not found." >&5 +$as_echo "$as_me: The path of OTOOL, which resolves as \"$complete\", is not found." >&6;} + has_space=`$ECHO "$complete" | $GREP " "` + if test "x$has_space" != x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: You might be mixing spaces in the path and extra arguments, which is not allowed." >&5 +$as_echo "$as_me: You might be mixing spaces in the path and extra arguments, which is not allowed." >&6;} + fi + as_fn_error $? "Cannot locate the the path of OTOOL" "$LINENO" 5 + fi + fi + + # Cygwin tries to hide some aspects of the Windows file system, such that binaries are + # named .exe but called without that suffix. Therefore, "foo" and "foo.exe" are considered + # the same file, most of the time (as in "test -f"). But not when running cygpath -s, then + # "foo.exe" is OK but "foo" is an error. + # + # This test is therefore slightly more accurate than "test -f" to check for file presence. + # It is also a way to make sure we got the proper file name for the real test later on. + test_shortpath=`$CYGPATH -s -m "$new_path" 2> /dev/null` + if test "x$test_shortpath" = x; then + # Short path failed, file does not exist as specified. + # Try adding .exe or .cmd + if test -f "${new_path}.exe"; then + input_to_shortpath="${new_path}.exe" + elif test -f "${new_path}.cmd"; then + input_to_shortpath="${new_path}.cmd" + else + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of OTOOL, which resolves as \"$new_path\", is invalid." >&5 +$as_echo "$as_me: The path of OTOOL, which resolves as \"$new_path\", is invalid." >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: Neither \"$new_path\" nor \"$new_path.exe/cmd\" can be found" >&5 +$as_echo "$as_me: Neither \"$new_path\" nor \"$new_path.exe/cmd\" can be found" >&6;} + as_fn_error $? "Cannot locate the the path of OTOOL" "$LINENO" 5 + fi + else + input_to_shortpath="$new_path" + fi + + # Call helper function which possibly converts this using DOS-style short mode. + # If so, the updated path is stored in $new_path. + new_path="$input_to_shortpath" + + input_path="$input_to_shortpath" + # Check if we need to convert this using DOS-style short mode. If the path + # contains just simple characters, use it. Otherwise (spaces, weird characters), + # take no chances and rewrite it. + # Note: m4 eats our [], so we need to use [ and ] instead. + has_forbidden_chars=`$ECHO "$input_path" | $GREP [^-._/a-zA-Z0-9]` + if test "x$has_forbidden_chars" != x; then + # Now convert it to mixed DOS-style, short mode (no spaces, and / instead of \) + shortmode_path=`$CYGPATH -s -m -a "$input_path"` + path_after_shortmode=`$CYGPATH -u "$shortmode_path"` + if test "x$path_after_shortmode" != "x$input_to_shortpath"; then + # Going to short mode and back again did indeed matter. Since short mode is + # case insensitive, let's make it lowercase to improve readability. + shortmode_path=`$ECHO "$shortmode_path" | $TR 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + # Now convert it back to Unix-style (cygpath) + input_path=`$CYGPATH -u "$shortmode_path"` + new_path="$input_path" + fi + fi + + test_cygdrive_prefix=`$ECHO $input_path | $GREP ^/cygdrive/` + if test "x$test_cygdrive_prefix" = x; then + # As a simple fix, exclude /usr/bin since it's not a real path. + if test "x`$ECHO $input_to_shortpath | $GREP ^/usr/bin/`" = x; then + # The path is in a Cygwin special directory (e.g. /home). We need this converted to + # a path prefixed by /cygdrive for fixpath to work. + new_path="$CYGWIN_ROOT_PATH$input_path" + fi + fi + + # remove trailing .exe if any + new_path="${new_path/%.exe/}" + + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + + # First separate the path from the arguments. This will split at the first + # space. + complete="$OTOOL" + path="${complete%% *}" + tmp="$complete EOL" + arguments="${tmp#* }" + + # Input might be given as Windows format, start by converting to + # unix format. + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + + # Now try to locate executable using which + new_path=`$WHICH "$new_path" 2> /dev/null` + + if test "x$new_path" = x; then + # Oops. Which didn't find the executable. + # The splitting of arguments from the executable at a space might have been incorrect, + # since paths with space are more likely in Windows. Give it another try with the whole + # argument. + path="$complete" + arguments="EOL" + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + + new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi + + if test "x$new_path" = x; then + # It's still not found. Now this is an unrecoverable error. + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of OTOOL, which resolves as \"$complete\", is not found." >&5 +$as_echo "$as_me: The path of OTOOL, which resolves as \"$complete\", is not found." >&6;} + has_space=`$ECHO "$complete" | $GREP " "` + if test "x$has_space" != x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: You might be mixing spaces in the path and extra arguments, which is not allowed." >&5 +$as_echo "$as_me: You might be mixing spaces in the path and extra arguments, which is not allowed." >&6;} + fi + as_fn_error $? "Cannot locate the the path of OTOOL" "$LINENO" 5 + fi + fi + + # Now new_path has a complete unix path to the binary + if test "x`$ECHO $new_path | $GREP ^/bin/`" != x; then + # Keep paths in /bin as-is, but remove trailing .exe if any + new_path="${new_path/%.exe/}" + # Do not save /bin paths to all_fixpath_prefixes! + else + # Not in mixed or Windows style, start by that. + new_path=`cmd //c echo $new_path` + + input_path="$new_path" + # Check if we need to convert this using DOS-style short mode. If the path + # contains just simple characters, use it. Otherwise (spaces, weird characters), + # take no chances and rewrite it. + # Note: m4 eats our [], so we need to use [ and ] instead. + has_forbidden_chars=`$ECHO "$input_path" | $GREP [^-_/:a-zA-Z0-9]` + if test "x$has_forbidden_chars" != x; then + # Now convert it to mixed DOS-style, short mode (no spaces, and / instead of \) + new_path=`cmd /c "for %A in (\"$input_path\") do @echo %~sA"|$TR \\\\\\\\ / | $TR 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + fi + + # Output is in $new_path + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + # remove trailing .exe if any + new_path="${new_path/%.exe/}" + + # Save the first 10 bytes of this path to the storage, so fixpath can work. + all_fixpath_prefixes=("${all_fixpath_prefixes[@]}" "${new_path:0:10}") + fi + + else + # We're on a unix platform. Hooray! :) + # First separate the path from the arguments. This will split at the first + # space. + complete="$OTOOL" + path="${complete%% *}" + tmp="$complete EOL" + arguments="${tmp#* }" + + # Cannot rely on the command "which" here since it doesn't always work. + is_absolute_path=`$ECHO "$path" | $GREP ^/` + if test -z "$is_absolute_path"; then + # Path to executable is not absolute. Find it. + IFS_save="$IFS" + IFS=: + for p in $PATH; do + if test -f "$p/$path" && test -x "$p/$path"; then + new_path="$p/$path" + break + fi + done + IFS="$IFS_save" + else + # This is an absolute path, we can use it without further modifications. + new_path="$path" + fi + + if test "x$new_path" = x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of OTOOL, which resolves as \"$complete\", is not found." >&5 +$as_echo "$as_me: The path of OTOOL, which resolves as \"$complete\", is not found." >&6;} + has_space=`$ECHO "$complete" | $GREP " "` + if test "x$has_space" != x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: This might be caused by spaces in the path, which is not allowed." >&5 +$as_echo "$as_me: This might be caused by spaces in the path, which is not allowed." >&6;} + fi + as_fn_error $? "Cannot locate the the path of OTOOL" "$LINENO" 5 + fi + fi + + # Now join together the path and the arguments once again + if test "x$arguments" != xEOL; then + new_complete="$new_path ${arguments% *}" + else + new_complete="$new_path" + fi + + if test "x$complete" != "x$new_complete"; then + OTOOL="$new_complete" + { $as_echo "$as_me:${as_lineno-$LINENO}: Rewriting OTOOL to \"$new_complete\"" >&5 +$as_echo "$as_me: Rewriting OTOOL to \"$new_complete\"" >&6;} + fi + fi + + + + + # Publish this variable in the help. + + + if [ -z "${INSTALL_NAME_TOOL+x}" ]; then + # The variable is not set by user, try to locate tool using the code snippet + for ac_prog in install_name_tool +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_INSTALL_NAME_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $INSTALL_NAME_TOOL in + [\\/]* | ?:[\\/]*) + ac_cv_path_INSTALL_NAME_TOOL="$INSTALL_NAME_TOOL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_INSTALL_NAME_TOOL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +INSTALL_NAME_TOOL=$ac_cv_path_INSTALL_NAME_TOOL +if test -n "$INSTALL_NAME_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL_NAME_TOOL" >&5 +$as_echo "$INSTALL_NAME_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$INSTALL_NAME_TOOL" && break +done + + else + # The variable is set, but is it from the command line or the environment? + + # Try to remove the string !INSTALL_NAME_TOOL! from our list. + try_remove_var=${CONFIGURE_OVERRIDDEN_VARIABLES//!INSTALL_NAME_TOOL!/} + if test "x$try_remove_var" = "x$CONFIGURE_OVERRIDDEN_VARIABLES"; then + # If it failed, the variable was not from the command line. Ignore it, + # but warn the user (except for BASH, which is always set by the calling BASH). + if test "xINSTALL_NAME_TOOL" != xBASH; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring value of INSTALL_NAME_TOOL from the environment. Use command line variables instead." >&5 +$as_echo "$as_me: WARNING: Ignoring value of INSTALL_NAME_TOOL from the environment. Use command line variables instead." >&2;} + fi + # Try to locate tool using the code snippet + for ac_prog in install_name_tool +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_INSTALL_NAME_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $INSTALL_NAME_TOOL in + [\\/]* | ?:[\\/]*) + ac_cv_path_INSTALL_NAME_TOOL="$INSTALL_NAME_TOOL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_INSTALL_NAME_TOOL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +INSTALL_NAME_TOOL=$ac_cv_path_INSTALL_NAME_TOOL +if test -n "$INSTALL_NAME_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL_NAME_TOOL" >&5 +$as_echo "$INSTALL_NAME_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$INSTALL_NAME_TOOL" && break +done + + else + # If it succeeded, then it was overridden by the user. We will use it + # for the tool. + + # First remove it from the list of overridden variables, so we can test + # for unknown variables in the end. + CONFIGURE_OVERRIDDEN_VARIABLES="$try_remove_var" + + # Check if we try to supply an empty value + if test "x$INSTALL_NAME_TOOL" = x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Setting user supplied tool INSTALL_NAME_TOOL= (no value)" >&5 +$as_echo "$as_me: Setting user supplied tool INSTALL_NAME_TOOL= (no value)" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for INSTALL_NAME_TOOL" >&5 +$as_echo_n "checking for INSTALL_NAME_TOOL... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +$as_echo "disabled" >&6; } + else + # Check if the provided tool contains a complete path. + tool_specified="$INSTALL_NAME_TOOL" + tool_basename="${tool_specified##*/}" + if test "x$tool_basename" = "x$tool_specified"; then + # A command without a complete path is provided, search $PATH. + { $as_echo "$as_me:${as_lineno-$LINENO}: Will search for user supplied tool INSTALL_NAME_TOOL=$tool_basename" >&5 +$as_echo "$as_me: Will search for user supplied tool INSTALL_NAME_TOOL=$tool_basename" >&6;} + # Extract the first word of "$tool_basename", so it can be a program name with args. +set dummy $tool_basename; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_INSTALL_NAME_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $INSTALL_NAME_TOOL in + [\\/]* | ?:[\\/]*) + ac_cv_path_INSTALL_NAME_TOOL="$INSTALL_NAME_TOOL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_INSTALL_NAME_TOOL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +INSTALL_NAME_TOOL=$ac_cv_path_INSTALL_NAME_TOOL +if test -n "$INSTALL_NAME_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL_NAME_TOOL" >&5 +$as_echo "$INSTALL_NAME_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "x$INSTALL_NAME_TOOL" = x; then + as_fn_error $? "User supplied tool $tool_basename could not be found" "$LINENO" 5 + fi + else + # Otherwise we believe it is a complete path. Use it as it is. + { $as_echo "$as_me:${as_lineno-$LINENO}: Will use user supplied tool INSTALL_NAME_TOOL=$tool_specified" >&5 +$as_echo "$as_me: Will use user supplied tool INSTALL_NAME_TOOL=$tool_specified" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for INSTALL_NAME_TOOL" >&5 +$as_echo_n "checking for INSTALL_NAME_TOOL... " >&6; } + if test ! -x "$tool_specified"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } + as_fn_error $? "User supplied tool INSTALL_NAME_TOOL=$tool_specified does not exist or is not executable" "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tool_specified" >&5 +$as_echo "$tool_specified" >&6; } + fi + fi + fi + + fi + + + + if test "x$INSTALL_NAME_TOOL" = x; then + as_fn_error $? "Could not find required tool for INSTALL_NAME_TOOL" "$LINENO" 5 + fi + + + + # Only process if variable expands to non-empty + + if test "x$INSTALL_NAME_TOOL" != x; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + + # First separate the path from the arguments. This will split at the first + # space. + complete="$INSTALL_NAME_TOOL" + path="${complete%% *}" + tmp="$complete EOL" + arguments="${tmp#* }" + + # Input might be given as Windows format, start by converting to + # unix format. + new_path=`$CYGPATH -u "$path"` + + # Now try to locate executable using which + new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in cygwin causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path=`$CYGPATH -u "$path"` + fi + if test "x$new_path" = x; then + # Oops. Which didn't find the executable. + # The splitting of arguments from the executable at a space might have been incorrect, + # since paths with space are more likely in Windows. Give it another try with the whole + # argument. + path="$complete" + arguments="EOL" + new_path=`$CYGPATH -u "$path"` + new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in cygwin causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path=`$CYGPATH -u "$path"` + fi + if test "x$new_path" = x; then + # It's still not found. Now this is an unrecoverable error. + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of INSTALL_NAME_TOOL, which resolves as \"$complete\", is not found." >&5 +$as_echo "$as_me: The path of INSTALL_NAME_TOOL, which resolves as \"$complete\", is not found." >&6;} + has_space=`$ECHO "$complete" | $GREP " "` + if test "x$has_space" != x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: You might be mixing spaces in the path and extra arguments, which is not allowed." >&5 +$as_echo "$as_me: You might be mixing spaces in the path and extra arguments, which is not allowed." >&6;} + fi + as_fn_error $? "Cannot locate the the path of INSTALL_NAME_TOOL" "$LINENO" 5 + fi + fi + + # Cygwin tries to hide some aspects of the Windows file system, such that binaries are + # named .exe but called without that suffix. Therefore, "foo" and "foo.exe" are considered + # the same file, most of the time (as in "test -f"). But not when running cygpath -s, then + # "foo.exe" is OK but "foo" is an error. + # + # This test is therefore slightly more accurate than "test -f" to check for file presence. + # It is also a way to make sure we got the proper file name for the real test later on. + test_shortpath=`$CYGPATH -s -m "$new_path" 2> /dev/null` + if test "x$test_shortpath" = x; then + # Short path failed, file does not exist as specified. + # Try adding .exe or .cmd + if test -f "${new_path}.exe"; then + input_to_shortpath="${new_path}.exe" + elif test -f "${new_path}.cmd"; then + input_to_shortpath="${new_path}.cmd" + else + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of INSTALL_NAME_TOOL, which resolves as \"$new_path\", is invalid." >&5 +$as_echo "$as_me: The path of INSTALL_NAME_TOOL, which resolves as \"$new_path\", is invalid." >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: Neither \"$new_path\" nor \"$new_path.exe/cmd\" can be found" >&5 +$as_echo "$as_me: Neither \"$new_path\" nor \"$new_path.exe/cmd\" can be found" >&6;} + as_fn_error $? "Cannot locate the the path of INSTALL_NAME_TOOL" "$LINENO" 5 + fi + else + input_to_shortpath="$new_path" + fi + + # Call helper function which possibly converts this using DOS-style short mode. + # If so, the updated path is stored in $new_path. + new_path="$input_to_shortpath" + + input_path="$input_to_shortpath" + # Check if we need to convert this using DOS-style short mode. If the path + # contains just simple characters, use it. Otherwise (spaces, weird characters), + # take no chances and rewrite it. + # Note: m4 eats our [], so we need to use [ and ] instead. + has_forbidden_chars=`$ECHO "$input_path" | $GREP [^-._/a-zA-Z0-9]` + if test "x$has_forbidden_chars" != x; then + # Now convert it to mixed DOS-style, short mode (no spaces, and / instead of \) + shortmode_path=`$CYGPATH -s -m -a "$input_path"` + path_after_shortmode=`$CYGPATH -u "$shortmode_path"` + if test "x$path_after_shortmode" != "x$input_to_shortpath"; then + # Going to short mode and back again did indeed matter. Since short mode is + # case insensitive, let's make it lowercase to improve readability. + shortmode_path=`$ECHO "$shortmode_path" | $TR 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + # Now convert it back to Unix-style (cygpath) + input_path=`$CYGPATH -u "$shortmode_path"` + new_path="$input_path" + fi + fi + + test_cygdrive_prefix=`$ECHO $input_path | $GREP ^/cygdrive/` + if test "x$test_cygdrive_prefix" = x; then + # As a simple fix, exclude /usr/bin since it's not a real path. + if test "x`$ECHO $input_to_shortpath | $GREP ^/usr/bin/`" = x; then + # The path is in a Cygwin special directory (e.g. /home). We need this converted to + # a path prefixed by /cygdrive for fixpath to work. + new_path="$CYGWIN_ROOT_PATH$input_path" + fi + fi + + # remove trailing .exe if any + new_path="${new_path/%.exe/}" + + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + + # First separate the path from the arguments. This will split at the first + # space. + complete="$INSTALL_NAME_TOOL" + path="${complete%% *}" + tmp="$complete EOL" + arguments="${tmp#* }" + + # Input might be given as Windows format, start by converting to + # unix format. + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + + # Now try to locate executable using which + new_path=`$WHICH "$new_path" 2> /dev/null` + + if test "x$new_path" = x; then + # Oops. Which didn't find the executable. + # The splitting of arguments from the executable at a space might have been incorrect, + # since paths with space are more likely in Windows. Give it another try with the whole + # argument. + path="$complete" + arguments="EOL" + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + + new_path=`$WHICH "$new_path" 2> /dev/null` + # bat and cmd files are not always considered executable in MSYS causing which + # to not find them + if test "x$new_path" = x \ + && test "x`$ECHO \"$path\" | $GREP -i -e \"\\.bat$\" -e \"\\.cmd$\"`" != x \ + && test "x`$LS \"$path\" 2>/dev/null`" != x; then + new_path="$path" + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + fi + + if test "x$new_path" = x; then + # It's still not found. Now this is an unrecoverable error. + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of INSTALL_NAME_TOOL, which resolves as \"$complete\", is not found." >&5 +$as_echo "$as_me: The path of INSTALL_NAME_TOOL, which resolves as \"$complete\", is not found." >&6;} + has_space=`$ECHO "$complete" | $GREP " "` + if test "x$has_space" != x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: You might be mixing spaces in the path and extra arguments, which is not allowed." >&5 +$as_echo "$as_me: You might be mixing spaces in the path and extra arguments, which is not allowed." >&6;} + fi + as_fn_error $? "Cannot locate the the path of INSTALL_NAME_TOOL" "$LINENO" 5 + fi + fi + + # Now new_path has a complete unix path to the binary + if test "x`$ECHO $new_path | $GREP ^/bin/`" != x; then + # Keep paths in /bin as-is, but remove trailing .exe if any + new_path="${new_path/%.exe/}" + # Do not save /bin paths to all_fixpath_prefixes! + else + # Not in mixed or Windows style, start by that. + new_path=`cmd //c echo $new_path` + + input_path="$new_path" + # Check if we need to convert this using DOS-style short mode. If the path + # contains just simple characters, use it. Otherwise (spaces, weird characters), + # take no chances and rewrite it. + # Note: m4 eats our [], so we need to use [ and ] instead. + has_forbidden_chars=`$ECHO "$input_path" | $GREP [^-_/:a-zA-Z0-9]` + if test "x$has_forbidden_chars" != x; then + # Now convert it to mixed DOS-style, short mode (no spaces, and / instead of \) + new_path=`cmd /c "for %A in (\"$input_path\") do @echo %~sA"|$TR \\\\\\\\ / | $TR 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + fi + + # Output is in $new_path + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + # remove trailing .exe if any + new_path="${new_path/%.exe/}" + + # Save the first 10 bytes of this path to the storage, so fixpath can work. + all_fixpath_prefixes=("${all_fixpath_prefixes[@]}" "${new_path:0:10}") + fi + + else + # We're on a unix platform. Hooray! :) + # First separate the path from the arguments. This will split at the first + # space. + complete="$INSTALL_NAME_TOOL" + path="${complete%% *}" + tmp="$complete EOL" + arguments="${tmp#* }" + + # Cannot rely on the command "which" here since it doesn't always work. + is_absolute_path=`$ECHO "$path" | $GREP ^/` + if test -z "$is_absolute_path"; then + # Path to executable is not absolute. Find it. + IFS_save="$IFS" + IFS=: + for p in $PATH; do + if test -f "$p/$path" && test -x "$p/$path"; then + new_path="$p/$path" + break + fi + done + IFS="$IFS_save" + else + # This is an absolute path, we can use it without further modifications. + new_path="$path" + fi + + if test "x$new_path" = x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of INSTALL_NAME_TOOL, which resolves as \"$complete\", is not found." >&5 +$as_echo "$as_me: The path of INSTALL_NAME_TOOL, which resolves as \"$complete\", is not found." >&6;} + has_space=`$ECHO "$complete" | $GREP " "` + if test "x$has_space" != x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: This might be caused by spaces in the path, which is not allowed." >&5 +$as_echo "$as_me: This might be caused by spaces in the path, which is not allowed." >&6;} + fi + as_fn_error $? "Cannot locate the the path of INSTALL_NAME_TOOL" "$LINENO" 5 + fi + fi + + # Now join together the path and the arguments once again + if test "x$arguments" != xEOL; then + new_complete="$new_path ${arguments% *}" + else + new_complete="$new_path" + fi + + if test "x$complete" != "x$new_complete"; then + INSTALL_NAME_TOOL="$new_complete" + { $as_echo "$as_me:${as_lineno-$LINENO}: Rewriting INSTALL_NAME_TOOL to \"$new_complete\"" >&5 +$as_echo "$as_me: Rewriting INSTALL_NAME_TOOL to \"$new_complete\"" >&6;} + fi + fi + fi if test "x$TOOLCHAIN_TYPE" = xmicrosoft; then @@ -63659,17 +64443,18 @@ $as_echo_n "checking if we should bundle freetype... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BUNDLE_FREETYPE" >&5 $as_echo "$BUNDLE_FREETYPE" >&6; } - fi # end freetype needed - - FREETYPE_LICENSE="" - if test "x$with_freetype_license" = "xyes"; then - as_fn_error $? "--with-freetype-license must have a value" "$LINENO" 5 - elif test "x$with_freetype_license" != "x"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for freetype license" >&5 + if test "x$BUNDLE_FREETYPE" = xyes; then + FREETYPE_LICENSE="" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for freetype license" >&5 $as_echo_n "checking for freetype license... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_freetype_license" >&5 + if test "x$with_freetype_license" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "--with-freetype-license must have a value" "$LINENO" 5 + elif test "x$with_freetype_license" != "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_freetype_license" >&5 $as_echo "$with_freetype_license" >&6; } - FREETYPE_LICENSE="$with_freetype_license" + FREETYPE_LICENSE="$with_freetype_license" # Only process if variable expands to non-empty @@ -63802,11 +64587,155 @@ $as_echo "$as_me: The path of FREETYPE_LICENSE, which resolves as \"$path\", is fi fi - if test ! -f "$FREETYPE_LICENSE"; then - as_fn_error $? "$FREETYPE_LICENSE cannot be found" "$LINENO" 5 + if test ! -f "$FREETYPE_LICENSE"; then + as_fn_error $? "$FREETYPE_LICENSE cannot be found" "$LINENO" 5 + fi + else + if test "x$with_freetype" != "x" && test -f $with_freetype/freetype.md; then + FREETYPE_LICENSE="$with_freetype/freetype.md" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FREETYPE_LICENSE" >&5 +$as_echo "$FREETYPE_LICENSE" >&6; } + + # Only process if variable expands to non-empty + + if test "x$FREETYPE_LICENSE" != x; then + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + + # Input might be given as Windows format, start by converting to + # unix format. + path="$FREETYPE_LICENSE" + new_path=`$CYGPATH -u "$path"` + + # Cygwin tries to hide some aspects of the Windows file system, such that binaries are + # named .exe but called without that suffix. Therefore, "foo" and "foo.exe" are considered + # the same file, most of the time (as in "test -f"). But not when running cygpath -s, then + # "foo.exe" is OK but "foo" is an error. + # + # This test is therefore slightly more accurate than "test -f" to check for file precense. + # It is also a way to make sure we got the proper file name for the real test later on. + test_shortpath=`$CYGPATH -s -m "$new_path" 2> /dev/null` + if test "x$test_shortpath" = x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of FREETYPE_LICENSE, which resolves as \"$path\", is invalid." >&5 +$as_echo "$as_me: The path of FREETYPE_LICENSE, which resolves as \"$path\", is invalid." >&6;} + as_fn_error $? "Cannot locate the the path of FREETYPE_LICENSE" "$LINENO" 5 + fi + + # Call helper function which possibly converts this using DOS-style short mode. + # If so, the updated path is stored in $new_path. + + input_path="$new_path" + # Check if we need to convert this using DOS-style short mode. If the path + # contains just simple characters, use it. Otherwise (spaces, weird characters), + # take no chances and rewrite it. + # Note: m4 eats our [], so we need to use [ and ] instead. + has_forbidden_chars=`$ECHO "$input_path" | $GREP [^-._/a-zA-Z0-9]` + if test "x$has_forbidden_chars" != x; then + # Now convert it to mixed DOS-style, short mode (no spaces, and / instead of \) + shortmode_path=`$CYGPATH -s -m -a "$input_path"` + path_after_shortmode=`$CYGPATH -u "$shortmode_path"` + if test "x$path_after_shortmode" != "x$input_to_shortpath"; then + # Going to short mode and back again did indeed matter. Since short mode is + # case insensitive, let's make it lowercase to improve readability. + shortmode_path=`$ECHO "$shortmode_path" | $TR 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + # Now convert it back to Unix-style (cygpath) + input_path=`$CYGPATH -u "$shortmode_path"` + new_path="$input_path" fi fi + test_cygdrive_prefix=`$ECHO $input_path | $GREP ^/cygdrive/` + if test "x$test_cygdrive_prefix" = x; then + # As a simple fix, exclude /usr/bin since it's not a real path. + if test "x`$ECHO $new_path | $GREP ^/usr/bin/`" = x; then + # The path is in a Cygwin special directory (e.g. /home). We need this converted to + # a path prefixed by /cygdrive for fixpath to work. + new_path="$CYGWIN_ROOT_PATH$input_path" + fi + fi + + + if test "x$path" != "x$new_path"; then + FREETYPE_LICENSE="$new_path" + { $as_echo "$as_me:${as_lineno-$LINENO}: Rewriting FREETYPE_LICENSE to \"$new_path\"" >&5 +$as_echo "$as_me: Rewriting FREETYPE_LICENSE to \"$new_path\"" >&6;} + fi + + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + + path="$FREETYPE_LICENSE" + has_colon=`$ECHO $path | $GREP ^.:` + new_path="$path" + if test "x$has_colon" = x; then + # Not in mixed or Windows style, start by that. + new_path=`cmd //c echo $path` + fi + + + input_path="$new_path" + # Check if we need to convert this using DOS-style short mode. If the path + # contains just simple characters, use it. Otherwise (spaces, weird characters), + # take no chances and rewrite it. + # Note: m4 eats our [], so we need to use [ and ] instead. + has_forbidden_chars=`$ECHO "$input_path" | $GREP [^-_/:a-zA-Z0-9]` + if test "x$has_forbidden_chars" != x; then + # Now convert it to mixed DOS-style, short mode (no spaces, and / instead of \) + new_path=`cmd /c "for %A in (\"$input_path\") do @echo %~sA"|$TR \\\\\\\\ / | $TR 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + fi + + + windows_path="$new_path" + if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then + unix_path=`$CYGPATH -u "$windows_path"` + new_path="$unix_path" + elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then + unix_path=`$ECHO "$windows_path" | $SED -e 's,^\\(.\\):,/\\1,g' -e 's,\\\\,/,g'` + new_path="$unix_path" + fi + + if test "x$path" != "x$new_path"; then + FREETYPE_LICENSE="$new_path" + { $as_echo "$as_me:${as_lineno-$LINENO}: Rewriting FREETYPE_LICENSE to \"$new_path\"" >&5 +$as_echo "$as_me: Rewriting FREETYPE_LICENSE to \"$new_path\"" >&6;} + fi + + # Save the first 10 bytes of this path to the storage, so fixpath can work. + all_fixpath_prefixes=("${all_fixpath_prefixes[@]}" "${new_path:0:10}") + + else + # We're on a unix platform. Hooray! :) + path="$FREETYPE_LICENSE" + has_space=`$ECHO "$path" | $GREP " "` + if test "x$has_space" != x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: The path of FREETYPE_LICENSE, which resolves as \"$path\", is invalid." >&5 +$as_echo "$as_me: The path of FREETYPE_LICENSE, which resolves as \"$path\", is invalid." >&6;} + as_fn_error $? "Spaces are not allowed in this path." "$LINENO" 5 + fi + + # Use eval to expand a potential ~ + eval path="$path" + if test ! -f "$path" && test ! -d "$path"; then + as_fn_error $? "The path of FREETYPE_LICENSE, which resolves as \"$path\", is not found." "$LINENO" 5 + fi + + if test -d "$path"; then + FREETYPE_LICENSE="`cd "$path"; $THEPWDCMD -L`" + else + dir="`$DIRNAME "$path"`" + base="`$BASENAME "$path"`" + FREETYPE_LICENSE="`cd "$dir"; $THEPWDCMD -L`/$base" + fi + fi + fi + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + fi + fi + + fi # end freetype needed + diff --git a/common/autoconf/lib-freetype.m4 b/common/autoconf/lib-freetype.m4 index 17dd726e54..8169928bee 100644 --- a/common/autoconf/lib-freetype.m4 +++ b/common/autoconf/lib-freetype.m4 @@ -443,20 +443,31 @@ AC_DEFUN_ONCE([LIB_SETUP_FREETYPE], fi AC_MSG_RESULT([$BUNDLE_FREETYPE]) - fi # end freetype needed - - FREETYPE_LICENSE="" - if test "x$with_freetype_license" = "xyes"; then - AC_MSG_ERROR([--with-freetype-license must have a value]) - elif test "x$with_freetype_license" != "x"; then - AC_MSG_CHECKING([for freetype license]) - AC_MSG_RESULT([$with_freetype_license]) - FREETYPE_LICENSE="$with_freetype_license" - BASIC_FIXUP_PATH(FREETYPE_LICENSE) - if test ! -f "$FREETYPE_LICENSE"; then - AC_MSG_ERROR([$FREETYPE_LICENSE cannot be found]) + if test "x$BUNDLE_FREETYPE" = xyes; then + FREETYPE_LICENSE="" + AC_MSG_CHECKING([for freetype license]) + if test "x$with_freetype_license" = "xyes"; then + AC_MSG_RESULT([no]) + AC_MSG_ERROR([--with-freetype-license must have a value]) + elif test "x$with_freetype_license" != "x"; then + AC_MSG_RESULT([$with_freetype_license]) + FREETYPE_LICENSE="$with_freetype_license" + BASIC_FIXUP_PATH(FREETYPE_LICENSE) + if test ! -f "$FREETYPE_LICENSE"; then + AC_MSG_ERROR([$FREETYPE_LICENSE cannot be found]) + fi + else + if test "x$with_freetype" != "x" && test -f $with_freetype/freetype.md; then + FREETYPE_LICENSE="$with_freetype/freetype.md" + AC_MSG_RESULT([$FREETYPE_LICENSE]) + BASIC_FIXUP_PATH(FREETYPE_LICENSE) + else + AC_MSG_RESULT([no]) + fi + fi fi - fi + + fi # end freetype needed AC_SUBST(FREETYPE_BUNDLE_LIB_PATH) AC_SUBST(FREETYPE_CFLAGS) diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in index 877ede9d9b..aa86532e2f 100644 --- a/common/autoconf/spec.gmk.in +++ b/common/autoconf/spec.gmk.in @@ -483,6 +483,7 @@ GNM:=@GNM@ STRIP:=@STRIP@ LIPO:=@LIPO@ +INSTALL_NAME_TOOL:=@INSTALL_NAME_TOOL@ # Options to linker to specify a mapfile. # (Note absence of := assignment, because we do not want to evaluate the macro body here) diff --git a/common/autoconf/toolchain.m4 b/common/autoconf/toolchain.m4 index fca9b065aa..6af26625e0 100644 --- a/common/autoconf/toolchain.m4 +++ b/common/autoconf/toolchain.m4 @@ -628,6 +628,10 @@ AC_DEFUN_ONCE([TOOLCHAIN_DETECT_TOOLCHAIN_EXTRA], if test "x$OPENJDK_TARGET_OS" = "xmacosx"; then BASIC_PATH_PROGS(LIPO, lipo) BASIC_FIXUP_EXECUTABLE(LIPO) + BASIC_REQUIRE_PROGS(OTOOL, otool) + BASIC_FIXUP_EXECUTABLE(OTOOL) + BASIC_REQUIRE_PROGS(INSTALL_NAME_TOOL, install_name_tool) + BASIC_FIXUP_EXECUTABLE(INSTALL_NAME_TOOL) fi if test "x$TOOLCHAIN_TYPE" = xmicrosoft; then diff --git a/common/autoconf/version-numbers b/common/autoconf/version-numbers index 4cb5467118..84a962fa81 100644 --- a/common/autoconf/version-numbers +++ b/common/autoconf/version-numbers @@ -1,5 +1,5 @@ # -# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -27,7 +27,7 @@ DEFAULT_VERSION_MAJOR=9 DEFAULT_VERSION_MINOR=0 -DEFAULT_VERSION_SECURITY=0 +DEFAULT_VERSION_SECURITY=4 DEFAULT_VERSION_PATCH=0 LAUNCHER_NAME=openjdk diff --git a/common/conf/jib-profiles.js b/common/conf/jib-profiles.js index 54ccfcecd5..0987f2a1b5 100644 --- a/common/conf/jib-profiles.js +++ b/common/conf/jib-profiles.js @@ -387,7 +387,7 @@ var getJibProfilesCommon = function (input, data) { // on such hardware. if (input.build_cpu == "sparcv9") { var cpu_brand = $EXEC("bash -c \"kstat -m cpu_info | grep brand | head -n1 | awk '{ print \$2 }'\""); - if (cpu_brand.trim().match('SPARC-.7')) { + if (cpu_brand.trim().match('SPARC-.[78]')) { boot_jdk_revision = "8u20"; boot_jdk_subdirpart = "1.8.0_20"; } @@ -435,7 +435,7 @@ var getJibProfilesProfiles = function (input, common, data) { "macosx-x64": { target_os: "macosx", target_cpu: "x64", - dependencies: ["devkit"], + dependencies: ["devkit", "freetype"], configure_args: concat(common.configure_args_64bit, "--with-zlib=system"), }, @@ -728,9 +728,9 @@ var getJibProfilesProfiles = function (input, common, data) { jdk: { local: "bundles/\\(jdk.*bin.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/linux-x64/jdk-" + data.version + "bundles/openjdk/GPL/linux-x64/openjdk-" + data.version + "_linux-x64_bin.tar.gz", - "bundles/openjdk/GPL/linux-x64/\\1" + "bundles/openjdk/GPL/linux-x64/open\\1" ], subdir: "jdk-" + data.version }, @@ -741,17 +741,17 @@ var getJibProfilesProfiles = function (input, common, data) { test: { local: "bundles/\\(jdk.*bin-tests.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/linux-x64/jdk-" + data.version + "bundles/openjdk/GPL/linux-x64/openjdk-" + data.version + "_linux-x64_bin-tests.tar.gz", - "bundles/openjdk/GPL/linux-x64/\\1" + "bundles/openjdk/GPL/linux-x64/open\\1" ] }, jdk_symbols: { local: "bundles/\\(jdk.*bin-symbols.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/linux-x64/jdk-" + data.version + "bundles/openjdk/GPL/linux-x64/openjdk-" + data.version + "_linux-x64_bin-symbols.tar.gz", - "bundles/openjdk/GPL/linux-x64/\\1" + "bundles/openjdk/GPL/linux-x64/open\\1" ], subdir: "jdk-" + data.version }, @@ -771,27 +771,27 @@ var getJibProfilesProfiles = function (input, common, data) { jdk: { local: "bundles/\\(jdk.*bin.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/linux-x86/jdk-" + data.version + "bundles/openjdk/GPL/linux-x86/openjdk-" + data.version + "_linux-x86_bin.tar.gz", - "bundles/openjdk/GPL/linux-x86/\\1" + "bundles/openjdk/GPL/linux-x86/open\\1" ], subdir: "jdk-" + data.version }, jdk_symbols: { local: "bundles/\\(jdk.*bin-symbols.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/linux-x86/jdk-" + data.version + "bundles/openjdk/GPL/linux-x86/openjdk-" + data.version + "_linux-x86_bin-symbols.tar.gz", - "bundles/openjdk/GPL/linux-x86/\\1" + "bundles/openjdk/GPL/linux-x86/open\\1" ], subdir: "jdk-" + data.version }, test: { local: "bundles/\\(jdk.*bin-tests.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/linux-x86/jdk-" + data.version + "bundles/openjdk/GPL/linux-x86/openjdk-" + data.version + "_linux-x86_bin-tests.tar.gz", - "bundles/openjdk/GPL/linux-x86/\\1" + "bundles/openjdk/GPL/linux-x86/open\\1" ] }, jre: { @@ -814,41 +814,84 @@ var getJibProfilesProfiles = function (input, common, data) { } }, - "windows-x86-open": { + "macosx-x64-open": { artifacts: { jdk: { local: "bundles/\\(jdk.*bin.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/windows-x86/jdk-" + data.version - + "_windows-x86_bin.tar.gz", - "bundles/openjdk/GPL/windows-x86/\\1" + "bundles/openjdk/GPL/osx-x64/openjdk-" + data.version + + "_osx-x64_bin.tar.gz", + "bundles/openjdk/GPL/osx-x64/open\\1" ], subdir: "jdk-" + data.version }, jre: { local: "bundles/\\(jre.*bin.tar.gz\\)", - remote: "bundles/openjdk/GPL/windows-x86/\\1" + remote: "bundles/openjdk/GPL/osx-x64/\\1", }, test: { local: "bundles/\\(jdk.*bin-tests.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/windows-x86/jdk-" + data.version - + "_windows-x86_bin-tests.tar.gz", - "bundles/openjdk/GPL/windows-x86/\\1" + "bundles/openjdk/GPL/osx-x64/openjdk-" + data.version + + "_osx-x64_bin-tests.tar.gz", + "bundles/openjdk/GPL/osx-x64/open\\1" ] }, jdk_symbols: { local: "bundles/\\(jdk.*bin-symbols.tar.gz\\)", remote: [ - "bundles/openjdk/GPL/windows-x86/jdk-" + data.version - + "_windows-x86_bin-symbols.tar.gz", - "bundles/openjdk/GPL/windows-x86/\\1" + "bundles/openjdk/GPL/osx-x64/openjdk-" + data.version + + "_osx-x64_bin-symbols.tar.gz", + "bundles/openjdk/GPL/osx-x64/open\\1" ], subdir: "jdk-" + data.version }, jre_symbols: { local: "bundles/\\(jre.*bin-symbols.tar.gz\\)", - remote: "bundles/openjdk/GPL/windows-x86/\\1", + remote: "bundles/openjdk/GPL/osx-x64/\\1", + }, + doc_api_spec: { + local: "bundles/\\(jdk.*doc-api-spec.tar.gz\\)", + remote: "bundles/openjdk/GPL/osx-x64/\\1", + }, + } + }, + + "windows-x64-open": { + artifacts: { + jdk: { + local: "bundles/\\(jdk.*bin.tar.gz\\)", + remote: [ + "bundles/openjdk/GPL/windows-x64/openjdk-" + data.version + + "_windows-x64_bin.tar.gz", + "bundles/openjdk/GPL/windows-x64/open\\1" + ], + subdir: "jdk-" + data.version + }, + jre: { + local: "bundles/\\(jre.*bin.tar.gz\\)", + remote: "bundles/openjdk/GPL/windows-x64/\\1" + }, + test: { + local: "bundles/\\(jdk.*bin-tests.tar.gz\\)", + remote: [ + "bundles/openjdk/GPL/windows-x64/openjdk-" + data.version + + "_windows-x64_bin-tests.tar.gz", + "bundles/openjdk/GPL/windows-x64/open\\1" + ] + }, + jdk_symbols: { + local: "bundles/\\(jdk.*bin-symbols.tar.gz\\)", + remote: [ + "bundles/openjdk/GPL/windows-x64/openjdk-" + data.version + + "_windows-x64_bin-symbols.tar.gz", + "bundles/openjdk/GPL/windows-x64/open\\1" + ], + subdir: "jdk-" + data.version + }, + jre_symbols: { + local: "bundles/\\(jre.*bin-symbols.tar.gz\\)", + remote: "bundles/openjdk/GPL/windows-x64/\\1", } } }, @@ -880,10 +923,11 @@ var getJibProfilesProfiles = function (input, common, data) { profiles["linux-x64-ri"] = clone(profiles["linux-x64-open"]); profiles["linux-x86-ri"] = clone(profiles["linux-x86-open"]); profiles["linux-x86-ri-debug"] = clone(profiles["linux-x86-open-debug"]); - profiles["windows-x86-ri"] = clone(profiles["windows-x86-open"]); + profiles["macosx-x64-ri"] = clone(profiles["macosx-x64-open"]); + profiles["windows-x64-ri"] = clone(profiles["windows-x64-open"]); // Generate artifacts for ri profiles - [ "linux-x64-ri", "linux-x86-ri", "linux-x86-ri-debug", "windows-x86-ri" ] + [ "linux-x64-ri", "linux-x86-ri", "linux-x86-ri-debug", "macosx-x64-ri", "windows-x64-ri" ] .forEach(function (name) { // Rewrite all remote dirs to "bundles/openjdk/BCL/..." for (artifactName in profiles[name].artifacts) { @@ -893,16 +937,6 @@ var getJibProfilesProfiles = function (input, common, data) { } }); - // The windows ri profile needs to add the freetype license file - profilesRiFreetype = { - "windows-x86-ri": { - configure_args: "--with-freetype-license=" - + input.get("freetype", "install_path") - + "/freetype-2.7.1-v120-x86/freetype.md" - } - }; - profiles = concatObjects(profiles, profilesRiFreetype); - // Generate the missing platform attributes profiles = generatePlatformAttributes(profiles); profiles = generateDefaultMakeTargetsConfigureArg(common, profiles); @@ -934,6 +968,12 @@ var getJibProfilesDependencies = function (input, common) { ? input.target_os + "_x64" : input.target_platform); + var freetype_version = { + windows_x64: "2.7.1-v120+1.1", + windows_x86: "2.7.1-v120+1.1", + macosx_x64: "2.7.1-Xcode6.3-MacOSX10.9+1.0" + }[input.target_platform]; + var dependencies = { boot_jdk: { @@ -998,7 +1038,7 @@ var getJibProfilesDependencies = function (input, common) { freetype: { organization: common.organization, ext: "tar.gz", - revision: "2.7.1-v120+1.0", + revision: freetype_version, module: "freetype-" + input.target_platform }, @@ -1200,7 +1240,8 @@ var versionArgs = function(input, common) { if (input.build_type == "promoted") { args = concat(args, // This needs to be changed when we start building release candidates - "--with-version-pre=ea", + // 'ea' for EA builds and empty value for 'fcs' + "--with-version-pre=", "--without-version-opt"); } else { args = concat(args, "--with-version-opt=" + common.build_id); diff --git a/corba/.hgtags b/corba/.hgtags index 688de6cbf1..6a472bbfe7 100644 --- a/corba/.hgtags +++ b/corba/.hgtags @@ -417,9 +417,32 @@ c62e5964cfcf144d8f72e9ba69757897785349a9 jdk-9+171 95ed14547ca9246baed34f90ef3ca13217538a8c jdk-9+172 534ba4f8cfcf12accc5b9adb943103f2ff79fe16 jdk-9+173 3615768c12904e29bb2ec1b506cd4633cd8a9ced jdk-9+174 +6a33ed67219134933d276bd7575a84511a48c384 jdk-9.0.1+00 +6a33ed67219134933d276bd7575a84511a48c384 jdk-9.0.3+00 dc78a3dd6b3a4f11cdae8a3e3d160e6a78bc7838 jdk-9+175 40fb9f229471ef357d493813d34b15afcce9f32b jdk-9+176 c72e9d3823f04cb3ef3166646dfea9e4c2769133 jdk-9+177 9c1e9712648921ae389d623042d22561fad82d75 jdk-9+178 24390da83c5ee9e23ceafbcaff4460a01e37bb3a jdk-9+179 6ce6cb8ff41c71c49f23b15e0f0468aca5d52b17 jdk-9+180 +ba71941ad9dba53b8fffb30602ef673eee88696c jdk-9+181 +53ba069e7f46ad62c8db049be90a2974dfc638e0 jdk-9.0.3+1 +862693aa58490d65f1050d8d6b49d1abb40433b8 jdk-9.0.3+2 +34504835797ff6c671720590636b65395d392e9e jdk-9.0.3+3 +9d0501a9354d061b7e17a306dc0acc4676024c25 jdk-9.0.3+4 +23f00502db730453c28633bc62071030ae1f28c5 jdk-9.0.3+5 +db0ea99e2418dd88160c1c480c4c1525a5c0c993 jdk-9.0.3+6 +6189293024ef2e419b54392b37ad14e8b8670ab9 jdk-9.0.3+7 +b69fd398311af4f5d2b67b27c0bfa5622f971ec1 jdk-9.0.3+8 +e81a65e5771c0e9e524ff310c098e042cf381e8f jdk-9.0.3+9 +97fad1859593b8f8b445d170f412870bf0aceff4 jdk-9.0.1+10 +f67e7e2c01929cfe7a1a3cb2f4b279c1d4fee120 jdk-9.0.1+11 +0876f7e30c48b7cc0b3c15fcd3860522b1f4ae38 jdk-9.0.4+00 +03683a1b2e25231ea6305c91cae4cf83d01738f0 jdk-9.0.4+1 +bcb2300e20962172f7b94ba422d3e634d4f2c62c jdk-9.0.4+2 +7e5bd44ac820cfb3ccceaf1c2e72d3701a625946 jdk-9.0.4+3 +37249aa145988b06ec51b490e0d3d343f8faf660 jdk-9.0.4+4 +ec450e8c90c53c4e4cd35468a038123ca4fe0129 jdk-9.0.4+5 +7582f72a39b79c6206cdd7e0ccdfaa1ab342b040 jdk-9.0.4+6 +8d2b147370b7a6ed585f1b168fe3475a6e16cb5f jdk-9.0.4+7 +019e9e48d195e2aad4373e4301b068800f2ae5e6 jdk-9.0.4+8 diff --git a/corba/.jcheck/conf b/corba/.jcheck/conf index 5c6f62dc12..9bd9e92741 100644 --- a/corba/.jcheck/conf +++ b/corba/.jcheck/conf @@ -1 +1,2 @@ project=jdk9 +bugids=dup diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/BufferManagerWriteGrow.java b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/BufferManagerWriteGrow.java index 1ede700817..33b94c57cd 100644 --- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/BufferManagerWriteGrow.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/BufferManagerWriteGrow.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,11 +26,13 @@ package com.sun.corba.se.impl.encoding; import com.sun.corba.se.impl.orbutil.ORBConstants; +import com.sun.corba.se.impl.orbutil.ORBUtility; import com.sun.corba.se.impl.encoding.ByteBufferWithInfo; import com.sun.corba.se.impl.encoding.BufferManagerWrite; import com.sun.corba.se.pept.encoding.OutputObject; import com.sun.corba.se.pept.transport.Connection; import com.sun.corba.se.spi.orb.ORB; +import com.sun.corba.se.spi.orb.ORBData; public class BufferManagerWriteGrow extends BufferManagerWrite { @@ -48,7 +50,20 @@ public class BufferManagerWriteGrow extends BufferManagerWrite * buffer manager as set in the ORB. */ public int getBufferSize() { - return orb.getORBData().getGIOPBufferSize(); + ORBData orbData = null; + int bufferSize = ORBConstants.GIOP_DEFAULT_BUFFER_SIZE; + if (orb != null) { + orbData = orb.getORBData(); + if (orbData != null) { + bufferSize = orbData.getGIOPBufferSize(); + dprint("BufferManagerWriteGrow.getBufferSize: bufferSize == " + bufferSize); + } else { + dprint("BufferManagerWriteGrow.getBufferSize: orbData reference is NULL"); + } + } else { + dprint("BufferManagerWriteGrow.getBufferSize: orb reference is NULL"); + } + return bufferSize; } public void overflow (ByteBufferWithInfo bbwi) @@ -89,4 +104,9 @@ public class BufferManagerWriteGrow extends BufferManagerWrite */ public void close() {} + private void dprint(String msg) { + if (orb.transportDebugFlag) { + ORBUtility.dprint(this, msg); +} + } } diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/CDRInputStream_1_0.java b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/CDRInputStream_1_0.java index a00d66cb5b..81a81df2ac 100644 --- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/CDRInputStream_1_0.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/CDRInputStream_1_0.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -725,12 +725,14 @@ public class CDRInputStream_1_0 extends CDRInputStreamBase // IDLEntity.class.isAssignableFrom( clz ). // 3. If clz is an interface, use it to create the appropriate // stub factory. + public org.omg.CORBA.Object read_Object(Class clz) { // In any case, we must first read the IOR. IOR ior = IORFactories.makeIOR(parent) ; - if (ior.isNil()) + if (ior.isNil()) { return null ; + } PresentationManager.StubFactoryFactory sff = ORB.getStubFactoryFactory() ; String codeBase = ior.getProfile().getCodebase() ; @@ -739,6 +741,7 @@ public class CDRInputStream_1_0 extends CDRInputStreamBase if (clz == null) { RepositoryId rid = RepositoryId.cache.getId( ior.getTypeId() ) ; String className = rid.getClassName() ; + orb.validateIORClass(className); boolean isIDLInterface = rid.isIDLType() ; if (className == null || className.equals( "" )) @@ -761,11 +764,9 @@ public class CDRInputStream_1_0 extends CDRInputStreamBase } else { // clz is an interface class boolean isIDL = IDLEntity.class.isAssignableFrom( clz ) ; - stubFactory = sff.createStubFactory( clz.getName(), isIDL, codeBase, clz, clz.getClassLoader() ) ; } - return internalIORToObject( ior, stubFactory, orb ) ; } diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java index b875d25cb3..62c0a62a22 100644 --- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java @@ -38,7 +38,10 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.DigestOutputStream; import java.security.AccessController; +import java.security.PermissionCollection; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.lang.reflect.Modifier; import java.lang.reflect.Field; @@ -57,6 +60,8 @@ import java.io.Serializable; import java.util.Arrays; import java.util.Comparator; +import java.util.HashSet; +import java.util.Set; import com.sun.corba.se.impl.util.RepositoryId; @@ -443,6 +448,65 @@ public class ObjectStreamClass implements java.io.Serializable { private static final PersistentFieldsValue persistentFieldsValue = new PersistentFieldsValue(); + /** + * Creates a PermissionDomain that grants no permission. + */ + private ProtectionDomain noPermissionsDomain() { + PermissionCollection perms = new Permissions(); + perms.setReadOnly(); + return new ProtectionDomain(null, perms); + } + + /** + * Aggregate the ProtectionDomains of all the classes that separate + * a concrete class {@code cl} from its ancestor's class declaring + * a constructor {@code cons}. + * + * If {@code cl} is defined by the boot loader, or the constructor + * {@code cons} is declared by {@code cl}, or if there is no security + * manager, then this method does nothing and {@code null} is returned. + * + * @param cons A constructor declared by {@code cl} or one of its + * ancestors. + * @param cl A concrete class, which is either the class declaring + * the constructor {@code cons}, or a serializable subclass + * of that class. + * @return An array of ProtectionDomain representing the set of + * ProtectionDomain that separate the concrete class {@code cl} + * from its ancestor's declaring {@code cons}, or {@code null}. + */ + private ProtectionDomain[] getProtectionDomains(Constructor cons, + Class cl) { + ProtectionDomain[] domains = null; + if (cons != null && cl.getClassLoader() != null + && System.getSecurityManager() != null) { + Class cls = cl; + Class fnscl = cons.getDeclaringClass(); + Set pds = null; + while (cls != fnscl) { + ProtectionDomain pd = cls.getProtectionDomain(); + if (pd != null) { + if (pds == null) pds = new HashSet<>(); + pds.add(pd); + } + cls = cls.getSuperclass(); + if (cls == null) { + // that's not supposed to happen + // make a ProtectionDomain with no permission. + // should we throw instead? + if (pds == null) pds = new HashSet<>(); + else pds.clear(); + pds.add(noPermissionsDomain()); + break; + } + } + if (pds != null) { + domains = pds.toArray(new ProtectionDomain[0]); + } + } + return domains; + } + /* * Initialize class descriptor. This method is only invoked on class * descriptors created via calls to lookupInternal(). This method is kept @@ -568,11 +632,15 @@ public class ObjectStreamClass implements java.io.Serializable { readResolveObjectMethod = bridge.readResolveForSerialization(cl); + domains = new ProtectionDomain[] {noPermissionsDomain()}; + if (externalizable) cons = getExternalizableConstructor(cl) ; else cons = getSerializableConstructor(cl) ; + domains = getProtectionDomains(cons, cl); + if (serializable && !forProxyClass) { writeObjectMethod = bridge.writeObjectForSerialization(cl) ; readObjectMethod = bridge.readObjectForSerialization(cl); @@ -910,7 +978,7 @@ public class ObjectStreamClass implements java.io.Serializable { { if (cons != null) { try { - return cons.newInstance(); + return bridge.newInstanceForSerialization(cons, domains); } catch (IllegalAccessException ex) { // should not occur, as access checks have been suppressed InternalError ie = new InternalError(); @@ -1506,6 +1574,7 @@ public class ObjectStreamClass implements java.io.Serializable { private transient MethodHandle writeReplaceObjectMethod; private transient MethodHandle readResolveObjectMethod; private transient Constructor cons; + private transient ProtectionDomain[] domains; /** * Beginning in Java to IDL ptc/02-01-12, RMI-IIOP has a diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/ior/IORTypeCheckRegistryImpl.java b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/ior/IORTypeCheckRegistryImpl.java new file mode 100644 index 0000000000..dd699eaa2b --- /dev/null +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/ior/IORTypeCheckRegistryImpl.java @@ -0,0 +1,179 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package com.sun.corba.se.impl.ior; + +import java.util.Set; + +import com.sun.corba.se.impl.orbutil.ORBUtility; +import com.sun.corba.se.spi.ior.IORTypeCheckRegistry; +import com.sun.corba.se.spi.orb.ORB; + +public class IORTypeCheckRegistryImpl implements IORTypeCheckRegistry { + + private final Set iorTypeNames; + private static final Set builtinIorTypeNames; + private ORB theOrb; + + static { + builtinIorTypeNames = initBuiltinIorTypeNames(); + } + + public IORTypeCheckRegistryImpl( String filterProperties, ORB orb) { + theOrb = orb; + iorTypeNames = parseIorClassNameList(filterProperties); + } + + /* + * + * A note on the validation flow: + * 1. against the filter class name list + * 2. against the builtin class name list + */ + + @Override + public boolean isValidIORType(String iorClassName) { + dprintTransport(".isValidIORType : iorClassName == " + iorClassName); + return validateIorTypeByName(iorClassName); + } + + + private boolean validateIorTypeByName(String iorClassName) { + dprintTransport(".validateIorTypeByName : iorClassName == " + iorClassName); + boolean isValidType; + + isValidType = checkIorTypeNames(iorClassName); + + if (!isValidType) { + isValidType = checkBuiltinClassNames(iorClassName); + } + + dprintTransport(".validateIorTypeByName : isValidType == " + isValidType); + return isValidType; + } + + + /* + * check if the class name corresponding to an IOR Type name + * is in the ior class name list as generated from the filter property. + * So if the IOR type is recorded in the registry then allow the creation of the + * stub factory and let it resolve and load the class. That is if current + * type check deliberation permits. + * IOR Type names are configured by the filter property + */ + + private boolean checkIorTypeNames( + String theIorClassName) { + return (iorTypeNames != null) && (iorTypeNames.contains(theIorClassName)); + } + + /* + * Check the IOR interface class name against the set of + * class names that correspond to the builtin JDK IDL stub classes. + */ + + private boolean checkBuiltinClassNames( + String theIorClassName) { + return builtinIorTypeNames.contains(theIorClassName); + } + + + private Set parseIorClassNameList(String filterProperty) { + Set _iorTypeNames = null; + if (filterProperty != null) { + String[] tempIorClassNames = filterProperty.split(";"); + _iorTypeNames = Set.of(tempIorClassNames); + if (theOrb.orbInitDebugFlag) { + dprintConfiguredIorTypeNames(); + } + } + return _iorTypeNames; + } + + + private static Set initBuiltinIorTypeNames() { + Set> builtInCorbaStubTypes = initBuiltInCorbaStubTypes(); + String [] tempBuiltinIorTypeNames = new String[builtInCorbaStubTypes.size()]; + int i = 0; + for (Class _stubClass: builtInCorbaStubTypes) { + tempBuiltinIorTypeNames[i++] = _stubClass.getName(); + } + return Set.of(tempBuiltinIorTypeNames); + } + + private static Set> initBuiltInCorbaStubTypes() { + Class tempBuiltinCorbaStubTypes[] = { + com.sun.corba.se.spi.activation.Activator.class, + com.sun.corba.se.spi.activation._ActivatorStub.class, + com.sun.corba.se.spi.activation._InitialNameServiceStub.class, + com.sun.corba.se.spi.activation._LocatorStub.class, + com.sun.corba.se.spi.activation._RepositoryStub.class, + com.sun.corba.se.spi.activation._ServerManagerStub.class, + com.sun.corba.se.spi.activation._ServerStub.class, + org.omg.CosNaming.BindingIterator.class, + org.omg.CosNaming._BindingIteratorStub.class, + org.omg.CosNaming.NamingContextExt.class, + org.omg.CosNaming._NamingContextExtStub.class, + org.omg.CosNaming.NamingContext.class, + org.omg.CosNaming._NamingContextStub.class, + org.omg.DynamicAny.DynAnyFactory.class, + org.omg.DynamicAny._DynAnyFactoryStub.class, + org.omg.DynamicAny.DynAny.class, + org.omg.DynamicAny._DynAnyStub.class, + org.omg.DynamicAny.DynArray.class, + org.omg.DynamicAny._DynArrayStub.class, + org.omg.DynamicAny.DynEnum.class, + org.omg.DynamicAny._DynEnumStub.class, + org.omg.DynamicAny.DynFixed.class, + org.omg.DynamicAny._DynFixedStub.class, + org.omg.DynamicAny.DynSequence.class, + org.omg.DynamicAny._DynSequenceStub.class, + org.omg.DynamicAny.DynStruct.class, + org.omg.DynamicAny._DynStructStub.class, + org.omg.DynamicAny.DynUnion.class, + org.omg.DynamicAny._DynUnionStub.class, + org.omg.DynamicAny._DynValueStub.class, + org.omg.DynamicAny.DynValue.class, + org.omg.PortableServer.ServantActivator.class, + org.omg.PortableServer._ServantActivatorStub.class, + org.omg.PortableServer.ServantLocator.class, + org.omg.PortableServer._ServantLocatorStub.class }; + return Set.>of(tempBuiltinCorbaStubTypes); + } + + private void dprintConfiguredIorTypeNames() { + if (iorTypeNames != null) { + for (String iorTypeName : iorTypeNames) { + ORBUtility.dprint(this, ".dprintConfiguredIorTypeNames: " + iorTypeName); + } + } + } + + private void dprintTransport(String msg) { + if (theOrb.transportDebugFlag) { + ORBUtility.dprint(this, msg); + } + } +} diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java index 007e6b8dc2..ed8e46d30f 100644 --- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -54,6 +54,7 @@ import java.net.InetAddress; import java.security.PrivilegedAction; import java.security.AccessController; +import java.security.Security; import javax.rmi.CORBA.Util; import javax.rmi.CORBA.ValueHandler; @@ -90,6 +91,7 @@ import com.sun.corba.se.pept.transport.ConnectionCache; import com.sun.corba.se.pept.transport.TransportManager; import com.sun.corba.se.spi.ior.IOR; +import com.sun.corba.se.spi.ior.IORTypeCheckRegistry; import com.sun.corba.se.spi.ior.IdentifiableFactoryFinder; import com.sun.corba.se.spi.ior.TaggedComponentFactoryFinder; import com.sun.corba.se.spi.ior.IORFactories; @@ -124,6 +126,7 @@ import com.sun.corba.se.spi.orb.StringPair; import com.sun.corba.se.spi.transport.CorbaContactInfoListFactory; import com.sun.corba.se.spi.transport.CorbaTransportManager; import com.sun.corba.se.spi.legacy.connection.LegacyServerSocketManager; +import com.sun.corba.se.spi.logging.CORBALogDomains; import com.sun.corba.se.spi.copyobject.CopierManager; import com.sun.corba.se.spi.presentation.rmi.PresentationDefaults; import com.sun.corba.se.spi.presentation.rmi.PresentationManager; @@ -145,6 +148,7 @@ import com.sun.corba.se.impl.encoding.EncapsOutputStream; import com.sun.corba.se.impl.encoding.CachedCodeBase; import com.sun.corba.se.impl.interceptors.PIHandlerImpl; import com.sun.corba.se.impl.interceptors.PINoOpHandlerImpl; +import com.sun.corba.se.impl.ior.IORTypeCheckRegistryImpl; import com.sun.corba.se.impl.ior.TaggedComponentFactoryFinderImpl; import com.sun.corba.se.impl.ior.TaggedProfileFactoryFinderImpl; import com.sun.corba.se.impl.ior.TaggedProfileTemplateFactoryFinderImpl; @@ -226,6 +230,8 @@ public class ORBImpl extends com.sun.corba.se.spi.orb.ORB private ServiceContextRegistry serviceContextRegistry ; + private IORTypeCheckRegistry iorTypeCheckRegistry; + // Needed here to implement connect/disconnect private TOAFactory toaFactory ; @@ -274,6 +280,8 @@ public class ORBImpl extends com.sun.corba.se.spi.orb.ORB // insNamingDelegate. private final Object resolverLock = new Object() ; + private static final String IORTYPECHECKREGISTRY_FILTER_PROPNAME = "com.sun.CORBA.ORBIorTypeCheckRegistryFilter"; + private TaggedComponentFactoryFinder taggedComponentFactoryFinder ; private IdentifiableFactoryFinder taggedProfileFactoryFinder ; @@ -411,6 +419,39 @@ public class ORBImpl extends com.sun.corba.se.spi.orb.ORB }; serviceContextRegistry = new ServiceContextRegistry( this ) ; + + } + + + private void initIORTypeCheckRegistry() { + String filterProps = AccessController + .doPrivileged(new PrivilegedAction() { + public String run() { + String props = System + .getProperty(IORTYPECHECKREGISTRY_FILTER_PROPNAME); + if (props == null) { + props = Security + .getProperty(IORTYPECHECKREGISTRY_FILTER_PROPNAME); + } + return props; + } + }); + if (filterProps != null) { + try { + iorTypeCheckRegistry = new IORTypeCheckRegistryImpl(filterProps, this); + } catch (Exception ex) { + throw wrapper.bootstrapException(ex); + } + + if (this.orbInitDebugFlag) { + dprint(".initIORTypeCheckRegistry, IORTypeCheckRegistryImpl created for properties == " + + filterProps); + } + } else { + if (this.orbInitDebugFlag) { + dprint(".initIORTypeCheckRegistry, IORTypeCheckRegistryImpl NOT created for properties == "); + } + } } protected void setDebugFlags( String[] args ) @@ -494,6 +535,8 @@ public class ORBImpl extends com.sun.corba.se.spi.orb.ORB getThreadPoolManager(); super.getByteBufferPool(); + + initIORTypeCheckRegistry(); } private synchronized POAFactory getPOAFactory() @@ -2089,6 +2132,17 @@ public class ORBImpl extends com.sun.corba.se.spi.orb.ORB } return copierManager ; } + + @Override + public void validateIORClass(String iorClassName) { + if (iorTypeCheckRegistry != null) { + if (!iorTypeCheckRegistry.isValidIORType(iorClassName)) { + throw ORBUtilSystemException.get( this, + CORBALogDomains.OA_IOR ).badStringifiedIor(); + } + } + } + } // Class ORBImpl //////////////////////////////////////////////////////////////////////// diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBSingleton.java b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBSingleton.java index 63bec8b116..3430a4406a 100644 --- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBSingleton.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBSingleton.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -768,6 +768,13 @@ public class ORBSingleton extends ORB public CopierManager getCopierManager() { return null ; } + + @Override + public void validateIORClass(String iorClassName) { + getFullORB().validateIORClass(iorClassName); + + } + } // End of file. diff --git a/jdk/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java b/corba/src/java.corba/share/classes/com/sun/corba/se/spi/ior/IORTypeCheckRegistry.java similarity index 64% rename from jdk/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java rename to corba/src/java.corba/share/classes/com/sun/corba/se/spi/ior/IORTypeCheckRegistry.java index 2b543a3072..cf10bc6142 100644 --- a/jdk/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/spi/ior/IORTypeCheckRegistry.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,21 +22,10 @@ * or visit www.oracle.com if you need additional information or have any * questions. */ -package jdk.internal.misc; -import java.io.ObjectStreamClass; +package com.sun.corba.se.spi.ior; -/** - * A callback used by {@code ObjectInputStream} to do descriptor validation. - * - * @author sjiang - */ -public interface ObjectStreamClassValidator { - /** - * This method will be called by ObjectInputStream to - * check a descriptor just before creating an object described by this descriptor. - * The object will not be created if this method throws a {@code RuntimeException}. - * @param descriptor descriptor to be checked. - */ - public void validateDescriptor(ObjectStreamClass descriptor); +public interface IORTypeCheckRegistry { + public boolean isValidIORType(String iorClassName); } + diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/spi/orb/ORB.java b/corba/src/java.corba/share/classes/com/sun/corba/se/spi/orb/ORB.java index a527d4458c..2e73453f97 100644 --- a/corba/src/java.corba/share/classes/com/sun/corba/se/spi/orb/ORB.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/spi/orb/ORB.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -121,6 +121,7 @@ public abstract class ORB extends com.sun.corba.se.org.omg.CORBA.ORB public boolean shutdownDebugFlag = false; public boolean giopDebugFlag = false; public boolean invocationTimingDebugFlag = false ; + public boolean orbInitDebugFlag = false ; // SystemException log wrappers. Protected so that they can be used in // subclasses. @@ -487,6 +488,24 @@ public abstract class ORB extends com.sun.corba.se.org.omg.CORBA.ORB public abstract ThreadPoolManager getThreadPoolManager(); public abstract CopierManager getCopierManager() ; + + /* + * This method is called to verify that a stringified IOR passed to + * an org.omg.CORBA.ORB::string_to_object method contains a valid and acceptable IOR type. + * If an ORB is configured with IOR type checking enabled, + * the ORB executes a IOR type registry lookup to + * validate that the class name extract from a type id in + * a stringified IOR is a known and accepted type. + * A CORBA {@code org.omg.CORBA.DATA_CONVERSION} exception will be thrown should the type check fail. + * + * @param iorClassName + * a string representing the class name corresponding to the type id of an IOR + * @throws org.omg.CORBA.DATA_CONVERSION + * exception with an indication that it is a "Bad stringified IOR", which is thrown + * when the type check fails. + */ + public abstract void validateIORClass(String iorClassName); + } // End of file. diff --git a/corba/src/java.corba/share/classes/sun/corba/Bridge.java b/corba/src/java.corba/share/classes/sun/corba/Bridge.java index e22240e2a9..38fb8da656 100644 --- a/corba/src/java.corba/share/classes/sun/corba/Bridge.java +++ b/corba/src/java.corba/share/classes/sun/corba/Bridge.java @@ -27,8 +27,9 @@ package sun.corba ; import java.io.OptionalDataException; import java.lang.invoke.MethodHandle; -import java.lang.reflect.Field ; -import java.lang.reflect.Constructor ; +import java.lang.reflect.Field; +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; import java.lang.StackWalker; import java.lang.StackWalker.StackFrame; import java.util.Optional; @@ -37,6 +38,7 @@ import java.util.stream.Stream; import java.security.AccessController; import java.security.Permission; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import sun.misc.Unsafe; import sun.reflect.ReflectionFactory; @@ -340,6 +342,36 @@ public final class Bridge return reflectionFactory.newConstructorForExternalization( cl ) ; } + /** + * Invokes the supplied constructor, adding the provided protection domains + * to the invocation stack before invoking {@code Constructor::newInstance}. + * + * This is equivalent to calling + * {@code ReflectionFactory.newInstanceForSerialization(cons,domains)}. + * + * @param cons A constructor obtained from {@code + * newConstructorForSerialization} or {@code + * newConstructorForExternalization}. + * + * @param domains An array of protection domains that limit the privileges + * with which the constructor is invoked. Can be {@code null} + * or empty, in which case privileges are only limited by the + * {@linkplain AccessController#getContext() current context}. + * + * @return A new object built from the provided constructor. + * + * @throws NullPointerException if {@code cons} is {@code null}. + * @throws InstantiationException if thrown by {@code cons.newInstance()}. + * @throws InvocationTargetException if thrown by {@code cons.newInstance()}. + * @throws IllegalAccessException if thrown by {@code cons.newInstance()}. + */ + public final Object newInstanceForSerialization(Constructor cons, + ProtectionDomain[] domains) + throws InstantiationException, InvocationTargetException, IllegalAccessException + { + return reflectionFactory.newInstanceForSerialization(cons, domains); + } + /** * Returns true if the given class defines a static initializer method, * false otherwise. diff --git a/hotspot/.hgtags b/hotspot/.hgtags index 3e06b395fe..7ac047ef8c 100644 --- a/hotspot/.hgtags +++ b/hotspot/.hgtags @@ -577,9 +577,32 @@ d53171650a2cc6c6f699c966c533b914ca9c0602 jdk-9+171 1ae9e84f68b359420d2d153ecfe5ee2903e33a2e jdk-9+172 e64b1cb48d6e7703928a9d1da106fc27f8cb65fd jdk-9+173 944791f8160185bffa13fbb821fc09b6198f1f25 jdk-9+174 +ca47dcfdd35129fe3ab2dab71b2601d7a0ff07c0 jdk-9.0.1+00 +ca47dcfdd35129fe3ab2dab71b2601d7a0ff07c0 jdk-9.0.3+00 8f04d457168b9f1f4a1b2c37f49e0513ca9d33a7 jdk-9+175 2ab74e5dbdc2b6a962c865500cafd23cf387dc60 jdk-9+176 1ca8f038fceb88c640badf9bd18905205bc63b43 jdk-9+177 9d032191f82fca5ba0aac98682f69c4ff0f1283d jdk-9+178 d2661aa42bff322badbe6c1337fc638d2e0f5730 jdk-9+179 d7baadc223e790c08bc69bf7e553bce65b4e7e40 jdk-9+180 +4a443796f6f57842d6a0434ac27ca3d1033ccc20 jdk-9+181 +8297b62a7b62bafe42c7d567a5752f7a82bafab8 jdk-9.0.3+1 +d2efdbb193a02613867c8949f783d2905f7a28fc jdk-9.0.3+2 +68f9ff7c5eedfd41f9c10959e41024efbd3aa79c jdk-9.0.3+3 +82584ea6464de2e0a59e9fc00173e18a85dc45d8 jdk-9.0.3+4 +c45e75533bae7b5db5c626bf9233b4226934d582 jdk-9.0.3+5 +4c0248d117fabf46c5931cdd09e543c3d89b68a5 jdk-9.0.3+6 +fca264c9fa3ce57b3f4d662242d38b44fb442c87 jdk-9.0.3+7 +1f5a9c0ddb4b8da443f70fc5d135b320f6e0b78a jdk-9.0.3+8 +a10c11fed5bdc5202523baee3cf391cc0e0cfcaa jdk-9.0.3+9 +172baf6c99c5e9fdd72a6f3729f6ec8cd6b48183 jdk-9.0.1+10 +3546eb2ee2693043eb107d980ce5b72fe7f8f47a jdk-9.0.1+11 +5be37d3ef648d06850aa164d8b22ac7539559e80 jdk-9.0.4+00 +46290b7298be50f9a70d27465d50d1675732f0af jdk-9.0.4+1 +dab4c60adabfb8ea35cfcd96a7218994a84d652f jdk-9.0.4+2 +deed95e4b4cba997b3cc13b62e33615fd11bc902 jdk-9.0.4+3 +ce49d719fd4d5f0ff12a1906d9d8b651a7a7d60c jdk-9.0.4+4 +11116cc619ac1b0d00cdcd47e8a7eb2339207bbf jdk-9.0.4+5 +f3ba0e190ffcc82f1ed0dd8275a51096123514b6 jdk-9.0.4+6 +e020892c9b441ff0855479ad4de63a9eb4b59bf7 jdk-9.0.4+7 +d74a282dcd6d05cc3752c8e29a526eb9216fa08c jdk-9.0.4+8 diff --git a/hotspot/.jcheck/conf b/hotspot/.jcheck/conf index 5c6f62dc12..9bd9e92741 100644 --- a/hotspot/.jcheck/conf +++ b/hotspot/.jcheck/conf @@ -1 +1,2 @@ project=jdk9 +bugids=dup diff --git a/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp index a286102e7b..f12334291e 100644 --- a/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp +++ b/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp @@ -773,7 +773,7 @@ AdapterHandlerEntry* SharedRuntime::generate_i2c2i_adapters(MacroAssembler *masm __ load_klass(rscratch1, receiver); __ ldr(tmp, Address(holder, CompiledICHolder::holder_klass_offset())); __ cmp(rscratch1, tmp); - __ ldr(rmethod, Address(holder, CompiledICHolder::holder_method_offset())); + __ ldr(rmethod, Address(holder, CompiledICHolder::holder_metadata_offset())); __ br(Assembler::EQ, ok); __ far_jump(RuntimeAddress(SharedRuntime::get_ic_miss_stub())); diff --git a/hotspot/src/cpu/arm/vm/macroAssembler_arm.cpp b/hotspot/src/cpu/arm/vm/macroAssembler_arm.cpp index 2eb2a55100..d09c84b85f 100644 --- a/hotspot/src/cpu/arm/vm/macroAssembler_arm.cpp +++ b/hotspot/src/cpu/arm/vm/macroAssembler_arm.cpp @@ -2475,49 +2475,65 @@ void MacroAssembler::store_sized_value(Register src, Address dst, size_t size_in // On success, the result will be in method_result, and execution falls through. // On failure, execution transfers to the given label. void MacroAssembler::lookup_interface_method(Register Rklass, - Register Rinterf, - Register Rindex, + Register Rintf, + RegisterOrConstant itable_index, Register method_result, - Register temp_reg1, - Register temp_reg2, + Register Rscan, + Register Rtmp, Label& L_no_such_interface) { - assert_different_registers(Rklass, Rinterf, temp_reg1, temp_reg2, Rindex); + assert_different_registers(Rklass, Rintf, Rscan, Rtmp); - Register Ritable = temp_reg1; + const int entry_size = itableOffsetEntry::size() * HeapWordSize; + assert(itableOffsetEntry::interface_offset_in_bytes() == 0, "not added for convenience"); // Compute start of first itableOffsetEntry (which is at the end of the vtable) const int base = in_bytes(Klass::vtable_start_offset()); const int scale = exact_log2(vtableEntry::size_in_bytes()); - ldr_s32(temp_reg2, Address(Rklass, Klass::vtable_length_offset())); // Get length of vtable - add(Ritable, Rklass, base); - add(Ritable, Ritable, AsmOperand(temp_reg2, lsl, scale)); + ldr_s32(Rtmp, Address(Rklass, Klass::vtable_length_offset())); // Get length of vtable + add(Rscan, Rklass, base); + add(Rscan, Rscan, AsmOperand(Rtmp, lsl, scale)); - Label entry, search; + // Search through the itable for an interface equal to incoming Rintf + // itable looks like [intface][offset][intface][offset][intface][offset] - b(entry); + Label loop; + bind(loop); + ldr(Rtmp, Address(Rscan, entry_size, post_indexed)); +#ifdef AARCH64 + Label found; + cmp(Rtmp, Rintf); + b(found, eq); + cbnz(Rtmp, loop); +#else + cmp(Rtmp, Rintf); // set ZF and CF if interface is found + cmn(Rtmp, 0, ne); // check if tmp == 0 and clear CF if it is + b(loop, ne); +#endif // AARCH64 - bind(search); - add(Ritable, Ritable, itableOffsetEntry::size() * HeapWordSize); +#ifdef AARCH64 + b(L_no_such_interface); + bind(found); +#else + // CF == 0 means we reached the end of itable without finding icklass + b(L_no_such_interface, cc); +#endif // !AARCH64 - bind(entry); - - // Check that the entry is non-null. A null entry means that the receiver - // class doesn't implement the interface, and wasn't the same as the - // receiver class checked when the interface was resolved. - - ldr(temp_reg2, Address(Ritable, itableOffsetEntry::interface_offset_in_bytes())); - cbz(temp_reg2, L_no_such_interface); - - cmp(Rinterf, temp_reg2); - b(search, ne); - - ldr_s32(temp_reg2, Address(Ritable, itableOffsetEntry::offset_offset_in_bytes())); - add(temp_reg2, temp_reg2, Rklass); // Add offset to Klass* - assert(itableMethodEntry::size() * HeapWordSize == wordSize, "adjust the scaling in the code below"); - assert(itableMethodEntry::method_offset_in_bytes() == 0, "adjust the offset in the code below"); - - ldr(method_result, Address::indexed_ptr(temp_reg2, Rindex)); + if (method_result != noreg) { + // Interface found at previous position of Rscan, now load the method + ldr_s32(Rtmp, Address(Rscan, itableOffsetEntry::offset_offset_in_bytes() - entry_size)); + if (itable_index.is_register()) { + add(Rtmp, Rtmp, Rklass); // Add offset to Klass* + assert(itableMethodEntry::size() * HeapWordSize == wordSize, "adjust the scaling in the code below"); + assert(itableMethodEntry::method_offset_in_bytes() == 0, "adjust the offset in the code below"); + ldr(method_result, Address::indexed_ptr(Rtmp, itable_index.as_register())); + } else { + int method_offset = itableMethodEntry::size() * HeapWordSize * itable_index.as_constant() + + itableMethodEntry::method_offset_in_bytes(); + add_slow(method_result, Rklass, method_offset); + ldr(method_result, Address(method_result, Rtmp)); + } + } } #ifdef COMPILER2 diff --git a/hotspot/src/cpu/arm/vm/macroAssembler_arm.hpp b/hotspot/src/cpu/arm/vm/macroAssembler_arm.hpp index e6f73353cb..1a098fdbfb 100644 --- a/hotspot/src/cpu/arm/vm/macroAssembler_arm.hpp +++ b/hotspot/src/cpu/arm/vm/macroAssembler_arm.hpp @@ -1316,7 +1316,7 @@ public: void lookup_interface_method(Register recv_klass, Register intf_klass, - Register itable_index, + RegisterOrConstant itable_index, Register method_result, Register temp_reg1, Register temp_reg2, diff --git a/hotspot/src/cpu/arm/vm/sharedRuntime_arm.cpp b/hotspot/src/cpu/arm/vm/sharedRuntime_arm.cpp index 48f096473c..f2413d01a3 100644 --- a/hotspot/src/cpu/arm/vm/sharedRuntime_arm.cpp +++ b/hotspot/src/cpu/arm/vm/sharedRuntime_arm.cpp @@ -987,7 +987,7 @@ AdapterHandlerEntry* SharedRuntime::generate_i2c2i_adapters(MacroAssembler *masm __ load_klass(receiver_klass, receiver); __ ldr(holder_klass, Address(Ricklass, CompiledICHolder::holder_klass_offset())); - __ ldr(Rmethod, Address(Ricklass, CompiledICHolder::holder_method_offset())); + __ ldr(Rmethod, Address(Ricklass, CompiledICHolder::holder_metadata_offset())); __ cmp(receiver_klass, holder_klass); #ifdef AARCH64 diff --git a/hotspot/src/cpu/arm/vm/templateTable_arm.cpp b/hotspot/src/cpu/arm/vm/templateTable_arm.cpp index c8711b830e..b5acc286f9 100644 --- a/hotspot/src/cpu/arm/vm/templateTable_arm.cpp +++ b/hotspot/src/cpu/arm/vm/templateTable_arm.cpp @@ -4192,7 +4192,7 @@ void TemplateTable::invokeinterface(int byte_no) { const Register Rflags = R3_tmp; const Register Rklass = R3_tmp; - prepare_invoke(byte_no, Rinterf, Rindex, Rrecv, Rflags); + prepare_invoke(byte_no, Rinterf, Rmethod, Rrecv, Rflags); // Special case of invokeinterface called for virtual method of // java.lang.Object. See cpCacheOop.cpp for details. @@ -4201,56 +4201,39 @@ void TemplateTable::invokeinterface(int byte_no) { Label notMethod; __ tbz(Rflags, ConstantPoolCacheEntry::is_forced_virtual_shift, notMethod); - __ mov(Rmethod, Rindex); invokevirtual_helper(Rmethod, Rrecv, Rflags); __ bind(notMethod); // Get receiver klass into Rklass - also a null check __ load_klass(Rklass, Rrecv); + Label no_such_interface; + + // Receiver subtype check against REFC. + __ lookup_interface_method(// inputs: rec. class, interface + Rklass, Rinterf, noreg, + // outputs: scan temp. reg1, scan temp. reg2 + noreg, Ritable, Rtemp, + no_such_interface); + // profile this call __ profile_virtual_call(R0_tmp, Rklass); - // Compute start of first itableOffsetEntry (which is at the end of the vtable) - const int base = in_bytes(Klass::vtable_start_offset()); - assert(vtableEntry::size() == 1, "adjust the scaling in the code below"); - __ ldr_s32(Rtemp, Address(Rklass, Klass::vtable_length_offset())); // Get length of vtable - __ add(Ritable, Rklass, base); - __ add(Ritable, Ritable, AsmOperand(Rtemp, lsl, LogBytesPerWord)); + // Get declaring interface class from method + __ ldr(Rtemp, Address(Rmethod, Method::const_offset())); + __ ldr(Rtemp, Address(Rtemp, ConstMethod::constants_offset())); + __ ldr(Rinterf, Address(Rtemp, ConstantPool::pool_holder_offset_in_bytes())); - Label entry, search, interface_ok; + // Get itable index from method + __ ldr_s32(Rtemp, Address(Rmethod, Method::itable_index_offset())); + __ add(Rtemp, Rtemp, (-Method::itable_index_max)); // small negative constant is too large for an immediate on arm32 + __ neg(Rindex, Rtemp); - __ b(entry); - - __ bind(search); - __ add(Ritable, Ritable, itableOffsetEntry::size() * HeapWordSize); - - __ bind(entry); - - // Check that the entry is non-null. A null entry means that the receiver - // class doesn't implement the interface, and wasn't the same as the - // receiver class checked when the interface was resolved. - - __ ldr(Rtemp, Address(Ritable, itableOffsetEntry::interface_offset_in_bytes())); - __ cbnz(Rtemp, interface_ok); - - // throw exception - __ call_VM(noreg, CAST_FROM_FN_PTR(address, - InterpreterRuntime::throw_IncompatibleClassChangeError)); - - // the call_VM checks for exception, so we should never return here. - __ should_not_reach_here(); - - __ bind(interface_ok); - - __ cmp(Rinterf, Rtemp); - __ b(search, ne); - - __ ldr_s32(Rtemp, Address(Ritable, itableOffsetEntry::offset_offset_in_bytes())); - __ add(Rtemp, Rtemp, Rklass); // Add offset to Klass* - assert(itableMethodEntry::size() == 1, "adjust the scaling in the code below"); - - __ ldr(Rmethod, Address::indexed_ptr(Rtemp, Rindex)); + __ lookup_interface_method(// inputs: rec. class, interface + Rklass, Rinterf, Rindex, + // outputs: scan temp. reg1, scan temp. reg2 + Rmethod, Ritable, Rtemp, + no_such_interface); // Rmethod: Method* to call @@ -4272,6 +4255,13 @@ void TemplateTable::invokeinterface(int byte_no) { // do the call __ jump_from_interpreted(Rmethod); + + // throw exception + __ bind(no_such_interface); + __ restore_method(); + __ call_VM(noreg, CAST_FROM_FN_PTR(address, InterpreterRuntime::throw_IncompatibleClassChangeError)); + // the call_VM checks for exception, so we should never return here. + __ should_not_reach_here(); } void TemplateTable::invokehandle(int byte_no) { diff --git a/hotspot/src/cpu/arm/vm/vtableStubs_arm.cpp b/hotspot/src/cpu/arm/vm/vtableStubs_arm.cpp index 8b980aba56..06432c1ee8 100644 --- a/hotspot/src/cpu/arm/vm/vtableStubs_arm.cpp +++ b/hotspot/src/cpu/arm/vm/vtableStubs_arm.cpp @@ -28,6 +28,7 @@ #include "code/vtableStubs.hpp" #include "interp_masm_arm.hpp" #include "memory/resourceArea.hpp" +#include "oops/compiledICHolder.hpp" #include "oops/instanceKlass.hpp" #include "oops/klassVtable.hpp" #include "runtime/sharedRuntime.hpp" @@ -118,67 +119,48 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { // R0-R3 / R0-R7 registers hold the arguments and cannot be spoiled const Register Rclass = AARCH64_ONLY(R9) NOT_AARCH64(R4); - const Register Rlength = AARCH64_ONLY(R10) NOT_AARCH64(R5); + const Register Rintf = AARCH64_ONLY(R10) NOT_AARCH64(R5); const Register Rscan = AARCH64_ONLY(R11) NOT_AARCH64(R6); - const Register tmp = Rtemp; - assert_different_registers(Ricklass, Rclass, Rlength, Rscan, tmp); + assert_different_registers(Ricklass, Rclass, Rintf, Rscan, Rtemp); // Calculate the start of itable (itable goes after vtable) const int scale = exact_log2(vtableEntry::size_in_bytes()); address npe_addr = __ pc(); __ load_klass(Rclass, R0); - __ ldr_s32(Rlength, Address(Rclass, Klass::vtable_length_offset())); - __ add(Rscan, Rclass, in_bytes(Klass::vtable_start_offset())); - __ add(Rscan, Rscan, AsmOperand(Rlength, lsl, scale)); + Label L_no_such_interface; - // Search through the itable for an interface equal to incoming Ricklass - // itable looks like [intface][offset][intface][offset][intface][offset] - const int entry_size = itableOffsetEntry::size() * HeapWordSize; - assert(itableOffsetEntry::interface_offset_in_bytes() == 0, "not added for convenience"); + // Receiver subtype check against REFC. + __ ldr(Rintf, Address(Ricklass, CompiledICHolder::holder_klass_offset())); + __ lookup_interface_method(// inputs: rec. class, interface, itable index + Rclass, Rintf, noreg, + // outputs: temp reg1, temp reg2 + noreg, Rscan, Rtemp, + L_no_such_interface); - Label loop; - __ bind(loop); - __ ldr(tmp, Address(Rscan, entry_size, post_indexed)); -#ifdef AARCH64 - Label found; - __ cmp(tmp, Ricklass); - __ b(found, eq); - __ cbnz(tmp, loop); -#else - __ cmp(tmp, Ricklass); // set ZF and CF if interface is found - __ cmn(tmp, 0, ne); // check if tmp == 0 and clear CF if it is - __ b(loop, ne); -#endif // AARCH64 - - assert(StubRoutines::throw_IncompatibleClassChangeError_entry() != NULL, "Check initialization order"); -#ifdef AARCH64 - __ jump(StubRoutines::throw_IncompatibleClassChangeError_entry(), relocInfo::runtime_call_type, tmp); - __ bind(found); -#else - // CF == 0 means we reached the end of itable without finding icklass - __ jump(StubRoutines::throw_IncompatibleClassChangeError_entry(), relocInfo::runtime_call_type, noreg, cc); -#endif // !AARCH64 - - // Interface found at previous position of Rscan, now load the method oop - __ ldr_s32(tmp, Address(Rscan, itableOffsetEntry::offset_offset_in_bytes() - entry_size)); - { - const int method_offset = itableMethodEntry::size() * HeapWordSize * itable_index + - itableMethodEntry::method_offset_in_bytes(); - __ add_slow(Rmethod, Rclass, method_offset); - } - __ ldr(Rmethod, Address(Rmethod, tmp)); + // Get Method* and entry point for compiler + __ ldr(Rintf, Address(Ricklass, CompiledICHolder::holder_metadata_offset())); + __ lookup_interface_method(// inputs: rec. class, interface, itable index + Rclass, Rintf, itable_index, + // outputs: temp reg1, temp reg2, temp reg3 + Rmethod, Rscan, Rtemp, + L_no_such_interface); address ame_addr = __ pc(); #ifdef AARCH64 - __ ldr(tmp, Address(Rmethod, Method::from_compiled_offset())); - __ br(tmp); + __ ldr(Rtemp, Address(Rmethod, Method::from_compiled_offset())); + __ br(Rtemp); #else __ ldr(PC, Address(Rmethod, Method::from_compiled_offset())); #endif // AARCH64 + __ bind(L_no_such_interface); + + assert(StubRoutines::throw_IncompatibleClassChangeError_entry() != NULL, "check initialization order"); + __ jump(StubRoutines::throw_IncompatibleClassChangeError_entry(), relocInfo::runtime_call_type, Rtemp); + masm->flush(); if (PrintMiscellaneous && (WizardMode || Verbose)) { @@ -205,7 +187,7 @@ int VtableStub::pd_code_size_limit(bool is_vtable_stub) { instr_count = NOT_AARCH64(4) AARCH64_ONLY(5); } else { // itable stub size - instr_count = NOT_AARCH64(20) AARCH64_ONLY(20); + instr_count = NOT_AARCH64(31) AARCH64_ONLY(31); } #ifdef AARCH64 diff --git a/hotspot/src/cpu/ppc/vm/sharedRuntime_ppc.cpp b/hotspot/src/cpu/ppc/vm/sharedRuntime_ppc.cpp index dc36aa77da..66d2846a08 100644 --- a/hotspot/src/cpu/ppc/vm/sharedRuntime_ppc.cpp +++ b/hotspot/src/cpu/ppc/vm/sharedRuntime_ppc.cpp @@ -1185,7 +1185,7 @@ AdapterHandlerEntry* SharedRuntime::generate_i2c2i_adapters(MacroAssembler *masm // Argument is valid and klass is as expected, continue. // Extract method from inline cache, verified entry point needs it. - __ ld(R19_method, CompiledICHolder::holder_method_offset(), ic); + __ ld(R19_method, CompiledICHolder::holder_metadata_offset(), ic); assert(R19_method == ic, "the inline cache register is dead here"); __ ld(code, method_(code)); diff --git a/hotspot/src/cpu/s390/vm/c1_LIRGenerator_s390.cpp b/hotspot/src/cpu/s390/vm/c1_LIRGenerator_s390.cpp index 0ec97da623..ca6abb0598 100644 --- a/hotspot/src/cpu/s390/vm/c1_LIRGenerator_s390.cpp +++ b/hotspot/src/cpu/s390/vm/c1_LIRGenerator_s390.cpp @@ -291,7 +291,7 @@ void LIRGenerator::do_StoreIndexed(StoreIndexed* x) { length.set_instruction(x->length()); length.load_item(); } - if (needs_store_check) { + if (needs_store_check || x->check_boolean()) { value.load_item(); } else { value.load_for_store(x->elt_type()); @@ -341,11 +341,14 @@ void LIRGenerator::do_StoreIndexed(StoreIndexed* x) { // Needs GC write barriers. pre_barrier(LIR_OprFact::address(array_addr), LIR_OprFact::illegalOpr /* pre_val */, true /* do_load */, false /* patch */, NULL); - __ move(value.result(), array_addr, null_check_info); - // Seems to be a precise. + } + + LIR_Opr result = maybe_mask_boolean(x, array.result(), value.result(), null_check_info); + __ move(result, array_addr, null_check_info); + + if (obj_store) { + // Precise card mark post_barrier(LIR_OprFact::address(array_addr), value.result()); - } else { - __ move(value.result(), array_addr, null_check_info); } } diff --git a/hotspot/src/cpu/s390/vm/interp_masm_s390.cpp b/hotspot/src/cpu/s390/vm/interp_masm_s390.cpp index 8cec2da25a..60d35285ea 100644 --- a/hotspot/src/cpu/s390/vm/interp_masm_s390.cpp +++ b/hotspot/src/cpu/s390/vm/interp_masm_s390.cpp @@ -842,6 +842,38 @@ void InterpreterMacroAssembler::unlock_if_synchronized_method(TosState state, verify_oop(Z_tos, state); } +void InterpreterMacroAssembler::narrow(Register result, Register ret_type) { + get_method(ret_type); + z_lg(ret_type, Address(ret_type, in_bytes(Method::const_offset()))); + z_lb(ret_type, Address(ret_type, in_bytes(ConstMethod::result_type_offset()))); + + Label notBool, notByte, notChar, done; + + // common case first + compareU32_and_branch(ret_type, T_INT, bcondEqual, done); + + compareU32_and_branch(ret_type, T_BOOLEAN, bcondNotEqual, notBool); + z_nilf(result, 0x1); + z_bru(done); + + bind(notBool); + compareU32_and_branch(ret_type, T_BYTE, bcondNotEqual, notByte); + z_lbr(result, result); + z_bru(done); + + bind(notByte); + compareU32_and_branch(ret_type, T_CHAR, bcondNotEqual, notChar); + z_nilf(result, 0xffff); + z_bru(done); + + bind(notChar); + // compareU32_and_branch(ret_type, T_SHORT, bcondNotEqual, notShort); + z_lhr(result, result); + + // Nothing to do for T_INT + bind(done); +} + // remove activation // // Unlock the receiver if this is a synchronized method. diff --git a/hotspot/src/cpu/s390/vm/interp_masm_s390.hpp b/hotspot/src/cpu/s390/vm/interp_masm_s390.hpp index 5f29a60648..34aa11a957 100644 --- a/hotspot/src/cpu/s390/vm/interp_masm_s390.hpp +++ b/hotspot/src/cpu/s390/vm/interp_masm_s390.hpp @@ -86,6 +86,8 @@ class InterpreterMacroAssembler: public MacroAssembler { void dispatch_next_noverify_oop(TosState state, int step = 0); void dispatch_via(TosState state, address* table); + void narrow(Register result, Register ret_type); + // Jump to an invoked target. void prepare_to_jump_from_interpreted(Register method); void jump_from_interpreted(Register method, Register temp); diff --git a/hotspot/src/cpu/s390/vm/sharedRuntime_s390.cpp b/hotspot/src/cpu/s390/vm/sharedRuntime_s390.cpp index 89c3ae4032..fefa0411d9 100644 --- a/hotspot/src/cpu/s390/vm/sharedRuntime_s390.cpp +++ b/hotspot/src/cpu/s390/vm/sharedRuntime_s390.cpp @@ -2628,9 +2628,9 @@ AdapterHandlerEntry* SharedRuntime::generate_i2c2i_adapters(MacroAssembler *masm Label skip_fixup; { Label ic_miss; - const int klass_offset = oopDesc::klass_offset_in_bytes(); - const int holder_klass_offset = CompiledICHolder::holder_klass_offset(); - const int holder_method_offset = CompiledICHolder::holder_method_offset(); + const int klass_offset = oopDesc::klass_offset_in_bytes(); + const int holder_klass_offset = CompiledICHolder::holder_klass_offset(); + const int holder_metadata_offset = CompiledICHolder::holder_metadata_offset(); // Out-of-line call to ic_miss handler. __ call_ic_miss_handler(ic_miss, 0x11, 0, Z_R1_scratch); @@ -2659,7 +2659,7 @@ AdapterHandlerEntry* SharedRuntime::generate_i2c2i_adapters(MacroAssembler *masm // This def MUST MATCH code in gen_c2i_adapter! const Register code = Z_R11; - __ z_lg(Z_method, holder_method_offset, Z_method); + __ z_lg(Z_method, holder_metadata_offset, Z_method); __ load_and_test_long(Z_R0, method_(code)); __ z_brne(ic_miss); // Cache miss: call runtime to handle this. diff --git a/hotspot/src/cpu/s390/vm/templateInterpreterGenerator_s390.cpp b/hotspot/src/cpu/s390/vm/templateInterpreterGenerator_s390.cpp index 20a9a3e957..1333dd8a45 100644 --- a/hotspot/src/cpu/s390/vm/templateInterpreterGenerator_s390.cpp +++ b/hotspot/src/cpu/s390/vm/templateInterpreterGenerator_s390.cpp @@ -2314,6 +2314,12 @@ address TemplateInterpreterGenerator::generate_earlyret_entry_for (TosState stat __ store_const(Address(RjvmtiState, JvmtiThreadState::earlyret_state_offset()), JvmtiThreadState::earlyret_inactive, 4, 4, Z_R0_scratch); + if (state == itos) { + // Narrow result if state is itos but result type is smaller. + // Need to narrow in the return bytecode rather than in generate_return_entry + // since compiled code callers expect the result to already be narrowed. + __ narrow(Z_tos, Z_tmp_1); /* fall through */ + } __ remove_activation(state, Z_tmp_1, // retaddr false, // throw_monitor_exception diff --git a/hotspot/src/cpu/s390/vm/templateTable_s390.cpp b/hotspot/src/cpu/s390/vm/templateTable_s390.cpp index 83d707dbd6..1e471d7b02 100644 --- a/hotspot/src/cpu/s390/vm/templateTable_s390.cpp +++ b/hotspot/src/cpu/s390/vm/templateTable_s390.cpp @@ -1174,8 +1174,20 @@ void TemplateTable::bastore() { __ pop_i(Z_ARG3); __ pop_ptr(Z_tmp_2); // Z_tos : value - // Z_ARG3 : index + // Z_ARG3 : index // Z_tmp_2 : array + + // Need to check whether array is boolean or byte + // since both types share the bastore bytecode. + __ load_klass(Z_tmp_1, Z_tmp_2); + __ z_llgf(Z_tmp_1, Address(Z_tmp_1, Klass::layout_helper_offset())); + __ z_tmll(Z_tmp_1, Klass::layout_helper_boolean_diffbit()); + Label L_skip; + __ z_bfalse(L_skip); + // if it is a T_BOOLEAN array, mask the stored value to 0/1 + __ z_nilf(Z_tos, 0x1); + __ bind(L_skip); + // No index shift necessary - pass 0. index_check(Z_tmp_2, Z_ARG3, 0); // Prefer index in Z_ARG3. __ z_stc(Z_tos, @@ -2321,6 +2333,13 @@ void TemplateTable::_return(TosState state) { __ bind(skip_register_finalizer); } + if (state == itos) { + // Narrow result if state is itos but result type is smaller. + // Need to narrow in the return bytecode rather than in generate_return_entry + // since compiled code callers expect the result to already be narrowed. + __ narrow(Z_tos, Z_tmp_1); /* fall through */ + } + __ remove_activation(state, Z_R14); __ z_br(Z_R14); } diff --git a/hotspot/src/cpu/sparc/vm/macroAssembler_sparc.cpp b/hotspot/src/cpu/sparc/vm/macroAssembler_sparc.cpp index e0065402b0..325f6dbcfe 100644 --- a/hotspot/src/cpu/sparc/vm/macroAssembler_sparc.cpp +++ b/hotspot/src/cpu/sparc/vm/macroAssembler_sparc.cpp @@ -2069,9 +2069,10 @@ void MacroAssembler::lookup_interface_method(Register recv_klass, Register method_result, Register scan_temp, Register sethi_temp, - Label& L_no_such_interface) { + Label& L_no_such_interface, + bool return_method) { assert_different_registers(recv_klass, intf_klass, method_result, scan_temp); - assert(itable_index.is_constant() || itable_index.as_register() == method_result, + assert(!return_method || itable_index.is_constant() || itable_index.as_register() == method_result, "caller must use same register for non-constant itable index as for method"); Label L_no_such_interface_restore; @@ -2103,11 +2104,13 @@ void MacroAssembler::lookup_interface_method(Register recv_klass, add(scan_temp, itb_offset, scan_temp); add(recv_klass, scan_temp, scan_temp); - // Adjust recv_klass by scaled itable_index, so we can free itable_index. - RegisterOrConstant itable_offset = itable_index; - itable_offset = regcon_sll_ptr(itable_index, exact_log2(itableMethodEntry::size() * wordSize), itable_offset); - itable_offset = regcon_inc_ptr(itable_offset, itableMethodEntry::method_offset_in_bytes(), itable_offset); - add(recv_klass, ensure_simm13_or_reg(itable_offset, sethi_temp), recv_klass); + if (return_method) { + // Adjust recv_klass by scaled itable_index, so we can free itable_index. + RegisterOrConstant itable_offset = itable_index; + itable_offset = regcon_sll_ptr(itable_index, exact_log2(itableMethodEntry::size() * wordSize), itable_offset); + itable_offset = regcon_inc_ptr(itable_offset, itableMethodEntry::method_offset_in_bytes(), itable_offset); + add(recv_klass, ensure_simm13_or_reg(itable_offset, sethi_temp), recv_klass); + } // for (scan = klass->itable(); scan->interface() != NULL; scan += scan_step) { // if (scan->interface() == intf) { @@ -2142,12 +2145,14 @@ void MacroAssembler::lookup_interface_method(Register recv_klass, bind(L_found_method); - // Got a hit. - int ito_offset = itableOffsetEntry::offset_offset_in_bytes(); - // scan_temp[-scan_step] points to the vtable offset we need - ito_offset -= scan_step; - lduw(scan_temp, ito_offset, scan_temp); - ld_ptr(recv_klass, scan_temp, method_result); + if (return_method) { + // Got a hit. + int ito_offset = itableOffsetEntry::offset_offset_in_bytes(); + // scan_temp[-scan_step] points to the vtable offset we need + ito_offset -= scan_step; + lduw(scan_temp, ito_offset, scan_temp); + ld_ptr(recv_klass, scan_temp, method_result); + } if (did_save) { Label L_done; diff --git a/hotspot/src/cpu/sparc/vm/macroAssembler_sparc.hpp b/hotspot/src/cpu/sparc/vm/macroAssembler_sparc.hpp index a401859e77..201abfc717 100644 --- a/hotspot/src/cpu/sparc/vm/macroAssembler_sparc.hpp +++ b/hotspot/src/cpu/sparc/vm/macroAssembler_sparc.hpp @@ -1290,7 +1290,8 @@ public: RegisterOrConstant itable_index, Register method_result, Register temp_reg, Register temp2_reg, - Label& no_such_interface); + Label& no_such_interface, + bool return_method = true); // virtual method calling void lookup_virtual_method(Register recv_klass, diff --git a/hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp b/hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp index 613e662d65..4b8d40911b 100644 --- a/hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp +++ b/hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp @@ -1079,7 +1079,7 @@ AdapterHandlerEntry* SharedRuntime::generate_i2c2i_adapters(MacroAssembler *masm Label ok, ok2; __ brx(Assembler::equal, false, Assembler::pt, ok); - __ delayed()->ld_ptr(G5_method, CompiledICHolder::holder_method_offset(), G5_method); + __ delayed()->ld_ptr(G5_method, CompiledICHolder::holder_metadata_offset(), G5_method); __ jump_to(ic_miss, G3_scratch); __ delayed()->nop(); diff --git a/hotspot/src/cpu/sparc/vm/templateTable_sparc.cpp b/hotspot/src/cpu/sparc/vm/templateTable_sparc.cpp index f828aa0e37..41cd9bb247 100644 --- a/hotspot/src/cpu/sparc/vm/templateTable_sparc.cpp +++ b/hotspot/src/cpu/sparc/vm/templateTable_sparc.cpp @@ -3173,15 +3173,15 @@ void TemplateTable::invokeinterface(int byte_no) { assert(byte_no == f1_byte, "use this argument"); const Register Rinterface = G1_scratch; + const Register Rmethod = Lscratch; const Register Rret = G3_scratch; - const Register Rindex = Lscratch; const Register O0_recv = O0; const Register O1_flags = O1; const Register O2_Klass = O2; const Register Rscratch = G4_scratch; assert_different_registers(Rscratch, G5_method); - prepare_invoke(byte_no, Rinterface, Rret, Rindex, O0_recv, O1_flags); + prepare_invoke(byte_no, Rinterface, Rret, Rmethod, O0_recv, O1_flags); // get receiver klass __ null_check(O0_recv, oopDesc::klass_offset_in_bytes()); @@ -3201,55 +3201,40 @@ void TemplateTable::invokeinterface(int byte_no) { __ bind(notMethod); + Register Rtemp = O1_flags; + + Label L_no_such_interface; + + // Receiver subtype check against REFC. + __ lookup_interface_method(// inputs: rec. class, interface, itable index + O2_Klass, Rinterface, noreg, + // outputs: temp reg1, temp reg2, temp reg3 + G5_method, Rscratch, Rtemp, + L_no_such_interface, + /*return_method=*/false); + __ profile_virtual_call(O2_Klass, O4); // // find entry point to call // - // compute start of first itableOffsetEntry (which is at end of vtable) - const int base = in_bytes(Klass::vtable_start_offset()); - Label search; - Register Rtemp = O1_flags; + // Get declaring interface class from method + __ ld_ptr(Rmethod, Method::const_offset(), Rinterface); + __ ld_ptr(Rinterface, ConstMethod::constants_offset(), Rinterface); + __ ld_ptr(Rinterface, ConstantPool::pool_holder_offset_in_bytes(), Rinterface); - __ ld(O2_Klass, in_bytes(Klass::vtable_length_offset()), Rtemp); - __ sll(Rtemp, LogBytesPerWord, Rtemp); // Rscratch *= 4; - if (Assembler::is_simm13(base)) { - __ add(Rtemp, base, Rtemp); - } else { - __ set(base, Rscratch); - __ add(Rscratch, Rtemp, Rtemp); - } - __ add(O2_Klass, Rtemp, Rscratch); + // Get itable index from method + const Register Rindex = G5_method; + __ ld(Rmethod, Method::itable_index_offset(), Rindex); + __ sub(Rindex, Method::itable_index_max, Rindex); + __ neg(Rindex); - __ bind(search); - - __ ld_ptr(Rscratch, itableOffsetEntry::interface_offset_in_bytes(), Rtemp); - { - Label ok; - - // Check that entry is non-null. Null entries are probably a bytecode - // problem. If the interface isn't implemented by the receiver class, - // the VM should throw IncompatibleClassChangeError. linkResolver checks - // this too but that's only if the entry isn't already resolved, so we - // need to check again. - __ br_notnull_short( Rtemp, Assembler::pt, ok); - call_VM(noreg, CAST_FROM_FN_PTR(address, InterpreterRuntime::throw_IncompatibleClassChangeError)); - __ should_not_reach_here(); - __ bind(ok); - } - - __ cmp(Rinterface, Rtemp); - __ brx(Assembler::notEqual, true, Assembler::pn, search); - __ delayed()->add(Rscratch, itableOffsetEntry::size() * wordSize, Rscratch); - - // entry found and Rscratch points to it - __ ld(Rscratch, itableOffsetEntry::offset_offset_in_bytes(), Rscratch); - - assert(itableMethodEntry::method_offset_in_bytes() == 0, "adjust instruction below"); - __ sll(Rindex, exact_log2(itableMethodEntry::size() * wordSize), Rindex); // Rindex *= 8; - __ add(Rscratch, Rindex, Rscratch); - __ ld_ptr(O2_Klass, Rscratch, G5_method); + __ lookup_interface_method(// inputs: rec. class, interface, itable index + O2_Klass, Rinterface, Rindex, + // outputs: method, scan temp reg, temp reg + G5_method, Rscratch, Rtemp, + L_no_such_interface); // Check for abstract method error. { @@ -3266,6 +3251,10 @@ void TemplateTable::invokeinterface(int byte_no) { __ profile_arguments_type(G5_method, Rcall, Gargs, true); __ profile_called_method(G5_method, Rscratch); __ call_from_interpreter(Rcall, Gargs, Rret); + + __ bind(L_no_such_interface); + call_VM(noreg, CAST_FROM_FN_PTR(address, InterpreterRuntime::throw_IncompatibleClassChangeError)); + __ should_not_reach_here(); } void TemplateTable::invokehandle(int byte_no) { diff --git a/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp b/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp index 9e825aaa79..3f5a928f4a 100644 --- a/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp +++ b/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp @@ -27,6 +27,7 @@ #include "code/vtableStubs.hpp" #include "interp_masm_sparc.hpp" #include "memory/resourceArea.hpp" +#include "oops/compiledICHolder.hpp" #include "oops/instanceKlass.hpp" #include "oops/klassVtable.hpp" #include "runtime/sharedRuntime.hpp" @@ -140,7 +141,8 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { MacroAssembler* masm = new MacroAssembler(&cb); Register G3_Klass = G3_scratch; - Register G5_interface = G5; // Passed in as an argument + Register G5_icholder = G5; // Passed in as an argument + Register G4_interface = G4_scratch; Label search; // Entry arguments: @@ -164,14 +166,26 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { } #endif /* PRODUCT */ - Label throw_icce; + Label L_no_such_interface; Register L5_method = L5; + + // Receiver subtype check against REFC. + __ ld_ptr(G5_icholder, CompiledICHolder::holder_klass_offset(), G4_interface); __ lookup_interface_method(// inputs: rec. class, interface, itable index - G3_Klass, G5_interface, itable_index, + G3_Klass, G4_interface, itable_index, + // outputs: scan temp. reg1, scan temp. reg2 + L5_method, L2, L3, + L_no_such_interface, + /*return_method=*/ false); + + // Get Method* and entrypoint for compiler + __ ld_ptr(G5_icholder, CompiledICHolder::holder_metadata_offset(), G4_interface); + __ lookup_interface_method(// inputs: rec. class, interface, itable index + G3_Klass, G4_interface, itable_index, // outputs: method, scan temp. reg L5_method, L2, L3, - throw_icce); + L_no_such_interface); #ifndef PRODUCT if (DebugVtables) { @@ -197,7 +211,7 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { __ JMP(G3_scratch, 0); __ delayed()->nop(); - __ bind(throw_icce); + __ bind(L_no_such_interface); AddressLiteral icce(StubRoutines::throw_IncompatibleClassChangeError_entry()); __ jump_to(icce, G3_scratch); __ delayed()->restore(); @@ -232,7 +246,7 @@ int VtableStub::pd_code_size_limit(bool is_vtable_stub) { MacroAssembler::instr_size_for_decode_klass_not_null() : 0); return basic + slop; } else { - const int basic = (28 LP64_ONLY(+ 6)) * BytesPerInstWord + + const int basic = (48 LP64_ONLY(+ 6)) * BytesPerInstWord + // shift;add for load_klass (only shift with zero heap based) (UseCompressedClassPointers ? MacroAssembler::instr_size_for_decode_klass_not_null() : 0); diff --git a/hotspot/src/cpu/x86/vm/macroAssembler_x86.cpp b/hotspot/src/cpu/x86/vm/macroAssembler_x86.cpp index 6b7f947de6..1be4263228 100644 --- a/hotspot/src/cpu/x86/vm/macroAssembler_x86.cpp +++ b/hotspot/src/cpu/x86/vm/macroAssembler_x86.cpp @@ -5733,8 +5733,13 @@ void MacroAssembler::lookup_interface_method(Register recv_klass, RegisterOrConstant itable_index, Register method_result, Register scan_temp, - Label& L_no_such_interface) { - assert_different_registers(recv_klass, intf_klass, method_result, scan_temp); + Label& L_no_such_interface, + bool return_method) { + assert_different_registers(recv_klass, intf_klass, scan_temp); + assert_different_registers(method_result, intf_klass, scan_temp); + assert(recv_klass != method_result || !return_method, + "recv_klass can be destroyed when method isn't needed"); + assert(itable_index.is_constant() || itable_index.as_register() == method_result, "caller must use same register for non-constant itable index as for method"); @@ -5751,9 +5756,11 @@ void MacroAssembler::lookup_interface_method(Register recv_klass, // %%% Could store the aligned, prescaled offset in the klassoop. lea(scan_temp, Address(recv_klass, scan_temp, times_vte_scale, vtable_base)); - // Adjust recv_klass by scaled itable_index, so we can free itable_index. - assert(itableMethodEntry::size() * wordSize == wordSize, "adjust the scaling in the code below"); - lea(recv_klass, Address(recv_klass, itable_index, Address::times_ptr, itentry_off)); + if (return_method) { + // Adjust recv_klass by scaled itable_index, so we can free itable_index. + assert(itableMethodEntry::size() * wordSize == wordSize, "adjust the scaling in the code below"); + lea(recv_klass, Address(recv_klass, itable_index, Address::times_ptr, itentry_off)); + } // for (scan = klass->itable(); scan->interface() != NULL; scan += scan_step) { // if (scan->interface() == intf) { @@ -5787,9 +5794,11 @@ void MacroAssembler::lookup_interface_method(Register recv_klass, bind(found_method); - // Got a hit. - movl(scan_temp, Address(scan_temp, itableOffsetEntry::offset_offset_in_bytes())); - movptr(method_result, Address(recv_klass, scan_temp, Address::times_1)); + if (return_method) { + // Got a hit. + movl(scan_temp, Address(scan_temp, itableOffsetEntry::offset_offset_in_bytes())); + movptr(method_result, Address(recv_klass, scan_temp, Address::times_1)); + } } diff --git a/hotspot/src/cpu/x86/vm/macroAssembler_x86.hpp b/hotspot/src/cpu/x86/vm/macroAssembler_x86.hpp index 2c2b17c06a..07ee112625 100644 --- a/hotspot/src/cpu/x86/vm/macroAssembler_x86.hpp +++ b/hotspot/src/cpu/x86/vm/macroAssembler_x86.hpp @@ -538,7 +538,8 @@ class MacroAssembler: public Assembler { RegisterOrConstant itable_index, Register method_result, Register scan_temp, - Label& no_such_interface); + Label& no_such_interface, + bool return_method = true); // virtual method calling void lookup_virtual_method(Register recv_klass, diff --git a/hotspot/src/cpu/x86/vm/sharedRuntime_x86_32.cpp b/hotspot/src/cpu/x86/vm/sharedRuntime_x86_32.cpp index 47b9fe5c62..5034b4df94 100644 --- a/hotspot/src/cpu/x86/vm/sharedRuntime_x86_32.cpp +++ b/hotspot/src/cpu/x86/vm/sharedRuntime_x86_32.cpp @@ -952,7 +952,7 @@ AdapterHandlerEntry* SharedRuntime::generate_i2c2i_adapters(MacroAssembler *masm Label missed; __ movptr(temp, Address(receiver, oopDesc::klass_offset_in_bytes())); __ cmpptr(temp, Address(holder, CompiledICHolder::holder_klass_offset())); - __ movptr(rbx, Address(holder, CompiledICHolder::holder_method_offset())); + __ movptr(rbx, Address(holder, CompiledICHolder::holder_metadata_offset())); __ jcc(Assembler::notEqual, missed); // Method might have been compiled since the call site was patched to // interpreted if that is the case treat it as a miss so we can get diff --git a/hotspot/src/cpu/x86/vm/sharedRuntime_x86_64.cpp b/hotspot/src/cpu/x86/vm/sharedRuntime_x86_64.cpp index d81e965d05..fe56280ba6 100644 --- a/hotspot/src/cpu/x86/vm/sharedRuntime_x86_64.cpp +++ b/hotspot/src/cpu/x86/vm/sharedRuntime_x86_64.cpp @@ -942,7 +942,7 @@ AdapterHandlerEntry* SharedRuntime::generate_i2c2i_adapters(MacroAssembler *masm { __ load_klass(temp, receiver); __ cmpptr(temp, Address(holder, CompiledICHolder::holder_klass_offset())); - __ movptr(rbx, Address(holder, CompiledICHolder::holder_method_offset())); + __ movptr(rbx, Address(holder, CompiledICHolder::holder_metadata_offset())); __ jcc(Assembler::equal, ok); __ jump(RuntimeAddress(SharedRuntime::get_ic_miss_stub())); diff --git a/hotspot/src/cpu/x86/vm/templateTable_x86.cpp b/hotspot/src/cpu/x86/vm/templateTable_x86.cpp index 3d2f57f37b..421bfb38ea 100644 --- a/hotspot/src/cpu/x86/vm/templateTable_x86.cpp +++ b/hotspot/src/cpu/x86/vm/templateTable_x86.cpp @@ -3695,11 +3695,11 @@ void TemplateTable::fast_invokevfinal(int byte_no) { void TemplateTable::invokeinterface(int byte_no) { transition(vtos, vtos); assert(byte_no == f1_byte, "use this argument"); - prepare_invoke(byte_no, rax, rbx, // get f1 Klass*, f2 itable index + prepare_invoke(byte_no, rax, rbx, // get f1 Klass*, f2 Method* rcx, rdx); // recv, flags - // rax: interface klass (from f1) - // rbx: itable index (from f2) + // rax: reference klass (from f1) + // rbx: method (from f2) // rcx: receiver // rdx: flags @@ -3721,10 +3721,28 @@ void TemplateTable::invokeinterface(int byte_no) { __ null_check(rcx, oopDesc::klass_offset_in_bytes()); __ load_klass(rdx, rcx); + Label no_such_interface, no_such_method; + + // Receiver subtype check against REFC. + // Superklass in rax. Subklass in rdx. Blows rcx, rdi. + __ lookup_interface_method(// inputs: rec. class, interface, itable index + rdx, rax, noreg, + // outputs: scan temp. reg, scan temp. reg + rbcp, rlocals, + no_such_interface, + /*return_method=*/false); + // profile this call + __ restore_bcp(); // rbcp was destroyed by receiver type check __ profile_virtual_call(rdx, rbcp, rlocals); - Label no_such_interface, no_such_method; + // Get declaring interface class from method, and itable index + __ movptr(rax, Address(rbx, Method::const_offset())); + __ movptr(rax, Address(rax, ConstMethod::constants_offset())); + __ movptr(rax, Address(rax, ConstantPool::pool_holder_offset_in_bytes())); + __ movl(rbx, Address(rbx, Method::itable_index_offset())); + __ subl(rbx, Method::itable_index_max); + __ negl(rbx); __ lookup_interface_method(// inputs: rec. class, interface, itable index rdx, rax, rbx, diff --git a/hotspot/src/cpu/x86/vm/vtableStubs_x86_32.cpp b/hotspot/src/cpu/x86/vm/vtableStubs_x86_32.cpp index 3a5c7d0f38..8de43afb37 100644 --- a/hotspot/src/cpu/x86/vm/vtableStubs_x86_32.cpp +++ b/hotspot/src/cpu/x86/vm/vtableStubs_x86_32.cpp @@ -27,6 +27,7 @@ #include "code/vtableStubs.hpp" #include "interp_masm_x86.hpp" #include "memory/resourceArea.hpp" +#include "oops/compiledICHolder.hpp" #include "oops/instanceKlass.hpp" #include "oops/klassVtable.hpp" #include "runtime/sharedRuntime.hpp" @@ -147,7 +148,7 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { MacroAssembler* masm = new MacroAssembler(&cb); // Entry arguments: - // rax,: Interface + // rax: CompiledICHolder // rcx: Receiver #ifndef PRODUCT @@ -155,25 +156,42 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { __ incrementl(ExternalAddress((address) SharedRuntime::nof_megamorphic_calls_addr())); } #endif /* PRODUCT */ - // get receiver (need to skip return address on top of stack) - - assert(VtableStub::receiver_location() == rcx->as_VMReg(), "receiver expected in rcx"); - - // get receiver klass (also an implicit null-check) - address npe_addr = __ pc(); - __ movptr(rsi, Address(rcx, oopDesc::klass_offset_in_bytes())); // Most registers are in use; we'll use rax, rbx, rsi, rdi // (If we need to make rsi, rdi callee-save, do a push/pop here.) - const Register method = rbx; - Label throw_icce; + const Register recv_klass_reg = rsi; + const Register holder_klass_reg = rax; // declaring interface klass (DECC) + const Register resolved_klass_reg = rbx; // resolved interface klass (REFC) + const Register temp_reg = rdi; - // Get Method* and entrypoint for compiler + const Register icholder_reg = rax; + __ movptr(resolved_klass_reg, Address(icholder_reg, CompiledICHolder::holder_klass_offset())); + __ movptr(holder_klass_reg, Address(icholder_reg, CompiledICHolder::holder_metadata_offset())); + + Label L_no_such_interface; + + // get receiver klass (also an implicit null-check) + address npe_addr = __ pc(); + assert(VtableStub::receiver_location() == rcx->as_VMReg(), "receiver expected in rcx"); + __ load_klass(recv_klass_reg, rcx); + + // Receiver subtype check against REFC. + // Destroys recv_klass_reg value. + __ lookup_interface_method(// inputs: rec. class, interface + recv_klass_reg, resolved_klass_reg, noreg, + // outputs: scan temp. reg1, scan temp. reg2 + recv_klass_reg, temp_reg, + L_no_such_interface, + /*return_method=*/false); + + // Get selected method from declaring class and itable index + const Register method = rbx; + __ load_klass(recv_klass_reg, rcx); // restore recv_klass_reg __ lookup_interface_method(// inputs: rec. class, interface, itable index - rsi, rax, itable_index, + recv_klass_reg, holder_klass_reg, itable_index, // outputs: method, scan temp. reg - method, rdi, - throw_icce); + method, temp_reg, + L_no_such_interface); // method (rbx): Method* // rcx: receiver @@ -193,9 +211,10 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { address ame_addr = __ pc(); __ jmp(Address(method, Method::from_compiled_offset())); - __ bind(throw_icce); + __ bind(L_no_such_interface); __ jump(RuntimeAddress(StubRoutines::throw_IncompatibleClassChangeError_entry())); - masm->flush(); + + __ flush(); if (PrintMiscellaneous && (WizardMode || Verbose)) { tty->print_cr("itable #%d at " PTR_FORMAT "[%d] left over: %d", @@ -220,7 +239,7 @@ int VtableStub::pd_code_size_limit(bool is_vtable_stub) { return (DebugVtables ? 210 : 16) + (CountCompiledCalls ? 6 : 0); } else { // Itable stub size - return (DebugVtables ? 256 : 66) + (CountCompiledCalls ? 6 : 0); + return (DebugVtables ? 256 : 110) + (CountCompiledCalls ? 6 : 0); } // In order to tune these parameters, run the JVM with VM options // +PrintMiscellaneous and +WizardMode to see information about diff --git a/hotspot/src/cpu/x86/vm/vtableStubs_x86_64.cpp b/hotspot/src/cpu/x86/vm/vtableStubs_x86_64.cpp index 6c0a2fcb6a..f17330d26e 100644 --- a/hotspot/src/cpu/x86/vm/vtableStubs_x86_64.cpp +++ b/hotspot/src/cpu/x86/vm/vtableStubs_x86_64.cpp @@ -27,6 +27,7 @@ #include "code/vtableStubs.hpp" #include "interp_masm_x86.hpp" #include "memory/resourceArea.hpp" +#include "oops/compiledICHolder.hpp" #include "oops/instanceKlass.hpp" #include "oops/klassVtable.hpp" #include "runtime/sharedRuntime.hpp" @@ -147,36 +148,50 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { #endif // Entry arguments: - // rax: Interface + // rax: CompiledICHolder // j_rarg0: Receiver - // Free registers (non-args) are rax (interface), rbx - - // get receiver (need to skip return address on top of stack) - - assert(VtableStub::receiver_location() == j_rarg0->as_VMReg(), "receiver expected in j_rarg0"); - // get receiver klass (also an implicit null-check) - address npe_addr = __ pc(); - // Most registers are in use; we'll use rax, rbx, r10, r11 // (various calling sequences use r[cd]x, r[sd]i, r[89]; stay away from them) - __ load_klass(r10, j_rarg0); + const Register recv_klass_reg = r10; + const Register holder_klass_reg = rax; // declaring interface klass (DECC) + const Register resolved_klass_reg = rbx; // resolved interface klass (REFC) + const Register temp_reg = r11; + + Label L_no_such_interface; + + const Register icholder_reg = rax; + __ movptr(resolved_klass_reg, Address(icholder_reg, CompiledICHolder::holder_klass_offset())); + __ movptr(holder_klass_reg, Address(icholder_reg, CompiledICHolder::holder_metadata_offset())); + + // get receiver klass (also an implicit null-check) + assert(VtableStub::receiver_location() == j_rarg0->as_VMReg(), "receiver expected in j_rarg0"); + address npe_addr = __ pc(); + __ load_klass(recv_klass_reg, j_rarg0); + + // Receiver subtype check against REFC. + // Destroys recv_klass_reg value. + __ lookup_interface_method(// inputs: rec. class, interface + recv_klass_reg, resolved_klass_reg, noreg, + // outputs: scan temp. reg1, scan temp. reg2 + recv_klass_reg, temp_reg, + L_no_such_interface, + /*return_method=*/false); + + // Get selected method from declaring class and itable index + const Register method = rbx; + __ load_klass(recv_klass_reg, j_rarg0); // restore recv_klass_reg + __ lookup_interface_method(// inputs: rec. class, interface, itable index + recv_klass_reg, holder_klass_reg, itable_index, + // outputs: method, scan temp. reg + method, temp_reg, + L_no_such_interface); // If we take a trap while this arg is on the stack we will not // be able to walk the stack properly. This is not an issue except // when there are mistakes in this assembly code that could generate // a spurious fault. Ask me how I know... - const Register method = rbx; - Label throw_icce; - - // Get Method* and entrypoint for compiler - __ lookup_interface_method(// inputs: rec. class, interface, itable index - r10, rax, itable_index, - // outputs: method, scan temp. reg - method, r11, - throw_icce); - // method (rbx): Method* // j_rarg0: receiver @@ -197,7 +212,7 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { address ame_addr = __ pc(); __ jmp(Address(method, Method::from_compiled_offset())); - __ bind(throw_icce); + __ bind(L_no_such_interface); __ jump(RuntimeAddress(StubRoutines::throw_IncompatibleClassChangeError_entry())); __ flush(); @@ -224,8 +239,8 @@ int VtableStub::pd_code_size_limit(bool is_vtable_stub) { (UseCompressedClassPointers ? MacroAssembler::instr_size_for_decode_klass_not_null() : 0); } else { // Itable stub size - return (DebugVtables ? 512 : 74) + (CountCompiledCalls ? 13 : 0) + - (UseCompressedClassPointers ? MacroAssembler::instr_size_for_decode_klass_not_null() : 0); + return (DebugVtables ? 512 : 140) + (CountCompiledCalls ? 13 : 0) + + (UseCompressedClassPointers ? 2 * MacroAssembler::instr_size_for_decode_klass_not_null() : 0); } // In order to tune these parameters, run the JVM with VM options // +PrintMiscellaneous and +WizardMode to see information about diff --git a/hotspot/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/oops/CompiledICHolder.java b/hotspot/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/oops/CompiledICHolder.java index 249430ad28..73b325952d 100644 --- a/hotspot/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/oops/CompiledICHolder.java +++ b/hotspot/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/oops/CompiledICHolder.java @@ -40,10 +40,10 @@ public class CompiledICHolder extends VMObject { } private static synchronized void initialize(TypeDataBase db) throws WrongTypeException { - Type type = db.lookupType("CompiledICHolder"); - holderMethod = new MetadataField(type.getAddressField("_holder_method"), 0); - holderKlass = new MetadataField(type.getAddressField("_holder_klass"), 0); - headerSize = type.getSize(); + Type type = db.lookupType("CompiledICHolder"); + holderMetadata = new MetadataField(type.getAddressField("_holder_metadata"), 0); + holderKlass = new MetadataField(type.getAddressField("_holder_klass"), 0); + headerSize = type.getSize(); } public CompiledICHolder(Address addr) { @@ -55,12 +55,12 @@ public class CompiledICHolder extends VMObject { private static long headerSize; // Fields - private static MetadataField holderMethod; + private static MetadataField holderMetadata; private static MetadataField holderKlass; // Accessors for declared fields - public Method getHolderMethod() { return (Method) holderMethod.getValue(this); } - public Klass getHolderKlass() { return (Klass) holderKlass.getValue(this); } + public Metadata getHolderMetadata() { return (Metadata) holderMetadata.getValue(this); } + public Klass getHolderKlass() { return (Klass) holderKlass.getValue(this); } public void printValueOn(PrintStream tty) { tty.print("CompiledICHolder"); diff --git a/hotspot/src/share/vm/aot/aotCompiledMethod.cpp b/hotspot/src/share/vm/aot/aotCompiledMethod.cpp index c501ce12e6..ff8540ca8c 100644 --- a/hotspot/src/share/vm/aot/aotCompiledMethod.cpp +++ b/hotspot/src/share/vm/aot/aotCompiledMethod.cpp @@ -273,7 +273,7 @@ void AOTCompiledMethod::metadata_do(void f(Metadata*)) { CompiledIC *ic = CompiledIC_at(&iter); if (ic->is_icholder_call()) { CompiledICHolder* cichk = ic->cached_icholder(); - f(cichk->holder_method()); + f(cichk->holder_metadata()); f(cichk->holder_klass()); } else { // Get Klass* or NULL (if value is -1) from GOT cell of virtual call PLT stub. diff --git a/hotspot/src/share/vm/code/compiledIC.cpp b/hotspot/src/share/vm/code/compiledIC.cpp index 97db8a54b6..0934e4803d 100644 --- a/hotspot/src/share/vm/code/compiledIC.cpp +++ b/hotspot/src/share/vm/code/compiledIC.cpp @@ -230,10 +230,13 @@ bool CompiledIC::set_to_megamorphic(CallInfo* call_info, Bytecodes::Code bytecod #ifdef ASSERT int index = call_info->resolved_method()->itable_index(); assert(index == itable_index, "CallInfo pre-computes this"); -#endif //ASSERT InstanceKlass* k = call_info->resolved_method()->method_holder(); assert(k->verify_itable_index(itable_index), "sanity check"); - InlineCacheBuffer::create_transition_stub(this, k, entry); +#endif //ASSERT + CompiledICHolder* holder = new CompiledICHolder(call_info->resolved_method()->method_holder(), + call_info->resolved_klass()()); + holder->claim(); + InlineCacheBuffer::create_transition_stub(this, holder, entry); } else { assert(call_info->call_kind() == CallInfo::vtable_call, "either itable or vtable"); // Can be different than selected_method->vtable_index(), due to package-private etc. @@ -517,7 +520,14 @@ void CompiledIC::compute_monomorphic_entry(const methodHandle& method, bool CompiledIC::is_icholder_entry(address entry) { CodeBlob* cb = CodeCache::find_blob_unsafe(entry); - return (cb != NULL && cb->is_adapter_blob()); + if (cb != NULL && cb->is_adapter_blob()) { + return true; + } + // itable stubs also use CompiledICHolder + if (VtableStubs::is_entry_point(entry) && VtableStubs::stub_containing(entry)->is_itable_stub()) { + return true; + } + return false; } bool CompiledIC::is_icholder_call_site(virtual_call_Relocation* call_site, const CompiledMethod* cm) { diff --git a/hotspot/src/share/vm/code/compiledIC.hpp b/hotspot/src/share/vm/code/compiledIC.hpp index 15af2b44b8..dd8a7130f0 100644 --- a/hotspot/src/share/vm/code/compiledIC.hpp +++ b/hotspot/src/share/vm/code/compiledIC.hpp @@ -45,11 +45,11 @@ // \ / \ / // [4] \ / [4] \->-/ // \->- Megamorphic -<-/ -// (Method*) +// (CompiledICHolder*) // -// The text in paranteses () refere to the value of the inline cache receiver (mov instruction) +// The text in parentheses () refers to the value of the inline cache receiver (mov instruction) // -// The numbers in square brackets refere to the kind of transition: +// The numbers in square brackets refer to the kind of transition: // [1]: Initial fixup. Receiver it found from debug information // [2]: Compilation of a method // [3]: Recompilation of a method (note: only entry is changed. The Klass* must stay the same) diff --git a/hotspot/src/share/vm/code/compiledMethod.cpp b/hotspot/src/share/vm/code/compiledMethod.cpp index 30120b2989..0447c2bdc3 100644 --- a/hotspot/src/share/vm/code/compiledMethod.cpp +++ b/hotspot/src/share/vm/code/compiledMethod.cpp @@ -417,8 +417,7 @@ void CompiledMethod::clean_ic_if_metadata_is_dead(CompiledIC *ic, BoolObjectClos // yet be marked below. (We check this further below). CompiledICHolder* cichk_oop = ic->cached_icholder(); - if (cichk_oop->holder_method()->method_holder()->is_loader_alive(is_alive) && - cichk_oop->holder_klass()->is_loader_alive(is_alive)) { + if (cichk_oop->is_loader_alive(is_alive)) { return; } } else { diff --git a/hotspot/src/share/vm/code/nmethod.cpp b/hotspot/src/share/vm/code/nmethod.cpp index f82872baf1..80b894df8f 100644 --- a/hotspot/src/share/vm/code/nmethod.cpp +++ b/hotspot/src/share/vm/code/nmethod.cpp @@ -1577,7 +1577,7 @@ void nmethod::metadata_do(void f(Metadata*)) { CompiledIC *ic = CompiledIC_at(&iter); if (ic->is_icholder_call()) { CompiledICHolder* cichk = ic->cached_icholder(); - f(cichk->holder_method()); + f(cichk->holder_metadata()); f(cichk->holder_klass()); } else { Metadata* ic_oop = ic->cached_metadata(); diff --git a/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp b/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp index d053786f03..06052f9ab8 100644 --- a/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp +++ b/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -795,7 +795,7 @@ void InterpreterRuntime::resolve_invoke(JavaThread* thread, Bytecodes::Code byte // it is not an interface. The receiver for invokespecial calls within interface // methods must be checked for every call. InstanceKlass* sender = pool->pool_holder(); - sender = sender->is_anonymous() ? sender->host_klass() : sender; + sender = sender->has_host_klass() ? sender->host_klass() : sender; switch (info.call_kind()) { case CallInfo::direct_call: @@ -813,6 +813,7 @@ void InterpreterRuntime::resolve_invoke(JavaThread* thread, Bytecodes::Code byte case CallInfo::itable_call: cp_cache_entry->set_itable_call( bytecode, + info.resolved_klass(), info.resolved_method(), info.itable_index()); break; diff --git a/hotspot/src/share/vm/interpreter/linkResolver.cpp b/hotspot/src/share/vm/interpreter/linkResolver.cpp index d7ae64effe..2d323cd7d3 100644 --- a/hotspot/src/share/vm/interpreter/linkResolver.cpp +++ b/hotspot/src/share/vm/interpreter/linkResolver.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1061,11 +1061,7 @@ void LinkResolver::resolve_special_call(CallInfo& result, const LinkInfo& link_info, TRAPS) { methodHandle resolved_method = linktime_resolve_special_method(link_info, CHECK); - runtime_resolve_special_method(result, resolved_method, - link_info.resolved_klass(), - link_info.current_klass(), - recv, - link_info.check_access(), CHECK); + runtime_resolve_special_method(result, link_info, resolved_method, recv, CHECK); } // throws linktime exceptions @@ -1148,11 +1144,11 @@ methodHandle LinkResolver::linktime_resolve_special_method(const LinkInfo& link_ // throws runtime exceptions void LinkResolver::runtime_resolve_special_method(CallInfo& result, + const LinkInfo& link_info, const methodHandle& resolved_method, - KlassHandle resolved_klass, - KlassHandle current_klass, - Handle recv, - bool check_access, TRAPS) { + Handle recv, TRAPS) { + + KlassHandle resolved_klass = link_info.resolved_klass(); // resolved method is selected method unless we have an old-style lookup // for a superclass method @@ -1160,12 +1156,13 @@ void LinkResolver::runtime_resolve_special_method(CallInfo& result, // no checks for shadowing methodHandle sel_method(THREAD, resolved_method()); - if (check_access && + if (link_info.check_access() && // check if the method is not resolved_method->name() != vmSymbols::object_initializer_name()) { - // check if this is an old-style super call and do a new lookup if so + // check if this is an old-style super call and do a new lookup if so // a) check if ACC_SUPER flag is set for the current class + KlassHandle current_klass = link_info.current_klass(); if ((current_klass->is_super() || !AllowNonVirtualCalls) && // b) check if the class of the resolved_klass is a superclass // (not supertype in order to exclude interface classes) of the current class. @@ -1185,6 +1182,9 @@ void LinkResolver::runtime_resolve_special_method(CallInfo& result, Method::name_and_sig_as_C_string(resolved_klass(), resolved_method->name(), resolved_method->signature())); + // check loader constraints if found a different method + } else if (sel_method() != resolved_method()) { + check_method_loader_constraints(link_info, sel_method, "method", CHECK); } } diff --git a/hotspot/src/share/vm/interpreter/linkResolver.hpp b/hotspot/src/share/vm/interpreter/linkResolver.hpp index 2f14496bb0..7192b8c133 100644 --- a/hotspot/src/share/vm/interpreter/linkResolver.hpp +++ b/hotspot/src/share/vm/interpreter/linkResolver.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -227,11 +227,10 @@ class LinkResolver: AllStatic { static methodHandle linktime_resolve_interface_method (const LinkInfo& link_info, TRAPS); static void runtime_resolve_special_method (CallInfo& result, + const LinkInfo& link_info, const methodHandle& resolved_method, - KlassHandle resolved_klass, - KlassHandle current_klass, - Handle recv, - bool check_access, TRAPS); + Handle recv, TRAPS); + static void runtime_resolve_virtual_method (CallInfo& result, const methodHandle& resolved_method, KlassHandle resolved_klass, diff --git a/hotspot/src/share/vm/oops/compiledICHolder.cpp b/hotspot/src/share/vm/oops/compiledICHolder.cpp index 55397d06c1..19f44adab8 100644 --- a/hotspot/src/share/vm/oops/compiledICHolder.cpp +++ b/hotspot/src/share/vm/oops/compiledICHolder.cpp @@ -32,8 +32,8 @@ volatile int CompiledICHolder::_live_count; volatile int CompiledICHolder::_live_not_claimed_count; -CompiledICHolder::CompiledICHolder(Method* method, Klass* klass) - : _holder_method(method), _holder_klass(klass) { +CompiledICHolder::CompiledICHolder(Metadata* metadata, Klass* klass) + : _holder_metadata(metadata), _holder_klass(klass) { #ifdef ASSERT Atomic::inc(&_live_count); Atomic::inc(&_live_not_claimed_count); @@ -47,12 +47,28 @@ CompiledICHolder::~CompiledICHolder() { } #endif // ASSERT +bool CompiledICHolder::is_loader_alive(BoolObjectClosure* is_alive) { + if (_holder_metadata->is_method()) { + if (!((Method*)_holder_metadata)->method_holder()->is_loader_alive(is_alive)) { + return false; + } + } else if (_holder_metadata->is_klass()) { + if (!((Klass*)_holder_metadata)->is_loader_alive(is_alive)) { + return false; + } + } + if (!_holder_klass->is_loader_alive(is_alive)) { + return false; + } + return true; +} + // Printing void CompiledICHolder::print_on(outputStream* st) const { st->print("%s", internal_name()); - st->print(" - method: "); holder_method()->print_value_on(st); st->cr(); - st->print(" - klass: "); holder_klass()->print_value_on(st); st->cr(); + st->print(" - metadata: "); holder_metadata()->print_value_on(st); st->cr(); + st->print(" - klass: "); holder_klass()->print_value_on(st); st->cr(); } void CompiledICHolder::print_value_on(outputStream* st) const { @@ -63,7 +79,7 @@ void CompiledICHolder::print_value_on(outputStream* st) const { // Verification void CompiledICHolder::verify_on(outputStream* st) { - guarantee(holder_method()->is_method(), "should be method"); + guarantee(holder_metadata()->is_method() || holder_metadata()->is_klass(), "should be method or klass"); guarantee(holder_klass()->is_klass(), "should be klass"); } diff --git a/hotspot/src/share/vm/oops/compiledICHolder.hpp b/hotspot/src/share/vm/oops/compiledICHolder.hpp index c3e899fde8..af4a38a9f3 100644 --- a/hotspot/src/share/vm/oops/compiledICHolder.hpp +++ b/hotspot/src/share/vm/oops/compiledICHolder.hpp @@ -29,8 +29,9 @@ #include "utilities/macros.hpp" // A CompiledICHolder* is a helper object for the inline cache implementation. -// It holds an intermediate value (method+klass pair) used when converting from -// compiled to an interpreted call. +// It holds: +// (1) (method+klass pair) when converting from compiled to an interpreted call +// (2) (klass+klass pair) when calling itable stub from megamorphic compiled call // // These are always allocated in the C heap and are freed during a // safepoint by the ICBuffer logic. It's unsafe to free them earlier @@ -45,32 +46,33 @@ class CompiledICHolder : public CHeapObj { static volatile int _live_not_claimed_count; // allocated but not yet in use so not // reachable by iterating over nmethods - Method* _holder_method; + Metadata* _holder_metadata; Klass* _holder_klass; // to avoid name conflict with oopDesc::_klass CompiledICHolder* _next; public: // Constructor - CompiledICHolder(Method* method, Klass* klass); + CompiledICHolder(Metadata* metadata, Klass* klass); ~CompiledICHolder() NOT_DEBUG_RETURN; static int live_count() { return _live_count; } static int live_not_claimed_count() { return _live_not_claimed_count; } // accessors - Method* holder_method() const { return _holder_method; } Klass* holder_klass() const { return _holder_klass; } + Metadata* holder_metadata() const { return _holder_metadata; } - void set_holder_method(Method* m) { _holder_method = m; } - void set_holder_klass(Klass* k) { _holder_klass = k; } + void set_holder_metadata(Metadata* m) { _holder_metadata = m; } + void set_holder_klass(Klass* k) { _holder_klass = k; } - // interpreter support (offsets in bytes) - static int holder_method_offset() { return offset_of(CompiledICHolder, _holder_method); } + static int holder_metadata_offset() { return offset_of(CompiledICHolder, _holder_metadata); } static int holder_klass_offset() { return offset_of(CompiledICHolder, _holder_klass); } CompiledICHolder* next() { return _next; } void set_next(CompiledICHolder* n) { _next = n; } + bool is_loader_alive(BoolObjectClosure* is_alive); + // Verify void verify_on(outputStream* st); diff --git a/hotspot/src/share/vm/oops/constantPool.hpp b/hotspot/src/share/vm/oops/constantPool.hpp index 86cfa19217..173108fd09 100644 --- a/hotspot/src/share/vm/oops/constantPool.hpp +++ b/hotspot/src/share/vm/oops/constantPool.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -958,7 +958,7 @@ class SymbolHashMap: public CHeapObj { delete(cur); } } - delete _buckets; + FREE_C_HEAP_ARRAY(SymbolHashMapBucket, _buckets); } }; // End SymbolHashMap class diff --git a/hotspot/src/share/vm/oops/cpCache.cpp b/hotspot/src/share/vm/oops/cpCache.cpp index b7522433bb..9ba540097e 100644 --- a/hotspot/src/share/vm/oops/cpCache.cpp +++ b/hotspot/src/share/vm/oops/cpCache.cpp @@ -255,14 +255,16 @@ void ConstantPoolCacheEntry::set_vtable_call(Bytecodes::Code invoke_code, method set_direct_or_vtable_call(invoke_code, method, index, false); } -void ConstantPoolCacheEntry::set_itable_call(Bytecodes::Code invoke_code, const methodHandle& method, int index) { +void ConstantPoolCacheEntry::set_itable_call(Bytecodes::Code invoke_code, + KlassHandle referenced_klass, + const methodHandle& method, int index) { assert(method->method_holder()->verify_itable_index(index), ""); assert(invoke_code == Bytecodes::_invokeinterface, ""); InstanceKlass* interf = method->method_holder(); assert(interf->is_interface(), "must be an interface"); assert(!method->is_final_method(), "interfaces do not have final methods; cannot link to one here"); - set_f1(interf); - set_f2(index); + set_f1(referenced_klass()); + set_f2((intx)method()); set_method_flags(as_TosState(method->result_type()), 0, // no option bits method()->size_of_parameters()); @@ -434,10 +436,23 @@ oop ConstantPoolCacheEntry::method_type_if_resolved(const constantPoolHandle& cp #if INCLUDE_JVMTI + +void log_adjust(const char* entry_type, Method* old_method, Method* new_method, bool* trace_name_printed) { + if (log_is_enabled(Info, redefine, class, update)) { + ResourceMark rm; + if (!(*trace_name_printed)) { + log_info(redefine, class, update)("adjust: name=%s", old_method->method_holder()->external_name()); + *trace_name_printed = true; + } + log_debug(redefine, class, update, constantpool) + ("cpc %s entry update: %s(%s)", entry_type, new_method->name()->as_C_string(), new_method->signature()->as_C_string()); + } +} + // RedefineClasses() API support: // If this ConstantPoolCacheEntry refers to old_method then update it // to refer to new_method. -bool ConstantPoolCacheEntry::adjust_method_entry(Method* old_method, +void ConstantPoolCacheEntry::adjust_method_entry(Method* old_method, Method* new_method, bool * trace_name_printed) { if (is_vfinal()) { @@ -446,63 +461,35 @@ bool ConstantPoolCacheEntry::adjust_method_entry(Method* old_method, // match old_method so need an update // NOTE: can't use set_f2_as_vfinal_method as it asserts on different values _f2 = (intptr_t)new_method; - if (log_is_enabled(Info, redefine, class, update)) { - ResourceMark rm; - if (!(*trace_name_printed)) { - log_info(redefine, class, update)("adjust: name=%s", old_method->method_holder()->external_name()); - *trace_name_printed = true; - } - log_debug(redefine, class, update, constantpool) - ("cpc vf-entry update: %s(%s)", new_method->name()->as_C_string(), new_method->signature()->as_C_string()); - } - return true; + log_adjust("vfinal", old_method, new_method, trace_name_printed); } - - // f1() is not used with virtual entries so bail out - return false; + return; } - if (_f1 == NULL) { - // NULL f1() means this is a virtual entry so bail out - // We are assuming that the vtable index does not need change. - return false; - } + assert (_f1 != NULL, "should not call with uninteresting entry"); - if (_f1 == old_method) { + if (!(_f1->is_method())) { + // _f1 is a Klass* for an interface, _f2 is the method + if (f2_as_interface_method() == old_method) { + _f2 = (intptr_t)new_method; + log_adjust("interface", old_method, new_method, trace_name_printed); + } + } else if (_f1 == old_method) { _f1 = new_method; - if (log_is_enabled(Info, redefine, class, update)) { - ResourceMark rm; - if (!(*trace_name_printed)) { - log_info(redefine, class, update)("adjust: name=%s", old_method->method_holder()->external_name()); - *trace_name_printed = true; - } - log_debug(redefine, class, update, constantpool) - ("cpc entry update: %s(%s)", new_method->name()->as_C_string(), new_method->signature()->as_C_string()); - } - return true; + log_adjust("special, static or dynamic", old_method, new_method, trace_name_printed); } - - return false; } // a constant pool cache entry should never contain old or obsolete methods bool ConstantPoolCacheEntry::check_no_old_or_obsolete_entries() { - if (is_vfinal()) { - // virtual and final so _f2 contains method ptr instead of vtable index - Metadata* f2 = (Metadata*)_f2; - // Return false if _f2 refers to an old or an obsolete method. - // _f2 == NULL || !_f2->is_method() are just as unexpected here. - return (f2 != NULL NOT_PRODUCT(&& f2->is_valid()) && f2->is_method() && - !((Method*)f2)->is_old() && !((Method*)f2)->is_obsolete()); - } else if (_f1 == NULL || - (NOT_PRODUCT(_f1->is_valid() &&) !_f1->is_method())) { - // _f1 == NULL || !_f1->is_method() are OK here + Method* m = get_interesting_method_entry(NULL); + // return false if m refers to a non-deleted old or obsolete method + if (m != NULL) { + assert(m->is_valid() && m->is_method(), "m is a valid method"); + return !m->is_old() && !m->is_obsolete(); // old is always set for old and obsolete + } else { return true; } - // return false if _f1 refers to a non-deleted old or obsolete method - return (NOT_PRODUCT(_f1->is_valid() &&) _f1->is_method() && - (f1_as_method()->is_deleted() || - (!f1_as_method()->is_old() && !f1_as_method()->is_obsolete()))); } Method* ConstantPoolCacheEntry::get_interesting_method_entry(Klass* k) { @@ -519,10 +506,11 @@ Method* ConstantPoolCacheEntry::get_interesting_method_entry(Klass* k) { return NULL; } else { if (!(_f1->is_method())) { - // _f1 can also contain a Klass* for an interface - return NULL; + // _f1 is a Klass* for an interface + m = f2_as_interface_method(); + } else { + m = f1_as_method(); } - m = f1_as_method(); } assert(m != NULL && m->is_method(), "sanity check"); if (m == NULL || !m->is_method() || (k != NULL && m->method_holder() != k)) { diff --git a/hotspot/src/share/vm/oops/cpCache.hpp b/hotspot/src/share/vm/oops/cpCache.hpp index 9db57ffa03..6b689314da 100644 --- a/hotspot/src/share/vm/oops/cpCache.hpp +++ b/hotspot/src/share/vm/oops/cpCache.hpp @@ -249,6 +249,7 @@ class ConstantPoolCacheEntry VALUE_OBJ_CLASS_SPEC { void set_itable_call( Bytecodes::Code invoke_code, // the bytecode used; must be invokeinterface + KlassHandle referenced_klass, // the referenced klass in the InterfaceMethodref const methodHandle& method, // the resolved interface method int itable_index // index into itable for the method ); @@ -345,6 +346,7 @@ class ConstantPoolCacheEntry VALUE_OBJ_CLASS_SPEC { bool is_f1_null() const { Metadata* f1 = f1_ord(); return f1 == NULL; } // classifies a CPC entry as unbound int f2_as_index() const { assert(!is_vfinal(), ""); return (int) _f2; } Method* f2_as_vfinal_method() const { assert(is_vfinal(), ""); return (Method*)_f2; } + Method* f2_as_interface_method() const { assert(bytecode_1() == Bytecodes::_invokeinterface, ""); return (Method*)_f2; } int field_index() const { assert(is_field_entry(), ""); return (_flags & field_index_mask); } int parameter_size() const { assert(is_method_entry(), ""); return (_flags & parameter_size_mask); } bool is_volatile() const { return (_flags & (1 << is_volatile_shift)) != 0; } @@ -377,7 +379,7 @@ class ConstantPoolCacheEntry VALUE_OBJ_CLASS_SPEC { // trace_name_printed is set to true if the current call has // printed the klass name so that other routines in the adjust_* // group don't print the klass name. - bool adjust_method_entry(Method* old_method, Method* new_method, + void adjust_method_entry(Method* old_method, Method* new_method, bool* trace_name_printed); bool check_no_old_or_obsolete_entries(); Method* get_interesting_method_entry(Klass* k); diff --git a/hotspot/src/share/vm/oops/instanceKlass.hpp b/hotspot/src/share/vm/oops/instanceKlass.hpp index 1756b9fc86..2ae6511016 100644 --- a/hotspot/src/share/vm/oops/instanceKlass.hpp +++ b/hotspot/src/share/vm/oops/instanceKlass.hpp @@ -625,9 +625,11 @@ class InstanceKlass: public Klass { InstanceKlass* host_klass() const { InstanceKlass** hk = adr_host_klass(); if (hk == NULL) { + assert(!is_anonymous(), "Anonymous classes have host klasses"); return NULL; } else { assert(*hk != NULL, "host klass should always be set if the address is not null"); + assert(is_anonymous(), "Only anonymous classes have host klasses"); return *hk; } } @@ -639,6 +641,9 @@ class InstanceKlass: public Klass { *addr = host; } } + bool has_host_klass() const { + return adr_host_klass() != NULL; + } bool is_anonymous() const { return (_misc_flags & _misc_is_anonymous) != 0; } diff --git a/hotspot/src/share/vm/oops/klassVtable.cpp b/hotspot/src/share/vm/oops/klassVtable.cpp index 9715d2b087..0943d52b50 100644 --- a/hotspot/src/share/vm/oops/klassVtable.cpp +++ b/hotspot/src/share/vm/oops/klassVtable.cpp @@ -1173,7 +1173,6 @@ void klassItable::initialize_itable_for_interface(int method_table_offset, Klass Array* methods = InstanceKlass::cast(interf_h())->methods(); int nof_methods = methods->length(); HandleMark hm; - assert(nof_methods > 0, "at least one method must exist for interface to be in vtable"); Handle interface_loader (THREAD, InstanceKlass::cast(interf_h())->class_loader()); int ime_count = method_count_for_interface(interf_h()); @@ -1350,8 +1349,10 @@ void visit_all_interfaces(Array* transitive_intf, InterfaceVisiterClosur } } - // Only count interfaces with at least one method - if (method_count > 0) { + // Visit all interfaces which either have any methods or can participate in receiver type check. + // We do not bother to count methods in transitive interfaces, although that would allow us to skip + // this step in the rare case of a zero-method interface extending another zero-method interface. + if (method_count > 0 || InstanceKlass::cast(intf)->transitive_interfaces()->length() > 0) { blk->doit(intf, method_count); } } diff --git a/hotspot/src/share/vm/oops/method.hpp b/hotspot/src/share/vm/oops/method.hpp index 6675410db8..a1f8e66e72 100644 --- a/hotspot/src/share/vm/oops/method.hpp +++ b/hotspot/src/share/vm/oops/method.hpp @@ -700,6 +700,7 @@ class Method : public Metadata { static ByteSize from_interpreted_offset() { return byte_offset_of(Method, _from_interpreted_entry ); } static ByteSize interpreter_entry_offset() { return byte_offset_of(Method, _i2i_entry ); } static ByteSize signature_handler_offset() { return in_ByteSize(sizeof(Method) + wordSize); } + static ByteSize itable_index_offset() { return byte_offset_of(Method, _vtable_index ); } // for code generation static int method_data_offset_in_bytes() { return offset_of(Method, _method_data); } diff --git a/hotspot/src/share/vm/prims/jni.cpp b/hotspot/src/share/vm/prims/jni.cpp index acda443267..5f81a7ecb6 100644 --- a/hotspot/src/share/vm/prims/jni.cpp +++ b/hotspot/src/share/vm/prims/jni.cpp @@ -2839,7 +2839,7 @@ jni_Get##Result##ArrayRegion(JNIEnv *env, ElementType##Array array, jsize start, EntryProbe; \ DT_VOID_RETURN_MARK(Get##Result##ArrayRegion); \ typeArrayOop src = typeArrayOop(JNIHandles::resolve_non_null(array)); \ - if (start < 0 || len < 0 || ((unsigned int)start + (unsigned int)len > (unsigned int)src->length())) { \ + if (start < 0 || len < 0 || (start > src->length() - len)) { \ THROW(vmSymbols::java_lang_ArrayIndexOutOfBoundsException()); \ } else { \ if (len > 0) { \ @@ -2889,7 +2889,7 @@ jni_Set##Result##ArrayRegion(JNIEnv *env, ElementType##Array array, jsize start, EntryProbe; \ DT_VOID_RETURN_MARK(Set##Result##ArrayRegion); \ typeArrayOop dst = typeArrayOop(JNIHandles::resolve_non_null(array)); \ - if (start < 0 || len < 0 || ((unsigned int)start + (unsigned int)len > (unsigned int)dst->length())) { \ + if (start < 0 || len < 0 || (start > dst->length() - len)) { \ THROW(vmSymbols::java_lang_ArrayIndexOutOfBoundsException()); \ } else { \ if (len > 0) { \ @@ -3126,7 +3126,7 @@ JNI_ENTRY(void, jni_GetStringRegion(JNIEnv *env, jstring string, jsize start, js DT_VOID_RETURN_MARK(GetStringRegion); oop s = JNIHandles::resolve_non_null(string); int s_len = java_lang_String::length(s); - if (start < 0 || len < 0 || start + len > s_len) { + if (start < 0 || len < 0 || start > s_len - len) { THROW(vmSymbols::java_lang_StringIndexOutOfBoundsException()); } else { if (len > 0) { @@ -3152,7 +3152,7 @@ JNI_ENTRY(void, jni_GetStringUTFRegion(JNIEnv *env, jstring string, jsize start, DT_VOID_RETURN_MARK(GetStringUTFRegion); oop s = JNIHandles::resolve_non_null(string); int s_len = java_lang_String::length(s); - if (start < 0 || len < 0 || start + len > s_len) { + if (start < 0 || len < 0 || start > s_len - len) { THROW(vmSymbols::java_lang_StringIndexOutOfBoundsException()); } else { //%note jni_7 diff --git a/hotspot/src/share/vm/runtime/vmStructs.cpp b/hotspot/src/share/vm/runtime/vmStructs.cpp index a945f4f4a0..79956edf1d 100644 --- a/hotspot/src/share/vm/runtime/vmStructs.cpp +++ b/hotspot/src/share/vm/runtime/vmStructs.cpp @@ -230,7 +230,7 @@ typedef CompactHashtable SymbolCompactHashTable; nonstatic_field(ArrayKlass, _dimension, int) \ volatile_nonstatic_field(ArrayKlass, _higher_dimension, Klass*) \ volatile_nonstatic_field(ArrayKlass, _lower_dimension, Klass*) \ - nonstatic_field(CompiledICHolder, _holder_method, Method*) \ + nonstatic_field(CompiledICHolder, _holder_metadata, Metadata*) \ nonstatic_field(CompiledICHolder, _holder_klass, Klass*) \ nonstatic_field(ConstantPool, _tags, Array*) \ nonstatic_field(ConstantPool, _cache, ConstantPoolCache*) \ diff --git a/hotspot/test/native/code/test_vtableStub.cpp b/hotspot/test/native/code/test_vtableStub.cpp new file mode 100644 index 0000000000..9930f95127 --- /dev/null +++ b/hotspot/test/native/code/test_vtableStub.cpp @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + * + */ + +#include "precompiled.hpp" +#include "code/vtableStubs.hpp" +#include "runtime/interfaceSupport.hpp" +#include "unittest.hpp" + +TEST_VM(code, vtableStubs) { + // Should be in VM to use locks + ThreadInVMfromNative ThreadInVMfromNative(JavaThread::current()); + + VtableStubs::find_vtable_stub(0); // min vtable index + for (int i = 0; i < 15; i++) { + VtableStubs::find_vtable_stub((1 << i) - 1); + VtableStubs::find_vtable_stub((1 << i)); + } + VtableStubs::find_vtable_stub((1 << 15) - 1); // max vtable index +} + +TEST_VM(code, itableStubs) { + // Should be in VM to use locks + ThreadInVMfromNative ThreadInVMfromNative(JavaThread::current()); + + VtableStubs::find_itable_stub(0); // min itable index + for (int i = 0; i < 15; i++) { + VtableStubs::find_itable_stub((1 << i) - 1); + VtableStubs::find_itable_stub((1 << i)); + } + VtableStubs::find_itable_stub((1 << 15) - 1); // max itable index +} diff --git a/hotspot/test/runtime/RedefineTests/RedefineInterfaceCall.java b/hotspot/test/runtime/RedefineTests/RedefineInterfaceCall.java new file mode 100644 index 0000000000..ec3efe7431 --- /dev/null +++ b/hotspot/test/runtime/RedefineTests/RedefineInterfaceCall.java @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8174962 + * @summary Redefine class with interface method call + * @library /test/lib + * @modules java.base/jdk.internal.misc + * @modules java.compiler + * java.instrument + * jdk.jartool/sun.tools.jar + * @run main RedefineClassHelper + * @run main/othervm -javaagent:redefineagent.jar -Xlog:redefine+class+update*=trace RedefineInterfaceCall + */ + +import static jdk.test.lib.Asserts.assertEquals; + +interface I1 { default int m() { return 0; } } +interface I2 extends I1 {} + +public class RedefineInterfaceCall { + + public static class C implements I2 { + public int test(I2 i) { + return i.m(); // invokeinterface cpCacheEntry + } + } + + static String newI1 = + "interface I1 { default int m() { return 1; } }"; + + static String newC = + "public class RedefineInterfaceCall$C implements I2 { " + + " public int test(I2 i) { " + + " return i.m(); " + + " } " + + "} "; + + static int test(I2 i) { + return i.m(); // invokeinterface cpCacheEntry + } + + public static void main(String[] args) throws Exception { + C c = new C(); + + assertEquals(test(c), 0); + assertEquals(c.test(c), 0); + + RedefineClassHelper.redefineClass(C.class, newC); + + assertEquals(c.test(c), 0); + + RedefineClassHelper.redefineClass(I1.class, newI1); + + assertEquals(test(c), 1); + assertEquals(c.test(c), 1); + + RedefineClassHelper.redefineClass(C.class, newC); + + assertEquals(c.test(c), 1); + } +} diff --git a/hotspot/test/runtime/SharedArchiveFile/serviceability/transformRelatedClasses/TransformTestCommon.java b/hotspot/test/runtime/SharedArchiveFile/serviceability/transformRelatedClasses/TransformTestCommon.java index 00e25bce83..38e9b75148 100644 --- a/hotspot/test/runtime/SharedArchiveFile/serviceability/transformRelatedClasses/TransformTestCommon.java +++ b/hotspot/test/runtime/SharedArchiveFile/serviceability/transformRelatedClasses/TransformTestCommon.java @@ -62,8 +62,8 @@ public class TransformTestCommon { String parent, String child) throws Exception { - String parentSharedMatch = parent + " source: shared objects file"; - String childSharedMatch = child + " source: shared objects file"; + String parentSharedMatch = " " + parent + " source: shared objects file"; + String childSharedMatch = " " + child + " source: shared objects file"; if (entry.isParentExpectedShared) out.shouldContain(parentSharedMatch); diff --git a/jdk/.hgtags b/jdk/.hgtags index df28072c0e..b08ef87e32 100644 --- a/jdk/.hgtags +++ b/jdk/.hgtags @@ -417,9 +417,32 @@ ef9954f6896bb0b95ac62bf769f68b59a7a56ccd jdk-9+170 0ff9ad7d067cd4fa14450cf208bf019175a0aaba jdk-9+172 a5506b425f1bf91530d8417b57360e5d89328c0c jdk-9+173 42f18c931bd4fae5c206ccf6d8e591e4c4e69d31 jdk-9+174 +c31ac0b8a60e8f872d38ad251a25ad043adc0191 jdk-9.0.1+00 +c31ac0b8a60e8f872d38ad251a25ad043adc0191 jdk-9.0.3+00 e6c4f6ef717d104dba880e2dae538690c993b46f jdk-9+175 9f27d513658d5375b0e26846857d92563f279073 jdk-9+176 80acf577b7d0b886fb555c9916552844f6cc72af jdk-9+177 443025bee731eb2225371b92c1c74b519b7baf33 jdk-9+178 06df1ce4b9b887d05ce6a13f4def3547e434dd1a jdk-9+179 4feab1acec6a9c3620a19ff379a65ab8618d0e2a jdk-9+180 +bd66ea2fdde3d60a73b5272263a7b8b0ca926a33 jdk-9+181 +383a0001f6a0981aa061bf62d7562240abec0b18 jdk-9.0.3+1 +77eba1b12ee981b9d7e6b10b33b233669a1cb23e jdk-9.0.3+2 +f13da3f2da08667ff74541440bb5d67b2dad1aa9 jdk-9.0.3+3 +d9b9658b2bd59ac9ca9d17209dcc487a9cf4bff2 jdk-9.0.3+4 +e884b64ff38e744760402a3315816a6d74e01719 jdk-9.0.3+5 +7b182ade7b8f974be5e459b018e67d1f4440e5f8 jdk-9.0.3+6 +a1b2b4e871fe277827b29ca7356a723599303843 jdk-9.0.3+7 +a33a03d42ff990b1041bf0f86dc90c1964e2d214 jdk-9.0.3+8 +a120deff1775a5107cac1ccdf40fb41df0612f7e jdk-9.0.3+9 +aa6f847fc0f4a57efc42055921994d022d5cbff0 jdk-9.0.1+10 +2bd4dd6cc82060b6d705de5f47077633ae7b7c82 jdk-9.0.1+11 +fa3b1c07db0508e2bb1a6ab5e8b3a2be97544243 jdk-9.0.4+00 +c66ff2442ffa563c48bd641d1f4273e00833014c jdk-9.0.4+1 +c03f6dda488064a24e53e372e5ad00b1d7505f6b jdk-9.0.4+2 +b46885be0c21ebb379e9f9835591dc8b12245971 jdk-9.0.4+3 +0d40ce5e2249fb4643614855694dd1909112bb97 jdk-9.0.4+4 +7ba3aa648bf9635a75bc124539acc08d06dea600 jdk-9.0.4+5 +46524cd9b1e84d2b60b15d5ef26c7ca6260c41a4 jdk-9.0.4+6 +d54fb6a3fb5546fcf56bfc3c5f93fa320e79887a jdk-9.0.4+7 +b9669a87f3eafe9c538346b8997413f4d8252147 jdk-9.0.4+8 diff --git a/jdk/.jcheck/conf b/jdk/.jcheck/conf index 5c6f62dc12..9bd9e92741 100644 --- a/jdk/.jcheck/conf +++ b/jdk/.jcheck/conf @@ -1 +1,2 @@ project=jdk9 +bugids=dup diff --git a/jdk/make/copy/Copy-java.desktop.gmk b/jdk/make/copy/Copy-java.desktop.gmk index 710375594e..106d3c6c22 100644 --- a/jdk/make/copy/Copy-java.desktop.gmk +++ b/jdk/make/copy/Copy-java.desktop.gmk @@ -44,7 +44,8 @@ $(INCLUDE_DST_OS_DIR)/%.h: \ ################################################################################ ifneq ($(FREETYPE_BUNDLE_LIB_PATH), ) - # We need to bundle the freetype library, so it will be available at runtime as well as link time. + # We need to bundle the freetype library, so it will be available at runtime + # as well as link time. # # NB: Default freetype build system uses -h linker option and # result .so contains hardcoded library name that is later @@ -61,10 +62,10 @@ ifneq ($(FREETYPE_BUNDLE_LIB_PATH), ) # #TODO: rework this to avoid hardcoding library name in the makefile # - ifeq ($(OPENJDK_TARGET_OS), windows) - FREETYPE_TARGET_LIB := $(LIB_DST_DIR)/$(call SHARED_LIBRARY,freetype) - else + ifneq ($(filter $(OPENJDK_TARGET_OS), linux solaris), ) FREETYPE_TARGET_LIB := $(LIB_DST_DIR)/$(call SHARED_LIBRARY,freetype).6 + else + FREETYPE_TARGET_LIB := $(LIB_DST_DIR)/$(call SHARED_LIBRARY,freetype) endif # We can't use $(install-file) in this rule because it preserves symbolic links and diff --git a/jdk/make/data/tzdata/VERSION b/jdk/make/data/tzdata/VERSION index eb5b4595f3..6642908310 100644 --- a/jdk/make/data/tzdata/VERSION +++ b/jdk/make/data/tzdata/VERSION @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2017b +tzdata2017c diff --git a/jdk/make/data/tzdata/africa b/jdk/make/data/tzdata/africa index d3de96d143..10d4dfaabb 100644 --- a/jdk/make/data/tzdata/africa +++ b/jdk/make/data/tzdata/africa @@ -49,7 +49,7 @@ # # For data circa 1899, a common source is: # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94. -# http://www.jstor.org/stable/1774359 +# https://www.jstor.org/stable/1774359 # # A reliable and entertaining source about time zones is # Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997). @@ -241,7 +241,7 @@ Rule Egypt 2006 only - Sep 21 24:00 0 - # saving time in Egypt will end in the night of 2007-09-06 to 2007-09-07. # From Jesper Nørgaard Welen (2007-08-15): [The following agree:] # http://www.nentjes.info/Bill/bill5.htm -# http://www.timeanddate.com/worldclock/city.html?n=53 +# https://www.timeanddate.com/worldclock/city.html?n=53 # From Steffen Thorsen (2007-09-04): The official information...: # http://www.sis.gov.eg/En/EgyptOnline/Miscellaneous/000002/0207000000000000001580.htm Rule Egypt 2007 only - Sep Thu>=1 24:00 0 - @@ -279,8 +279,8 @@ Rule Egypt 2007 only - Sep Thu>=1 24:00 0 - # timeanddate[2] and another site I've found[3] also support that. # # [1] https://bugzilla.redhat.com/show_bug.cgi?id=492263 -# [2] http://www.timeanddate.com/worldclock/clockchange.html?n=53 -# [3] http://wwp.greenwichmeantime.com/time-zone/africa/egypt/ +# [2] https://www.timeanddate.com/worldclock/clockchange.html?n=53 +# [3] https://wwp.greenwichmeantime.com/time-zone/africa/egypt/ # From Arthur David Olson (2009-04-20): # In 2009 (and for the next several years), Ramadan ends before the fourth @@ -290,10 +290,10 @@ Rule Egypt 2007 only - Sep Thu>=1 24:00 0 - # From Steffen Thorsen (2009-08-11): # We have been able to confirm the August change with the Egyptian Cabinet # Information and Decision Support Center: -# http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html +# https://www.timeanddate.com/news/time/egypt-dst-ends-2009.html # # The Middle East News Agency -# http://www.mena.org.eg/index.aspx +# https://www.mena.org.eg/index.aspx # also reports "Egypt starts winter time on August 21" # today in article numbered "71, 11/08/2009 12:25 GMT." # Only the title above is available without a subscription to their service, @@ -343,7 +343,7 @@ Rule Egypt 2007 only - Sep Thu>=1 24:00 0 - # Thursday of April.... Clocks will still be turned back for Ramadan, but # dates not yet announced.... # http://almogaz.com/news/weird-news/2015/04/05/1947105 ... -# http://www.timeanddate.com/news/time/egypt-starts-dst-2015.html +# https://www.timeanddate.com/news/time/egypt-starts-dst-2015.html # From Ahmed Nazmy (2015-04-20): # Egypt's ministers cabinet just announced ... that it will cancel DST at @@ -470,11 +470,11 @@ Zone Africa/Monrovia -0:43:08 - LMT 1882 # From Even Scharning (2012-11-10): # Libya set their time one hour back at 02:00 on Saturday November 10. -# http://www.libyaherald.com/2012/11/04/clocks-to-go-back-an-hour-on-saturday/ +# https://www.libyaherald.com/2012/11/04/clocks-to-go-back-an-hour-on-saturday/ # Here is an official source [in Arabic]: http://ls.ly/fb6Yc # # Steffen Thorsen forwarded a translation (2012-11-10) in -# http://mm.icann.org/pipermail/tz/2012-November/018451.html +# https://mm.icann.org/pipermail/tz/2012-November/018451.html # # From Tim Parenti (2012-11-11): # Treat the 2012-11-10 change as a zone change from UTC+2 to UTC+1. @@ -485,7 +485,7 @@ Zone Africa/Monrovia -0:43:08 - LMT 1882 # From Even Scharning (2013-10-25): # The scheduled end of DST in Libya on Friday, October 25, 2013 was # cancelled yesterday.... -# http://www.libyaherald.com/2013/10/24/correction-no-time-change-tomorrow/ +# https://www.libyaherald.com/2013/10/24/correction-no-time-change-tomorrow/ # # From Paul Eggert (2013-10-25): # For now, assume they're reverting to the pre-2012 rules of permanent UT +02. @@ -538,7 +538,7 @@ Zone Africa/Tripoli 0:52:44 - LMT 1920 # basis.... # It seems that Mauritius observed daylight saving time from 1982-10-10 to # 1983-03-20 as well, but that was not successful.... -# http://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html +# https://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html # From Alex Krivenyshev (2008-06-25): # http://economicdevelopment.gov.mu/portal/site/Mainhomepage/menuitem.a42b24128104d9845dabddd154508a0c/?content_id=0a7cee8b5d69a110VgnVCM1000000a04a8c0RCRD @@ -606,7 +606,7 @@ Zone Africa/Tripoli 0:52:44 - LMT 1920 # http://lexpress.mu/Story/3398~Beebeejaun---Les-objectifs-d-%C3%A9conomie-d-%C3%A9nergie-de-l-heure-d-%C3%A9t%C3%A9-ont-%C3%A9t%C3%A9-atteints- # # Our wrap-up: -# http://www.timeanddate.com/news/time/mauritius-dst-will-not-repeat.html +# https://www.timeanddate.com/news/time/mauritius-dst-will-not-repeat.html # From Arthur David Olson (2009-07-11): # The "mauritius-dst-will-not-repeat" wrapup includes this: @@ -638,7 +638,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # be one hour ahead of GMT between 1 June and 27 September, according to # Communication Minister and Government Spokesman, Khalid Naciri...." # -# http://www.worldtimezone.net/dst_news/dst_news_morocco01.html +# http://www.worldtimezone.com/dst_news/dst_news_morocco01.html # http://en.afrik.com/news11892.html # From Alex Krivenyshev (2008-05-09): @@ -651,7 +651,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # From Patrice Scattolin (2008-05-09): # According to this article: -# http://www.avmaroc.com/actualite/heure-dete-comment-a127896.html +# https://www.avmaroc.com/actualite/heure-dete-comment-a127896.html # (and republished here: ) # the changes occur at midnight: # @@ -673,7 +673,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # posted in English). # # The following Google query will generate many relevant hits: -# http://www.google.com/search?hl=en&q=Conseil+de+gouvernement+maroc+heure+avance&btnG=Search +# https://www.google.com/search?hl=en&q=Conseil+de+gouvernement+maroc+heure+avance&btnG=Search # From Steffen Thorsen (2008-08-27): # Morocco will change the clocks back on the midnight between August 31 @@ -684,7 +684,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # http://www.menara.ma/fr/Actualites/Maroc/Societe/ci.retour_a_l_heure_gmt_a_partir_du_dimanche_31_aout_a_minuit_officiel_.default # # We have some further details posted here: -# http://www.timeanddate.com/news/time/morocco-ends-dst-early-2008.html +# https://www.timeanddate.com/news/time/morocco-ends-dst-early-2008.html # From Steffen Thorsen (2009-03-17): # Morocco will observe DST from 2009-06-01 00:00 to 2009-08-21 00:00 according @@ -694,7 +694,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # (French) # # Our summary: -# http://www.timeanddate.com/news/time/morocco-starts-dst-2009.html +# https://www.timeanddate.com/news/time/morocco-starts-dst-2009.html # From Alexander Krivenyshev (2009-03-17): # Here is a link to official document from Royaume du Maroc Premier Ministre, @@ -717,7 +717,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # http://www.lavieeco.com/actualites/4099-le-maroc-passera-a-l-heure-d-ete-gmt1-le-2-mai.html # (French) # Our page: -# http://www.timeanddate.com/news/time/morocco-starts-dst-2010.html +# https://www.timeanddate.com/news/time/morocco-starts-dst-2010.html # From Dan Abitol (2011-03-30): # ...Rules for Africa/Casablanca are the following (24h format) @@ -734,7 +734,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # They said that the decision was already taken. # # More articles in the press -# http://www.yabiladi.com/articles/details/5058/secret-l-heure-d-ete-maroc-leve.html +# https://www.yabiladi.com/articles/details/5058/secret-l-heure-d-ete-maroc-leve.html # http://www.lematin.ma/Actualite/Express/Article.asp?id=148923 # http://www.lavieeco.com/actualite/Le-Maroc-passe-sur-GMT%2B1-a-partir-de-dim @@ -826,7 +826,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # 1433 (18 April 2012) and the decision of the Head of Government of # 16 N. 3-29-15 Chaaban 1435 (4 June 2015). # Source (french): -# http://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/ +# https://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/ # # From Milamber (2015-06-09): # http://www.mmsp.gov.ma/fr/actualites.aspx?id=863 @@ -835,7 +835,7 @@ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis # [The gov.ma announcement] would (probably) make the switch on 2015-07-19 go # from 03:00 to 04:00 rather than from 02:00 to 03:00, as in the patch.... # I think the patch is correct and the quoted text is wrong; the text in -# agrees +# agrees # with the patch. # From Paul Eggert (2015-06-08): @@ -960,9 +960,17 @@ Link Africa/Maputo Africa/Kigali # Rwanda Link Africa/Maputo Africa/Lubumbashi # E Dem. Rep. of Congo Link Africa/Maputo Africa/Lusaka # Zambia + # Namibia -# The 1994-04-03 transition is from Shanks & Pottenger. -# Shanks & Pottenger report no DST after 1998-04; go with IATA. + +# From Arthur David Olson (2017-08-09): +# The text of the "Namibia Time Act, 1994" is available online at +# www.lac.org.na/laws/1994/811.pdf +# and includes this nugget: +# Notwithstanding the provisions of subsection (2) of section 1, the +# first winter period after the commencement of this Act shall +# commence at OOhOO on Monday 21 March 1994 and shall end at 02h00 on +# Sunday 4 September 1994. # From Petronella Sibeene (2007-03-30): # http://allafrica.com/stories/200703300178.html @@ -978,19 +986,30 @@ Link Africa/Maputo Africa/Lusaka # Zambia # observes Botswana time, we have no details about historical practice. # In the meantime people there can use Africa/Gaborone. # See: Immanuel S. The Namibian. 2017-02-23. -# http://www.namibian.com.na/51480/read/Time-change-divides-lawmakers +# https://www.namibian.com.na/51480/read/Time-change-divides-lawmakers + +# From Steffen Thorsen (2017-08-09): +# Namibia is going to change their time zone to what is now their DST: +# https://www.newera.com.na/2017/02/23/namibias-winter-time-might-be-repealed/ +# This video is from the government decision: +# https://www.nbc.na/news/na-passes-namibia-time-bill-repealing-1994-namibia-time-act.8665 +# We have made the assumption so far that they will change their time zone at +# the same time they would normally start DST, the first Sunday in September: +# https://www.timeanddate.com/news/time/namibia-new-time-zone.html # RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Namibia 1994 max - Sep Sun>=1 2:00 1:00 S -Rule Namibia 1995 max - Apr Sun>=1 2:00 0 - +Rule Namibia 1994 only - Mar 21 0:00 0 - +Rule Namibia 1994 2016 - Sep Sun>=1 2:00 1:00 S +Rule Namibia 1995 2017 - Apr Sun>=1 2:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Africa/Windhoek 1:08:24 - LMT 1892 Feb 8 1:30 - +0130 1903 Mar 2:00 - SAST 1942 Sep 20 2:00 2:00 1:00 SAST 1943 Mar 21 2:00 2:00 - SAST 1990 Mar 21 # independence - 2:00 - CAT 1994 Apr 3 - 1:00 Namibia WA%sT + 2:00 - CAT 1994 Mar 21 0:00 + 1:00 Namibia WA%sT 2017 Sep 3 2:00 + 2:00 - CAT # Niger # See Africa/Lagos. @@ -1077,14 +1096,24 @@ Link Africa/Johannesburg Africa/Mbabane # Swaziland # no information # Sudan -# + # From # Sudan News Agency (2000-01-13), # also reported by Michaël De Beukelaer-Dossche via Steffen Thorsen: # Clocks will be moved ahead for 60 minutes all over the Sudan as of noon # Saturday.... This was announced Thursday by Caretaker State Minister for # Manpower Abdul-Rahman Nur-Eddin. + +# From Ahmed Atyya, National Telecommunications Corp. (NTC), Sudan (2017-10-17): +# ... the Republic of Sudan is going to change the time zone from (GMT+3:00) +# to (GMT+ 2:00) starting from Wednesday 1 November 2017. # +# From Paul Eggert (2017-10-18): +# A scanned copy (in Arabic) of Cabinet Resolution No. 352 for the +# year 2017 can be found as an attachment in email today from Yahia +# Abdalla of NTC, archived at: +# https://mm.icann.org/pipermail/tz/2017-October/025333.html + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Sudan 1970 only - May 1 0:00 1:00 S Rule Sudan 1970 1985 - Oct 15 0:00 0 - @@ -1093,10 +1122,14 @@ Rule Sudan 1972 1985 - Apr lastSun 0:00 1:00 S # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Africa/Khartoum 2:10:08 - LMT 1931 2:00 Sudan CA%sT 2000 Jan 15 12:00 - 3:00 - EAT + 3:00 - EAT 2017 Nov 1 + 2:00 - CAT # South Sudan -Link Africa/Khartoum Africa/Juba +# Zone NAME GMTOFF RULES FORMAT [UNTIL] +Zone Africa/Juba 2:06:28 - LMT 1931 + 2:00 Sudan CA%sT 2000 Jan 15 12:00 + 3:00 - EAT # Swaziland # See Africa/Johannesburg. @@ -1134,11 +1167,11 @@ Link Africa/Khartoum Africa/Juba # According to several news sources, Tunisia will not observe DST this year. # (Arabic) # http://www.elbashayer.com/?page=viewn&nid=42546 -# http://www.babnet.net/kiwidetail-15295.asp +# https://www.babnet.net/kiwidetail-15295.asp # # We have also confirmed this with the US embassy in Tunisia. # We have a wrap-up about this on the following page: -# http://www.timeanddate.com/news/time/tunisia-cancels-dst-2009.html +# https://www.timeanddate.com/news/time/tunisia-cancels-dst-2009.html # From Alexander Krivenyshev (2009-03-17): # Here is a link to Tunis Afrique Presse News Agency diff --git a/jdk/make/data/tzdata/antarctica b/jdk/make/data/tzdata/antarctica index c88c0b4107..c78ef7ed50 100644 --- a/jdk/make/data/tzdata/antarctica +++ b/jdk/make/data/tzdata/antarctica @@ -49,7 +49,7 @@ # Heard Island, McDonald Islands (uninhabited) # previously sealers and scientific personnel wintered # Margaret Turner reports -# http://web.archive.org/web/20021204222245/http://www.dstc.qut.edu.au/DST/marg/daylight.html +# https://web.archive.org/web/20021204222245/http://www.dstc.qut.edu.au/DST/marg/daylight.html # (1999-09-30) that they're UT +05, with no DST; # presumably this is when they have visitors. # @@ -70,7 +70,7 @@ # http://www.aad.gov.au/default.asp?casid=37079 # # We have more background information here: -# http://www.timeanddate.com/news/time/antarctica-new-times.html +# https://www.timeanddate.com/news/time/antarctica-new-times.html # From Steffen Thorsen (2010-03-10): # We got these changes from the Australian Antarctic Division: ... @@ -85,7 +85,7 @@ # - Mawson station stays on UTC+5. # # Background: -# http://www.timeanddate.com/news/time/antartica-time-changes-2010.html +# https://www.timeanddate.com/news/time/antartica-time-changes-2010.html # From Steffen Thorsen (2016-10-28): # Australian Antarctica Division informed us that Casey changed time @@ -168,7 +168,7 @@ Zone Indian/Kerguelen 0 - -00 1950 # Port-aux-Français # # year-round base in the main continent # Dumont d'Urville, Île des Pétrels, -6640+14001, since 1956-11 -# (2005-12-05) +# (2005-12-05) # # Another base at Port-Martin, 50km east, began operation in 1947. # It was destroyed by fire on 1952-01-14. diff --git a/jdk/make/data/tzdata/asia b/jdk/make/data/tzdata/asia index 306a2aa8bc..71f5d0cfc8 100644 --- a/jdk/make/data/tzdata/asia +++ b/jdk/make/data/tzdata/asia @@ -49,7 +49,7 @@ # # For data circa 1899, a common source is: # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94. -# http://www.jstor.org/stable/1774359 +# https://www.jstor.org/stable/1774359 # # For Russian data circa 1919, a source is: # Byalokoz EL. New Counting of Time in Russia since July 1, 1919. @@ -98,8 +98,8 @@ Rule E-EurAsia 1996 max - Oct lastSun 0:00 0 - Rule RussiaAsia 1981 1984 - Apr 1 0:00 1:00 S Rule RussiaAsia 1981 1983 - Oct 1 0:00 0 - Rule RussiaAsia 1984 1995 - Sep lastSun 2:00s 0 - -Rule RussiaAsia 1985 2011 - Mar lastSun 2:00s 1:00 S -Rule RussiaAsia 1996 2011 - Oct lastSun 2:00s 0 - +Rule RussiaAsia 1985 2010 - Mar lastSun 2:00s 1:00 S +Rule RussiaAsia 1996 2010 - Oct lastSun 2:00s 0 - # Afghanistan # Zone NAME GMTOFF RULES FORMAT [UNTIL] @@ -132,13 +132,17 @@ Zone Asia/Kabul 4:36:48 - LMT 1890 # or # (brief) # http://www.worldtimezone.com/dst_news/dst_news_armenia03.html +# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +Rule Armenia 2011 only - Mar lastSun 2:00s 1:00 S +Rule Armenia 2011 only - Oct lastSun 2:00s 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Yerevan 2:58:00 - LMT 1924 May 2 3:00 - +03 1957 Mar 4:00 RussiaAsia +04/+05 1991 Mar 31 2:00s 3:00 RussiaAsia +03/+04 1995 Sep 24 2:00s 4:00 - +04 1997 - 4:00 RussiaAsia +04/+05 + 4:00 RussiaAsia +04/+05 2011 + 4:00 Armenia +04/+05 # Azerbaijan @@ -150,7 +154,7 @@ Zone Asia/Yerevan 2:58:00 - LMT 1924 May 2 # From Steffen Thorsen (2016-03-17): # ... the Azerbaijani Cabinet of Ministers has cancelled switching to # daylight saving time.... -# http://www.azernews.az/azerbaijan/94137.html +# https://www.azernews.az/azerbaijan/94137.html # http://vestnikkavkaza.net/news/Azerbaijani-Cabinet-of-Ministers-cancels-daylight-saving-time.html # http://en.apa.az/xeber_azerbaijan_abolishes_daylight_savings_ti_240862.html @@ -191,11 +195,11 @@ Zone Asia/Baku 3:19:24 - LMT 1924 May 2 # the 19th and 20th, and they have not set the end date yet. # # Some sources: -# http://in.reuters.com/article/southAsiaNews/idINIndia-40017620090601 +# https://in.reuters.com/article/southAsiaNews/idINIndia-40017620090601 # http://bdnews24.com/details.php?id=85889&cid=2 # # Our wrap-up: -# http://www.timeanddate.com/news/time/bangladesh-daylight-saving-2009.html +# https://www.timeanddate.com/news/time/bangladesh-daylight-saving-2009.html # From A. N. M. Kamrus Saadat (2009-06-15): # Finally we've got the official mail regarding DST start time where DST start @@ -281,9 +285,15 @@ Zone Asia/Brunei 7:39:40 - LMT 1926 Mar # Bandar Seri Begawan # Milne says 6:24:40 was the meridian of the time ball observatory at Rangoon. +# From Paul Eggert (2017-04-20): +# Page 27 of Reed & Low (cited for Asia/Kolkata) says "Rangoon local time is +# used upon the railways and telegraphs of Burma, and is 6h. 24m. 47s. ahead +# of Greenwich." This refers to the period before Burma's transition to +0630, +# a transition for which Shanks is the only source. + # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Asia/Yangon 6:24:40 - LMT 1880 # or Rangoon - 6:24:40 - RMT 1920 # Rangoon Mean Time? +Zone Asia/Yangon 6:24:47 - LMT 1880 # or Rangoon + 6:24:47 - RMT 1920 # Rangoon local time 6:30 - +0630 1942 May 9:00 - +09 1945 May 3 6:30 - +0630 @@ -340,7 +350,7 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D # # From Jesper Nørgaard Welen (2006-07-14): # I have investigated the timezones around 1970 on the -# http://www.astro.com/atlas site [with provinces and county +# https://www.astro.com/atlas site [with provinces and county # boundaries summarized below].... A few other exceptions were two # counties on the Sichuan side of the Xizang-Sichuan border, # counties Dege and Baiyu which lies on the Sichuan side and are @@ -492,7 +502,7 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D # From David Cochrane (2014-03-26): # Just a confirmation that Ürümqi time was implemented in Ürümqi on 1 Feb 1986: -# http://content.time.com/time/magazine/article/0,9171,960684,00.html +# https://content.time.com/time/magazine/article/0,9171,960684,00.html # From Luther Ma (2014-04-22): # I have interviewed numerous people of various nationalities and from @@ -649,7 +659,7 @@ Zone Asia/Hong_Kong 7:36:42 - LMT 1904 Oct 30 # (both in Okinawa) adopt the Western Standard Time which is based on # 120E. The adoption began from Jan 1, 1896. The original text can be # found on Wikisource: -# http://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時) +# https://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時) # ... This could be the first adoption of time zone in Taiwan, because # during the Qing Dynasty, it seems that there was no time zone # declared officially. @@ -662,7 +672,7 @@ Zone Asia/Hong_Kong 7:36:42 - LMT 1904 Oct 30 # territory, including later occupations, adopt Japan Central Time # (UTC+9). The adoption began on Oct 1, 1937. The original text can # be found on Wikisource: -# http://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件 +# https://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件 # # That is, the time zone of Taipei switched to UTC+9 on Oct 1, 1937. @@ -798,6 +808,12 @@ Zone Asia/Macau 7:34:20 - LMT 1912 Jan 1 # Looks like the time zone split in Cyprus went through last night. # http://cyprus-mail.com/2016/10/30/cyprus-new-division-two-time-zones-now-reality/ +# From Paul Eggert (2017-10-18): +# Northern Cyprus will reinstate winter time on October 29, thus +# staying in sync with the rest of Cyprus. See: Anastasiou A. +# Cyprus to remain united in time. Cyprus Mail 2017-10-17. +# https://cyprus-mail.com/2017/10/17/cyprus-remain-united-time/ + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Cyprus 1975 only - Apr 13 0:00 1:00 S Rule Cyprus 1975 only - Oct 12 0:00 0 - @@ -815,7 +831,8 @@ Zone Asia/Nicosia 2:13:28 - LMT 1921 Nov 14 Zone Asia/Famagusta 2:15:48 - LMT 1921 Nov 14 2:00 Cyprus EE%sT 1998 Sep 2:00 EUAsia EE%sT 2016 Sep 8 - 3:00 - +03 + 3:00 - +03 2017 Oct 29 1:00u + 2:00 EUAsia EE%sT # Classically, Cyprus belongs to Asia; e.g. see Herodotus, Histories, I.72. # However, for various reasons many users expect to find it under Europe. @@ -875,7 +892,7 @@ Zone Asia/Tbilisi 2:59:11 - LMT 1880 # From João Carrascalão, brother of the former governor of East Timor, in # East Timor may be late for its millennium -# (1999-12-26/31): +# (1999-12-26/31): # Portugal tried to change the time forward in 1974 because the sun # rises too early but the suggestion raised a lot of problems with the # Timorese and I still don't think it would work today because it @@ -903,21 +920,62 @@ Zone Asia/Dili 8:22:20 - LMT 1912 Jan 1 # India # From Ian P. Beacock, in "A brief history of (modern) time", The Atlantic -# http://www.theatlantic.com/technology/archive/2015/12/the-creation-of-modern-time/421419/ +# https://www.theatlantic.com/technology/archive/2015/12/the-creation-of-modern-time/421419/ # (2015-12-22): # In January 1906, several thousand cotton-mill workers rioted on the # outskirts of Bombay.... They were protesting the proposed abolition of # local time in favor of Indian Standard Time.... Journalists called this # dispute the "Battle of the Clocks." It lasted nearly half a century. +# From Paul Eggert (2017-04-20): +# Good luck trying to nail down old timekeeping records in India. +# "... in the nineteenth century ... Madras Observatory took its magnetic +# measurements on Göttingen time, its meteorological measurements on Madras +# (local) time, dropped its time ball on Greenwich (ocean navigator's) time, +# and distributed civil (local time)." -- Bartky IR. Selling the true time: +# 19th-century timekeeping in america. Stanford U Press (2000), 247 note 19. +# "A more potent cause of resistance to the general adoption of the present +# standard time lies in the fact that it is Madras time. The citizen of +# Bombay, proud of being 'primus in Indis' and of Calcutta, equally proud of +# his city being the Capital of India, and - for a part of the year - the Seat +# of the Supreme Government, alike look down on Madras, and refuse to change +# the time they are using, for that of what they regard as a benighted +# Presidency; while Madras, having for long given the standard time to the +# rest of India, would resist the adoption of any other Indian standard in its +# place." -- Oldham RD. On Time in India: a suggestion for its improvement. +# Proceedings of the Asiatic Society of Bengal (April 1899), 49-55. +# +# "In 1870 ... Madras time - 'now used by the telegraph and regulated from the +# only government observatory' - was suggested as a standard railway time, +# first to be adopted on the Great Indian Peninsular Railway (GIPR).... +# Calcutta, Bombay, and Karachi, were to be allowed to continue with their +# local time for civil purposes." - Prasad R. Tracks of Change: Railways and +# Everyday Life in Colonial India. Cambridge University Press (2016), 145. +# +# Reed S, Low F. The Indian Year Book 1936-37. Bennett, Coleman, pp 27-8. +# https://archive.org/details/in.ernet.dli.2015.282212 +# This lists +052110 as Madras local time used in railways, and says that on +# 1906-01-01 railways and telegraphs in India switched to +0530. Some +# municipalities retained their former time, and the time in Calcutta +# continued to depend on whether you were at the railway station or at +# government offices. Government time was at +055320 (according to Shanks) or +# at +0554 (according to the Indian Year Book). Railway time is more +# appropriate for our purposes, as it was better documented, it is what we do +# elsewhere (e.g., Europe/London before 1880), and after 1906 it was +# consistent in the region now identified by Asia/Kolkata. So, use railway +# time for 1870-1941. Shanks is our only (and dubious) source for the +# 1941-1945 data. + # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Asia/Kolkata 5:53:28 - LMT 1880 # Kolkata - 5:53:20 - HMT 1941 Oct # Howrah Mean Time? - 6:30 - +0630 1942 May 15 +Zone Asia/Kolkata 5:53:28 - LMT 1854 Jun 28 # Kolkata + 5:53:20 - HMT 1870 # Howrah Mean Time? + 5:21:10 - MMT 1906 Jan 1 # Madras local time + 5:30 - IST 1941 Oct + 5:30 1:00 +0630 1942 May 15 5:30 - IST 1942 Sep 5:30 1:00 +0630 1945 Oct 15 5:30 - IST -# The following are like Asia/Kolkata: +# Since 1970 the following are like Asia/Kolkata: # Andaman Is # Lakshadweep (Laccadive, Minicoy and Amindivi Is) # Nicobar Is @@ -1059,7 +1117,7 @@ Zone Asia/Jayapura 9:22:48 - LMT 1932 Nov # From Reuters (2007-09-16), with a heads-up from Jesper Nørgaard Welen: # ... the Guardian Council ... approved a law on Sunday to re-introduce # daylight saving time ... -# http://uk.reuters.com/article/oilRpt/idUKBLA65048420070916 +# https://uk.reuters.com/article/oilRpt/idUKBLA65048420070916 # # From Roozbeh Pournader (2007-11-05): # This is quoted from Official Gazette of the Islamic Republic of @@ -1158,7 +1216,7 @@ Zone Asia/Tehran 3:25:44 - LMT 1916 # http://www.aswataliraq.info/look/article.tpl?id=2047&IdLanguage=17&IdPublication=4&NrArticle=71743&NrIssue=1&NrSection=10 # # We have published a short article in English about the change: -# http://www.timeanddate.com/news/time/iraq-dumps-daylight-saving.html +# https://www.timeanddate.com/news/time/iraq-dumps-daylight-saving.html # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Iraq 1982 only - May 1 0:00 1:00 D @@ -1466,12 +1524,12 @@ Rule Japan 1950 1951 - May Sun>=1 2:00 1:00 D # From Yu-Cheng Chuang (2013-07-12): # ...the Meiji Emperor announced Ordinance No. 167 of Meiji Year 28 "The clause # about standard time" ... The adoption began from Jan 1, 1896. -# http://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時) +# https://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時) # # ...the Showa Emperor announced Ordinance No. 529 of Showa Year 12 ... which # means the whole Japan territory, including later occupations, adopt Japan # Central Time (UTC+9). The adoption began on Oct 1, 1937. -# http://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件 +# https://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件 # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u @@ -1533,7 +1591,7 @@ Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u # Official, in Arabic: # http://www.petra.gov.jo/public_news/Nws_NewsDetails.aspx?Menu_ID=&Site_Id=2&lang=1&NewsID=133230&CatID=14 # ... Our background/permalink about it -# http://www.timeanddate.com/news/time/jordan-reverses-dst-decision.html +# https://www.timeanddate.com/news/time/jordan-reverses-dst-decision.html # ... # http://www.petra.gov.jo/Public_News/Nws_NewsDetails.aspx?lang=2&site_id=1&NewsID=133313&Type=P # ... says midnight for the coming one and 1:00 for the ones in the future @@ -1891,9 +1949,9 @@ Zone Asia/Bishkek 4:58:24 - LMT 1924 May 2 # between 1987 and 1988 ... # From Sanghyuk Jung (2014-10-29): -# http://mm.icann.org/pipermail/tz/2014-October/021830.html +# https://mm.icann.org/pipermail/tz/2014-October/021830.html # According to the Korean Wikipedia -# http://ko.wikipedia.org/wiki/한국_표준시 +# https://ko.wikipedia.org/wiki/한국_표준시 # [oldid=12896437 2014-09-04 08:03 UTC] # DST in Republic of Korea was as follows.... And I checked old # newspapers in Korean, all articles correspond with data in Wikipedia. @@ -2115,7 +2173,7 @@ Zone Indian/Maldives 4:54:00 - LMT 1880 # Male # +08:00 instead. Different sources appear to disagree with the tz # database on this, e.g.: # -# http://www.timeanddate.com/worldclock/city.html?n=1026 +# https://www.timeanddate.com/worldclock/city.html?n=1026 # http://www.worldtimeserver.com/current_time_in_MN.aspx # # both say GMT+08:00. @@ -2245,7 +2303,7 @@ Zone Asia/Kathmandu 5:41:16 - LMT 1920 # help reduce load shedding by approving the closure of commercial centres at # 9pm and moving clocks forward by one hour for the next three months. ...." # -# http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html +# http://www.worldtimezone.com/dst_news/dst_news_pakistan01.html # http://www.dailytimes.com.pk/default.asp?page=2008%5C05%5C15%5Cstory_15-5-2008_pg1_4 # From Arthur David Olson (2008-05-19): @@ -2311,7 +2369,7 @@ Zone Asia/Kathmandu 5:41:16 - LMT 1920 # # We have confirmed this year's end date with both with the Ministry of # Water and Power and the Pakistan Electric Power Company: -# http://www.timeanddate.com/news/time/pakistan-ends-dst09.html +# https://www.timeanddate.com/news/time/pakistan-ends-dst09.html # From Christoph Göhre (2009-10-01): # [T]he German Consulate General in Karachi reported me today that Pakistan @@ -2493,7 +2551,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # # We are not sure if Gaza will do the same, last year they had a different # end date, we will keep this page updated: -# http://www.timeanddate.com/news/time/westbank-gaza-dst-2009.html +# https://www.timeanddate.com/news/time/westbank-gaza-dst-2009.html # From Alexander Krivenyshev (2009-09-02): # Seems that Gaza Strip will go back to Winter Time same date as West Bank. @@ -2531,7 +2589,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # the clocks were set back one hour at 2010-08-11 00:00:00 local time in # Gaza and the West Bank. # Some more background info: -# http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html +# https://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html # From Steffen Thorsen (2011-08-26): # Gaza and the West Bank did go back to standard time in the beginning of @@ -2541,7 +2599,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # # http://www.maannews.net/eng/ViewDetails.aspx?ID=416217 # Additional info: -# http://www.timeanddate.com/news/time/palestine-dst-2011.html +# https://www.timeanddate.com/news/time/palestine-dst-2011.html # From Alexander Krivenyshev (2011-08-27): # According to the article in The Jerusalem Post: @@ -2551,7 +2609,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # The Hamas government said on Saturday that it won't observe summertime after # the Muslim feast of Id al-Fitr, which begins on Tuesday..." # ... -# http://www.jpost.com/MiddleEast/Article.aspx?id=235650 +# https://www.jpost.com/MiddleEast/Article.aspx?id=235650 # http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html # The rules for Egypt are stolen from the 'africa' file. @@ -2572,7 +2630,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # http://safa.ps/details/news/74352/%D8%A8%D8%AF%D8%A1-%D8%A7%D9%84%D8%AA%D9%88%D9%82%D9%8A%D8%AA-%D8%A7%D9%84%D8%B5%D9%8A%D9%81%D9%8A-%D8%A8%D8%A7%D9%84%D8%B6%D9%81%D8%A9-%D9%88%D8%BA%D8%B2%D8%A9-%D9%84%D9%8A%D9%84%D8%A9-%D8%A7%D9%84%D8%AC%D9%85%D8%B9%D8%A9.html # # Our brief summary: -# http://www.timeanddate.com/news/time/gaza-west-bank-dst-2012.html +# https://www.timeanddate.com/news/time/gaza-west-bank-dst-2012.html # From Steffen Thorsen (2013-03-26): # The following news sources tells that Palestine will "start daylight saving @@ -2592,11 +2650,11 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # From Steffen Thorsen (2015-03-03): # Sources such as http://www.alquds.com/news/article/view/id/548257 -# and http://www.raya.ps/ar/news/890705.html say Palestine areas will +# and https://www.raya.ps/ar/news/890705.html say Palestine areas will # start DST on 2015-03-28 00:00 which is one day later than expected. # # From Paul Eggert (2015-03-03): -# http://www.timeanddate.com/time/change/west-bank/ramallah?year=2014 +# https://www.timeanddate.com/time/change/west-bank/ramallah?year=2014 # says that the fall 2014 transition was Oct 23 at 24:00. # From Hannah Kreitem (2016-03-09): @@ -2620,8 +2678,8 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # # From Paul Eggert (2016-10-19): # It's also consistent with predictions in the following URLs today: -# http://www.timeanddate.com/time/change/gaza-strip/gaza -# http://www.timeanddate.com/time/change/west-bank/hebron +# https://www.timeanddate.com/time/change/gaza-strip/gaza +# https://www.timeanddate.com/time/change/west-bank/hebron # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule EgyptAsia 1957 only - May 10 0:00 1:00 S @@ -2684,7 +2742,7 @@ Zone Asia/Hebron 2:20:23 - LMT 1900 Oct # Philippines, issued a proclamation announcing that 1844-12-30 was to # be immediately followed by 1845-01-01; see R.H. van Gent's # History of the International Date Line -# http://www.staff.science.uu.nl/~gent0113/idl/idl_philippines.htm +# https://www.staff.science.uu.nl/~gent0113/idl/idl_philippines.htm # The rest of the data entries are from Shanks & Pottenger. # From Jesper Nørgaard Welen (2006-04-26): @@ -2948,7 +3006,7 @@ Rule Syria 2007 only - Nov Fri>=1 0:00 0 - # We have not found any sources saying anything about when DST ends this year. # # Our summary -# http://www.timeanddate.com/news/time/syria-dst-starts-march-27-2009.html +# https://www.timeanddate.com/news/time/syria-dst-starts-march-27-2009.html # From Steffen Thorsen (2009-10-27): # The Syrian Arab News Network on 2009-09-29 reported that Syria will @@ -2975,7 +3033,7 @@ Rule Syria 2007 only - Nov Fri>=1 0:00 0 - # http://www.sana.sy/ara/2/2012/03/26/408215.htm # # Our brief summary: -# http://www.timeanddate.com/news/time/syria-dst-2012.html +# https://www.timeanddate.com/news/time/syria-dst-2012.html # From Arthur David Olson (2012-03-27): # Assume last Friday in March going forward XXX. @@ -3058,7 +3116,7 @@ Zone Asia/Tashkent 4:37:11 - LMT 1924 May 2 # is quoted verbatim in: # http://www.thoigian.com.vn/?mPage=P80D01 # is translated by Brian Inglis in: -# http://mm.icann.org/pipermail/tz/2014-October/021654.html +# https://mm.icann.org/pipermail/tz/2014-October/021654.html # and is the basis for the information below. # # The 1906 transition was effective July 1 and standardized Indochina to diff --git a/jdk/make/data/tzdata/australasia b/jdk/make/data/tzdata/australasia index db7e7f7bcb..6726ef3381 100644 --- a/jdk/make/data/tzdata/australasia +++ b/jdk/make/data/tzdata/australasia @@ -316,7 +316,7 @@ Zone Indian/Cocos 6:27:40 - LMT 1900 # http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=1096:3310-cabinet-approves-change-in-daylight-savings-dates&catid=49:cabinet-releases&Itemid=166 # # A bit more background info here: -# http://www.timeanddate.com/news/time/fiji-dst-ends-march-2010.html +# https://www.timeanddate.com/news/time/fiji-dst-ends-march-2010.html # From Alexander Krivenyshev (2010-10-24): # According to Radio Fiji and Fiji Times online, Fiji will end DST 3 @@ -380,9 +380,12 @@ Zone Indian/Cocos 6:27:40 - LMT 1900 # clocks go forward an hour at 2am to 3am.... Daylight Saving will # end at 3.00am on Sunday 15th January 2017." -# From Paul Eggert (2016-10-03): -# For now, guess DST from 02:00 the first Sunday in November to -# 03:00 the third Sunday in January. Although ad hoc, it matches +# From Paul Eggert (2017-08-21): +# Dominic Fok writes (2017-08-20) that DST ends 2018-01-14, citing +# Extraordinary Government of Fiji Gazette Supplement No. 21 (2017-08-27), +# [Legal Notice No. 41] of an order of the previous day by J Usamate. +# For now, guess DST from 02:00 the first Sunday in November to 03:00 +# the first Sunday on or after January 14. Although ad hoc, it matches # transitions since late 2014 and seems more likely to match future # practice than guessing no DST. @@ -396,7 +399,7 @@ Rule Fiji 2011 only - Mar Sun>=1 3:00 0 - Rule Fiji 2012 2013 - Jan Sun>=18 3:00 0 - Rule Fiji 2014 only - Jan Sun>=18 2:00 0 - Rule Fiji 2014 max - Nov Sun>=1 2:00 1:00 S -Rule Fiji 2015 max - Jan Sun>=15 3:00 0 - +Rule Fiji 2015 max - Jan Sun>=14 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Pacific/Fiji 11:55:44 - LMT 1915 Oct 26 # Suva 12:00 Fiji +12/+13 @@ -580,7 +583,7 @@ Zone Pacific/Port_Moresby 9:48:40 - LMT 1880 # The World War II entries below are instead based on Arawa-Kieta. # The Japanese occupied Kieta in July 1942, # according to the Pacific War Online Encyclopedia -# http://pwencycl.kgbudge.com/B/o/Bougainville.htm +# https://pwencycl.kgbudge.com/B/o/Bougainville.htm # and seem to have controlled it until their 1945-08-21 surrender. # # The Autonomous Region of Bougainville switched from UT +10 to +11 @@ -602,7 +605,7 @@ Zone Pacific/Pitcairn -8:40:20 - LMT 1901 # Adamstown -8:00 - -08 # American Samoa -Zone Pacific/Pago_Pago 12:37:12 - LMT 1879 Jul 5 +Zone Pacific/Pago_Pago 12:37:12 - LMT 1892 Jul 5 -11:22:48 - LMT 1911 -11:00 - SST # S=Samoa Link Pacific/Pago_Pago Pacific/Midway # in US minor outlying islands @@ -618,7 +621,7 @@ Link Pacific/Pago_Pago Pacific/Midway # in US minor outlying islands # Sunday of April 2011." # # Background info: -# http://www.timeanddate.com/news/time/samoa-dst-plan-2009.html +# https://www.timeanddate.com/news/time/samoa-dst-plan-2009.html # # Samoa's Daylight Saving Time Act 2009 is available here, but does not # contain any dates: @@ -682,7 +685,7 @@ Rule WS 2011 only - Sep lastSat 3:00 1 D Rule WS 2012 max - Apr Sun>=1 4:00 0 S Rule WS 2012 max - Sep lastSun 3:00 1 D # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Pacific/Apia 12:33:04 - LMT 1879 Jul 5 +Zone Pacific/Apia 12:33:04 - LMT 1892 Jul 5 -11:26:56 - LMT 1911 -11:30 - -1130 1950 -11:00 WS -11/-10 2011 Dec 29 24:00 @@ -709,7 +712,7 @@ Zone Pacific/Guadalcanal 10:39:48 - LMT 1912 Oct # Honiara # From Paul Eggert (2012-07-25) # A Google Books snippet of Appendix to the Journals of the House of # Representatives of New Zealand, Session 1948, -# , page 65, says Tokelau +# , page 65, says Tokelau # was "11 hours slow on G.M.T." Go with Thorsen and assume Shanks & Pottenger # are off by an hour starting in 1901. @@ -724,8 +727,8 @@ Rule Tonga 1999 only - Oct 7 2:00s 1:00 S Rule Tonga 2000 only - Mar 19 2:00s 0 - Rule Tonga 2000 2001 - Nov Sun>=1 2:00 1:00 S Rule Tonga 2001 2002 - Jan lastSun 2:00 0 - -Rule Tonga 2016 max - Nov Sun>=1 2:00 1:00 S -Rule Tonga 2017 max - Jan Sun>=15 3:00 0 - +Rule Tonga 2016 only - Nov Sun>=1 2:00 1:00 S +Rule Tonga 2017 only - Jan Sun>=15 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Pacific/Tongatapu 12:19:20 - LMT 1901 12:20 - +1220 1941 @@ -779,7 +782,7 @@ Zone Pacific/Funafuti 11:56:52 - LMT 1901 # Operation Fishbowl shot (Tightrope, 1962-11-04).... [See] Herman Hoerlin, # "The United States High-Altitude Test Experience: A Review Emphasizing the # Impact on the Environment", Los Alamos LA-6405, Oct 1976. -# http://www.fas.org/sgp/othergov/doe/lanl/docs1/00322994.pdf +# https://www.fas.org/sgp/othergov/doe/lanl/docs1/00322994.pdf # See the table on page 4 where he lists GMT and local times for the tests; a # footnote for the JI tests reads that local time is "JI time = Hawaii Time # Minus One Hour". @@ -845,7 +848,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # # For data circa 1899, a common source is: # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94. -# http://www.jstor.org/stable/1774359 +# https://www.jstor.org/stable/1774359 # # A reliable and entertaining source about time zones is # Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997). @@ -992,7 +995,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # AEST ACST AWST AEDT ACDT # # Parliamentary Library (2008-11-10) -# http://www.aph.gov.au/binaries/library/pubs/rp/2008-09/09rp14.pdf +# https://www.aph.gov.au/binaries/library/pubs/rp/2008-09/09rp14.pdf # EST CST WST preferred for standard time; AEST AEDT ACST ACDT also used # # The Transport Safety Bureau has an extensive series of accident reports, @@ -1028,13 +1031,13 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # # NSW (including LHI and Broken Hill): # Standard Time Act 1987 (updated 1995-04-04) -# http://www.austlii.edu.au/au/legis/nsw/consol_act/sta1987137/index.html +# https://www.austlii.edu.au/au/legis/nsw/consol_act/sta1987137/index.html # ACT # Standard Time and Summer Time Act 1972 -# http://www.austlii.edu.au/au/legis/act/consol_act/stasta1972279/index.html +# https://www.austlii.edu.au/au/legis/act/consol_act/stasta1972279/index.html # SA # Standard Time Act, 1898 -# http://www.austlii.edu.au/au/legis/sa/consol_act/sta1898137/index.html +# https://www.austlii.edu.au/au/legis/sa/consol_act/sta1898137/index.html # From David Grosz (2005-06-13): # It was announced last week that Daylight Saving would be extended by @@ -1329,7 +1332,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # http://abc.net.au/news/regionals/neweng/monthly/regeng-22jul1999-1.htm # (1999-07-22). For now, we'll wait to see if this really happens. # -# Victoria will following NSW. See: +# Victoria will follow NSW. See: # Vic to extend daylight saving (1999-07-28) # http://abc.net.au/local/news/olympics/1999/07/item19990728112314_1.htm # @@ -1432,7 +1435,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # the ACT for all 52 weeks of the year... # # We have a wrap-up here: -# http://www.timeanddate.com/news/time/south-australia-extends-dst.html +# https://www.timeanddate.com/news/time/south-australia-extends-dst.html ############################################################################### # New Zealand @@ -1486,7 +1489,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # From Paul Eggert (2014-07-14): # Chatham Island time was formally standardized on 1957-01-01 by # New Zealand's Standard Time Amendment Act 1956 (1956-10-26). -# http://www.austlii.edu.au/nz/legis/hist_act/staa19561956n100244.pdf +# https://www.austlii.edu.au/nz/legis/hist_act/staa19561956n100244.pdf # According to Google Books snippet view, a speaker in the New Zealand # parliamentary debates in 1956 said "Clause 78 makes provision for standard # time in the Chatham Islands. The time there is 45 minutes in advance of New @@ -1601,7 +1604,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # the Norfolk Island Museum and the Australian Bureau of Meteorology's # Norfolk Island station, and found no record of Norfolk observing DST # other than in 1974/5. See: -# http://www.timeanddate.com/time/australia/norfolk-island.html +# https://www.timeanddate.com/time/australia/norfolk-island.html # Pitcairn @@ -1629,11 +1632,13 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # (Western) Samoa and American Samoa -# Howse writes (p 153, citing p 10 of the 1883-11-18 New York Herald) -# that in 1879 the King of Samoa decided to change +# Howse writes (p 153) that after the 1879 standardization on Antipodean +# time by the British governor of Fiji, the King of Samoa decided to change # "the date in his kingdom from the Antipodean to the American system, # ordaining - by a masterpiece of diplomatic flattery - that # the Fourth of July should be celebrated twice in that year." +# This happened in 1892, according to the Evening News (Sydney) of 1892-07-20. +# https://www.staff.science.uu.nl/~gent0113/idl/idl.htm # Although Shanks & Pottenger says they both switched to UT -11:30 # in 1911, and to -11 in 1950. many earlier sources give -11 @@ -1644,6 +1649,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # day in 2011. Assume also that the Samoas follow the US and New # Zealand's "ST"/"DT" style of daylight-saving abbreviations. + # Tonga # From Paul Eggert (1996-01-22): @@ -1738,6 +1744,15 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # Assume Tonga will observe DST from the first Sunday in November at 02:00 # through the third Sunday in January at 03:00, like Fiji, for now. +# From David Wade (2017-10-18): +# In August government was disolved by the King. The current prime minister +# continued in office in care taker mode. It is easy to see that few +# decisions will be made until elections 16th November. +# +# From Paul Eggert (2017-10-18): +# For now, guess that DST is discontinued. That's what the IATA is guessing. + + # Wake # From Vernice Anderson, Personal Secretary to Philip Jessup, @@ -1750,7 +1765,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # making calculation of time in Washington difficult if not almost # impossible. # -# http://www.trumanlibrary.org/wake/meeting.htm +# https://www.trumanlibrary.org/oralhist/andrsonv.htm # From Paul Eggert (2003-03-23): # We have no other report of DST in Wake Island, so omit this info for now. @@ -1778,7 +1793,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901 # an international standard, there are some places on the high seas where the # correct date is ambiguous. -# From Wikipedia (2005-08-31): +# From Wikipedia (2005-08-31): # Before 1920, all ships kept local apparent time on the high seas by setting # their clocks at night or at the morning sight so that, given the ship's # speed and direction, it would be 12 o'clock when the Sun crossed the ship's diff --git a/jdk/make/data/tzdata/backward b/jdk/make/data/tzdata/backward index b4cf3be2d3..fca4ed1881 100644 --- a/jdk/make/data/tzdata/backward +++ b/jdk/make/data/tzdata/backward @@ -84,7 +84,9 @@ Link America/Sao_Paulo Brazil/East Link America/Manaus Brazil/West Link America/Halifax Canada/Atlantic Link America/Winnipeg Canada/Central -Link America/Regina Canada/East-Saskatchewan +# This line is commented out, as the name exceeded the 14-character limit +# and was an unused misnomer. +#Link America/Regina Canada/East-Saskatchewan Link America/Toronto Canada/Eastern Link America/Edmonton Canada/Mountain Link America/St_Johns Canada/Newfoundland diff --git a/jdk/make/data/tzdata/europe b/jdk/make/data/tzdata/europe index 0d8a40e4f3..6359279d2f 100644 --- a/jdk/make/data/tzdata/europe +++ b/jdk/make/data/tzdata/europe @@ -60,14 +60,14 @@ # [PDF] (1914-03) # # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94 -# . He writes: +# . He writes: # "It is requested that corrections and additions to these tables # may be sent to Mr. John Milne, Royal Geographical Society, # Savile Row, London." Nowadays please email them to tz@iana.org. # # Byalokoz EL. New Counting of Time in Russia since July 1, 1919. # This Russian-language source was consulted by Vladimir Karpinsky; see -# http://mm.icann.org/pipermail/tz/2014-August/021320.html +# https://mm.icann.org/pipermail/tz/2014-August/021320.html # The full Russian citation is: # Бялокоз, Евгений Людвигович. Новый счет времени в течении суток # введенный декретом Совета народных комиссаров для всей России с 1-го @@ -210,7 +210,7 @@ # foundations of civilization throughout the world. # -- "A Silent Toast to William Willett", Pictorial Weekly; # republished in Finest Hour (Spring 2002) 1(114):26 -# http://www.winstonchurchill.org/images/finesthour/Vol.01%20No.114.pdf +# https://www.winstonchurchill.org/publications/finest-hour/finest-hour-114/a-silent-toast-to-william-willett-by-winston-s-churchill # From Paul Eggert (2015-08-08): # The OED Supplement says that the English originally said "Daylight Saving" @@ -248,8 +248,8 @@ # official designation; the reply of the 21st was that there wasn't # but he couldn't think of anything better than the "Double British # Summer Time" that the BBC had been using informally. -# http://www.polyomino.org.uk/british-time/bbc-19410418.png -# http://www.polyomino.org.uk/british-time/ho-19410421.png +# https://www.polyomino.org.uk/british-time/bbc-19410418.png +# https://www.polyomino.org.uk/british-time/ho-19410421.png # From Sir Alexander Maxwell in the above-mentioned letter (1941-04-21): # [N]o official designation has as far as I know been adopted for the time @@ -266,13 +266,13 @@ # the history of summer time legislation in the United Kingdom. # Since 1998 Joseph S. Myers has been updating # and extending this list, which can be found in -# http://www.polyomino.org.uk/british-time/ +# https://www.polyomino.org.uk/british-time/ # From Joseph S. Myers (1998-01-06): # # The legal time in the UK outside of summer time is definitely GMT, not UTC; # see Lord Tanlaw's speech -# http://www.publications.parliament.uk/pa/ld199798/ldhansrd/vo970611/text/70611-10.htm#70611-10_head0 +# https://www.publications.parliament.uk/pa/ld199798/ldhansrd/vo970611/text/70611-10.htm#70611-10_head0 # (Lords Hansard 11 June 1997 columns 964 to 976). # From Paul Eggert (2006-03-22): @@ -318,7 +318,7 @@ # Irish 'public feeling (was) outraged by forcing of English time on us'." # -- Parsons M. Dublin lost its time zone - and 25 minutes - after 1916 Rising. # Irish Times 2014-10-27. -# http://www.irishtimes.com/news/politics/dublin-lost-its-time-zone-and-25-minutes-after-1916-rising-1.1977411 +# https://www.irishtimes.com/news/politics/dublin-lost-its-time-zone-and-25-minutes-after-1916-rising-1.1977411 # From Joseph S. Myers (2005-01-26): # Irish laws are available online at . @@ -371,6 +371,12 @@ # Justice (tel +353 1 678 9711) who confirmed to me that the correct name is # "Irish Summer Time", abbreviated to "IST". +# Michael Deckers (2017-06-01) gave the following URLs for Ireland's +# Summer Time Act, 1925 and Summer Time Orders, 1926 and 1947: +# http://www.irishstatutebook.ie/eli/1925/act/8/enacted/en/print.html +# http://www.irishstatutebook.ie/eli/1926/sro/919/made/en/print.html +# http://www.irishstatutebook.ie/eli/1947/sro/71/made/en/print.html + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S # Summer Time Act, 1916 Rule GB-Eire 1916 only - May 21 2:00s 1:00 BST @@ -495,14 +501,14 @@ Link Europe/London Europe/Isle_of_Man # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Europe/Dublin -0:25:00 - LMT 1880 Aug 2 - -0:25:21 - DMT 1916 May 21 2:00 # Dublin MT + -0:25:21 - DMT 1916 May 21 2:00s # Dublin MT -0:25:21 1:00 IST 1916 Oct 1 2:00s 0:00 GB-Eire %s 1921 Dec 6 # independence - 0:00 GB-Eire GMT/IST 1940 Feb 25 2:00 - 0:00 1:00 IST 1946 Oct 6 2:00 - 0:00 - GMT 1947 Mar 16 2:00 - 0:00 1:00 IST 1947 Nov 2 2:00 - 0:00 - GMT 1948 Apr 18 2:00 + 0:00 GB-Eire GMT/IST 1940 Feb 25 2:00s + 0:00 1:00 IST 1946 Oct 6 2:00s + 0:00 - GMT 1947 Mar 16 2:00s + 0:00 1:00 IST 1947 Nov 2 2:00s + 0:00 - GMT 1948 Apr 18 2:00s 0:00 GB-Eire GMT/IST 1968 Oct 27 1:00 - IST 1971 Oct 31 2:00u 0:00 GB-Eire GMT/IST 1996 @@ -648,7 +654,7 @@ Rule Russia 1996 2010 - Oct lastSun 2:00s 0 - # Council of Ministers of the USSR from 1989-03-14 No. 227. # # I did not find full texts of these acts. For the 1989 one we have -# title at http://base.garant.ru/70754136/ : +# title at https://base.garant.ru/70754136/ : # "About change in calculation of time on the territories of # Lithuanian SSR, Latvian SSR and Estonian SSR, Astrakhan, # Kaliningrad, Kirov, Kuybyshev, Ulyanovsk and Uralsk oblasts". @@ -679,7 +685,7 @@ Rule Russia 1996 2010 - Oct lastSun 2:00s 0 - # http://bmockbe.ru/events/?ID=7583 # # Medvedev signed a law on the calculation of the time (in russian): -# http://www.regnum.ru/news/polit/1413906.html +# https://www.regnum.ru/news/polit/1413906.html # From Arthur David Olson (2011-06-15): # Take "abolishing daylight saving time" to mean that time is now considered @@ -806,7 +812,7 @@ Zone Europe/Vienna 1:05:21 - LMT 1893 Apr # Sources (Russian language): # http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html # http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/ -# http://news.tut.by/society/250578.html +# https://news.tut.by/society/250578.html # # From Alexander Bokovoy (2014-10-09): # Belarussian government decided against changing to winter time.... @@ -1127,7 +1133,7 @@ Zone America/Thule -4:35:08 - LMT 1916 Jul 28 # Pituffik air base # for their standard and summer times. He says no, they use "suveaeg" # (summer time) and "talveaeg" (winter time). -# From The Baltic Times (1999-09-09) +# From The Baltic Times (1999-09-09) # via Steffen Thorsen: # This year will mark the last time Estonia shifts to summer time, # a council of the ruling coalition announced Sept. 6.... @@ -1179,7 +1185,7 @@ Zone Europe/Tallinn 1:39:00 - LMT 1880 # This is documented in Heikki Oja: Aikakirja 2007, published by The Almanac # Office of University of Helsinki, ISBN 952-10-3221-9, available online (in # Finnish) at -# http://almanakka.helsinki.fi/aikakirja/Aikakirja2007kokonaan.pdf +# https://almanakka.helsinki.fi/aikakirja/Aikakirja2007kokonaan.pdf # # Page 105 (56 in PDF version) has a handy table of all past daylight savings # transitions. It is easy enough to interpret without Finnish skills. @@ -1192,7 +1198,7 @@ Zone Europe/Tallinn 1:39:00 - LMT 1880 # From Konstantin Hyppönen (2014-06-13): # [Heikki Oja's book Aikakirja 2013] -# http://almanakka.helsinki.fi/images/aikakirja/Aikakirja2013kokonaan.pdf +# https://almanakka.helsinki.fi/images/aikakirja/Aikakirja2013kokonaan.pdf # pages 104-105, including a scan from a newspaper published on Apr 2 1942 # say that ... [o]n Apr 2 1942, 24 o'clock (which means Apr 3 1942, # 00:00), clocks were moved one hour forward. The newspaper @@ -1322,7 +1328,7 @@ Zone Europe/Paris 0:09:21 - LMT 1891 Mar 15 0:01 # From Jörg Schilling (2002-10-23): # In 1945, Berlin was switched to Moscow Summer time (GMT+4) by -# http://www.dhm.de/lemo/html/biografien/BersarinNikolai/ +# https://www.dhm.de/lemo/html/biografien/BersarinNikolai/ # General [Nikolai] Bersarin. # From Paul Eggert (2003-03-08): @@ -1547,7 +1553,7 @@ Zone Atlantic/Reykjavik -1:28 - LMT 1908 # From Paul Eggert (2016-10-27): # Go with INRiM for DST rules, except as corrected by Inglis for 1944 # for the Kingdom of Italy. This is consistent with Renzo Baldini. -# Model Rome's occupation by using using C-Eur rules from 1943-09-10 +# Model Rome's occupation by using C-Eur rules from 1943-09-10 # to 1944-06-04; although Rome was an open city during this period, it # was effectively controlled by Germany. # @@ -1862,14 +1868,14 @@ Zone Europe/Malta 0:58:04 - LMT 1893 Nov 2 0:00s # Valletta # Following Moldova and neighboring Ukraine- Transnistria (Pridnestrovie)- # Tiraspol will go back to winter time on October 30, 2011. # News from Moldova (in russian): -# http://ru.publika.md/link_317061.html +# https://ru.publika.md/link_317061.html # From Roman Tudos (2015-07-02): # http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=355077 # From Paul Eggert (2015-07-01): # The abovementioned official link to IGO1445-868/2014 states that # 2014-10-26's fallback transition occurred at 03:00 local time. Also, -# http://www.trm.md/en/social/la-30-martie-vom-trece-la-ora-de-vara +# https://www.trm.md/en/social/la-30-martie-vom-trece-la-ora-de-vara # says the 2014-03-30 spring-forward transition was at 02:00 local time. # Guess that since 1997 Moldova has switched one hour before the EU. @@ -1941,7 +1947,7 @@ Zone Europe/Monaco 0:29:32 - LMT 1891 Mar 15 # Amsterdam mean time. # The data entries before 1945 are taken from -# http://www.staff.science.uu.nl/~gent0113/wettijd/wettijd.htm +# https://www.staff.science.uu.nl/~gent0113/wettijd/wettijd.htm # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Neth 1916 only - May 1 0:00 1:00 NST # Netherlands Summer Time @@ -2022,7 +2028,7 @@ Zone Europe/Oslo 0:43:00 - LMT 1895 Jan 1 # so it must have diverged from Oslo time during the war, as Oslo was # keeping Berlin time. # -# says that the meteorologists +# says that the meteorologists # burned down their station in 1940 and left the island, but returned in # 1941 with a small Norwegian garrison and continued operations despite # frequent air attacks from Germans. In 1943 the Americans established a @@ -2060,7 +2066,7 @@ Rule Poland 1945 only - Apr 29 0:00 1:00 S Rule Poland 1945 only - Nov 1 0:00 0 - # For 1946 on the source is Kazimierz Borkowski, # Toruń Center for Astronomy, Dept. of Radio Astronomy, Nicolaus Copernicus U., -# http://www.astro.uni.torun.pl/~kb/Artykuly/U-PA/Czas2.htm#tth_tAb1 +# https://www.astro.uni.torun.pl/~kb/Artykuly/U-PA/Czas2.htm#tth_tAb1 # Thanks to Przemysław Augustyniak (2005-05-28) for this reference. # He also gives these further references: # Mon Pol nr 13, poz 162 (1995) @@ -2094,7 +2100,7 @@ Zone Europe/Warsaw 1:24:00 - LMT 1880 # # From Paul Eggert (2014-08-11), after a heads-up from Stephen Colebourne: # According to a Portuguese decree (1911-05-26) -# http://dre.pt/pdf1sdip/1911/05/12500/23132313.pdf +# https://dre.pt/application/dir/pdf1sdip/1911/05/12500/23132313.pdf # Lisbon was at -0:36:44.68, but switched to GMT on 1912-01-01 at 00:00. # Round the old offset to -0:36:45. This agrees with Willett but disagrees # with Shanks, who says the transition occurred on 1911-05-24 at 00:00 for @@ -2276,7 +2282,7 @@ Zone Europe/Bucharest 1:44:24 - LMT 1891 Oct # 2011 No. 725" and contains no other dates or "effective date" information. # # Another source is -# http://www.rg.ru/2011/09/06/chas-zona-dok.html +# https://rg.ru/2011/09/06/chas-zona-dok.html # which, according to translate.google.com, begins "Resolution of the # Government of the Russian Federation on August 31, 2011 N 725" and also # contains "Date first official publication: September 6, 2011 Posted on: @@ -2284,7 +2290,7 @@ Zone Europe/Bucharest 1:44:24 - LMT 1891 Oct # does not contain any "effective date" information. # # Another source is -# http://en.wikipedia.org/wiki/Oymyakonsky_District#cite_note-RuTime-7 +# https://en.wikipedia.org/wiki/Oymyakonsky_District#cite_note-RuTime-7 # which, in note 8, contains "Resolution No. 725 of August 31, 2011... # Effective as of after 7 days following the day of the official publication" # but which does not contain any reference to September 6, 2011. @@ -2320,7 +2326,7 @@ Zone Europe/Bucharest 1:44:24 - LMT 1891 Oct # http://itar-tass.com/obschestvo/1333711 # http://www.pravo.gov.ru:8080/page.aspx?111660 # http://www.kremlin.ru/acts/46279 -# From October 26, 2014 the new Russian time zone map will looks like this: +# From October 26, 2014 the new Russian time zone map will look like this: # http://www.worldtimezone.com/dst_news/dst_news_russia-map-2014-07.html # From Paul Eggert (2006-03-22): @@ -2367,7 +2373,7 @@ Zone Europe/Bucharest 1:44:24 - LMT 1891 Oct # with maintenance only and represent our best guesses as to which regions # are covered by each zone. They are not meant to be taken as an authoritative # listing. The region codes listed come from -# http://en.wikipedia.org/w/?title=Federal_subjects_of_Russia&oldid=611810498 +# https://en.wikipedia.org/w/?title=Federal_subjects_of_Russia&oldid=611810498 # and are used for convenience only; no guarantees are made regarding their # future stability. ISO 3166-2:RU codes are also listed for first-level # divisions where available. @@ -2532,7 +2538,7 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr # http://www.kaliningradka.ru/site_pc/cherez/index.php?ELEMENT_ID=40091 # says that Kaliningrad decided not to be an exception 2 days before the # 1991-03-31 switch and one person at -# http://izhevsk.ru/forum_light_message/50/682597-m8369040.html +# https://izhevsk.ru/forum_light_message/50/682597-m8369040.html # says he remembers that Samara opted out of the 1992-01-19 exception # 2 days before the switch. # @@ -2604,7 +2610,7 @@ Zone Europe/Simferopol 2:16:24 - LMT 1880 3:00 - MSK 1997 Mar lastSun 1:00u # From Alexander Krivenyshev (2014-03-17): # time change at 2:00 (2am) on March 30, 2014 -# http://vz.ru/news/2014/3/17/677464.html +# https://vz.ru/news/2014/3/17/677464.html # From Paul Eggert (2014-03-30): # Simferopol and Sevastopol reportedly changed their central town clocks # late the previous day, but this appears to have been ceremonial @@ -2787,7 +2793,7 @@ Zone Asia/Omsk 4:53:30 - LMT 1919 Nov 14 # suggests that Altai Republic transitioned to Moscow+3 on # 1995-05-28. # -# http://regnum.ru/news/society/1957270.html +# https://regnum.ru/news/society/1957270.html # has some historical data for Altai Krai: # before 1957: west part on UTC+6, east on UTC+7 # after 1957: UTC+7 @@ -3161,8 +3167,8 @@ Zone Asia/Magadan 10:03:12 - LMT 1924 May 2 # districts, but have very similar populations. In fact, Wikipedia currently # lists them both as having 3528 people, exactly 1668 males and 1860 females # each! (Yikes!) -# http://en.wikipedia.org/w/?title=Srednekolymsky_District&oldid=603435276 -# http://en.wikipedia.org/w/?title=Verkhnekolymsky_District&oldid=594378493 +# https://en.wikipedia.org/w/?title=Srednekolymsky_District&oldid=603435276 +# https://en.wikipedia.org/w/?title=Verkhnekolymsky_District&oldid=594378493 # Assume this is a mistake, albeit an amusing one. # # Looking at censuses, the populations of the two municipalities seem to have @@ -3483,7 +3489,7 @@ Zone Europe/Stockholm 1:12:12 - LMT 1879 Jan 1 # # From Alois Treindl (2013-09-11): # The Federal regulations say -# http://www.admin.ch/opc/de/classified-compilation/20071096/index.html +# https://www.admin.ch/opc/de/classified-compilation/20071096/index.html # ... the meridian for Bern mean time ... is 7 degrees 26' 22.50". # Expressed in time, it is 0h29m45.5s. @@ -3560,9 +3566,9 @@ Zone Europe/Zurich 0:34:08 - LMT 1853 Jul 16 # See above comment. # According to the articles linked below, Turkey will change into summer # time zone (GMT+3) on March 28, 2011 at 3:00 a.m. instead of March 27. # This change is due to a nationwide exam on 27th. -# http://www.worldbulletin.net/?aType=haber&ArticleID=70872 +# https://www.worldbulletin.net/?aType=haber&ArticleID=70872 # Turkish: -# http://www.hurriyet.com.tr/ekonomi/17230464.asp?gid=373 +# https://www.hurriyet.com.tr/yaz-saati-uygulamasi-bir-gun-ileri-alindi-17230464 # From Faruk Pasin (2014-02-14): # The DST for Turkey has been changed for this year because of the @@ -3698,7 +3704,7 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. # http://www.segodnya.ua/news/14290482.html # # Deputies cancelled the winter time (in Russian) -# http://www.pravda.com.ua/rus/news/2011/09/20/6600616/ +# https://www.pravda.com.ua/rus/news/2011/09/20/6600616/ # # From Philip Pizzey (2011-10-18): # Today my Ukrainian colleagues have informed me that the diff --git a/jdk/make/data/tzdata/leapseconds b/jdk/make/data/tzdata/leapseconds index 3823c9abc4..9b4ec9ad47 100644 --- a/jdk/make/data/tzdata/leapseconds +++ b/jdk/make/data/tzdata/leapseconds @@ -26,19 +26,18 @@ # This file is in the public domain. # This file is generated automatically from the data in the public-domain -# leap-seconds.list file available from most NIST time servers. -# If the URL does not work, -# you should be able to pick up leap-seconds.list from a secondary NIST server. -# See for a list of secondary servers. +# leap-seconds.list file, which is copied from: +# ftp://ftp.nist.gov/pub/time/leap-seconds.list # For more about leap-seconds.list, please see # The NTP Timescale and Leap Seconds -# http://www.eecis.udel.edu/~mills/leap.html +# https://www.eecis.udel.edu/~mills/leap.html # The International Earth Rotation and Reference Systems Service # periodically uses leap seconds to keep UTC to within 0.9 s of UT1 # (which measures the true angular orientation of the earth in space); see -# Terry J Quinn, The BIPM and the accurate measure of time, -# Proc IEEE 79, 7 (July 1991), 894-905 . +# Levine J. Coordinated Universal Time and the leap second. +# URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995 +# http://ieeexplore.ieee.org/document/7909995/ # There were no leap seconds before 1972, because the official mechanism # accounting for the discrepancy between atomic time and the earth's rotation # did not exist until the early 1970s. @@ -81,5 +80,5 @@ Leap 2012 Jun 30 23:59:60 + S Leap 2015 Jun 30 23:59:60 + S Leap 2016 Dec 31 23:59:60 + S -# Updated through IERS Bulletin C53 -# File expires on: 28 December 2017 +# Updated through IERS Bulletin C54 +# File expires on: 28 June 2018 diff --git a/jdk/make/data/tzdata/northamerica b/jdk/make/data/tzdata/northamerica index d59d2705b9..99dcc938fa 100644 --- a/jdk/make/data/tzdata/northamerica +++ b/jdk/make/data/tzdata/northamerica @@ -128,10 +128,13 @@ # Last night I heard part of a rebroadcast of a 1945 Arch Oboler radio drama. # In the introduction, Oboler spoke of "Eastern Peace Time." # An AltaVista search turned up: -# http://rowayton.org/rhs/hstaug45.html +# https://web.archive.org/web/20000926032210/http://rowayton.org/rhs/hstaug45.html # "When the time is announced over the radio now, it is 'Eastern Peace # Time' instead of the old familiar 'Eastern War Time.' Peace is wonderful." # (August 1945) by way of confirmation. +# +# From Paul Eggert (2017-09-23): +# This was the V-J Day issue of the Clamdigger, a Rowayton, CT newsletter. # From Joseph Gallant citing # George H. Douglas, _The Early Days of Radio Broadcasting_ (1987): @@ -280,7 +283,7 @@ Zone PST8PDT -8:00 US P%sT # HST and HDT are standardized abbreviations for Hawaii-Aleutian # standard and daylight times. See section 9.47 (p 234) of the # U.S. Government Printing Office Style Manual (2008) -# http://www.gpo.gov/fdsys/pkg/GPO-STYLEMANUAL-2008/pdf/GPO-STYLEMANUAL-2008.pdf +# https://www.gpo.gov/fdsys/pkg/GPO-STYLEMANUAL-2008/pdf/GPO-STYLEMANUAL-2008.pdf # From Arthur David Olson, 2005-08-09 # The following was signed into law on 2005-08-08. @@ -369,7 +372,7 @@ Zone America/New_York -4:56:02 - LMT 1883 Nov 18 12:03:58 # western Tennessee, most of Texas, Wisconsin # From Larry M. Smith (2006-04-26) re Wisconsin: -# http://www.legis.state.wi.us/statutes/Stat0175.pdf ... +# https://docs.legis.wisconsin.gov/statutes/statutes/175.pdf # is currently enforced at the 01:00 time of change. Because the local # "bar time" in the state corresponds to 02:00, a number of citations # are issued for the "sale of class 'B' alcohol after prohibited @@ -378,7 +381,7 @@ Zone America/New_York -4:56:02 - LMT 1883 Nov 18 12:03:58 # From Douglas R. Bomberg (2007-03-12): # Wisconsin has enacted (nearly eleventh-hour) legislation to get WI # Statue 175 closer in synch with the US Congress' intent.... -# http://www.legis.state.wi.us/2007/data/acts/07Act3.pdf +# https://docs.legis.wisconsin.gov/2007/related/acts/3 # From an email administrator of the City of Fort Pierre, SD (2015-12-21): # Fort Pierre is technically located in the Mountain time zone as is @@ -425,7 +428,7 @@ Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21 # ...it appears that Mercer County, North Dakota, changed from the # mountain time zone to the central time zone at the last transition from # daylight-saving to standard time (on Nov. 7, 2010): -# http://www.gpo.gov/fdsys/pkg/FR-2010-09-29/html/2010-24376.htm +# https://www.gpo.gov/fdsys/pkg/FR-2010-09-29/html/2010-24376.htm # http://www.bismarcktribune.com/news/local/article_1eb1b588-c758-11df-b472-001cc4c03286.html # From Andy Lipscomb (2011-01-24): @@ -476,7 +479,7 @@ Zone America/Denver -6:59:56 - LMT 1883 Nov 18 12:00:04 # legal time, and is not part of the data here.) See: # Ross SA. An energy crisis from the past: Northern California in 1948. # Working Paper No. 8, Institute of Governmental Studies, UC Berkeley, -# 1973-11. http://escholarship.org/uc/item/8x22k30c +# 1973-11. https://escholarship.org/uc/item/8x22k30c # # In another measure to save electricity, DST was instituted from 1948-03-14 # at 02:01 to 1949-01-16 at 02:00, with the governor having the option to move @@ -497,8 +500,8 @@ Zone America/Denver -6:59:56 - LMT 1883 Nov 18 12:00:04 # which established DST from April's last Sunday at 01:00 until September's # last Sunday at 02:00. This was amended by 1962's Proposition 6, which changed # the fall-back date to October's last Sunday. See: -# http://repository.uchastings.edu/cgi/viewcontent.cgi?article=1501&context=ca_ballot_props -# http://repository.uchastings.edu/cgi/viewcontent.cgi?article=1636&context=ca_ballot_props +# https://repository.uchastings.edu/cgi/viewcontent.cgi?article=1501&context=ca_ballot_props +# https://repository.uchastings.edu/cgi/viewcontent.cgi?article=1636&context=ca_ballot_props # # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER Rule CA 1948 only - Mar 14 2:01 1:00 D @@ -515,20 +518,31 @@ Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 12:07:02 # Alaska # AK%sT is the modern abbreviation for -09 per USNO. # -# From Paul Eggert (2001-05-30): +# From Paul Eggert (2017-06-15): # Howse writes that Alaska switched from the Julian to the Gregorian calendar, # and from east-of-GMT to west-of-GMT days, when the US bought it from Russia. -# This was on 1867-10-18, a Friday; the previous day was 1867-10-06 Julian, -# also a Friday. Include only the time zone part of this transition, -# ignoring the switch from Julian to Gregorian, since we can't represent -# the Julian calendar. +# On Friday, 1867-10-18 (Gregorian), at precisely 15:30 local time, the +# Russian forts and fleet at Sitka fired salutes to mark the ceremony of +# formal transfer. See the Sacramento Daily Union (1867-11-14), p 3, col 2. +# https://cdnc.ucr.edu/cgi-bin/cdnc?a=d&d=SDU18671114.2.12.1 +# Sitka workers did not change their calendars until Sunday, 1867-10-20, +# and so celebrated two Sundays that week. See: Ahllund T (tr Hallamaa P). +# From the memoirs of a Finnish workman. Alaska History. 2006 Fall;21(2):1-25. +# http://alaskahistoricalsociety.org/wp-content/uploads/2016/12/Ahllund-2006-Memoirs-of-a-Finnish-Workman.pdf +# Include only the time zone part of this transition, ignoring the switch +# from Julian to Gregorian, since we can't represent the Julian calendar. # -# As far as we know, none of the exact locations mentioned below were +# As far as we know, of the locations mentioned below only Sitka was # permanently inhabited in 1867 by anyone using either calendar. -# (Yakutat was colonized by the Russians in 1799, but the settlement -# was destroyed in 1805 by a Yakutat-kon war party.) However, there -# were nearby inhabitants in some cases and for our purposes perhaps -# it's best to simply use the official transition. +# (Yakutat was colonized by the Russians in 1799, but the settlement was +# destroyed in 1805 by a Yakutat-kon war party.) Many of Alaska's inhabitants +# were unaware of the US acquisition of Alaska, much less of any calendar or +# time change. However, the Russian-influenced part of Alaska did observe +# Russian time, and it is more accurate to model this than to ignore it. +# The database format requires an exact transition time; use the Russian +# salute as a somewhat-arbitrary time for the formal transfer of control for +# all of Alaska. Sitka's UTC offset is -9:01:13; adjust its 15:30 to the +# local times of other Alaskan locations so that they change simultaneously. # From Paul Eggert (2014-07-18): # One opinion of the early-1980s turmoil in Alaska over time zones and @@ -581,10 +595,10 @@ Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 12:07:02 # It seems Metlakatla did go off PST on Sunday, November 1, changing # their time to AKST and are going to follow Alaska's DST, switching # between AKST and AKDT from now on.... -# http://www.krbd.org/2015/10/30/annette-island-times-they-are-a-changing/ +# https://www.krbd.org/2015/10/30/annette-island-times-they-are-a-changing/ # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone America/Juneau 15:02:19 - LMT 1867 Oct 18 +Zone America/Juneau 15:02:19 - LMT 1867 Oct 19 15:33:32 -8:57:41 - LMT 1900 Aug 20 12:00 -8:00 - PST 1942 -8:00 US P%sT 1946 @@ -594,7 +608,7 @@ Zone America/Juneau 15:02:19 - LMT 1867 Oct 18 -8:00 US P%sT 1983 Oct 30 2:00 -9:00 US Y%sT 1983 Nov 30 -9:00 US AK%sT -Zone America/Sitka 14:58:47 - LMT 1867 Oct 18 +Zone America/Sitka 14:58:47 - LMT 1867 Oct 19 15:30 -9:01:13 - LMT 1900 Aug 20 12:00 -8:00 - PST 1942 -8:00 US P%sT 1946 @@ -602,7 +616,7 @@ Zone America/Sitka 14:58:47 - LMT 1867 Oct 18 -8:00 US P%sT 1983 Oct 30 2:00 -9:00 US Y%sT 1983 Nov 30 -9:00 US AK%sT -Zone America/Metlakatla 15:13:42 - LMT 1867 Oct 18 +Zone America/Metlakatla 15:13:42 - LMT 1867 Oct 19 15:44:55 -8:46:18 - LMT 1900 Aug 20 12:00 -8:00 - PST 1942 -8:00 US P%sT 1946 @@ -610,14 +624,14 @@ Zone America/Metlakatla 15:13:42 - LMT 1867 Oct 18 -8:00 US P%sT 1983 Oct 30 2:00 -8:00 - PST 2015 Nov 1 2:00 -9:00 US AK%sT -Zone America/Yakutat 14:41:05 - LMT 1867 Oct 18 +Zone America/Yakutat 14:41:05 - LMT 1867 Oct 19 15:12:18 -9:18:55 - LMT 1900 Aug 20 12:00 -9:00 - YST 1942 -9:00 US Y%sT 1946 -9:00 - YST 1969 -9:00 US Y%sT 1983 Nov 30 -9:00 US AK%sT -Zone America/Anchorage 14:00:24 - LMT 1867 Oct 18 +Zone America/Anchorage 14:00:24 - LMT 1867 Oct 19 14:31:37 -9:59:36 - LMT 1900 Aug 20 12:00 -10:00 - AST 1942 -10:00 US A%sT 1967 Apr @@ -625,7 +639,7 @@ Zone America/Anchorage 14:00:24 - LMT 1867 Oct 18 -10:00 US AH%sT 1983 Oct 30 2:00 -9:00 US Y%sT 1983 Nov 30 -9:00 US AK%sT -Zone America/Nome 12:58:21 - LMT 1867 Oct 18 +Zone America/Nome 12:58:22 - LMT 1867 Oct 19 13:29:35 -11:01:38 - LMT 1900 Aug 20 12:00 -11:00 - NST 1942 -11:00 US N%sT 1946 @@ -634,7 +648,7 @@ Zone America/Nome 12:58:21 - LMT 1867 Oct 18 -11:00 US B%sT 1983 Oct 30 2:00 -9:00 US Y%sT 1983 Nov 30 -9:00 US AK%sT -Zone America/Adak 12:13:21 - LMT 1867 Oct 18 +Zone America/Adak 12:13:22 - LMT 1867 Oct 19 12:44:35 -11:46:38 - LMT 1900 Aug 20 12:00 -11:00 - NST 1942 -11:00 US N%sT 1946 @@ -670,7 +684,7 @@ Zone America/Adak 12:13:21 - LMT 1867 Oct 18 # "Hawaiian Time" by Robert C. Schmitt and Doak C. Cox appears on pages 207-225 # of volume 26 of The Hawaiian Journal of History (1992). As of 2010-12-09, # the article is available at -# http://evols.library.manoa.hawaii.edu/bitstream/10524/239/2/JL26215.pdf +# https://evols.library.manoa.hawaii.edu/bitstream/10524/239/2/JL26215.pdf # and indicates that standard time was adopted effective noon, January # 13, 1896 (page 218), that in "1933, the Legislature decreed daylight # saving for the period between the last Sunday of each April and the @@ -769,7 +783,7 @@ Zone America/Boise -7:44:49 - LMT 1883 Nov 18 12:15:11 # Indiana # # For a map of Indiana's time zone regions, see: -# http://en.wikipedia.org/wiki/Time_in_Indiana +# https://en.wikipedia.org/wiki/Time_in_Indiana # # From Paul Eggert (2007-08-17): # Since 1970, most of Indiana has been like America/Indiana/Indianapolis, @@ -996,7 +1010,7 @@ Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58 # From Paul Eggert (2001-07-16): # The final rule was published in the # Federal Register 65, 160 (2000-08-17), pp 50154-50158. -# http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2000_register&docid=fr17au00-22 +# https://www.gpo.gov/fdsys/pkg/FR-2000-08-17/html/00-20854.htm # Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 12:20:36 -6:00 US C%sT 1946 @@ -1022,7 +1036,7 @@ Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 12:20:36 # West Wendover, NV officially switched from Pacific to mountain time on # 1999-10-31. See the # Federal Register 64, 203 (1999-10-21), pp 56705-56707. -# http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=1999_register&docid=fr21oc99-15 +# https://www.gpo.gov/fdsys/pkg/FR-1999-10-21/html/99-27240.htm # However, the Federal Register says that West Wendover already operated # on mountain time, and the rule merely made this official; # hence a separate tz entry is not needed. @@ -1052,12 +1066,23 @@ Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 12:20:36 # one hour in 1914." This change is not in Shanks. We have no more # info, so omit this for now. # +# From Paul Eggert (2017-07-26): +# Although Shanks says Detroit observed DST in 1967 from 06-14 00:01 +# until 10-29 00:01, I now see multiple reports that this is incorrect. +# For example, according to a 50-year anniversary report about the 1967 +# Detroit riots and a major-league doubleheader on 1967-07-23, "By the time +# the last fly ball of the doubleheader settled into the glove of leftfielder +# Lenny Green, it was after 7 p.m. Detroit did not observe daylight saving +# time, so light was already starting to fail. Twilight was made even deeper +# by billowing columns of smoke that ascended in an unbroken wall north of the +# ballpark." See: Dow B. Detroit '67: As violence unfolded, Tigers played two +# at home vs. Yankees. Detroit Free Press 2017-07-23. +# https://www.freep.com/story/sports/mlb/tigers/2017/07/23/detroit-tigers-1967-riot-new-york-yankees/499951001/ +# # Most of Michigan observed DST from 1973 on, but was a bit late in 1975. # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER Rule Detroit 1948 only - Apr lastSun 2:00 1:00 D Rule Detroit 1948 only - Sep lastSun 2:00 0 S -Rule Detroit 1967 only - Jun 14 2:00 1:00 D -Rule Detroit 1967 only - Oct lastSun 2:00 0 S # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone America/Detroit -5:32:11 - LMT 1905 -6:00 - CST 1915 May 15 2:00 @@ -1121,7 +1146,7 @@ Zone America/Menominee -5:50:27 - LMT 1885 Sep 18 12:00 # [PDF] (1914-03) # # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94 -# . +# . # # See the 'europe' file for Greenland. @@ -1167,19 +1192,19 @@ Zone America/Menominee -5:50:27 - LMT 1885 Sep 18 12:00 # The British Columbia government announced yesterday that it will # adjust daylight savings next year to align with changes in the # U.S. and the rest of Canada.... -# http://www2.news.gov.bc.ca/news_releases_2005-2009/2006AG0014-000330.htm +# https://archive.news.gov.bc.ca/releases/news_releases_2005-2009/2006AG0014-000330.htm # ... # Nova Scotia # Daylight saving time will be extended by four weeks starting in 2007.... -# http://www.gov.ns.ca/just/regulations/rg2/2006/ma1206.pdf +# https://www.novascotia.ca/just/regulations/rg2/2006/ma1206.pdf # # [For New Brunswick] the new legislation dictates that the time change is to # be done at 02:00 instead of 00:01. -# http://www.gnb.ca/0062/acts/BBA-2006/Chap-19.pdf +# https://www.gnb.ca/0062/acts/BBA-2006/Chap-19.pdf # ... # Manitoba has traditionally changed the clock every fall at 03:00. # As of 2006, the transition is to take place one hour earlier at 02:00. -# http://web2.gov.mb.ca/laws/statutes/ccsm/o030e.php +# https://web2.gov.mb.ca/laws/statutes/ccsm/o030e.php # ... # [Alberta, Ontario, Quebec] will follow US rules. # http://www.qp.gov.ab.ca/documents/spring/CH03_06.CFM @@ -1193,7 +1218,7 @@ Zone America/Menominee -5:50:27 - LMT 1885 Sep 18 12:00 # http://www.hoa.gov.nl.ca/hoa/bills/Bill0634.htm # ... # Yukon -# http://www.gov.yk.ca/legislation/regs/oic2006_127.pdf +# https://www.gov.yk.ca/legislation/regs/oic2006_127.pdf # ... # N.W.T. will follow US rules. Whoever maintains the government web site # does not seem to believe in bookmarks. To see the news release, click the @@ -1214,8 +1239,8 @@ Zone America/Menominee -5:50:27 - LMT 1885 Sep 18 12:00 # time and daylight saving time arrangements in Canada circa 1998. # # National Research Council Canada maintains info about time zones and DST. -# http://www.nrc-cnrc.gc.ca/eng/services/time/time_zones.html -# http://www.nrc-cnrc.gc.ca/eng/services/time/faq/index.html#Q5 +# https://www.nrc-cnrc.gc.ca/eng/services/time/time_zones.html +# https://www.nrc-cnrc.gc.ca/eng/services/time/faq/index.html#Q5 # Its unofficial information is often taken from Matthews and Vincent. # From Paul Eggert (2006-06-27): @@ -1252,11 +1277,13 @@ Rule Canada 2007 max - Nov Sun>=1 2:00 0 S # Newfoundland and Labrador -# From Paul Eggert (2000-10-02): -# Matthews and Vincent (1998) write that Labrador should use NST/NDT, -# but the only part of Labrador that follows the rules is the -# southeast corner, including Port Hope Simpson and Mary's Harbour, -# but excluding, say, Black Tickle. +# From Paul Eggert (2017-10-14): +# Legally Labrador should observe Newfoundland time; see: +# McLeod J. Labrador time - legal or not? St. John's Telegram, 2017-10-07 +# http://www.thetelegram.com/news/local/labrador-time--legal-or-not-154860/ +# Matthews and Vincent (1998) write that the only part of Labrador +# that follows the rules is the southeast corner, including Port Hope +# Simpson and Mary's Harbour, but excluding, say, Black Tickle. # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule StJohns 1917 only - Apr 8 2:00 1:00 D @@ -1456,7 +1483,7 @@ Zone America/Moncton -4:19:08 - LMT 1883 Dec 9 # http://www.justice.gouv.qc.ca/english/publications/generale/temps-minganie-a.htm # that the coastal strip from just east of Natashquan to Blanc-Sablon # observes Atlantic standard time all year round. -# http://www.assnat.qc.ca/Media/Process.aspx?MediaId=ANQ.Vigie.Bll.DocumentGenerique_8845en +# https://www.assnat.qc.ca/Media/Process.aspx?MediaId=ANQ.Vigie.Bll.DocumentGenerique_8845en # says this common practice was codified into law as of 2007. # For lack of better info, guess this practice began around 1970, contra to # Shanks & Pottenger who have this region observing AST/ADT. @@ -1488,6 +1515,11 @@ Zone America/Blanc-Sablon -3:48:28 - LMT 1884 # earlier in June). # # Kenora, Ontario, was to abandon DST on 1914-06-01 (-05-21). +# +# From Paul Eggert (2017-07-08): +# For more on Orillia, see: Daubs K. Bold attempt at daylight saving +# time became a comic failure in Orillia. Toronto Star 2017-07-08. +# https://www.thestar.com/news/insight/2017/07/08/bold-attempt-at-daylight-saving-time-became-a-comic-failure-in-orillia.html # From Paul Eggert (1997-10-17): # Mark Brader writes that an article in the 1997-10-14 Toronto Star @@ -1979,7 +2011,7 @@ Zone America/Creston -7:46:04 - LMT 1884 # * 1967. Paragraph 28(34)(g) of the Interpretation Act, S.C. 1967-68, # c. 7 defines Yukon standard time as UTC-9.... # see Interpretation Act, R.S.C. 1985, c. I-21, s. 35(1). -# [http://canlii.ca/t/7vhg] +# [https://www.canlii.org/en/ca/laws/stat/rsc-1985-c-i-21/latest/rsc-1985-c-i-21.html] # * C.O. 1973/214 switched Yukon to PST on 1973-10-28 00:00. # * O.I.C. 1980/02 established DST. # * O.I.C. 1987/056 changed DST to Apr firstSun 2:00 to Oct lastSun 2:00. @@ -2044,7 +2076,7 @@ Zone America/Creston -7:46:04 - LMT 1884 # hours behind Greenwich Time. # # * Yukon Standard Time defined as Pacific Standard Time, YCO 1973/214 -# http://www.canlii.org/en/yk/laws/regu/yco-1973-214/latest/yco-1973-214.html +# https://www.canlii.org/en/yk/laws/regu/yco-1973-214/latest/yco-1973-214.html # C.O. 1973/214 INTERPRETATION ACT ... # # 1. Effective October 28, 1973 Commissioner's Order 1967/59 is hereby @@ -2059,7 +2091,7 @@ Zone America/Creston -7:46:04 - LMT 1884 # http://? - no online source found # # * Yukon Daylight Saving Time, YOIC 1987/56 -# http://www.canlii.org/en/yk/laws/regu/yoic-1987-56/latest/yoic-1987-56.html +# https://www.canlii.org/en/yk/laws/regu/yoic-1987-56/latest/yoic-1987-56.html # O.I.C. 1987/056 INTERPRETATION ACT ... # # In every year between @@ -2071,7 +2103,7 @@ Zone America/Creston -7:46:04 - LMT 1884 # Dated ... 9th day of March, A.D., 1987. # # * Yukon Daylight Saving Time 2006, YOIC 2006/127 -# http://www.canlii.org/en/yk/laws/regu/yoic-2006-127/latest/yoic-2006-127.html +# https://www.canlii.org/en/yk/laws/regu/yoic-2006-127/latest/yoic-2006-127.html # O.I.C. 2006/127 INTERPRETATION ACT ... # # 1. In Yukon each year the time for general purposes shall be 7 hours @@ -2085,7 +2117,7 @@ Zone America/Creston -7:46:04 - LMT 1884 # 3. This order comes into force January 1, 2007. # # * Interpretation Act, RSY 2002, c 125 -# http://www.canlii.org/en/yk/laws/stat/rsy-2002-c-125/latest/rsy-2002-c-125.html +# https://www.canlii.org/en/yk/laws/stat/rsy-2002-c-125/latest/rsy-2002-c-125.html # From Rives McDow (1999-09-04): # Nunavut ... moved ... to incorporate the whole territory into one time zone. @@ -2128,7 +2160,7 @@ Zone America/Creston -7:46:04 - LMT 1884 # From Michaela Rodrigue, writing in the # Nunatsiaq News (1999-11-19): -# http://www.nunatsiaq.com/archives/nunavut991130/nvt91119_17.html +# http://www.nunatsiaqonline.ca/archives/nunavut991130/nvt91119_17.html # Clyde River, Pangnirtung and Sanikiluaq now operate with two time zones, # central - or Nunavut time - for government offices, and eastern time # for municipal offices and schools.... Igloolik [was similar but then] @@ -2146,7 +2178,7 @@ Zone America/Creston -7:46:04 - LMT 1884 # Central Time and Southampton Island [in the Central zone] is not # required to use daylight savings. -# From +# From # Nunavut now has two time zones (2000-11-10): # The Nunavut government would allow its employees in Kugluktuk and # Cambridge Bay to operate on central time year-round, putting them @@ -2477,7 +2509,7 @@ Zone America/Dawson -9:17:40 - LMT 1900 Aug 20 # http://gaceta.diputados.gob.mx/Gaceta/61/2009/dic/V2-101209.html # # Our page: -# http://www.timeanddate.com/news/time/north-mexico-dst-change.html +# https://www.timeanddate.com/news/time/north-mexico-dst-change.html # From Arthur David Olson (2010-01-20): # The page @@ -2896,7 +2928,7 @@ Zone America/Costa_Rica -5:36:13 - LMT 1890 # San José # http://www.nnc.cubaweb.cu/marzo-2008/cien-1-11-3-08.htm # # Some more background information is posted here: -# http://www.timeanddate.com/news/time/cuba-starts-dst-march-16.html +# https://www.timeanddate.com/news/time/cuba-starts-dst-march-16.html # # The article also says that Cuba has been observing DST since 1963, # while Shanks (and tzdata) has 1965 as the first date (except in the @@ -2943,7 +2975,7 @@ Zone America/Costa_Rica -5:36:13 - LMT 1890 # San José # http://granma.co.cu/2011/03/08/nacional/artic01.html # # Our info: -# http://www.timeanddate.com/news/time/cuba-starts-dst-2011.html +# https://www.timeanddate.com/news/time/cuba-starts-dst-2011.html # # From Steffen Thorsen (2011-10-30) # Cuba will end DST two weeks later this year. Instead of going back @@ -2953,7 +2985,7 @@ Zone America/Costa_Rica -5:36:13 - LMT 1890 # San José # http://www.radioangulo.cu/noticias/cuba/17105-cuba-restablecera-el-horario-del-meridiano-de-greenwich.html # # Our page: -# http://www.timeanddate.com/news/time/cuba-time-changes-2011.html +# https://www.timeanddate.com/news/time/cuba-time-changes-2011.html # # From Steffen Thorsen (2012-03-01) # According to Radio Reloj, Cuba will start DST on Midnight between March @@ -2963,7 +2995,7 @@ Zone America/Costa_Rica -5:36:13 - LMT 1890 # San José # http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril # # Our info on it: -# http://www.timeanddate.com/news/time/cuba-starts-dst-2012.html +# https://www.timeanddate.com/news/time/cuba-starts-dst-2012.html # From Steffen Thorsen (2012-11-03): # Radio Reloj and many other sources report that Cuba is changing back @@ -3158,8 +3190,8 @@ Zone America/Guatemala -6:02:04 - LMT 1918 Oct 5 # From Steffen Thorsen (2016-03-12): # Jean Antoine, editor of www.haiti-reference.com informed us that Haiti # are not going on DST this year. Several other resources confirm this: ... -# http://www.radiotelevisioncaraibes.com/presse/heure_d_t_pas_de_changement_d_heure_pr_vu_pour_cet_ann_e.html -# http://www.vantbefinfo.com/changement-dheure-pas-pour-haiti/ +# https://www.radiotelevisioncaraibes.com/presse/heure_d_t_pas_de_changement_d_heure_pr_vu_pour_cet_ann_e.html +# https://www.vantbefinfo.com/changement-dheure-pas-pour-haiti/ # http://news.anmwe.com/haiti-lheure-nationale-ne-sera-ni-avancee-ni-reculee-cette-annee/ # From Steffen Thorsen (2017-03-12): @@ -3358,7 +3390,7 @@ Zone America/Miquelon -3:44:40 - LMT 1911 May 15 # St Pierre # Turks and Caicos # # From Chris Dunn in -# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415007 +# https://bugs.debian.org/415007 # (2007-03-15): In the Turks & Caicos Islands (America/Grand_Turk) the # daylight saving dates for time changes have been adjusted to match # the recent U.S. change of dates. @@ -3380,12 +3412,25 @@ Zone America/Miquelon -3:44:40 - LMT 1911 May 15 # St Pierre # "permanent daylight saving time" by one year.... # http://tcweeklynews.com/time-change-to-go-ahead-this-november-p5437-127.htm # +# From the Turks & Caicos Cabinet (2017-07-20), heads-up from Steffen Thorsen: +# ... agreed to the reintroduction in TCI of Daylight Saving Time (DST) +# during the summer months and Standard Time, also known as Local +# Time, during the winter months with effect from April 2018 ... +# https://www.gov.uk/government/news/turks-and-caicos-post-cabinet-meeting-statement--3 +# +# From Paul Eggert (2017-08-26): +# The date of effect of the spring 2018 change appears to be March 11, +# which makes more sense. See: Hamilton D. Time change back +# by March 2018 for TCI. Magnetic Media. 2017-08-25. +# http://magneticmediatv.com/2017/08/time-change-back-by-march-2018-for-tci/ +# # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone America/Grand_Turk -4:44:32 - LMT 1890 -5:07:11 - KMT 1912 Feb # Kingston Mean Time -5:00 - EST 1979 -5:00 US E%sT 2015 Nov Sun>=1 2:00 - -4:00 - AST + -4:00 - AST 2018 Mar 11 3:00 + -5:00 US E%sT # British Virgin Is # Virgin Is diff --git a/jdk/make/data/tzdata/southamerica b/jdk/make/data/tzdata/southamerica index 44dbd95756..d15e8344db 100644 --- a/jdk/make/data/tzdata/southamerica +++ b/jdk/make/data/tzdata/southamerica @@ -45,7 +45,7 @@ # # For data circa 1899, a common source is: # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94. -# http://www.jstor.org/stable/1774359 +# https://www.jstor.org/stable/1774359 # # These tables use numeric abbreviations like -03 and -0330 for # integer hour and minute UTC offsets. Although earlier editions used @@ -288,8 +288,8 @@ Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S # # Es inminente que en San Luis atrasen una hora los relojes # (It is imminent in San Luis clocks one hour delay) -# http://www.lagaceta.com.ar/nota/253414/Economia/Es-inminente-que-en-San-Luis-atrasen-una-hora-los-relojes.html -# http://www.worldtimezone.net/dst_news/dst_news_argentina02.html +# https://www.lagaceta.com.ar/nota/253414/Economia/Es-inminente-que-en-San-Luis-atrasen-una-hora-los-relojes.html +# http://www.worldtimezone.com/dst_news/dst_news_argentina02.html # From Jesper Nørgaard Welen (2008-01-18): # The page of the San Luis provincial government @@ -408,7 +408,7 @@ Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S # Perhaps San Luis operates on the legal fiction that it is at -04 # with perpetual summer time, but ordinary usage typically seems to # just say it's at -03; see, for example, -# http://es.wikipedia.org/wiki/Hora_oficial_argentina +# https://es.wikipedia.org/wiki/Hora_oficial_argentina # We've documented similar situations as being plain changes to # standard time, so let's do that here too. This does not change UTC # offsets, only tm_isdst and the time zone abbreviations. One minor @@ -739,7 +739,7 @@ Zone America/La_Paz -4:32:36 - LMT 1890 # (Portuguese) # # We have a written a short article about it as well: -# http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html +# https://www.timeanddate.com/news/time/brazil-dst-2008-2009.html # # From Alexander Krivenyshev (2011-10-04): # State Bahia will return to Daylight savings time this year after 8 years off. @@ -748,7 +748,7 @@ Zone America/La_Paz -4:32:36 - LMT 1890 # In Portuguese: # http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html -# http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html +# https://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html # From Guilherme Bernardes Rodrigues (2011-10-07): # There is news in the media, however there is still no decree about it. @@ -774,16 +774,16 @@ Zone America/La_Paz -4:32:36 - LMT 1890 # From Rodrigo Severo (2012-10-16): # Tocantins state will have DST. -# http://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html +# https://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html # From Steffen Thorsen (2013-09-20): # Tocantins in Brazil is very likely not to observe DST from October.... # http://conexaoto.com.br/2013/09/18/ministerio-confirma-que-tocantins-esta-fora-do-horario-de-verao-em-2013-mas-falta-publicacao-de-decreto # We will keep this article updated when this is confirmed: -# http://www.timeanddate.com/news/time/brazil-starts-dst-2013.html +# https://www.timeanddate.com/news/time/brazil-starts-dst-2013.html # From Steffen Thorsen (2013-10-17): -# http://www.timeanddate.com/news/time/acre-amazonas-change-time-zone.html +# https://www.timeanddate.com/news/time/acre-amazonas-change-time-zone.html # Senator Jorge Viana announced that Acre will change time zone on November 10. # He did not specify the time of the change, nor if western parts of Amazonas # will change as well. @@ -1099,18 +1099,18 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 # the following source, cited by Oscar van Vlijmen (2006-10-08): # [1] Chile Law # http://www.webexhibits.org/daylightsaving/chile.html -# This contains a copy of a this official table: +# This contains a copy of this official table: # Cambios en la hora oficial de Chile desde 1900 (retrieved 2008-03-30) -# http://web.archive.org/web/20080330200901/http://www.horaoficial.cl/cambio.htm +# https://web.archive.org/web/20080330200901/http://www.horaoficial.cl/cambio.htm # [1] needs several corrections, though. # # The first set of corrections is from: # [2] History of the Official Time of Chile # http://www.horaoficial.cl/ing/horaof_ing.html (retrieved 2012-03-06). See: -# http://web.archive.org/web/20120306042032/http://www.horaoficial.cl/ing/horaof_ing.html +# https://web.archive.org/web/20120306042032/http://www.horaoficial.cl/ing/horaof_ing.html # This is an English translation of: # Historia de la hora oficial de Chile (retrieved 2012-10-24). See: -# http://web.archive.org/web/20121024234627/http://www.horaoficial.cl/horaof.htm +# https://web.archive.org/web/20121024234627/http://www.horaoficial.cl/horaof.htm # A fancier Spanish version (requiring mouse-clicking) is at: # http://www.horaoficial.cl/historia_hora.html # Conflicts between [1] and [2] were resolved as follows: @@ -1386,10 +1386,10 @@ Link America/Curacao America/Kralendijk # Caribbean Netherlands # Milne says the Central and South American Telegraph Company used -5:24:15. # # From Alois Treindl (2016-12-15): -# http://www.elcomercio.com/actualidad/hora-sixto-1993.html +# https://www.elcomercio.com/actualidad/hora-sixto-1993.html # ... Whether the law applied also to Galápagos, I do not know. # From Paul Eggert (2016-12-15): -# http://www.elcomercio.com/afull/modificacion-husohorario-ecuador-presidentes-decreto.html +# https://www.elcomercio.com/afull/modificacion-husohorario-ecuador-presidentes-decreto.html # This says President Sixto Durán Ballén signed decree No. 285, which # established DST from 1992-11-28 to 1993-02-05; it does not give transition # times. The people called it "hora de Sixto" ("Sixto hour"). The change did @@ -1801,7 +1801,7 @@ Zone America/Montevideo -3:44:44 - LMT 1898 Jun 28 # hours of presidential broadcasts, hours of lines,' quipped comedian # Jean Mary Curró ...". See: Cawthorne A, Kai D. Venezuela scraps # half-hour time difference set by Chavez. Reuters 2016-04-15 14:50 -0400 -# http://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE +# https://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE # # From Matt Johnson (2016-04-20): # ... published in the official Gazette [2016-04-18], here: diff --git a/jdk/make/data/tzdata/zone.tab b/jdk/make/data/tzdata/zone.tab index 8d6247d21a..b1a7f07724 100644 --- a/jdk/make/data/tzdata/zone.tab +++ b/jdk/make/data/tzdata/zone.tab @@ -209,7 +209,7 @@ GB +513030-0000731 Europe/London GD +1203-06145 America/Grenada GE +4143+04449 Asia/Tbilisi GF +0456-05220 America/Cayenne -GG +4927-00232 Europe/Guernsey +GG +492717-0023210 Europe/Guernsey GH +0533-00013 Africa/Accra GI +3608-00521 Europe/Gibraltar GL +6411-05144 America/Godthab Greenland (most areas) @@ -244,7 +244,7 @@ IQ +3321+04425 Asia/Baghdad IR +3540+05126 Asia/Tehran IS +6409-02151 Atlantic/Reykjavik IT +4154+01229 Europe/Rome -JE +4912-00207 Europe/Jersey +JE +491101-0020624 Europe/Jersey JM +175805-0764736 America/Jamaica JO +3157+03556 Asia/Amman JP +353916+1394441 Asia/Tokyo diff --git a/jdk/make/lib/Awt2dLibraries.gmk b/jdk/make/lib/Awt2dLibraries.gmk index 3eafa4a47e..497268241d 100644 --- a/jdk/make/lib/Awt2dLibraries.gmk +++ b/jdk/make/lib/Awt2dLibraries.gmk @@ -658,7 +658,7 @@ endif $(eval $(call SetupNativeCompilation,BUILD_LIBFONTMANAGER, \ LIBRARY := fontmanager, \ - OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ + OUTPUT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libfontmanager, \ SRC := $(LIBFONTMANAGER_SRC), \ EXCLUDE_FILES := $(LIBFONTMANAGER_EXCLUDE_FILES) \ AccelGlyphCache.c, \ @@ -702,6 +702,21 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBFONTMANAGER, \ OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libfontmanager, \ )) +$(INSTALL_LIBRARIES_HERE)/$(call SHARED_LIBRARY,fontmanager): $(BUILD_LIBFONTMANAGER_TARGET) + $(install-file) + ifneq ($(FREETYPE_BUNDLE_LIB_PATH), ) + ifeq ($(OPENJDK_TARGET_OS), macosx) + # If bundling freetype on macosx, we need to rewrite the rpath location + # in the libfontmanager library to point to the bundled location + $(INSTALL_NAME_TOOL) -change \ + `$(OTOOL) -D $(FREETYPE_BUNDLE_LIB_PATH)/$(call SHARED_LIBRARY,freetype) | $(TAIL) -n1` \ + '@rpath/$(call SHARED_LIBRARY,freetype)' \ + $@ + endif + endif + +BUILD_LIBFONTMANAGER += $(INSTALL_LIBRARIES_HERE)/$(call SHARED_LIBRARY,fontmanager) + $(BUILD_LIBFONTMANAGER): $(BUILD_LIBAWT) ifneq (, $(findstring $(OPENJDK_TARGET_OS), solaris aix)) diff --git a/jdk/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m b/jdk/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m index cdc39aa792..fceaff1193 100644 --- a/jdk/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m +++ b/jdk/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -433,6 +433,11 @@ JNIEXPORT jbyteArray JNICALL Java_apple_security_KeychainStore__1getEncodedKeyDa goto errOut; } passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen); + + // clear the password and release + memset(passwordChars, 0, passwordLen); + (*env)->ReleaseCharArrayElements(env, passwordObj, passwordChars, + JNI_ABORT); } } @@ -519,8 +524,19 @@ JNF_COCOA_ENTER(env); if (passwordObj) { passwordLen = (*env)->GetArrayLength(env, passwordObj); - passwordChars = (*env)->GetCharArrayElements(env, passwordObj, NULL); - passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen); + + if (passwordLen > 0) { + passwordChars = (*env)->GetCharArrayElements(env, passwordObj, NULL); + if (passwordChars == NULL) { + goto errOut; + } + passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen); + + // clear the password and release + memset(passwordChars, 0, passwordLen); + (*env)->ReleaseCharArrayElements(env, passwordObj, passwordChars, + JNI_ABORT); + } } paramBlock.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java index 9d11f0091d..1fefe6e1ad 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -156,7 +156,7 @@ abstract class AESCipher extends CipherSpi { throw new InvalidKeyException("Key encoding must not be null"); } else if (value.length != fixedKeySize) { throw new InvalidKeyException("The key must be " + - fixedKeySize*8 + " bits"); + fixedKeySize + " bytes"); } } } @@ -509,7 +509,7 @@ abstract class AESCipher extends CipherSpi { throw new InvalidKeyException("Invalid AES key length: " + encoded.length + " bytes"); } - return encoded.length * 8; + return Math.multiplyExact(encoded.length, 8); } /** @@ -628,9 +628,9 @@ abstract class AESCipher extends CipherSpi { } if (src != null) { int aadLen = src.limit() - src.position(); - if (aadLen != 0) { + if (aadLen > 0) { if (src.hasArray()) { - int aadOfs = src.arrayOffset() + src.position(); + int aadOfs = Math.addExact(src.arrayOffset(), src.position()); core.updateAAD(src.array(), aadOfs, aadLen); src.position(src.limit()); } else { diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java index 29a22ad64b..95a8c5a6fa 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -156,7 +156,7 @@ abstract class AESWrapCipher extends CipherSpi { if (decrypting) { result = inputLen - 8; } else { - result = inputLen + 8; + result = Math.addExact(inputLen, 8); } return (result < 0? 0:result); } @@ -378,7 +378,7 @@ abstract class AESWrapCipher extends CipherSpi { throw new InvalidKeyException("Invalid key length: " + encoded.length + " bytes"); } - return encoded.length * 8; + return Math.multiplyExact(encoded.length, 8); } /** @@ -404,7 +404,7 @@ abstract class AESWrapCipher extends CipherSpi { throw new InvalidKeyException("Cannot get an encoding of " + "the key to be wrapped"); } - byte[] out = new byte[keyVal.length + 8]; + byte[] out = new byte[Math.addExact(keyVal.length, 8)]; if (keyVal.length == 8) { System.arraycopy(IV, 0, out, 0, IV.length); diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java index f5b99c1ae5..cfa4835883 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -257,7 +257,7 @@ public final class ARCFOURCipher extends CipherSpi { // see JCE spec protected int engineGetKeySize(Key key) throws InvalidKeyException { byte[] encodedKey = getEncodedKey(key); - return encodedKey.length << 3; + return Math.multiplyExact(encodedKey.length, 8); } } diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java index 54de9984eb..e991108e8e 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -373,7 +373,7 @@ public final class BlowfishCipher extends CipherSpi { * @exception InvalidKeyException if key is invalid. */ protected int engineGetKeySize(Key key) throws InvalidKeyException { - return (key.getEncoded().length * 8); + return Math.multiplyExact(key.getEncoded().length, 8); } /** diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java index 106ee91392..87f47722e4 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -324,13 +324,14 @@ final class CipherCore { } private int getOutputSizeByOperation(int inputLen, boolean isDoFinal) { - int totalLen = buffered + inputLen + cipher.getBufferedLength(); + int totalLen = Math.addExact(buffered, cipher.getBufferedLength()); + totalLen = Math.addExact(totalLen, inputLen); switch (cipherMode) { case GCM_MODE: if (isDoFinal) { int tagLen = ((GaloisCounterMode) cipher).getTagLen(); if (!decrypting) { - totalLen += tagLen; + totalLen = Math.addExact(totalLen, tagLen); } else { totalLen -= tagLen; } @@ -346,10 +347,10 @@ final class CipherCore { totalLen = diffBlocksize; } else { int residue = (totalLen - diffBlocksize) % blockSize; - totalLen += (blockSize - residue); + totalLen = Math.addExact(totalLen, (blockSize - residue)); } } else { - totalLen += padding.padLength(totalLen); + totalLen = Math.addExact(totalLen, padding.padLength(totalLen)); } } break; @@ -711,7 +712,8 @@ final class CipherCore { } // figure out how much can be sent to crypto function - int len = buffered + inputLen - minBytes; + int len = Math.addExact(buffered, inputLen); + len -= minBytes; if (padding != null && decrypting) { // do not include the padding bytes when decrypting len -= blockSize; @@ -730,12 +732,12 @@ final class CipherCore { int outLen = 0; if (len != 0) { // there is some work to do if ((input == output) - && (outputOffset < (inputOffset + inputLen)) - && (inputOffset < (outputOffset + buffer.length))) { + && (outputOffset - inputOffset < inputLen) + && (inputOffset - outputOffset < buffer.length)) { // copy 'input' out to avoid its content being // overwritten prematurely. input = Arrays.copyOfRange(input, inputOffset, - inputOffset + inputLen); + Math.addExact(inputOffset, inputLen)); inputOffset = 0; } if (len <= buffered) { @@ -757,13 +759,13 @@ final class CipherCore { if (bufferCapacity != 0) { temp = Math.min(bufferCapacity, inputConsumed); if (unitBytes != blockSize) { - temp -= ((buffered + temp) % unitBytes); + temp -= (Math.addExact(buffered, temp) % unitBytes); } System.arraycopy(input, inputOffset, buffer, buffered, temp); - inputOffset += temp; + inputOffset = Math.addExact(inputOffset, temp); inputConsumed -= temp; inputLen -= temp; - buffered += temp; + buffered = Math.addExact(buffered, temp); } // process 'buffer' if (decrypting) { @@ -771,7 +773,7 @@ final class CipherCore { } else { outLen = cipher.encrypt(buffer, 0, buffered, output, outputOffset); } - outputOffset += outLen; + outputOffset = Math.addExact(outputOffset, outLen); buffered = 0; } if (inputConsumed > 0) { // still has input to process @@ -802,7 +804,7 @@ final class CipherCore { if (inputLen > 0) { System.arraycopy(input, inputOffset, buffer, buffered, inputLen); - buffered += inputLen; + buffered = Math.addExact(buffered, inputLen); } return outLen; } @@ -912,10 +914,10 @@ final class CipherCore { } // calculate total input length - int len = buffered + inputLen; + int len = Math.addExact(buffered, inputLen); // calculate padding length - int totalLen = len + cipher.getBufferedLength(); + int totalLen = Math.addExact(len, cipher.getBufferedLength()); int paddingLen = 0; // will the total input length be a multiple of blockSize? if (unitBytes != blockSize) { @@ -948,12 +950,12 @@ final class CipherCore { int finalBufLen = inputLen; if ((buffered != 0) || (!decrypting && padding != null) || ((input == output) - && (outputOffset < (inputOffset + inputLen)) - && (inputOffset < (outputOffset + buffer.length)))) { + && (outputOffset - inputOffset < inputLen) + && (inputOffset - outputOffset < buffer.length))) { if (decrypting || padding == null) { paddingLen = 0; } - finalBuf = new byte[len + paddingLen]; + finalBuf = new byte[Math.addExact(len, paddingLen)]; finalOffset = 0; if (buffered != 0) { System.arraycopy(buffer, 0, finalBuf, 0, buffered); @@ -963,7 +965,7 @@ final class CipherCore { buffered, inputLen); } if (paddingLen != 0) { - padding.padWithLen(finalBuf, (buffered+inputLen), paddingLen); + padding.padWithLen(finalBuf, Math.addExact(buffered, inputLen), paddingLen); } finalBufLen = finalBuf.length; } diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java index d3f1c99df2..bcc911675c 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java @@ -25,6 +25,7 @@ package com.sun.crypto.provider; +import java.lang.ref.Reference; import java.security.MessageDigest; import java.security.KeyRep; import java.security.InvalidKeyException; @@ -79,7 +80,12 @@ final class DESKey implements SecretKey { public byte[] getEncoded() { // Return a copy of the key, rather than a reference, // so that the key data cannot be modified from outside - return this.key.clone(); + + // The key is zeroized by finalize() + // The reachability fence ensures finalize() isn't called early + byte[] result = key.clone(); + Reference.reachabilityFence(this); + return result; } public String getAlgorithm() { diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java index 9695ba39e6..14c4e4f14e 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java @@ -25,6 +25,7 @@ package com.sun.crypto.provider; +import java.lang.ref.Reference; import java.security.MessageDigest; import java.security.KeyRep; import java.security.InvalidKeyException; @@ -79,7 +80,11 @@ final class DESedeKey implements SecretKey { } public byte[] getEncoded() { - return this.key.clone(); + // The key is zeroized by finalize() + // The reachability fence ensures finalize() isn't called early + byte[] result = key.clone(); + Reference.reachabilityFence(this); + return result; } public String getAlgorithm() { diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java index 68b2cbac64..df00ec2736 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -140,7 +140,7 @@ public final class DESedeWrapCipher extends CipherSpi { if (decrypting) { result = inputLen - 16; // CHECKSUM_LEN + IV_LEN; } else { - result = inputLen + 16; + result = Math.addExact(inputLen, 16); } return (result < 0? 0:result); } @@ -449,11 +449,11 @@ public final class DESedeWrapCipher extends CipherSpi { } byte[] cks = getChecksum(keyVal); - byte[] in = new byte[keyVal.length + CHECKSUM_LEN]; + byte[] in = new byte[Math.addExact(keyVal.length, CHECKSUM_LEN)]; System.arraycopy(keyVal, 0, in, 0, keyVal.length); System.arraycopy(cks, 0, in, keyVal.length, CHECKSUM_LEN); - byte[] out = new byte[iv.length + in.length]; + byte[] out = new byte[Math.addExact(iv.length, in.length)]; System.arraycopy(iv, 0, out, 0, iv.length); cipher.encrypt(in, 0, in.length, out, iv.length); diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java index 6a2f298fe6..201d47ca7f 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,11 +28,13 @@ package com.sun.crypto.provider; import java.util.*; import java.lang.*; import java.math.BigInteger; +import java.security.AccessController; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import java.security.PrivilegedAction; import java.security.ProviderException; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidKeySpecException; @@ -60,6 +62,17 @@ extends KeyAgreementSpi { private BigInteger x = BigInteger.ZERO; // the private value private BigInteger y = BigInteger.ZERO; + private static class AllowKDF { + + private static final boolean VALUE = getValue(); + + private static boolean getValue() { + return AccessController.doPrivileged( + (PrivilegedAction) + () -> Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF")); + } + } + /** * Empty constructor */ @@ -367,6 +380,14 @@ extends KeyAgreementSpi { if (algorithm == null) { throw new NoSuchAlgorithmException("null algorithm"); } + + if (!algorithm.equalsIgnoreCase("TlsPremasterSecret") && + !AllowKDF.VALUE) { + + throw new NoSuchAlgorithmException("Unsupported secret key " + + "algorithm: " + algorithm); + } + byte[] secret = engineGenerateSecret(); if (algorithm.equalsIgnoreCase("DES")) { // DES diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java index 2322741110..3399cc5a3a 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHGenParameterSpec; import sun.security.provider.ParameterCache; +import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE; /** * This class represents the key pair generator for Diffie-Hellman key pairs. @@ -42,8 +43,7 @@ import sun.security.provider.ParameterCache; *
    *
  • By providing the size in bits of the prime modulus - * This will be used to create a prime modulus and base generator, which will - * then be used to create the Diffie-Hellman key pair. The default size of the - * prime modulus is 2048 bits. + * then be used to create the Diffie-Hellman key pair. *
  • By providing a prime modulus and base generator *
* @@ -68,7 +68,7 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi { public DHKeyPairGenerator() { super(); - initialize(2048, null); + initialize(DEF_DH_KEY_SIZE, null); } private static void checkKeySize(int keysize) diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java index f8001b5ab2..293dfd895a 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,8 @@ import java.security.spec.*; import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHGenParameterSpec; +import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE; + /* * This class generates parameters for the Diffie-Hellman algorithm. * The parameters are a prime, a base, and optionally the length in bits of @@ -38,7 +40,6 @@ import javax.crypto.spec.DHGenParameterSpec; * *

The Diffie-Hellman parameter generation accepts the size in bits of the * prime modulus and the size in bits of the random exponent as input. - * The size of the prime modulus defaults to 2048 bits. * * @author Jan Luehe * @@ -50,7 +51,7 @@ import javax.crypto.spec.DHGenParameterSpec; public final class DHParameterGenerator extends AlgorithmParameterGeneratorSpi { // The size in bits of the prime modulus - private int primeSize = 2048; + private int primeSize = DEF_DH_KEY_SIZE; // The size in bits of the random exponent (private value) private int exponentSize = 0; diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/ISO10126Padding.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/ISO10126Padding.java index a7134238e1..6562a10760 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/ISO10126Padding.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/ISO10126Padding.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,8 @@ final class ISO10126Padding implements Padding { if (in == null) return; - if ((off + len) > in.length) { + int idx = Math.addExact(off, len); + if (idx > in.length) { throw new ShortBufferException("Buffer too small to hold padding"); } @@ -71,7 +72,7 @@ final class ISO10126Padding implements Padding { byte[] padding = new byte[len - 1]; SunJCE.getRandom().nextBytes(padding); System.arraycopy(padding, 0, in, off, len - 1); - in[off + len - 1] = paddingOctet; + in[idx - 1] = paddingOctet; return; } @@ -94,14 +95,15 @@ final class ISO10126Padding implements Padding { return 0; } - byte lastByte = in[off + len - 1]; + int idx = Math.addExact(off, len); + byte lastByte = in[idx - 1]; int padValue = (int)lastByte & 0x0ff; if ((padValue < 0x01) || (padValue > blockSize)) { return -1; } - int start = off + len - padValue; + int start = idx - padValue; if (start < off) { return -1; } diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java index ccf49b7a80..f3190b39a2 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,12 +27,14 @@ package com.sun.crypto.provider; import java.io.*; import java.util.*; +import java.security.AccessController; import java.security.DigestInputStream; import java.security.DigestOutputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.Key; import java.security.PrivateKey; +import java.security.PrivilegedAction; import java.security.KeyStoreSpi; import java.security.KeyStoreException; import java.security.UnrecoverableKeyException; @@ -835,11 +837,21 @@ public final class JceKeyStore extends KeyStoreSpi { // read the sealed key try { ois = new ObjectInputStream(dis); + final ObjectInputStream ois2 = ois; + // Set a deserialization checker + AccessController.doPrivileged( + (PrivilegedAction)() -> { + ois2.setObjectInputFilter( + new DeserializationChecker()); + return null; + }); entry.sealedKey = (SealedObject)ois.readObject(); // NOTE: don't close ois here since we are still // using dis!!! } catch (ClassNotFoundException cnfe) { throw new IOException(cnfe.getMessage()); + } catch (InvalidClassException ice) { + throw new IOException("Invalid secret key format"); } // Add the entry to the list @@ -916,4 +928,34 @@ public final class JceKeyStore extends KeyStoreSpi { return JCEKS_MAGIC == dataStream.readInt(); } + + /* + * An ObjectInputFilter that checks the format of the secret key being + * deserialized. + */ + private static class DeserializationChecker implements ObjectInputFilter { + private static final int MAX_NESTED_DEPTH = 2; + + @Override + public ObjectInputFilter.Status + checkInput(ObjectInputFilter.FilterInfo info) { + + // First run a custom filter + long nestedDepth = info.depth(); + if ((nestedDepth == 1 && + info.serialClass() != SealedObjectForKeyProtector.class) || + nestedDepth > MAX_NESTED_DEPTH) { + return Status.REJECTED; + } + + // Next run the default filter, if available + ObjectInputFilter defaultFilter = + ObjectInputFilter.Config.getSerialFilter(); + if (defaultFilter != null) { + return defaultFilter.checkInput(info); + } + + return Status.UNDECIDED; + } + } } diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java index 53fea3053c..823d7bdb8d 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,6 +38,7 @@ import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.UnrecoverableKeyException; import java.security.AlgorithmParameters; +import java.security.spec.InvalidParameterSpecException; import java.security.spec.PKCS8EncodedKeySpec; import javax.crypto.Cipher; @@ -74,6 +75,8 @@ final class KeyProtector { // keys in the keystore implementation that comes with JDK 1.2) private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1"; + private static final int MAX_ITERATION_COUNT = 5000000; + private static final int ITERATION_COUNT = 200000; private static final int SALT_LEN = 20; // the salt length private static final int DIGEST_LEN = 20; @@ -100,7 +103,7 @@ final class KeyProtector { SunJCE.getRandom().nextBytes(salt); // create PBE parameters from salt and iteration count - PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20); + PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT); // create PBE key from password PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); @@ -155,6 +158,9 @@ final class KeyProtector { pbeParams.init(encodedParams); PBEParameterSpec pbeSpec = pbeParams.getParameterSpec(PBEParameterSpec.class); + if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) { + throw new IOException("PBE iteration count too large"); + } // create PBE key from password PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); @@ -285,7 +291,7 @@ final class KeyProtector { SunJCE.getRandom().nextBytes(salt); // create PBE parameters from salt and iteration count - PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20); + PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT); // create PBE key from password PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); @@ -326,6 +332,15 @@ final class KeyProtector { throw new UnrecoverableKeyException("Cannot get " + "algorithm parameters"); } + PBEParameterSpec pbeSpec; + try { + pbeSpec = params.getParameterSpec(PBEParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { + throw new IOException("Invalid PBE algorithm parameters"); + } + if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) { + throw new IOException("PBE iteration count too large"); + } PBEWithMD5AndTripleDESCipher cipherSpi; cipherSpi = new PBEWithMD5AndTripleDESCipher(); Cipher cipher = new CipherForKeyProtector(cipherSpi, diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBECipherCore.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBECipherCore.java deleted file mode 100644 index 98f85cf04b..0000000000 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBECipherCore.java +++ /dev/null @@ -1,535 +0,0 @@ -/* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.crypto.provider; - -import java.security.*; -import java.security.spec.*; -import javax.crypto.*; -import javax.crypto.spec.*; - -/** - * This class represents password-based encryption as defined by the PKCS #5 - * standard. - * - * @author Jan Luehe - * - * - * @see javax.crypto.Cipher - */ -final class PBECipherCore { - - // the encapsulated DES cipher - private CipherCore cipher; - private MessageDigest md; - private int blkSize; - private String algo = null; - private byte[] salt = null; - private int iCount = 10; - - /** - * Creates an instance of PBE Cipher using the specified CipherSpi - * instance. - * - */ - PBECipherCore(String cipherAlg) throws NoSuchAlgorithmException, - NoSuchPaddingException { - algo = cipherAlg; - if (algo.equals("DES")) { - cipher = new CipherCore(new DESCrypt(), - DESConstants.DES_BLOCK_SIZE); - } else if (algo.equals("DESede")) { - - cipher = new CipherCore(new DESedeCrypt(), - DESConstants.DES_BLOCK_SIZE); - } else { - throw new NoSuchAlgorithmException("No Cipher implementation " + - "for PBEWithMD5And" + algo); - } - cipher.setMode("CBC"); - cipher.setPadding("PKCS5Padding"); - // get instance of MD5 - md = MessageDigest.getInstance("MD5"); - } - - /** - * Sets the mode of this cipher. This algorithm can only be run in CBC - * mode. - * - * @param mode the cipher mode - * - * @exception NoSuchAlgorithmException if the requested cipher mode is - * invalid - */ - void setMode(String mode) throws NoSuchAlgorithmException { - cipher.setMode(mode); - } - - /** - * Sets the padding mechanism of this cipher. This algorithm only uses - * PKCS #5 padding. - * - * @param padding the padding mechanism - * - * @exception NoSuchPaddingException if the requested padding mechanism - * is invalid - */ - void setPadding(String paddingScheme) throws NoSuchPaddingException { - cipher.setPadding(paddingScheme); - } - - /** - * Returns the block size (in bytes). - * - * @return the block size (in bytes) - */ - int getBlockSize() { - return DESConstants.DES_BLOCK_SIZE; - } - - /** - * Returns the length in bytes that an output buffer would need to be in - * order to hold the result of the next update or - * doFinal operation, given the input length - * inputLen (in bytes). - * - *

This call takes into account any unprocessed (buffered) data from a - * previous update call, and padding. - * - *

The actual output length of the next update or - * doFinal call may be smaller than the length returned by - * this method. - * - * @param inputLen the input length (in bytes) - * - * @return the required output buffer size (in bytes) - * - */ - int getOutputSize(int inputLen) { - return cipher.getOutputSize(inputLen); - } - - /** - * Returns the initialization vector (IV) in a new buffer. - * - *

This is useful in the case where a random IV has been created - * (see init), - * or in the context of password-based encryption or - * decryption, where the IV is derived from a user-supplied password. - * - * @return the initialization vector in a new buffer, or null if the - * underlying algorithm does not use an IV, or if the IV has not yet - * been set. - */ - byte[] getIV() { - return cipher.getIV(); - } - - /** - * Returns the parameters used with this cipher. - * - *

The returned parameters may be the same that were used to initialize - * this cipher, or may contain the default set of parameters or a set of - * randomly generated parameters used by the underlying cipher - * implementation (provided that the underlying cipher implementation - * uses a default set of parameters or creates new parameters if it needs - * parameters but was not initialized with any). - * - * @return the parameters used with this cipher, or null if this cipher - * does not use any parameters. - */ - AlgorithmParameters getParameters() { - AlgorithmParameters params = null; - if (salt == null) { - salt = new byte[8]; - SunJCE.getRandom().nextBytes(salt); - } - PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount); - try { - params = AlgorithmParameters.getInstance("PBEWithMD5And" + - (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), - SunJCE.getInstance()); - params.init(pbeSpec); - } catch (NoSuchAlgorithmException nsae) { - // should never happen - throw new RuntimeException("SunJCE called, but not configured"); - } catch (InvalidParameterSpecException ipse) { - // should never happen - throw new RuntimeException("PBEParameterSpec not supported"); - } - return params; - } - - /** - * Initializes this cipher with a key, a set of - * algorithm parameters, and a source of randomness. - * The cipher is initialized for one of the following four operations: - * encryption, decryption, key wrapping or key unwrapping, depending on - * the value of opmode. - * - *

If this cipher (including its underlying feedback or padding scheme) - * requires any random bytes, it will get them from random. - * - * @param opmode the operation mode of this cipher (this is one of - * the following: - * ENCRYPT_MODE, DECRYPT_MODE), - * WRAP_MODE or UNWRAP_MODE) - * @param key the encryption key - * @param params the algorithm parameters - * @param random the source of randomness - * - * @exception InvalidKeyException if the given key is inappropriate for - * initializing this cipher - * @exception InvalidAlgorithmParameterException if the given algorithm - * parameters are inappropriate for this cipher - */ - void init(int opmode, Key key, AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException { - if (((opmode == Cipher.DECRYPT_MODE) || - (opmode == Cipher.UNWRAP_MODE)) && (params == null)) { - throw new InvalidAlgorithmParameterException("Parameters " - + "missing"); - } - if ((key == null) || - (key.getEncoded() == null) || - !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) { - throw new InvalidKeyException("Missing password"); - } - - if (params == null) { - // create random salt and use default iteration count - salt = new byte[8]; - random.nextBytes(salt); - } else { - if (!(params instanceof PBEParameterSpec)) { - throw new InvalidAlgorithmParameterException - ("Wrong parameter type: PBE expected"); - } - salt = ((PBEParameterSpec) params).getSalt(); - // salt must be 8 bytes long (by definition) - if (salt.length != 8) { - throw new InvalidAlgorithmParameterException - ("Salt must be 8 bytes long"); - } - iCount = ((PBEParameterSpec) params).getIterationCount(); - if (iCount <= 0) { - throw new InvalidAlgorithmParameterException - ("IterationCount must be a positive number"); - } - } - - byte[] derivedKey = deriveCipherKey(key); - // use all but the last 8 bytes as the key value - SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0, - derivedKey.length-8, algo); - // use the last 8 bytes as the IV - IvParameterSpec ivSpec = new IvParameterSpec(derivedKey, - derivedKey.length-8, - 8); - // initialize the underlying cipher - cipher.init(opmode, cipherKey, ivSpec, random); - } - - private byte[] deriveCipherKey(Key key) { - - byte[] result = null; - byte[] passwdBytes = key.getEncoded(); - - if (algo.equals("DES")) { - // P || S (password concatenated with salt) - byte[] concat = new byte[passwdBytes.length + salt.length]; - System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length); - java.util.Arrays.fill(passwdBytes, (byte)0x00); - System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length); - - // digest P || S with c iterations - byte[] toBeHashed = concat; - for (int i = 0; i < iCount; i++) { - md.update(toBeHashed); - toBeHashed = md.digest(); // this resets the digest - } - java.util.Arrays.fill(concat, (byte)0x00); - result = toBeHashed; - } else if (algo.equals("DESede")) { - // if the 2 salt halves are the same, invert one of them - int i; - for (i=0; i<4; i++) { - if (salt[i] != salt[i+4]) - break; - } - if (i==4) { // same, invert 1st half - for (i=0; i<2; i++) { - byte tmp = salt[i]; - salt[i] = salt[3-i]; - salt[3-1] = tmp; - } - } - - // Now digest each half (concatenated with password). For each - // half, go through the loop as many times as specified by the - // iteration count parameter (inner for loop). - // Concatenate the output from each digest round with the - // password, and use the result as the input to the next digest - // operation. - byte[] kBytes = null; - IvParameterSpec iv = null; - byte[] toBeHashed = null; - result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN + - DESConstants.DES_BLOCK_SIZE]; - for (i = 0; i < 2; i++) { - toBeHashed = new byte[salt.length/2]; - System.arraycopy(salt, i*(salt.length/2), toBeHashed, 0, - toBeHashed.length); - for (int j=0; j < iCount; j++) { - md.update(toBeHashed); - md.update(passwdBytes); - toBeHashed = md.digest(); // this resets the digest - } - System.arraycopy(toBeHashed, 0, result, i*16, - toBeHashed.length); - } - } - return result; - } - - void init(int opmode, Key key, AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException { - PBEParameterSpec pbeSpec = null; - if (params != null) { - try { - pbeSpec = params.getParameterSpec(PBEParameterSpec.class); - } catch (InvalidParameterSpecException ipse) { - throw new InvalidAlgorithmParameterException("Wrong parameter " - + "type: PBE " - + "expected"); - } - } - init(opmode, key, pbeSpec, random); - } - - /** - * Continues a multiple-part encryption or decryption operation - * (depending on how this cipher was initialized), processing another data - * part. - * - *

The first inputLen bytes in the input - * buffer, starting at inputOffset, are processed, and the - * result is stored in a new buffer. - * - * @param input the input buffer - * @param inputOffset the offset in input where the input - * starts - * @param inputLen the input length - * - * @return the new buffer with the result - * - */ - byte[] update(byte[] input, int inputOffset, int inputLen) { - return cipher.update(input, inputOffset, inputLen); - } - - /** - * Continues a multiple-part encryption or decryption operation - * (depending on how this cipher was initialized), processing another data - * part. - * - *

The first inputLen bytes in the input - * buffer, starting at inputOffset, are processed, and the - * result is stored in the output buffer, starting at - * outputOffset. - * - * @param input the input buffer - * @param inputOffset the offset in input where the input - * starts - * @param inputLen the input length - * @param output the buffer for the result - * @param outputOffset the offset in output where the result - * is stored - * - * @return the number of bytes stored in output - * - * @exception ShortBufferException if the given output buffer is too small - * to hold the result - */ - int update(byte[] input, int inputOffset, int inputLen, - byte[] output, int outputOffset) - throws ShortBufferException { - return cipher.update(input, inputOffset, inputLen, - output, outputOffset); - } - - /** - * Encrypts or decrypts data in a single-part operation, - * or finishes a multiple-part operation. - * The data is encrypted or decrypted, depending on how this cipher was - * initialized. - * - *

The first inputLen bytes in the input - * buffer, starting at inputOffset, and any input bytes that - * may have been buffered during a previous update operation, - * are processed, with padding (if requested) being applied. - * The result is stored in a new buffer. - * - *

The cipher is reset to its initial state (uninitialized) after this - * call. - * - * @param input the input buffer - * @param inputOffset the offset in input where the input - * starts - * @param inputLen the input length - * - * @return the new buffer with the result - * - * @exception IllegalBlockSizeException if this cipher is a block cipher, - * no padding has been requested (only in encryption mode), and the total - * input length of the data processed by this cipher is not a multiple of - * block size - * @exception BadPaddingException if decrypting and padding is chosen, - * but the last input data does not have proper padding bytes. - */ - byte[] doFinal(byte[] input, int inputOffset, int inputLen) - throws IllegalBlockSizeException, BadPaddingException { - return cipher.doFinal(input, inputOffset, inputLen); - } - - /** - * Encrypts or decrypts data in a single-part operation, - * or finishes a multiple-part operation. - * The data is encrypted or decrypted, depending on how this cipher was - * initialized. - * - *

The first inputLen bytes in the input - * buffer, starting at inputOffset, and any input bytes that - * may have been buffered during a previous update operation, - * are processed, with padding (if requested) being applied. - * The result is stored in the output buffer, starting at - * outputOffset. - * - *

The cipher is reset to its initial state (uninitialized) after this - * call. - * - * @param input the input buffer - * @param inputOffset the offset in input where the input - * starts - * @param inputLen the input length - * @param output the buffer for the result - * @param outputOffset the offset in output where the result - * is stored - * - * @return the number of bytes stored in output - * - * @exception IllegalBlockSizeException if this cipher is a block cipher, - * no padding has been requested (only in encryption mode), and the total - * input length of the data processed by this cipher is not a multiple of - * block size - * @exception ShortBufferException if the given output buffer is too small - * to hold the result - * @exception BadPaddingException if decrypting and padding is chosen, - * but the last input data does not have proper padding bytes. - */ - int doFinal(byte[] input, int inputOffset, int inputLen, - byte[] output, int outputOffset) - throws ShortBufferException, IllegalBlockSizeException, - BadPaddingException { - return cipher.doFinal(input, inputOffset, inputLen, - output, outputOffset); - } - - /** - * Wrap a key. - * - * @param key the key to be wrapped. - * - * @return the wrapped key. - * - * @exception IllegalBlockSizeException if this cipher is a block - * cipher, no padding has been requested, and the length of the - * encoding of the key to be wrapped is not a - * multiple of the block size. - * - * @exception InvalidKeyException if it is impossible or unsafe to - * wrap the key with this cipher (e.g., a hardware protected key is - * being passed to a software only cipher). - */ - byte[] wrap(Key key) - throws IllegalBlockSizeException, InvalidKeyException { - byte[] result = null; - - try { - byte[] encodedKey = key.getEncoded(); - if ((encodedKey == null) || (encodedKey.length == 0)) { - throw new InvalidKeyException("Cannot get an encoding of " + - "the key to be wrapped"); - } - - result = doFinal(encodedKey, 0, encodedKey.length); - } catch (BadPaddingException e) { - // Should never happen - } - - return result; - } - - /** - * Unwrap a previously wrapped key. - * - * @param wrappedKey the key to be unwrapped. - * - * @param wrappedKeyAlgorithm the algorithm the wrapped key is for. - * - * @param wrappedKeyType the type of the wrapped key. - * This is one of Cipher.SECRET_KEY, - * Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY. - * - * @return the unwrapped key. - * - * @exception NoSuchAlgorithmException if no installed providers - * can create keys of type wrappedKeyType for the - * wrappedKeyAlgorithm. - * - * @exception InvalidKeyException if wrappedKey does not - * represent a wrapped key of type wrappedKeyType for - * the wrappedKeyAlgorithm. - */ - Key unwrap(byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException, NoSuchAlgorithmException { - byte[] encodedKey; - try { - encodedKey = doFinal(wrappedKey, 0, wrappedKey.length); - } catch (BadPaddingException ePadding) { - throw new InvalidKeyException("The wrapped key is not padded " + - "correctly"); - } catch (IllegalBlockSizeException eBlockSize) { - throw new InvalidKeyException("The wrapped key does not have " + - "the correct length"); - } - return ConstructKeys.constructKey(encodedKey, wrappedKeyAlgorithm, - wrappedKeyType); - } -} diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java index 72e7452ace..99414e68ec 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java @@ -25,6 +25,7 @@ package com.sun.crypto.provider; +import java.lang.ref.Reference; import java.security.MessageDigest; import java.security.KeyRep; import java.security.spec.InvalidKeySpecException; @@ -73,7 +74,11 @@ final class PBEKey implements SecretKey { } public byte[] getEncoded() { - return this.key.clone(); + // The key is zeroized by finalize() + // The reachability fence ensures finalize() isn't called early + byte[] result = key.clone(); + Reference.reachabilityFence(this); + return result; } public String getAlgorithm() { diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java index d5389ac40a..86ea35c8b0 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -260,7 +260,7 @@ final class PBES1Core { if (algo.equals("DES")) { // P || S (password concatenated with salt) - byte[] concat = new byte[passwdBytes.length + salt.length]; + byte[] concat = new byte[Math.addExact(passwdBytes.length, salt.length)]; System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length); java.util.Arrays.fill(passwdBytes, (byte)0x00); System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length); @@ -284,7 +284,7 @@ final class PBES1Core { for (i=0; i<2; i++) { byte tmp = salt[i]; salt[i] = salt[3-i]; - salt[3-1] = tmp; + salt[3-i] = tmp; } } diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java index 1bf5156616..f68af499de 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java @@ -26,6 +26,7 @@ package com.sun.crypto.provider; import java.io.ObjectStreamException; +import java.lang.ref.Reference; import java.nio.ByteBuffer; import java.nio.CharBuffer; import java.nio.charset.Charset; @@ -196,7 +197,11 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey { } public byte[] getEncoded() { - return key.clone(); + // The key is zeroized by finalize() + // The reachability fence ensures finalize() isn't called early + byte[] result = key.clone(); + Reference.reachabilityFence(this); + return result; } public String getAlgorithm() { @@ -208,7 +213,11 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey { } public char[] getPassword() { - return passwd.clone(); + // The password is zeroized by finalize() + // The reachability fence ensures finalize() isn't called early + char[] result = passwd.clone(); + Reference.reachabilityFence(this); + return result; } public byte[] getSalt() { diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PKCS5Padding.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PKCS5Padding.java index ef6190e980..191d7308eb 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PKCS5Padding.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PKCS5Padding.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ package com.sun.crypto.provider; import javax.crypto.ShortBufferException; +import java.util.Arrays; /** * This class implements padding as specified in the PKCS#5 standard. @@ -63,14 +64,13 @@ final class PKCS5Padding implements Padding { if (in == null) return; - if ((off + len) > in.length) { + int idx = Math.addExact(off, len); + if (idx > in.length) { throw new ShortBufferException("Buffer too small to hold padding"); } byte paddingOctet = (byte) (len & 0xff); - for (int i = 0; i < len; i++) { - in[i + off] = paddingOctet; - } + Arrays.fill(in, off, idx, paddingOctet); return; } @@ -92,25 +92,24 @@ final class PKCS5Padding implements Padding { (len == 0)) { // this can happen if input is really a padded buffer return 0; } - - byte lastByte = in[off + len - 1]; + int idx = Math.addExact(off, len); + byte lastByte = in[idx - 1]; int padValue = (int)lastByte & 0x0ff; if ((padValue < 0x01) || (padValue > blockSize)) { return -1; } - int start = off + len - ((int)lastByte & 0x0ff); + int start = idx - padValue; if (start < off) { return -1; } - for (int i = 0; i < ((int)lastByte & 0x0ff); i++) { - if (in[start+i] != lastByte) { + for (int i = start; i < idx; i++) { + if (in[i] != lastByte) { return -1; } } - return start; } diff --git a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java index fc9f7ce861..eb7c11b21f 100644 --- a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java +++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java @@ -38,6 +38,7 @@ package com.sun.net.ssl.internal.www.protocol.https; import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import java.net.Authenticator; import javax.net.ssl.*; @@ -78,10 +79,18 @@ public class HttpsURLConnectionOldImpl this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other // HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); } diff --git a/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java b/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java index bffc5a81ee..0df61e24c5 100644 --- a/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java +++ b/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java @@ -44,7 +44,6 @@ import java.util.concurrent.ConcurrentMap; import static java.io.ObjectStreamClass.processQueue; -import jdk.internal.misc.ObjectStreamClassValidator; import jdk.internal.misc.SharedSecrets; import jdk.internal.misc.Unsafe; import sun.reflect.misc.ReflectUtil; @@ -1282,6 +1281,33 @@ public class ObjectInputStream } } + /** + * Checks the given array type and length to ensure that creation of such + * an array is permitted by this ObjectInputStream. The arrayType argument + * must represent an actual array type. + * + * This private method is called via SharedSecrets. + * + * @param arrayType the array type + * @param arrayLength the array length + * @throws NullPointerException if arrayType is null + * @throws IllegalArgumentException if arrayType isn't actually an array type + * @throws NegativeArraySizeException if arrayLength is negative + * @throws InvalidClassException if the filter rejects creation + */ + private void checkArray(Class arrayType, int arrayLength) throws InvalidClassException { + Objects.requireNonNull(arrayType); + if (! arrayType.isArray()) { + throw new IllegalArgumentException("not an array type"); + } + + if (arrayLength < 0) { + throw new NegativeArraySizeException(); + } + + filterCheck(arrayType, arrayLength); + } + /** * Provide access to the persistent fields read from the input stream. */ @@ -1740,9 +1766,6 @@ public class ObjectInputStream throw new StreamCorruptedException( String.format("invalid type code: %02X", tc)); } - if (descriptor != null) { - validateDescriptor(descriptor); - } return descriptor; } @@ -1770,6 +1793,10 @@ public class ObjectInputStream passHandle = NULL_HANDLE; int numIfaces = bin.readInt(); + if (numIfaces > 65535) { + throw new InvalidObjectException("interface limit exceeded: " + + numIfaces); + } String[] ifaces = new String[numIfaces]; for (int i = 0; i < numIfaces; i++) { ifaces[i] = bin.readUTF(); @@ -3978,20 +4005,7 @@ public class ObjectInputStream } } - private void validateDescriptor(ObjectStreamClass descriptor) { - ObjectStreamClassValidator validating = validator; - if (validating != null) { - validating.validateDescriptor(descriptor); - } - } - - // controlled access to ObjectStreamClassValidator - private volatile ObjectStreamClassValidator validator; - - private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) { - ois.validator = validator; - } static { - SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::setValidator); + SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::checkArray); } } diff --git a/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java b/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java index e5a323830e..ebca26e276 100644 --- a/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java +++ b/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java @@ -32,14 +32,19 @@ import java.lang.ref.WeakReference; import java.lang.reflect.Constructor; import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.UndeclaredThrowableException; import java.lang.reflect.Member; import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; +import java.security.AccessControlContext; import java.security.AccessController; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.PermissionCollection; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -53,7 +58,8 @@ import jdk.internal.reflect.CallerSensitive; import jdk.internal.reflect.Reflection; import jdk.internal.reflect.ReflectionFactory; import sun.reflect.misc.ReflectUtil; - +import jdk.internal.misc.SharedSecrets; +import jdk.internal.misc.JavaSecurityAccess; import static java.io.ObjectStreamField.*; /** @@ -176,6 +182,9 @@ public class ObjectStreamClass implements Serializable { /** serialization-appropriate constructor, or null if none */ private Constructor cons; + /** protection domains that need to be checked when calling the constructor */ + private ProtectionDomain[] domains; + /** class-defined writeObject method, or null if none */ private Method writeObjectMethod; /** class-defined readObject method, or null if none */ @@ -508,6 +517,7 @@ public class ObjectStreamClass implements Serializable { cl, "readObjectNoData", null, Void.TYPE); hasWriteObjectData = (writeObjectMethod != null); } + domains = getProtectionDomains(cons, cl); writeReplaceMethod = getInheritableMethod( cl, "writeReplace", null, Object.class); readResolveMethod = getInheritableMethod( @@ -550,6 +560,65 @@ public class ObjectStreamClass implements Serializable { ObjectStreamClass() { } + /** + * Creates a PermissionDomain that grants no permission. + */ + private ProtectionDomain noPermissionsDomain() { + PermissionCollection perms = new Permissions(); + perms.setReadOnly(); + return new ProtectionDomain(null, perms); + } + + /** + * Aggregate the ProtectionDomains of all the classes that separate + * a concrete class {@code cl} from its ancestor's class declaring + * a constructor {@code cons}. + * + * If {@code cl} is defined by the boot loader, or the constructor + * {@code cons} is declared by {@code cl}, or if there is no security + * manager, then this method does nothing and {@code null} is returned. + * + * @param cons A constructor declared by {@code cl} or one of its + * ancestors. + * @param cl A concrete class, which is either the class declaring + * the constructor {@code cons}, or a serializable subclass + * of that class. + * @return An array of ProtectionDomain representing the set of + * ProtectionDomain that separate the concrete class {@code cl} + * from its ancestor's declaring {@code cons}, or {@code null}. + */ + private ProtectionDomain[] getProtectionDomains(Constructor cons, + Class cl) { + ProtectionDomain[] domains = null; + if (cons != null && cl.getClassLoader() != null + && System.getSecurityManager() != null) { + Class cls = cl; + Class fnscl = cons.getDeclaringClass(); + Set pds = null; + while (cls != fnscl) { + ProtectionDomain pd = cls.getProtectionDomain(); + if (pd != null) { + if (pds == null) pds = new HashSet<>(); + pds.add(pd); + } + cls = cls.getSuperclass(); + if (cls == null) { + // that's not supposed to happen + // make a ProtectionDomain with no permission. + // should we throw instead? + if (pds == null) pds = new HashSet<>(); + else pds.clear(); + pds.add(noPermissionsDomain()); + break; + } + } + if (pds != null) { + domains = pds.toArray(new ProtectionDomain[0]); + } + } + return domains; + } + /** * Initializes class descriptor representing a proxy class. */ @@ -580,6 +649,7 @@ public class ObjectStreamClass implements Serializable { writeReplaceMethod = localDesc.writeReplaceMethod; readResolveMethod = localDesc.readResolveMethod; deserializeEx = localDesc.deserializeEx; + domains = localDesc.domains; cons = localDesc.cons; } fieldRefl = getReflector(fields, localDesc); @@ -666,6 +736,7 @@ public class ObjectStreamClass implements Serializable { if (deserializeEx == null) { deserializeEx = localDesc.deserializeEx; } + domains = localDesc.domains; cons = localDesc.cons; } @@ -1006,7 +1077,35 @@ public class ObjectStreamClass implements Serializable { requireInitialized(); if (cons != null) { try { - return cons.newInstance(); + if (domains == null || domains.length == 0) { + return cons.newInstance(); + } else { + JavaSecurityAccess jsa = SharedSecrets.getJavaSecurityAccess(); + PrivilegedAction pea = () -> { + try { + return cons.newInstance(); + } catch (InstantiationException + | InvocationTargetException + | IllegalAccessException x) { + throw new UndeclaredThrowableException(x); + } + }; // Can't use PrivilegedExceptionAction with jsa + try { + return jsa.doIntersectionPrivilege(pea, + AccessController.getContext(), + new AccessControlContext(domains)); + } catch (UndeclaredThrowableException x) { + Throwable cause = x.getCause(); + if (cause instanceof InstantiationException) + throw (InstantiationException) cause; + if (cause instanceof InvocationTargetException) + throw (InvocationTargetException) cause; + if (cause instanceof IllegalAccessException) + throw (IllegalAccessException) cause; + // not supposed to happen + throw x; + } + } } catch (IllegalAccessException ex) { // should not occur, as access checks have been suppressed throw new InternalError(ex); diff --git a/jdk/src/java.base/share/classes/java/lang/invoke/DirectMethodHandle.java b/jdk/src/java.base/share/classes/java/lang/invoke/DirectMethodHandle.java index ce1f938583..7bcb52311d 100644 --- a/jdk/src/java.base/share/classes/java/lang/invoke/DirectMethodHandle.java +++ b/jdk/src/java.base/share/classes/java/lang/invoke/DirectMethodHandle.java @@ -80,13 +80,20 @@ class DirectMethodHandle extends MethodHandle { mtype = mtype.insertParameterTypes(0, receiver); } if (!member.isField()) { - if (refKind == REF_invokeSpecial) { - member = member.asSpecial(); - LambdaForm lform = preparedLambdaForm(member); - return new Special(mtype, lform, member); - } else { - LambdaForm lform = preparedLambdaForm(member); - return new DirectMethodHandle(mtype, lform, member); + switch (refKind) { + case REF_invokeSpecial: { + member = member.asSpecial(); + LambdaForm lform = preparedLambdaForm(member); + return new Special(mtype, lform, member); + } + case REF_invokeInterface: { + LambdaForm lform = preparedLambdaForm(member); + return new Interface(mtype, lform, member, receiver); + } + default: { + LambdaForm lform = preparedLambdaForm(member); + return new DirectMethodHandle(mtype, lform, member); + } } } else { LambdaForm lform = preparedFieldLambdaForm(member); @@ -190,6 +197,7 @@ class DirectMethodHandle extends MethodHandle { static LambdaForm makePreparedLambdaForm(MethodType mtype, int which) { boolean needsInit = (which == LF_INVSTATIC_INIT); boolean doesAlloc = (which == LF_NEWINVSPECIAL); + boolean needsReceiverCheck = (which == LF_INVINTERFACE); String linkerName; LambdaForm.Kind kind; switch (which) { @@ -219,6 +227,7 @@ class DirectMethodHandle extends MethodHandle { int nameCursor = ARG_LIMIT; final int NEW_OBJ = (doesAlloc ? nameCursor++ : -1); final int GET_MEMBER = nameCursor++; + final int CHECK_RECEIVER = (needsReceiverCheck ? nameCursor++ : -1); final int LINKER_CALL = nameCursor++; Name[] names = arguments(nameCursor - ARG_LIMIT, mtype.invokerType()); assert(names.length == nameCursor); @@ -233,6 +242,10 @@ class DirectMethodHandle extends MethodHandle { } assert(findDirectMethodHandle(names[GET_MEMBER]) == names[DMH_THIS]); Object[] outArgs = Arrays.copyOfRange(names, ARG_BASE, GET_MEMBER+1, Object[].class); + if (needsReceiverCheck) { + names[CHECK_RECEIVER] = new Name(NF_checkReceiver, names[DMH_THIS], names[ARG_BASE]); + outArgs[0] = names[CHECK_RECEIVER]; + } assert(outArgs[outArgs.length-1] == names[GET_MEMBER]); // look, shifted args! int result = LAST_RESULT; if (doesAlloc) { @@ -377,6 +390,29 @@ class DirectMethodHandle extends MethodHandle { } } + /** This subclass represents invokeinterface instructions. */ + static class Interface extends DirectMethodHandle { + private final Class refc; + private Interface(MethodType mtype, LambdaForm form, MemberName member, Class refc) { + super(mtype, form, member); + assert refc.isInterface() : refc; + this.refc = refc; + } + @Override + MethodHandle copyWith(MethodType mt, LambdaForm lf) { + return new Interface(mt, lf, member, refc); + } + + Object checkReceiver(Object recv) { + if (!refc.isInstance(recv)) { + String msg = String.format("Class %s does not implement the requested interface %s", + recv.getClass().getName(), refc.getName()); + throw new IncompatibleClassChangeError(msg); + } + return recv; + } + } + /** This subclass handles constructor references. */ static class Constructor extends DirectMethodHandle { final MemberName initMethod; @@ -729,7 +765,8 @@ class DirectMethodHandle extends MethodHandle { NF_checkCast, NF_allocateInstance, NF_constructorMethod, - NF_UNSAFE; + NF_UNSAFE, + NF_checkReceiver; static { try { NamedFunction nfs[] = { @@ -754,7 +791,9 @@ class DirectMethodHandle extends MethodHandle { NF_constructorMethod = new NamedFunction(DirectMethodHandle.class .getDeclaredMethod("constructorMethod", Object.class)), NF_UNSAFE = new NamedFunction(new MemberName(MethodHandleStatics.class - .getDeclaredField("UNSAFE"))) + .getDeclaredField("UNSAFE"))), + NF_checkReceiver = new NamedFunction(new MemberName(Interface.class + .getDeclaredMethod("checkReceiver", Object.class))) }; // Each nf must be statically invocable or we get tied up in our bootstraps. assert(InvokerBytecodeGenerator.isStaticallyInvocable(nfs)); diff --git a/jdk/src/java.base/share/classes/java/security/CodeSource.java b/jdk/src/java.base/share/classes/java/security/CodeSource.java index 818716fa39..a1f98eeb55 100644 --- a/jdk/src/java.base/share/classes/java/security/CodeSource.java +++ b/jdk/src/java.base/share/classes/java/security/CodeSource.java @@ -35,6 +35,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.*; import sun.net.util.URLUtil; +import sun.security.util.IOUtils; /** * @@ -571,6 +572,8 @@ public class CodeSource implements java.io.Serializable { // could all be present in the stream at the same time cfs = new Hashtable<>(3); certList = new ArrayList<>(size > 20 ? 20 : size); + } else if (size < 0) { + throw new IOException("size cannot be negative"); } for (int i = 0; i < size; i++) { @@ -592,13 +595,7 @@ public class CodeSource implements java.io.Serializable { cfs.put(certType, cf); } // parse the certificate - byte[] encoded = null; - try { - encoded = new byte[ois.readInt()]; - } catch (OutOfMemoryError oome) { - throw new IOException("Certificate too big"); - } - ois.readFully(encoded); + byte[] encoded = IOUtils.readNBytes(ois, ois.readInt()); ByteArrayInputStream bais = new ByteArrayInputStream(encoded); try { certList.add(cf.generateCertificate(bais)); diff --git a/jdk/src/java.base/share/classes/java/security/MessageDigest.java b/jdk/src/java.base/share/classes/java/security/MessageDigest.java index be163c179f..4f4987ceb4 100644 --- a/jdk/src/java.base/share/classes/java/security/MessageDigest.java +++ b/jdk/src/java.base/share/classes/java/security/MessageDigest.java @@ -57,7 +57,7 @@ import javax.crypto.SecretKey; * and catching the CloneNotSupportedException: * * 

{@code
- * MessageDigest md = MessageDigest.getInstance("SHA");
+ * MessageDigest md = MessageDigest.getInstance("SHA-256");
  *
  * try {
  *     md.update(toChapter1);
@@ -496,7 +496,7 @@ public abstract class MessageDigest extends MessageDigestSpi {
     /**
      * Returns a string that identifies the algorithm, independent of
      * implementation details. The name should be a standard
-     * Java Security name (such as "SHA", "MD5", and so on).
+     * Java Security name (such as "SHA-256").
      * See the MessageDigest section in the 
      * Java Security Standard Algorithm Names Specification
diff --git a/jdk/src/java.base/share/classes/java/security/Signature.java b/jdk/src/java.base/share/classes/java/security/Signature.java
index c7c25831a3..3f0a9d9677 100644
--- a/jdk/src/java.base/share/classes/java/security/Signature.java
+++ b/jdk/src/java.base/share/classes/java/security/Signature.java
@@ -51,11 +51,10 @@ import sun.security.jca.GetInstance.Instance;
  * authentication and integrity assurance of digital data.
  *
  * 
 The signature algorithm can be, among others, the NIST standard
- * DSA, using DSA and SHA-1. The DSA algorithm using the
- * SHA-1 message digest algorithm can be specified as {@code SHA1withDSA}.
- * In the case of RSA, there are multiple choices for the message digest
- * algorithm, so the signing algorithm could be specified as, for example,
- * {@code MD2withRSA}, {@code MD5withRSA}, or {@code SHA1withRSA}.
+ * DSA, using DSA and SHA-256. The DSA algorithm using the
+ * SHA-256 message digest algorithm can be specified as {@code SHA256withDSA}.
+ * In the case of RSA the signing algorithm could be specified as, for example,
+ * {@code SHA256withRSA}.
  * The algorithm name must be specified, as there is no default.
  *
  * 
 A Signature object can be used to generate and verify digital
diff --git a/jdk/src/java.base/share/classes/java/security/SignedObject.java b/jdk/src/java.base/share/classes/java/security/SignedObject.java
index 810c570657..7ef3eca558 100644
--- a/jdk/src/java.base/share/classes/java/security/SignedObject.java
+++ b/jdk/src/java.base/share/classes/java/security/SignedObject.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -81,13 +81,12 @@ import java.io.*;
  * verification in an attempt to bypass a security check.
  *
  * 
 The signature algorithm can be, among others, the NIST standard
- * DSA, using DSA and SHA-1.  The algorithm is specified using the
+ * DSA, using DSA and SHA-256.  The algorithm is specified using the
  * same convention as that for signatures. The DSA algorithm using the
- * SHA-1 message digest algorithm can be specified, for example, as
- * "SHA/DSA" or "SHA-1/DSA" (they are equivalent).  In the case of
- * RSA, there are multiple choices for the message digest algorithm,
- * so the signing algorithm could be specified as, for example,
- * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA".  The algorithm name must be
+ * SHA-256 message digest algorithm can be specified, for example, as
+ * "SHA256withDSA".  In the case of
+ * RSA the signing algorithm could be specified as, for example,
+ * "SHA256withRSA".  The algorithm name must be
  * specified, as there is no default.
  *
  * 
 The name of the Cryptography Package Provider is designated
diff --git a/jdk/src/java.base/share/classes/java/security/UnresolvedPermission.java b/jdk/src/java.base/share/classes/java/security/UnresolvedPermission.java
index b5dc02dcb3..d75c24cbf7 100644
--- a/jdk/src/java.base/share/classes/java/security/UnresolvedPermission.java
+++ b/jdk/src/java.base/share/classes/java/security/UnresolvedPermission.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,12 +25,16 @@
 
 package java.security;
 
+import sun.security.util.IOUtils;
+
 import java.io.IOException;
 import java.io.ByteArrayInputStream;
+import java.security.cert.Certificate;
 import java.util.ArrayList;
 import java.util.Hashtable;
 import java.lang.reflect.*;
 import java.security.cert.*;
+import java.util.List;
 
 /**
  * The UnresolvedPermission class is used to hold Permissions that
@@ -550,6 +554,7 @@ implements java.io.Serializable
     {
         CertificateFactory cf;
         Hashtable cfs = null;
+        List certList = null;
 
         ois.defaultReadObject();
 
@@ -562,7 +567,9 @@ implements java.io.Serializable
             // we know of 3 different cert types: X.509, PGP, SDSI, which
             // could all be present in the stream at the same time
             cfs = new Hashtable<>(3);
-            this.certs = new java.security.cert.Certificate[size];
+            certList = new ArrayList<>(size > 20 ? 20 : size);
+        } else if (size < 0) {
+            throw new IOException("size cannot be negative");
         }
 
         for (int i=0; i(size);
+            extensions = new HashMap<>(size > 20 ? 20 : size);
         }
 
         // Read in the extensions and put the mappings in the extensions map
         for (int i = 0; i < size; i++) {
             String oid = (String) ois.readObject();
             boolean critical = ois.readBoolean();
-            int length = ois.readInt();
-            byte[] extVal = new byte[length];
-            ois.readFully(extVal);
+            byte[] extVal = IOUtils.readNBytes(ois, ois.readInt());
             Extension ext = sun.security.x509.Extension.newExtension
                 (new ObjectIdentifier(oid), critical, extVal);
             extensions.put(oid, ext);
diff --git a/jdk/src/java.base/share/classes/java/time/format/ZoneName.java b/jdk/src/java.base/share/classes/java/time/format/ZoneName.java
index 645241360d..b76e694993 100644
--- a/jdk/src/java.base/share/classes/java/time/format/ZoneName.java
+++ b/jdk/src/java.base/share/classes/java/time/format/ZoneName.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -192,7 +192,7 @@ class ZoneName {
         "Africa/Ndjamena", "Africa_Western", "Africa/Lagos",
         "Asia/Macau", "China", "Asia/Shanghai",
         "America/Lima", "Peru", "America/Lima",
-        "Africa/Windhoek", "Africa_Western", "Africa/Lagos",
+        "Africa/Windhoek", "Africa_Central", "Africa/Maputo",
         "America/Sitka", "Alaska", "America/Juneau",
         "America/Mazatlan", "America_Mountain", "America/Denver",
         "Asia/Saigon", "Indochina", "Asia/Saigon",
@@ -324,7 +324,7 @@ class ZoneName {
         "Atlantic/Faroe", "Europe_Western", "Atlantic/Canary",
         "America/Cambridge_Bay", "America_Mountain", "America/Denver",
         "America/Los_Angeles", "America_Pacific", "America/Los_Angeles",
-        "Africa/Khartoum", "Africa_Eastern", "Africa/Nairobi",
+        "Africa/Khartoum", "Africa_Central", "Africa/Maputo",
         "Europe/Simferopol", "Europe_Eastern", "Europe/Bucharest",
         "Australia/Currie", "Australia_Eastern", "Australia/Sydney",
         "Europe/Guernsey", "GMT", "Atlantic/Reykjavik",
@@ -744,7 +744,6 @@ class ZoneName {
         "UTC", "Etc/UTC",
         "Canada/Newfoundland", "America/St_Johns",
         "Europe/Skopje", "Europe/Belgrade",
-        "Canada/East-Saskatchewan", "America/Regina",
         "PRC", "Asia/Shanghai",
         "UCT", "Etc/UCT",
         "America/Mendoza", "America/Argentina/Mendoza",
diff --git a/jdk/src/java.base/share/classes/java/util/ArrayDeque.java b/jdk/src/java.base/share/classes/java/util/ArrayDeque.java
index 53cdeffa84..9556e90d3a 100644
--- a/jdk/src/java.base/share/classes/java/util/ArrayDeque.java
+++ b/jdk/src/java.base/share/classes/java/util/ArrayDeque.java
@@ -38,6 +38,7 @@ import java.io.Serializable;
 import java.util.function.Consumer;
 import java.util.function.Predicate;
 import java.util.function.UnaryOperator;
+import jdk.internal.misc.SharedSecrets;
 
 /**
  * Resizable-array implementation of the {@link Deque} interface.  Array
@@ -1195,6 +1196,7 @@ public class ArrayDeque extends AbstractCollection
 
         // Read in size and allocate array
         int size = s.readInt();
+        SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, size + 1);
         elements = new Object[size + 1];
         this.tail = size;
 
diff --git a/jdk/src/java.base/share/classes/java/util/ArrayList.java b/jdk/src/java.base/share/classes/java/util/ArrayList.java
index f63ef493dc..25ca76d8a0 100644
--- a/jdk/src/java.base/share/classes/java/util/ArrayList.java
+++ b/jdk/src/java.base/share/classes/java/util/ArrayList.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@ package java.util;
 import java.util.function.Consumer;
 import java.util.function.Predicate;
 import java.util.function.UnaryOperator;
+import jdk.internal.misc.SharedSecrets;
 
 /**
  * Resizable-array implementation of the {@code List} interface.  Implements
@@ -816,6 +817,7 @@ public class ArrayList extends AbstractList
 
         if (size > 0) {
             // like clone(), allocate array based upon size not capacity
+            SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, size);
             Object[] elements = new Object[size];
 
             // Read in all elements in the proper order.
diff --git a/jdk/src/java.base/share/classes/java/util/HashMap.java b/jdk/src/java.base/share/classes/java/util/HashMap.java
index 4f0e8e6c7d..085a688aa8 100644
--- a/jdk/src/java.base/share/classes/java/util/HashMap.java
+++ b/jdk/src/java.base/share/classes/java/util/HashMap.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,7 @@ import java.util.function.BiConsumer;
 import java.util.function.BiFunction;
 import java.util.function.Consumer;
 import java.util.function.Function;
+import jdk.internal.misc.SharedSecrets;
 
 /**
  * Hash table based implementation of the {@code Map} interface.  This
@@ -1444,6 +1445,10 @@ public class HashMap extends AbstractMap
             float ft = (float)cap * lf;
             threshold = ((cap < MAXIMUM_CAPACITY && ft < MAXIMUM_CAPACITY) ?
                          (int)ft : Integer.MAX_VALUE);
+
+            // Check Map.Entry[].class since it's the nearest public type to
+            // what we're actually creating.
+            SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Map.Entry[].class, cap);
             @SuppressWarnings({"rawtypes","unchecked"})
                 Node[] tab = (Node[])new Node[cap];
             table = tab;
diff --git a/jdk/src/java.base/share/classes/java/util/HashSet.java b/jdk/src/java.base/share/classes/java/util/HashSet.java
index 360de8119d..ec47b914b6 100644
--- a/jdk/src/java.base/share/classes/java/util/HashSet.java
+++ b/jdk/src/java.base/share/classes/java/util/HashSet.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package java.util;
 
 import java.io.InvalidObjectException;
+import jdk.internal.misc.SharedSecrets;
 
 /**
  * This class implements the {@code Set} interface, backed by a hash table
@@ -322,6 +323,13 @@ public class HashSet
         capacity = (int) Math.min(size * Math.min(1 / loadFactor, 4.0f),
                 HashMap.MAXIMUM_CAPACITY);
 
+        // Constructing the backing map will lazily create an array when the first element is
+        // added, so check it before construction. Call HashMap.tableSizeFor to compute the
+        // actual allocation size. Check Map.Entry[].class since it's the nearest public type to
+        // what is actually created.
+        SharedSecrets.getJavaObjectInputStreamAccess()
+                     .checkArray(s, Map.Entry[].class, HashMap.tableSizeFor(capacity));
+
         // Create backing HashMap
         map = (((HashSet)this) instanceof LinkedHashSet ?
                new LinkedHashMap<>(capacity, loadFactor) :
diff --git a/jdk/src/java.base/share/classes/java/util/Hashtable.java b/jdk/src/java.base/share/classes/java/util/Hashtable.java
index f97303be2b..77f0facc51 100644
--- a/jdk/src/java.base/share/classes/java/util/Hashtable.java
+++ b/jdk/src/java.base/share/classes/java/util/Hashtable.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.io.*;
 import java.util.function.BiConsumer;
 import java.util.function.Function;
 import java.util.function.BiFunction;
+import jdk.internal.misc.SharedSecrets;
 
 /**
  * This class implements a hash table, which maps keys to values. Any
@@ -1291,6 +1292,10 @@ public class Hashtable
         if (length > elements && (length & 1) == 0)
             length--;
         length = Math.min(length, origlength);
+
+        // Check Map.Entry[].class since it's the nearest public type to
+        // what we're actually creating.
+        SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Map.Entry[].class, length);
         table = new Entry[length];
         threshold = (int)Math.min(length * loadFactor, MAX_ARRAY_SIZE + 1);
         count = 0;
diff --git a/jdk/src/java.base/share/classes/java/util/IdentityHashMap.java b/jdk/src/java.base/share/classes/java/util/IdentityHashMap.java
index f749774e78..e48cb354c6 100644
--- a/jdk/src/java.base/share/classes/java/util/IdentityHashMap.java
+++ b/jdk/src/java.base/share/classes/java/util/IdentityHashMap.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.lang.reflect.Array;
 import java.util.function.BiConsumer;
 import java.util.function.BiFunction;
 import java.util.function.Consumer;
+import jdk.internal.misc.SharedSecrets;
 
 /**
  * This class implements the {@code Map} interface with a hash table, using
@@ -1304,7 +1305,9 @@ public class IdentityHashMap
         if (size < 0)
             throw new java.io.StreamCorruptedException
                 ("Illegal mappings count: " + size);
-        init(capacity(size));
+        int cap = capacity(size);
+        SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, cap);
+        init(cap);
 
         // Read the keys and values, and put the mappings in the table
         for (int i=0; i extends AbstractQueue
         // Read in (and discard) array length
         s.readInt();
 
+        SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, size);
         queue = new Object[size];
 
         // Read in all elements.
diff --git a/jdk/src/java.base/share/classes/java/util/Properties.java b/jdk/src/java.base/share/classes/java/util/Properties.java
index 0b117686ce..8e03ec7627 100644
--- a/jdk/src/java.base/share/classes/java/util/Properties.java
+++ b/jdk/src/java.base/share/classes/java/util/Properties.java
@@ -42,6 +42,7 @@ import java.util.function.BiConsumer;
 import java.util.function.BiFunction;
 import java.util.function.Function;
 
+import jdk.internal.misc.SharedSecrets;
 import jdk.internal.util.xml.PropertiesDefaultHandler;
 
 /**
@@ -1442,6 +1443,16 @@ class Properties extends Hashtable {
             throw new StreamCorruptedException("Illegal # of Elements: " + elements);
         }
 
+        // Constructing the backing map will lazily create an array when the first element is
+        // added, so check it before construction. Note that CHM's constructor takes a size
+        // that is the number of elements to be stored -- not the table size -- so it must be
+        // inflated by the default load factor of 0.75, then inflated to the next power of two.
+        // (CHM uses the same power-of-two computation as HashMap, and HashMap.tableSizeFor is
+        // accessible here.) Check Map.Entry[].class since it's the nearest public type to
+        // what is actually created.
+        SharedSecrets.getJavaObjectInputStreamAccess()
+                     .checkArray(s, Map.Entry[].class, HashMap.tableSizeFor((int)(elements / 0.75)));
+
         // create CHM of appropriate capacity
         map = new ConcurrentHashMap<>(elements);
 
diff --git a/jdk/src/java.base/share/classes/java/util/ResourceBundle.java b/jdk/src/java.base/share/classes/java/util/ResourceBundle.java
index 340b53353d..dfc8baf2ed 100644
--- a/jdk/src/java.base/share/classes/java/util/ResourceBundle.java
+++ b/jdk/src/java.base/share/classes/java/util/ResourceBundle.java
@@ -571,7 +571,7 @@ public abstract class ResourceBundle {
      */
     private static ClassLoader getLoaderForControl(Module module) {
         ClassLoader loader = getLoader(module);
-        return loader == null ? ClassLoader.getSystemClassLoader() : loader;
+        return loader == null ? ClassLoader.getPlatformClassLoader() : loader;
     }
 
     /**
diff --git a/jdk/src/java.base/share/classes/java/util/SimpleTimeZone.java b/jdk/src/java.base/share/classes/java/util/SimpleTimeZone.java
index d7555a0db0..7ed6e71753 100644
--- a/jdk/src/java.base/share/classes/java/util/SimpleTimeZone.java
+++ b/jdk/src/java.base/share/classes/java/util/SimpleTimeZone.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@ package java.util;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.IOException;
+import java.io.InvalidObjectException;
 import sun.util.calendar.CalendarSystem;
 import sun.util.calendar.CalendarUtils;
 import sun.util.calendar.BaseCalendar;
@@ -1278,6 +1279,9 @@ public class SimpleTimeZone extends TimeZone {
      */
     private int serialVersionOnStream = currentSerialVersion;
 
+    // Maximum number of rules.
+    private static final int MAX_RULE_NUM = 6;
+
     private synchronized void invalidateCache() {
         cacheYear = startYear - 1;
         cacheStart = cacheEnd = 0;
@@ -1569,7 +1573,7 @@ public class SimpleTimeZone extends TimeZone {
      */
     private byte[] packRules()
     {
-        byte[] rules = new byte[6];
+        byte[] rules = new byte[MAX_RULE_NUM];
         rules[0] = (byte)startDay;
         rules[1] = (byte)startDayOfWeek;
         rules[2] = (byte)endDay;
@@ -1594,7 +1598,7 @@ public class SimpleTimeZone extends TimeZone {
         endDayOfWeek   = rules[3];
 
         // As of serial version 2, include time modes
-        if (rules.length >= 6) {
+        if (rules.length >= MAX_RULE_NUM) {
             startTimeMode = rules[4];
             endTimeMode   = rules[5];
         }
@@ -1691,9 +1695,13 @@ public class SimpleTimeZone extends TimeZone {
             // store the actual rules (which have not be made compatible with 1.1)
             // in the optional area.  Read them in here and parse them.
             int length = stream.readInt();
-            byte[] rules = new byte[length];
-            stream.readFully(rules);
-            unpackRules(rules);
+            if (length <= MAX_RULE_NUM) {
+                byte[] rules = new byte[length];
+                stream.readFully(rules);
+                unpackRules(rules);
+            } else {
+                throw new InvalidObjectException("Too many rules: " + length);
+            }
         }
 
         if (serialVersionOnStream >= 2) {
diff --git a/jdk/src/java.base/share/classes/java/util/concurrent/ArrayBlockingQueue.java b/jdk/src/java.base/share/classes/java/util/concurrent/ArrayBlockingQueue.java
index 557ce73a7a..03f77879b2 100644
--- a/jdk/src/java.base/share/classes/java/util/concurrent/ArrayBlockingQueue.java
+++ b/jdk/src/java.base/share/classes/java/util/concurrent/ArrayBlockingQueue.java
@@ -1608,4 +1608,30 @@ public class ArrayBlockingQueue extends AbstractQueue
         }
     }
 
+    /**
+     * Deserializes this queue and then checks some invariants.
+     *
+     * @param s the input stream
+     * @throws ClassNotFoundException if the class of a serialized object
+     *         could not be found
+     * @throws java.io.InvalidObjectException if invariants are violated
+     * @throws java.io.IOException if an I/O error occurs
+     */
+    private void readObject(java.io.ObjectInputStream s)
+        throws java.io.IOException, ClassNotFoundException {
+
+        // Read in items array and various fields
+        s.defaultReadObject();
+
+        // Check invariants over count and index fields. Note that
+        // if putIndex==takeIndex, count can be either 0 or items.length.
+        if (items.length == 0 ||
+            takeIndex < 0 || takeIndex >= items.length ||
+            putIndex  < 0 || putIndex  >= items.length ||
+            count < 0     || count     >  items.length ||
+            Math.floorMod(putIndex - takeIndex, items.length) !=
+            Math.floorMod(count, items.length)) {
+            throw new java.io.InvalidObjectException("invariants violated");
+        }
+    }
 }
diff --git a/jdk/src/java.base/share/classes/java/util/concurrent/CopyOnWriteArrayList.java b/jdk/src/java.base/share/classes/java/util/concurrent/CopyOnWriteArrayList.java
index 592f9a51cd..ad66f47e27 100644
--- a/jdk/src/java.base/share/classes/java/util/concurrent/CopyOnWriteArrayList.java
+++ b/jdk/src/java.base/share/classes/java/util/concurrent/CopyOnWriteArrayList.java
@@ -51,6 +51,7 @@ import java.util.Spliterators;
 import java.util.function.Consumer;
 import java.util.function.Predicate;
 import java.util.function.UnaryOperator;
+import jdk.internal.misc.SharedSecrets;
 
 /**
  * A thread-safe variant of {@link java.util.ArrayList} in which all mutative
@@ -933,6 +934,7 @@ public class CopyOnWriteArrayList
 
         // Read in array length and allocate array
         int len = s.readInt();
+        SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, len);
         Object[] elements = new Object[len];
 
         // Read in all elements in the proper order.
diff --git a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java
index 4982a87bbe..cd603f2231 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java
@@ -59,7 +59,7 @@ import sun.security.jca.*;
  * 
A transformation is a string that describes the operation (or
  * set of operations) to be performed on the given input, to produce some
  * output. A transformation always includes the name of a cryptographic
- * algorithm (e.g., DES), and may be followed by a feedback mode and
+ * algorithm (e.g., AES), and may be followed by a feedback mode and
  * padding scheme.
  *
  * 
 A transformation is of the form:
@@ -75,17 +75,19 @@ import sun.security.jca.*;
  * For example, the following is a valid transformation:
  *
  * 
- *     Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
+ *     Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
  * 

  *
  * Using modes such as {@code CFB} and {@code OFB}, block
  * ciphers can encrypt data in units smaller than the cipher's actual
  * block size.  When requesting such a mode, you may optionally specify
  * the number of bits to be processed at a time by appending this number
- * to the mode name as shown in the "{@code DES/CFB8/NoPadding}" and
- * "{@code DES/OFB32/PKCS5Padding}" transformations. If no such
- * number is specified, a provider-specific default is used. (For
- * example, the SunJCE provider uses a default of 64 bits for DES.)
+ * to the mode name as shown in the "{@code AES/CFB8/NoPadding}" and
+ * "{@code AES/OFB32/PKCS5Padding}" transformations. If no such
+ * number is specified, a provider-specific default is used.
+ * (See the
+ * {@extLink security_guide_jdk_providers JDK Providers Documentation}
+ * for the JDK Providers default values.)
  * Thus, block ciphers can be turned into byte-oriented stream ciphers by
  * using an 8 bit mode such as CFB8 or OFB8.
  * 

@@ -308,7 +310,7 @@ public class Cipher {
         /*
          * array containing the components of a Cipher transformation:
          *
-         * index 0: algorithm component (e.g., DES)
+         * index 0: algorithm component (e.g., AES)
          * index 1: feedback component (e.g., CFB)
          * index 2: padding component (e.g., PKCS5Padding)
          */
@@ -354,8 +356,8 @@ public class Cipher {
         // transform string to lookup in the provider
         final String transform;
         // the mode/padding suffix in upper case. for example, if the algorithm
-        // to lookup is "DES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING"
-        // if loopup is "DES", suffix is the empty string
+        // to lookup is "AES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING"
+        // if lookup is "AES", suffix is the empty string
         // needed because aliases prevent straight transform.equals()
         final String suffix;
         // value to pass to setMode() or null if no such call required
@@ -440,11 +442,11 @@ public class Cipher {
         }
 
         if ((mode == null) && (pad == null)) {
-            // DES
+            // AES
             Transform tr = new Transform(alg, "", null, null);
             return Collections.singletonList(tr);
         } else { // if ((mode != null) && (pad != null)) {
-            // DES/CBC/PKCS5Padding
+            // AES/CBC/PKCS5Padding
             List list = new ArrayList<>(4);
             list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
             list.add(new Transform(alg, "/" + mode, null, pad));
@@ -488,7 +490,7 @@ public class Cipher {
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param transformation the name of the transformation, e.g.,
-     * DES/CBC/PKCS5Padding.
+     * AES/CBC/PKCS5Padding.
      * See the Cipher section in the 
      * Java Security Standard Algorithm Names Specification
@@ -566,7 +568,7 @@ public class Cipher {
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
      * @param transformation the name of the transformation,
-     * e.g., DES/CBC/PKCS5Padding.
+     * e.g., AES/CBC/PKCS5Padding.
      * See the Cipher section in the 
      * Java Security Standard Algorithm Names Specification
@@ -626,7 +628,7 @@ public class Cipher {
      * does not have to be registered in the provider list.
      *
      * @param transformation the name of the transformation,
-     * e.g., DES/CBC/PKCS5Padding.
+     * e.g., AES/CBC/PKCS5Padding.
      * See the Cipher section in the 
      * Java Security Standard Algorithm Names Specification
diff --git a/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java b/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java
index ce7258157d..72bfa803bd 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,7 +59,7 @@ import java.nio.ByteBuffer;
  * 
A transformation is a string that describes the operation (or
  * set of operations) to be performed on the given input, to produce some
  * output. A transformation always includes the name of a cryptographic
- * algorithm (e.g., DES), and may be followed by a feedback mode and
+ * algorithm (e.g., AES), and may be followed by a feedback mode and
  * padding scheme.
  *
  * 
 A transformation is of the form:
@@ -75,7 +75,7 @@ import java.nio.ByteBuffer;
  * For example, the following is a valid transformation:
  *
  * 
- *     Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
+ *     Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
  * 

  *
  * 
A provider may supply a separate class for each combination
@@ -125,32 +125,32 @@ import java.nio.ByteBuffer;
  * 
  *
  * 
For example, a provider may supply a subclass of CipherSpi
- * that implements DES/ECB/PKCS5Padding, one that implements
- * DES/CBC/PKCS5Padding, one that implements
- * DES/CFB/PKCS5Padding, and yet another one that implements
- * DES/OFB/PKCS5Padding. That provider would have the following
+ * that implements AES/ECB/PKCS5Padding, one that implements
+ * AES/CBC/PKCS5Padding, one that implements
+ * AES/CFB/PKCS5Padding, and yet another one that implements
+ * AES/OFB/PKCS5Padding. That provider would have the following
  * Cipher properties in its master class:
  *
  * 
    
  *
  * 
  • 
  * 
    - *     Cipher.DES/ECB/PKCS5Padding
+ *     Cipher.AES/ECB/PKCS5Padding
  * 
    
  *
  * 
  • 
  * 
    - *     Cipher.DES/CBC/PKCS5Padding
+ *     Cipher.AES/CBC/PKCS5Padding
  * 
    
  *
  * 
  • 
  * 
    - *     Cipher.DES/CFB/PKCS5Padding
+ *     Cipher.AES/CFB/PKCS5Padding
  * 
    
  *
  * 
  • 
  * 
    - *     Cipher.DES/OFB/PKCS5Padding
+ *     Cipher.AES/OFB/PKCS5Padding
  * 
    
  *
  * 

@@ -158,7 +158,7 @@ import java.nio.ByteBuffer;
  * 
Another provider may implement a class for each of the above modes
  * (i.e., one class for ECB, one for CBC, one for CFB,
  * and one for OFB), one class for PKCS5Padding,
- * and a generic DES class that subclasses from CipherSpi.
+ * and a generic AES class that subclasses from CipherSpi.
  * That provider would have the following
  * Cipher properties in its master class:
  *
@@ -166,7 +166,7 @@ import java.nio.ByteBuffer;
  *
  * 
  • 
  * 
    - *     Cipher.DES
+ *     Cipher.AES
  * 
    
  *
  * 
diff --git a/jdk/src/java.base/share/classes/javax/crypto/Mac.java b/jdk/src/java.base/share/classes/javax/crypto/Mac.java
index 245f12f693..ad7dae8891 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/Mac.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/Mac.java
@@ -50,7 +50,7 @@ import sun.security.jca.GetInstance.Instance;
  *
  * 
     A MAC mechanism that is based on cryptographic hash functions is
  * referred to as HMAC. HMAC can be used with any cryptographic hash function,
- * e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is
+ * e.g., SHA256 or SHA384, in combination with a secret shared key. HMAC is
  * specified in RFC 2104.
  *
  * 
     Every implementation of the Java platform is required to support
diff --git a/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java b/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java
index 743125bf0f..3d657423aa 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,7 @@ import java.security.NoSuchProviderException;
  * 
     Given any Serializable object, one can create a SealedObject
  * that encapsulates the original object, in serialized
  * format (i.e., a "deep copy"), and seals (encrypts) its serialized contents,
- * using a cryptographic algorithm such as DES, to protect its
+ * using a cryptographic algorithm such as AES, to protect its
  * confidentiality.  The encrypted content can later be decrypted (with
  * the corresponding algorithm using the correct decryption key) and
  * de-serialized, yielding the original object.
diff --git a/jdk/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java b/jdk/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java
index c344f8adc7..4c734670da 100644
--- a/jdk/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,17 +25,14 @@
 
 package jdk.internal.misc;
 
+import java.io.InvalidClassException;
 import java.io.ObjectInputStream;
 
 /**
- * The interface to specify methods for accessing {@code ObjectInputStream}
- * @author sjiang
+ * Interface to specify methods for accessing {@code ObjectInputStream}.
  */
+@FunctionalInterface
 public interface JavaObjectInputStreamAccess {
-    /**
-     * Sets a descriptor validating.
-     * @param ois stream to have the descriptors validated
-     * @param validator validator used to validate a descriptor.
-     */
-    public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator);
+    void checkArray(ObjectInputStream ois, Class arrayType, int arrayLength)
+        throws InvalidClassException;
 }
diff --git a/jdk/src/java.base/share/classes/module-info.java b/jdk/src/java.base/share/classes/module-info.java
index 964f131d2c..b2c15cae92 100644
--- a/jdk/src/java.base/share/classes/module-info.java
+++ b/jdk/src/java.base/share/classes/module-info.java
@@ -214,7 +214,8 @@ module java.base {
         jdk.jdeps,
         jdk.jlink;
     exports sun.net to
-        jdk.incubator.httpclient;
+        jdk.incubator.httpclient,
+        jdk.naming.dns;
     exports sun.net.ext to
         jdk.net;
     exports sun.net.dns to
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_de.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_de.properties
index c311de2bcf..1d9aad17ec 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_de.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_de.properties
@@ -31,12 +31,12 @@ java.launcher.opt.vmselect   =\    {0}\t  zur Auswahl der "{1}" VM\n
 java.launcher.opt.hotspot    =\    {0}\t  ist ein Synonym f\u00FCr die "{1}" VM  [verworfen]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  Eine durch {0} getrennte Liste mit Verzeichnissen, JAR-Archiven\n                  und ZIP-Archiven, in denen nach Klassendateien gesucht wird.\n    -p \n    --module-path ...\n                  Eine durch {0} getrennte Liste mit Verzeichnissen, von denen jedes Verzeichnis\n                  ein Verzeichnis mit Modulen ist.\n    --upgrade-module-path ...\n                  Eine durch {0} getrennte Liste mit Verzeichnissen, von denen jedes Verzeichnis\n                  ein Verzeichnis mit Modulen ist, die upgradef\u00E4hige\n                  Module im Laufzeitimage ersetzen\n    --add-modules [,...]\n                  Root-Module, die zus\u00E4tzlich zum anf\u00E4nglichen Modul aufgel\u00F6st werden sollen.\n                   kann auch wie folgt lauten: ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  Listet beobachtbare Module auf und beendet den Vorgang\n    --d \n    --describe-module \n                  Beschreibt ein Modul und beendet den Vorgang\n    --dry-run     Erstellt eine VM und l\u00E4dt die Hauptklasse, f\u00FChrt aber nicht die Hauptmethode aus.\n                  Die Option "--dry-run" kann n\u00FCtzlich sein, um die\n                  Befehlszeilenoptionen, wie die Modulsystemkonfiguration, zu validieren.\n    --validate-modules\n                  Validiert alle Module und beendet den Vorgang\n                  Die Option "--validate-modules" kann n\u00FCtzlich sein, um\n                  Konflikte und andere Fehler mit Modulen auf dem Modulpfad zu ermitteln.\n    -D=\n                  Legt eine Systemeigenschaft fest\n    -verbose:[class|module|gc|jni]\n                  Ausgabe im Verbose-Modus aktivieren\n    -version      Gibt die Produktversion an den Fehlerstream aus und beendet den Vorgang\n    --version      Gibt die Produktversion an den Outputstream aus und beendet den Vorgang\n    -showversion  Gibt die Produktversion an den Fehlerstream aus und setzt den Vorgang fort\n    --show-version\n                  Gibt die Produktversion an den Outputstream aus und setzt den Vorgang fort\n    --show-module-resolution\n                  Zeigt die Modulaufl\u00F6sungsausgabe beim Start an\n    -? -h -help\n                  Gibt diese Hilfemeldung an den Fehlerstream aus\n    --help        Gibt diese Hilfemeldung an den Outputstream aus\n    -X            Gibt Hilfe zu zus\u00E4tzlichen Optionen an den Fehlerstream aus\n    --help-extra  Gibt Hilfe zu zus\u00E4tzlichen Optionen an den Outputstream aus\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  Aktiviert Assertions mit angegebener Granularit\u00E4t\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  Deaktiviert Assertions mit angegebener Granularit\u00E4t\n    -esa | -enablesystemassertions\n                  Aktiviert System-Assertions\n    -dsa | -disablesystemassertions\n                  Deaktiviert System-Assertions\n    -agentlib:[=]\n                  L\u00E4dt die native Agent Library . Beispiel: -agentlib:jdwp\n                  siehe auch -agentlib:jdwp=help\n    -agentpath:[=]\n                  L\u00E4dt die native Agent Library mit dem vollst\u00E4ndigen Pfadnamen\n    -javaagent:[=]\n                  L\u00E4dt den Java-Programmiersprachen-Agent, siehe java.lang.instrument\n    -splash:\n                  Zeigt den Startbildschirm mit einem angegebenen Bild an\n                  Skalierte HiDPI-Bilder werden automatisch \
+java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  Eine durch {0} getrennte Liste mit Verzeichnissen, JAR-Archiven\n                  und ZIP-Archiven, in denen nach Klassendateien gesucht wird.\n    -p \n    --module-path ...\n                  Eine durch {0} getrennte Liste mit Verzeichnissen, von denen jedes Verzeichnis\n                  ein Verzeichnis mit Modulen ist.\n    --upgrade-module-path ...\n                  Eine durch {0} getrennte Liste mit Verzeichnissen, von denen jedes Verzeichnis\n                  ein Verzeichnis mit Modulen ist, die upgradef\u00E4hige\n                  Module im Laufzeitimage ersetzen\n    --add-modules [,...]\n                  Root-Module, die zus\u00E4tzlich zum anf\u00E4nglichen Modul aufgel\u00F6st werden sollen.\n                   kann auch wie folgt lauten: ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  Listet beobachtbare Module auf und beendet den Vorgang\n    -d \n    --describe-module \n                  Beschreibt ein Modul und beendet den Vorgang\n    --dry-run     Erstellt eine VM und l\u00E4dt die Hauptklasse, f\u00FChrt aber nicht die Hauptmethode aus.\n                  Die Option "--dry-run" kann n\u00FCtzlich sein, um die\n                  Befehlszeilenoptionen, wie die Modulsystemkonfiguration, zu validieren.\n    --validate-modules\n                  Validiert alle Module und beendet den Vorgang\n                  Die Option "--validate-modules" kann n\u00FCtzlich sein, um\n                  Konflikte und andere Fehler mit Modulen auf dem Modulpfad zu ermitteln.\n    -D=\n                  Legt eine Systemeigenschaft fest\n    -verbose:[class|module|gc|jni]\n                  Ausgabe im Verbose-Modus aktivieren\n    -version      Gibt die Produktversion an den Fehlerstream aus und beendet den Vorgang\n    --version      Gibt die Produktversion an den Outputstream aus und beendet den Vorgang\n    -showversion  Gibt die Produktversion an den Fehlerstream aus und setzt den Vorgang fort\n    --show-version\n                  Gibt die Produktversion an den Outputstream aus und setzt den Vorgang fort\n    --show-module-resolution\n                  Zeigt die Modulaufl\u00F6sungsausgabe beim Start an\n    -? -h -help\n                  Gibt diese Hilfemeldung an den Fehlerstream aus\n    --help        Gibt diese Hilfemeldung an den Outputstream aus\n    -X            Gibt Hilfe zu zus\u00E4tzlichen Optionen an den Fehlerstream aus\n    --help-extra  Gibt Hilfe zu zus\u00E4tzlichen Optionen an den Outputstream aus\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  Aktiviert Assertions mit angegebener Granularit\u00E4t\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  Deaktiviert Assertions mit angegebener Granularit\u00E4t\n    -esa | -enablesystemassertions\n                  Aktiviert System-Assertions\n    -dsa | -disablesystemassertions\n                  Deaktiviert System-Assertions\n    -agentlib:[=]\n                  L\u00E4dt die native Agent Library . Beispiel: -agentlib:jdwp\n                  siehe auch -agentlib:jdwp=help\n    -agentpath:[=]\n                  L\u00E4dt die native Agent Library mit dem vollst\u00E4ndigen Pfadnamen\n    -javaagent:[=]\n                  L\u00E4dt den Java-Programmiersprachen-Agent, siehe java.lang.instrument\n    -splash:\n                  Zeigt den Startbildschirm mit einem angegebenen Bild an\n                  Skalierte HiDPI-Bilder werden automatisch \
 unterst\u00FCtzt und verwendet,\n                  falls verf\u00FCgbar. Der nicht skalierte Bilddateiname (Beispiel: image.ext)\n                  muss immer als Argument an die Option "-splash" \u00FCbergeben werden.\n                  Das am besten geeignete angegebene skalierte Bild wird\n                  automatisch ausgew\u00E4hlt.\n                  Weitere Informationen finden Sie in der Dokumentation zur SplashScreen-API\n    @argument files\n                  Eine oder mehrere Argumentdateien mit Optionen\n    -disable-@files\n                  Verhindert die weitere Erweiterung von Argumentdateien\nUm ein Argument f\u00FCr eine lange Option anzugeben, k\u00F6nnen Sie --= oder\n--  verwenden.\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           Deaktiviert Hintergrundkompilierung\n    -Xbootclasspath/a: \n                      an Ende von Bootstrap Classpath anh\u00E4ngen\n    -Xcheck:jni       F\u00FChrt zus\u00E4tzliche Pr\u00FCfungen f\u00FCr JNI-Funktionen aus\n    -Xcomp            Erzwingt Kompilierung von Methoden beim ersten Aufruf\n    -Xdebug           Wird zur Abw\u00E4rtskompatiblit\u00E4t bereitgestellt\n    -Xdiag            Zeigt zus\u00E4tzliche Diagnosemeldungen an\n    -Xfuture          Aktiviert strengste Pr\u00FCfungen, wird als m\u00F6glicher zuk\u00FCnftiger Standardwert erwartet\n    -Xint             Nur Ausf\u00FChrung im interpretierten Modus\n    -Xinternalversion\n                      Zeigt detailliertere JVM-Versionsinformationen an als die\n                      Option "-version"\n    -Xloggc:    Protokolliert GC-Status in einer Datei mit Zeitstempeln\n    -Xmixed           Ausf\u00FChrung im gemischten Modus (Standard)\n    -Xmn        Legt die anf\u00E4ngliche und die maximale Gr\u00F6\u00DFe (in Byte) des Heaps\n                      f\u00FCr die junge Generation (Nursery) fest\n    -Xms        Legt die anf\u00E4ngliche Java-Heap-Gr\u00F6\u00DFe fest\n    -Xmx        Legt die maximale Java-Heap-Gr\u00F6\u00DFe fest\n    -Xnoclassgc       Deaktiviert die Klassen-Garbage Collection\n    -Xprof            Gibt CPU-Profilierungsdaten aus (veraltet)\n    -Xrs              Reduziert die Verwendung von BS-Signalen durch Java/VM (siehe Dokumentation)\n    -Xshare:auto      Verwendet, wenn m\u00F6glich, freigegebene Klassendaten (Standard)\n    -Xshare:off       Versucht nicht, freigegebene Klassendaten zu verwenden\n    -Xshare:on        Erfordert die Verwendung von freigegebenen Klassendaten, verl\u00E4uft sonst nicht erfolgreich.\n    -XshowSettings    Zeigt alle Einstellungen an und f\u00E4hrt fort\n    -XshowSettings:all\n                      Zeigt alle Einstellungen an und f\u00E4hrt fort\n    -XshowSettings:locale\n                      Zeigt alle gebietsschemabezogenen Einstellungen an und f\u00E4hrt fort\n    -XshowSettings:properties\n                      Zeigt alle Eigenschaftseinstellungen an und f\u00E4hrt fort\n    -XshowSettings:vm Zeigt alle VM-bezogenen Einstellungen an und f\u00E4hrt fort\n    -Xss        Legt Stack-Gr\u00F6\u00DFe des Java-Threads fest\n    -Xverify          Legt den Modus der Bytecodeverifizierung fest\n    --add-reads =(,)*\n                      Aktualisiert , damit  ungeachtet der\n                      Moduldeklaration gelesen wird. \n                       kann ALL-UNNAMED sein, um alle unbenannten\n                      Module zu lesen.\n    --add-exports /=(,)*\n                      Aktualisiert , um  ungeachtet der Moduldeklaration\n                        in  zu exportieren.\n                       kann ALL-UNNAMED sein, um in alle \n                      unbenannten Module zu exportieren.\n    --add-opens /=(,)*\n                      Aktualisiert , um  ungeachtet der Moduldeklaration\n                      in  zu \u00F6ffnen.\n    --limit-modules [,...]\n                      Grenzt die Gesamtmenge der beobachtbaren Module ein\n   --patch-module =({0})*\n                      \u00DCberschreibt oder erweitert ein Modul in JAR-Dateien\n                      oder -Verzeichnissen mit \
-Klassen und Ressourcen.\n    --disable-@files  Deaktiviert die weitere Erweiterung von Argumentdateien\n\nDiese zus\u00E4tzlichen Optionen k\u00F6nnen ohne Vorank\u00FCndigung ge\u00E4ndert werden.
+java.launcher.X.usage=\n    -Xbatch           Deaktiviert Hintergrundkompilierung\n    -Xbootclasspath/a: \n                      an Ende von Bootstrap Classpath anh\u00E4ngen\n    -Xcheck:jni       F\u00FChrt zus\u00E4tzliche Pr\u00FCfungen f\u00FCr JNI-Funktionen aus\n    -Xcomp            Erzwingt Kompilierung von Methoden beim ersten Aufruf\n    -Xdebug           Wird zur Abw\u00E4rtskompatibilit\u00E4t bereitgestellt\n    -Xdiag            Zeigt zus\u00E4tzliche Diagnosemeldungen an\n    -Xfuture          Aktiviert strengste Pr\u00FCfungen, wird als m\u00F6glicher zuk\u00FCnftiger Standardwert erwartet\n    -Xint             Nur Ausf\u00FChrung im interpretierten Modus\n    -Xinternalversion\n                      Zeigt detailliertere JVM-Versionsinformationen an als die\n                      Option "-version"\n    -Xloggc:    Protokolliert GC-Status in einer Datei mit Zeitstempeln\n    -Xmixed           Ausf\u00FChrung im gemischten Modus (Standard)\n    -Xmn        Legt die anf\u00E4ngliche und die maximale Gr\u00F6\u00DFe (in Byte) des Heaps\n                      f\u00FCr die junge Generation (Nursery) fest\n    -Xms        Legt die anf\u00E4ngliche Java-Heap-Gr\u00F6\u00DFe fest\n    -Xmx        Legt die maximale Java-Heap-Gr\u00F6\u00DFe fest\n    -Xnoclassgc       Deaktiviert die Klassen-Garbage Collection\n    -Xprof            Gibt CPU-Profilierungsdaten aus (veraltet)\n    -Xrs              Reduziert die Verwendung von BS-Signalen durch Java/VM (siehe Dokumentation)\n    -Xshare:auto      Verwendet, wenn m\u00F6glich, freigegebene Klassendaten (Standard)\n    -Xshare:off       Versucht nicht, freigegebene Klassendaten zu verwenden\n    -Xshare:on        Erfordert die Verwendung von freigegebenen Klassendaten, verl\u00E4uft sonst nicht erfolgreich.\n    -XshowSettings    Zeigt alle Einstellungen an und f\u00E4hrt fort\n    -XshowSettings:all\n                      Zeigt alle Einstellungen an und f\u00E4hrt fort\n    -XshowSettings:locale\n                      Zeigt alle gebietsschemabezogenen Einstellungen an und f\u00E4hrt fort\n    -XshowSettings:properties\n                      Zeigt alle Eigenschaftseinstellungen an und f\u00E4hrt fort\n    -XshowSettings:vm Zeigt alle VM-bezogenen Einstellungen an und f\u00E4hrt fort\n    -Xss        Legt Stackgr\u00F6\u00DFe des Java-Threads fest\n    -Xverify          Legt den Modus der Bytecodeverifizierung fest\n    --add-reads =(,)*\n                      Aktualisiert , damit  ungeachtet der\n                      Moduldeklaration gelesen wird. \n                       kann ALL-UNNAMED sein, um alle unbenannten\n                      Module zu lesen.\n    --add-exports /=(,)*\n                      Aktualisiert , um  ungeachtet der Moduldeklaration\n                        in  zu exportieren.\n                       kann ALL-UNNAMED sein, um in alle \n                      unbenannten Module zu exportieren.\n    --add-opens /=(,)*\n                      Aktualisiert , um  ungeachtet der Moduldeklaration\n                      in  zu \u00F6ffnen.\n    --illegal-access=\n                      L\u00E4sst Zugriff f\u00FCr Mitglieder mit den Typen in den benannten Modulen\n                      nach Code in unbenannten Modulen zu oder lehnt ihn ab.\n                       ist entweder "ablehnen", "zulassen", "warnen" oder "debuggen".\n                      Diese Option wird in einem zuk\u00FCnftigen Release entfernt.\n    --limit-modules [,...]\n                      Grenzt die Gesamtmenge der beobachtbaren Module ein\n   --patch-module =({0})*\n                      \u00DCberschreibt oder \
+erweitert ein Modul in JAR-Dateien\n                      oder -Verzeichnissen mit Klassen und Ressourcen.\n    --disable-@files  Deaktiviert die weitere Erweiterung von Argumentdateien\n\nDiese zus\u00E4tzlichen Optionen k\u00F6nnen ohne Vorank\u00FCndigung ge\u00E4ndert werden.\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\nDie folgenden Optionen sind f\u00FCr Mac OS X spezifisch:\n    -XstartOnFirstThread\n                      main()-Methode f\u00FCr den ersten (AppKit) Thread ausf\u00FChren\n    -Xdock:name=\n                      Den im Dock angezeigten Standardanwendungsnamen \u00FCberschreiben\n    -Xdock:icon=\n                      Das im Dock angezeigte Standardsymbol \u00FCberschreiben\n\n
@@ -47,6 +47,7 @@ java.launcher.cls.error3=Fehler: Hauptmethode muss einen Wert vom Typ void in Kl
 java.launcher.cls.error4=Fehler: Hauptmethode in Klasse {0} nicht gefunden. Definieren Sie die Hauptmethode als:\n   public static void main(String[] args):\noder eine JavaFX-Anwendung muss {1} erweitern
 java.launcher.cls.error5=Fehler: Zum Ausf\u00FChren dieser Anwendung ben\u00F6tigte JavaFX-Runtime-Komponenten fehlen
 java.launcher.cls.error6=Fehler: Beim Laden der Klasse {0} ist ein LinkageError aufgetreten\n\t{1}
+java.launcher.cls.error7=Fehler: Hauptklasse {0} kann nicht initialisiert werden\nUrsache: {1}: {2}
 java.launcher.jar.error1=Fehler: Beim Versuch, Datei {0} zu \u00F6ffnen, ist ein unerwarteter Fehler aufgetreten
 java.launcher.jar.error2=Manifest in {0} nicht gefunden
 java.launcher.jar.error3=kein Hauptmanifestattribut, in {0}
@@ -55,5 +56,6 @@ java.launcher.init.error=Initialisierungsfehler
 java.launcher.javafx.error1=Fehler: Die JavaFX-Methode launchApplication hat die falsche Signatur, sie\nmuss als statisch deklariert werden und einen Wert vom Typ VOID zur\u00FCckgeben
 java.launcher.module.error1=Modul {0} weist kein MainClass-Attribut auf. Verwenden Sie -m /
 java.launcher.module.error2=Fehler: Hauptklasse {0} konnte in Modul {1} nicht gefunden oder geladen werden
-java.launcher.module.error3=Fehler: Hauptklasse {0} kann nicht aus Modul {1} geladen werden\n\t{2}
+java.launcher.module.error3=Fehler: Hauptklasse {0} kann nicht in Modul {1} geladen werden\n\t{2}
 java.launcher.module.error4={0} nicht gefunden
+java.launcher.module.error5=Fehler: Hauptklasse {0} kann nicht in Modul {1} initialisiert werden\nUrsache: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_es.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_es.properties
index 3fecb4c841..d205b058b4 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_es.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_es.properties
@@ -26,17 +26,17 @@
 # Translators please note do not translate the options themselves
 java.launcher.opt.header  =   Sintaxis: {0} [opciones]  [argumentos...]\n           (para ejecutar una clase)\n   o  {0} [opciones] -jar  [argumentos...]\n           (para ejecutar un archivo jar)\n   o  {0} [opciones] -m [/] [argumentos...]\n       {0} [opciones] --module [/] [argumentos...]\n           (para ejecutar la clase principal en un m\u00F3dulo)\n\n Argumentos que siguen la clase principal, -jar , -m o --module\n / se transfieren como argumentos a una clase principal.\n\n donde las opciones incluyen:\n\n
 
-java.launcher.opt.datamodel  =\    -d{0}\t  Anticuada, se eliminar\u00E1 en una versi\u00F3n futura\n
+java.launcher.opt.datamodel  =\    -d{0}\t  En desuso, se eliminar\u00E1 en una versi\u00F3n futura\n
 java.launcher.opt.vmselect   =\    {0}\t  para seleccionar la VM "{1}"\n
-java.launcher.opt.hotspot    =\    {0}\t  es un sin\u00F3nimo de la VM "{1}" [anticuada]\n
+java.launcher.opt.hotspot    =\    {0}\t  es un sin\u00F3nimo de la VM "{1}" [en desuso]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  Una lista separada por el car\u00E1cter {0}, archivos JAR\n                  y archivos ZIP para buscar archivos de clases.\n    -p \n    --module-path ...\n                  Una lista de directorios separada por el car\u00E1cter {0}, cada directorio\n                  es un directorio de m\u00F3dulos.\n    --upgrade-module-path ...\n                  Una lista de directorios separada por el car\u00E1cter {0}, cada directorio\n                  es un directorio de m\u00F3dulos que sustituye a\n                  los m\u00F3dulos actualizables en la imagen de tiempo de ejecuci\u00F3n\n    --add-modules [,...]\n                  m\u00F3dulos de ra\u00EDz que resolver, adem\u00E1s del m\u00F3dulo inicial.\n                   tambi\u00E9n puede ser ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  mostrar m\u00F3dulos observables y salir\n    --d \n    --describe-module \n                  describir un m\u00F3dulo y salir\n    --dry-run     crear VM y cargar la clase principal pero sin ejecutar el m\u00E9todo principal.\n                  La opci\u00F3n --dry-run puede ser \u00FAtil para validar\n                  las opciones de l\u00EDnea de comandos, como la configuraci\u00F3n del sistema de m\u00F3dulos.\n    --validate-modules\n                  validar todos los m\u00F3dulos y salir\n                  La opci\u00F3n --validate-modules puede ser \u00FAtil para encontrar\n                  conflictos y otros errores con m\u00F3dulos en la ruta de m\u00F3dulos.\n    -D=\n                  definir una propiedad de sistema\n    -verbose:[class|module|gc|jni]\n                  activar la salida en modo verbose\n    -version      imprimir versi\u00F3n de producto en el flujo de errores y salir\n    --version     imprimir versi\u00F3n de producto en el flujo de salida y salir\n    -showversion  imprimir versi\u00F3n de producto en el flujo de errores y continuar\n    --show-version\n                  -showversion  imprimir versi\u00F3n de producto en el flujo de salida y continuar\n    --show-module-resolution\n                  mostrar la salida de resoluci\u00F3n de m\u00F3dulo durante el inicio\n    -? -h -help\n                  imprimir este mensaje de ayuda en el flujo de errores\n    --help        imprimir este mensaje de ayuda en el flujo de salida\n    -X            imprimir ayuda de opciones adicionales en el flujo de errores\n    --help-extra  imprimir ayuda de opciones adicionales en el flujo de salida\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  activar afirmaciones con una granularidad especificada\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  desactivar afirmaciones con una granularidad especificada\n    -esa | -enablesystemassertions\n                  activar afirmaciones del sistema\n    -dsa | -disablesystemassertions\n                  desactivar afirmaciones del sistema\n    -agentlib:[=]\n                  cargar biblioteca de agente nativo , por ejemplo, -agentlib:jdwp\n                  ver tambi\u00E9n -agentlib:jdwp=help\n    -agentpath:[=]\n                  cargar biblioteca de agente nativo por nombre completo de ruta\n    -javaagent:[=]\n                  cargar agente de lenguaje de programaci\u00F3n Java, ver java.lang.instrument\n    -splash:\n         \
-         mostrar pantalla de presentaci\u00F3n con imagen especificada\n                  Las im\u00E1genes a escala HiDPI est\u00E1n soportadas y se usan autom\u00E1ticamente\n                  si est\u00E1n disponibles. El nombre de archivo de la imagen sin escala, por ejemplo, image.ext,\n                  siempre debe transmitirse como el argumento para la opci\u00F3n -splash.\n                  La imagen a escala m\u00E1s adecuada que se haya proporcionado se escoger\u00E1\n                  autom\u00E1ticamente.\n                  Consulte la documentaci\u00F3n de la API de la pantalla de presentaci\u00F3n para obtener m\u00E1s informaci\u00F3n.\n    @argument files\n                  uno o m\u00E1s archivos de argumentos que contienen opciones\n    -disable-@files\n                  evitar una mayor expansi\u00F3n del archivo de argumentos\nPara especificar un argumento para una opci\u00F3n larga, puede usar --= o\n-- .\n
+java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  Una lista separada por el car\u00E1cter {0}, archivos JAR\n                  y archivos ZIP para buscar archivos de clases.\n    -p \n    --module-path ...\n                  Una lista de directorios separada por el car\u00E1cter {0}, cada directorio\n                  es un directorio de m\u00F3dulos.\n    --upgrade-module-path ...\n                  Una lista de directorios separada por el car\u00E1cter {0}, cada directorio\n                  es un directorio de m\u00F3dulos que sustituye a\n                  los m\u00F3dulos actualizables en la imagen de tiempo de ejecuci\u00F3n\n    --add-modules [,...]\n                  m\u00F3dulos de ra\u00EDz que resolver, adem\u00E1s del m\u00F3dulo inicial.\n                   tambi\u00E9n puede ser ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  mostrar m\u00F3dulos observables y salir\n    -d \n    --describe-module \n                  describir un m\u00F3dulo y salir\n    --dry-run     crear VM y cargar la clase principal pero sin ejecutar el m\u00E9todo principal.\n                  La opci\u00F3n --dry-run puede ser \u00FAtil para validar\n                  las opciones de l\u00EDnea de comandos, como la configuraci\u00F3n del sistema de m\u00F3dulos.\n    --validate-modules\n                  validar todos los m\u00F3dulos y salir\n                  La opci\u00F3n --validate-modules puede ser \u00FAtil para encontrar\n                  conflictos y otros errores con m\u00F3dulos en la ruta de m\u00F3dulos.\n    -D=\n                  definir una propiedad de sistema\n    -verbose:[class|module|gc|jni]\n                  activar la salida en modo verbose\n    -version      imprimir versi\u00F3n de producto en el flujo de errores y salir\n    --version     imprimir versi\u00F3n de producto en el flujo de salida y salir\n    -showversion  imprimir versi\u00F3n de producto en el flujo de errores y continuar\n    --show-version\n                  -showversion  imprimir versi\u00F3n de producto en el flujo de salida y continuar\n    --show-module-resolution\n                  mostrar la salida de resoluci\u00F3n de m\u00F3dulo durante el inicio\n    -? -h -help\n                  imprimir este mensaje de ayuda en el flujo de errores\n    --help        imprimir este mensaje de ayuda en el flujo de salida\n    -X            imprimir ayuda de opciones adicionales en el flujo de errores\n    --help-extra  imprimir ayuda de opciones adicionales en el flujo de salida\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  activar afirmaciones con una granularidad especificada\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  desactivar afirmaciones con una granularidad especificada\n    -esa | -enablesystemassertions\n                  activar afirmaciones del sistema\n    -dsa | -disablesystemassertions\n                  desactivar afirmaciones del sistema\n    -agentlib:[=]\n                  cargar biblioteca de agente nativo , por ejemplo, -agentlib:jdwp\n                  ver tambi\u00E9n -agentlib:jdwp=help\n    -agentpath:[=]\n                  cargar biblioteca de agente nativo por nombre completo de ruta\n    -javaagent:[=]\n                  cargar agente de lenguaje de programaci\u00F3n Java, ver java.lang.instrument\n    -splash:\n       \
+           mostrar pantalla de presentaci\u00F3n con imagen especificada\n                  Las im\u00E1genes a escala HiDPI est\u00E1n soportadas y se usan autom\u00E1ticamente\n                  si est\u00E1n disponibles. El nombre de archivo de la imagen sin escala, por ejemplo, image.ext,\n                  siempre debe transmitirse como el argumento para la opci\u00F3n -splash.\n                  La imagen a escala m\u00E1s adecuada que se haya proporcionado se escoger\u00E1\n                  autom\u00E1ticamente.\n                  Consulte la documentaci\u00F3n de la API de la pantalla de presentaci\u00F3n para obtener m\u00E1s informaci\u00F3n.\n    @argument files\n                  uno o m\u00E1s archivos de argumentos que contienen opciones\n    -disable-@files\n                  evitar una mayor expansi\u00F3n del archivo de argumentos\nPara especificar un argumento para una opci\u00F3n larga, puede usar --= o\n-- .\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\    -Xbatch           desactivar compilaci\u00F3n de fondo\n    -Xbootclasspath/a:\n                      agregar al final de la ruta de la clase de inicializaci\u00F3n de datos\n    -Xcheck:jni       realizar comprobaciones adicionales para las funciones de JNI\n    -Xcomp            fuerza la compilaci\u00F3n de m\u00E9todos en la primera llamada\n    -Xdebug           se proporciona para ofrecer compatibilidad con versiones anteriores\n    -Xdiag            mostrar mensajes de diagn\u00F3stico adicionales\n    -Xfuture          activar las comprobaciones m\u00E1s estrictas, anticip\u00E1ndose al futuro valor por defecto\n    -Xint             solo ejecuci\u00F3n de modo interpretado\n    -Xinternalversion\n                      muestra una informaci\u00F3n de la versi\u00F3n de JVM m\u00E1s detallada que la\n                      opci\u00F3n -version\n    -Xloggc:    registrar el estado de GC en un archivo con registros de hora\n    -Xmixed           ejecuci\u00F3n de modo mixto (por defecto)\n    -Xmn        define el tama\u00F1o inicial y m\u00E1ximo (en bytes) de la pila\n                      para la generaci\u00F3n m\u00E1s joven (espacio infantil)\n    -Xms        define el tama\u00F1o inicial de la pila de Java\n    -Xmx        define el tama\u00F1o m\u00E1ximo de la pila de Java\n    -Xnoclassgc       desactivar la recolecci\u00F3n de basura de clases\n    -Xprof            datos de creaci\u00F3n de perfiles de CPU de salida (anticuados)\n    -Xrs              reducir el uso de se\u00F1ales de sistema operativo por parte de Java/VM (consulte la documentaci\u00F3n)\n    -Xshare:auto      usar datos de clase compartidos si es posible (valor por defecto)\n    -Xshare:off       no intentar usar datos de clase compartidos\n    -Xshare:on        es obligatorio el uso de datos de clase compartidos, de lo contrario se producir\u00E1 un fallo.\n    -XshowSettings    mostrar toda la configuraci\u00F3n y continuar\n    -XshowSettings:all\n                      mostrar todos los valores y continuar\n    -XshowSettings:locale\n                      mostrar todos los valores relacionados con la configuraci\u00F3n regional y continuar\n    -XshowSettings:properties\n                      mostrar todos los valores de propiedad y continuar\n    -XshowSettings:vm mostrar todos los valores relacionados con vm y continuar\n    -Xss        definir tama\u00F1o de la pila del thread de Java\n    -Xverify          define el modo del verificador de c\u00F3digo de bytes\n    --add-reads =(,)*\n                      actualiza  para leer , independientement\n                      de la declaraci\u00F3n del m\u00F3dulo. \n                       puede ser ALL-UNNAMED para leer todos los\n                      m\u00F3dulos sin nombre.\n    --add-exports /=(,)*\n                      actualiza  para exportar  en ,\n                      independientemente de la declaraci\u00F3n del m\u00F3dulo.\n                       puede ser ALL-UNNAMED para exportar a todos los\n                      m\u00F3dulos sin nombre.\n    --add-opens /=(,)*\n                      actualiza  para abrir  en\n                      , independientemente de la declaraci\u00F3n del m\u00F3dulo.\n    --limit-modules [,...]\n                      limitar el universo de m\u00F3dulos observables\n    --patch-module =({0})*\n                      anular o aumentar un m\u00F3dulo con clases y recursos\n                      en directorios o archivos JAR.\n    --disable-@files  desactivar una mayor expansi\u00F3n del archivo de argumentos\n\nEstas opciones adicionales est\u00E1n sujetas a cambios sin previo aviso.\n
+java.launcher.X.usage=\n    -Xbatch           desactivar compilaci\u00F3n en segundo plano\n    -Xbootclasspath/a:\n                      agregar al final de la ruta de la clase de inicializaci\u00F3n de datos\n    -Xcheck:jni       realizar comprobaciones adicionales para las funciones de JNI\n    -Xcomp            fuerza la compilaci\u00F3n de m\u00E9todos en la primera llamada\n    -Xdebug           se proporciona para ofrecer compatibilidad con versiones anteriores\n    -Xdiag            mostrar mensajes de diagn\u00F3stico adicionales\n    -Xfuture          activar las comprobaciones m\u00E1s estrictas, anticip\u00E1ndose al futuro valor por defecto\n    -Xint             solo ejecuci\u00F3n de modo interpretado\n    -Xinternalversion\n                      muestra una informaci\u00F3n de la versi\u00F3n de JVM m\u00E1s detallada que la\n                      opci\u00F3n-versi\u00F3n\n    -Xloggc:    registrar el estado de GC en un archivo con registros de hora\n    -Xmixed           modo de ejecuci\u00F3n mixto (valor por defecto)\n    -Xmn        define el tama\u00F1o inicial y m\u00E1ximo (en bytes) de la pila\n                      para la generaci\u00F3n m\u00E1s joven (incubadora)\n    -Xms        define el tama\u00F1o inicial de la pila de Java\n    -Xmx        define el tama\u00F1o m\u00E1ximo de la pila de Java\n    -Xnoclassgc       desactivar la recolecci\u00F3n de basura de clases\n    -Xprof            datos de creaci\u00F3n de perfiles de CPU de salida (en desuso)\n    -Xrs              reducir el uso de se\u00F1ales de sistema operativo por parte de Java/VM (consulte la documentaci\u00F3n)\n    -Xshare:auto      usar datos de clase compartidos si es posible (valor por defecto)\n    -Xshare:off       no intentar usar datos de clase compartidos\n    -Xshare:on        es obligatorio el uso de datos de clase compartidos, de lo contrario se producir\u00E1 un fallo.\n    -XshowSettings    mostrar toda la configuraci\u00F3n y continuar\n    -XshowSettings:all\n                      mostrar todos los valores y continuar\n    -XshowSettings:locale\n                      mostrar todos los valores relacionados con la configuraci\u00F3n regional y continuar\n    -XshowSettings:properties\n                      mostrar todos los valores de propiedad y continuar\n    -XshowSettings:vm mostrar todos los valores relacionados con vm y continuar\n    -Xss        definir tama\u00F1o de la pila del thread de Java\n    -Xverify          define el modo del verificador de c\u00F3digo de bytes\n    --add-reads =(,)*\n                      updates  para leer , independientemente\n                      de la declaraci\u00F3n del m\u00F3dulo. \n                       puede ser ALL-UNNAMED para leer todos los m\u00F3dulos\n                      sin nombre.\n    --add-exports /=(,)*\n                      actualiza  para exportar  en ,\n                      independientemente de la declaraci\u00F3n del m\u00F3dulo.\n                       puede ser ALL-UNNAMED para exportar a todos los\n                      m\u00F3dulos sin nombre.\n    --add-opens /=(,)*\n                      actualiza  para abrir  en\n                      , independientemente de la declaraci\u00F3n del m\u00F3dulo.\n    --illegal-access=\n                      permitir o denegar el acceso a miembros de tipos en m\u00F3dulos con nombre\n                      por c\u00F3digo en m\u00F3dulos sin nombre.\n                       es "denegar", "permitir", "advertir" o "depurar"\n                      Esta opci\u00F3n se eliminar\u00E1 en la \
+pr\u00F3xima versi\u00F3n.\n    --limit-modules [,...]\n                      limitar el universo de m\u00F3dulos observables\n    --patch-module =({0})*\n                      anular o aumentar un m\u00F3dulo con clases y recursos\n                      en directorios o archivos JAR.\n    --disable-@files  desactivar una mayor expansi\u00F3n del archivo de argumentos\n\nEstas opciones adicionales est\u00E1n sujetas a cambios sin previo aviso.\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\nLas siguientes opciones son espec\u00EDficas para Mac OS X:\n    -XstartOnFirstThread\n                      ejecutar el m\u00E9todo main() del primer thread (AppKit)\n    -Xdock:name=\n                      sustituir al nombre por defecto de la aplicaci\u00F3n que se muestra en el Dock\n    -Xdock:icon=\n                      sustituir al icono por defecto que se muestra en el Dock\n\n
@@ -47,6 +47,7 @@ java.launcher.cls.error3=Error: el m\u00E9todo principal debe devolver un valor
 java.launcher.cls.error4=Error: no se ha encontrado el m\u00E9todo principal en la clase {0}, defina el m\u00E9todo principal del siguiente modo:\\n   public static void main(String[] args)\\nde lo contrario, se deber\u00E1 ampliar una clase de aplicaci\u00F3n JavaFX {1}
 java.launcher.cls.error5=Error: faltan los componentes de JavaFX runtime y son necesarios para ejecutar esta aplicaci\u00F3n
 java.launcher.cls.error6=Error: Se ha producido un error de enlace al cargar la clase principal {0}\n\t{1}
+java.launcher.cls.error7=Error: no se ha podido inicializar la clase principal {0}\nCausado por: {1}: {2}
 java.launcher.jar.error1=Error: se ha producido un error inesperado al intentar abrir el archivo {0}
 java.launcher.jar.error2=no se ha encontrado el manifiesto en {0}
 java.launcher.jar.error3=no hay ning\u00FAn atributo de manifiesto principal en {0}
@@ -55,5 +56,6 @@ java.launcher.init.error=error de inicializaci\u00F3n
 java.launcher.javafx.error1=Error: el m\u00E9todo launchApplication de JavaFX tiene una firma que no es correcta.\\nSe debe declarar est\u00E1tico y devolver un valor de tipo nulo
 java.launcher.module.error1=el m\u00F3dulo {0} no tiene ning\u00FAn atributo MainClass, utilice -m /
 java.launcher.module.error2=Error: no se ha encontrado o cargado la clase principal {0} en el m\u00F3dulo {1}
-java.launcher.module.error3=Error: No se ha podido cargar la clase principal {0} del m\u00F3dulo {1}\n\t{2}
+java.launcher.module.error3=Error: no se ha podido cargar la clase principal {0} del m\u00F3dulo {1}\n\t{2}
 java.launcher.module.error4=No se ha encontrado {0}
+java.launcher.module.error5=Error: no se ha podido inicializar la clase principal {0} del m\u00F3dulo {1}\nCausado por: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_fr.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_fr.properties
index 472d13b4ba..e003962170 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_fr.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_fr.properties
@@ -31,11 +31,12 @@ java.launcher.opt.vmselect   =\    {0}\t  pour s\u00E9lectionner la machine virt
 java.launcher.opt.hotspot    =\    {0}\t  est un synonyme pour la machine virtuelle "{1}"  [en phase d''abandon]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  Liste distincte {0} de r\u00E9pertoires, d''archives JAR\n                  et d'archives ZIP pour rechercher des fichiers de classe.\n    -p \n    --module-path ...\n                  Liste distincte {0} de r\u00E9pertoires, chaque r\u00E9pertoire\n                  est un r\u00E9pertoire de modules.\n    --upgrade-module-path ...\n                  Liste distincte {0} de r\u00E9pertoires, chaque r\u00E9pertoire\n                  est un r\u00E9pertoire de module qui remplace les modules\n                  pouvant \u00EAtre mis \u00E0 niveau dans l'image d'ex\u00E9cution\n    --add-modules [,...]\n                  modules racine \u00E0 r\u00E9soudre en plus du module initial.\n                   peut \u00E9galement \u00EAtre ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  r\u00E9pertorier les modules observables et quitter\n    --d \n    --describe-module \n                  d\u00E9crire un module et quitter\n    --dry-run     cr\u00E9er une machine virtuelle et charger la classe principale mais ne pas ex\u00E9cuter la m\u00E9thode principale.\n                  L'option--dry-run peut \u00EAtre utile pour la validation des\n                  options de ligne de commande telles que la configuration syst\u00E8me de module.\n    --validate-modules\n                  valider tous les modules et quitter\n                  L'option --validate-modules peut \u00EAtre utile pour la recherche de\n                  conflits et d'autres erreurs avec des modules dans le chemin de module.\n    -D=\n                  d\u00E9finir une propri\u00E9t\u00E9 syst\u00E8me\n    -verbose:[class|module|gc|jni]\n                  activer la sortie en mode verbose\n    -version      afficher la version de produit dans le flux d'erreur et quitter\n    --version     afficher la version de produit dans le flux de sortie et quitter\n    -showversion  afficher la version de produit dans le flux d'erreur et continuer\n    --show-version\n                  afficher la version de produit dans le flux de sortie et continuer\n    --show-module-resolution\n                  afficher la sortie de r\u00E9solution de module lors du d\u00E9marrage\n    -? -h -help\n                  afficher ce message d'aide dans le flux d'erreur\n    --help        afficher ce message d'erreur dans le flux de sortie\n    -X            afficher l'aide sur des options suppl\u00E9mentaires dans le flux d'erreur\n    --help-extra  afficher l'aide sur des options suppl\u00E9mentaires dans le flux de sortie\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  activer des assertions avec la granularit\u00E9 sp\u00E9cifi\u00E9e\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  d\u00E9sactiver des assertions avec la granularit\u00E9 sp\u00E9cifi\u00E9e\n    -esa | -enablesystemassertions\n                  activer des assertions syst\u00E8me\n    -dsa | -disablesystemassertions\n                  d\u00E9sactiver des assertions syst\u00E8me\n    -agentlib:[=]\n                  charger la biblioth\u00E8que d'agent natif , par ex. -agentlib:jdwp\n                  voir \u00E9galement -agentlib:jdwp=help\n    -agentpath:[=]\n                  charger la biblioth\u00E8que d'agent natif par nom de chemin complet\n    -javaagent:[=]\n                  charger l'agent de langage de programmation, voir \
+java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  Liste distincte {0} de r\u00E9pertoires, d''archives JAR\n                  et d'archives ZIP pour rechercher des fichiers de classe.\n    -p \n    --module-path ...\n                  Liste distincte {0} de r\u00E9pertoires, chaque r\u00E9pertoire\n                  est un r\u00E9pertoire de modules.\n    --upgrade-module-path ...\n                  Liste distincte {0} de r\u00E9pertoires, chaque r\u00E9pertoire\n                  est un r\u00E9pertoire de module qui remplace les modules\n                  pouvant \u00EAtre mis \u00E0 niveau dans l'image d'ex\u00E9cution\n    --add-modules [,...]\n                  modules racine \u00E0 r\u00E9soudre en plus du module initial.\n                   peut \u00E9galement \u00EAtre ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  r\u00E9pertorier les modules observables et quitter\n    -d \n    --describe-module \n                  d\u00E9crire un module et quitter\n    --dry-run     cr\u00E9er une machine virtuelle et charger la classe principale mais ne pas ex\u00E9cuter la m\u00E9thode principale.\n                  L'option--dry-run peut \u00EAtre utile pour la validation des\n                  options de ligne de commande telles que la configuration syst\u00E8me de module.\n    --validate-modules\n                  valider tous les modules et quitter\n                  L'option --validate-modules peut \u00EAtre utile pour la recherche de\n                  conflits et d'autres erreurs avec des modules dans le chemin de module.\n    -D=\n                  d\u00E9finir une propri\u00E9t\u00E9 syst\u00E8me\n    -verbose:[class|module|gc|jni]\n                  activer la sortie en mode verbose\n    -version      afficher la version de produit dans le flux d'erreur et quitter\n    --version     afficher la version de produit dans le flux de sortie et quitter\n    -showversion  afficher la version de produit dans le flux d'erreur et continuer\n    --show-version\n                  afficher la version de produit dans le flux de sortie et continuer\n    --show-module-resolution\n                  afficher la sortie de r\u00E9solution de module lors du d\u00E9marrage\n    -? -h -help\n                  afficher ce message d'aide dans le flux d'erreur\n    --help        afficher ce message d'erreur dans le flux de sortie\n    -X            afficher l'aide sur des options suppl\u00E9mentaires dans le flux d'erreur\n    --help-extra  afficher l'aide sur des options suppl\u00E9mentaires dans le flux de sortie\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  activer des assertions avec la granularit\u00E9 sp\u00E9cifi\u00E9e\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  d\u00E9sactiver des assertions avec la granularit\u00E9 sp\u00E9cifi\u00E9e\n    -esa | -enablesystemassertions\n                  activer des assertions syst\u00E8me\n    -dsa | -disablesystemassertions\n                  d\u00E9sactiver des assertions syst\u00E8me\n    -agentlib:[=]\n                  charger la biblioth\u00E8que d'agent natif , par ex. -agentlib:jdwp\n                  voir \u00E9galement -agentlib:jdwp=help\n    -agentpath:[=]\n                  charger la biblioth\u00E8que d'agent natif par nom de chemin complet\n    -javaagent:[=]\n                  charger l'agent de langage de programmation, voir \
 java.lang.instrument\n    -splash:\n                  afficher l'\u00E9cran d'accueil avec l'image indiqu\u00E9e\n                  Les images redimensionn\u00E9es HiDPI sont automatiquement prises en charge et utilis\u00E9es\n                  si elles sont disponibles. Le nom de fichier d'une image non redimensionn\u00E9e, par ex. image.ext,\n                  doit toujours \u00EAtre transmis comme argument \u00E0 l'option -splash.\n                  L'image redimensionn\u00E9e fournie la plus appropri\u00E9e sera automatiquement\n                  s\u00E9lectionn\u00E9e.\n                  Pour plus d'informations, reportez-vous \u00E0 la documentation relative \u00E0 l'API SplashScreen\n    fichiers @argument\n                  fichiers d'arguments contenant des options\n    -disable-@files\n                  emp\u00EAcher le d\u00E9veloppement suppl\u00E9mentaire de fichiers d'arguments\nAfin d'indiquer un argument pour une option longue, vous pouvez utiliser --= ou\n-- .\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           d\u00E9sactivation de la compilation en arri\u00E8re-plan\n    -Xbootclasspath/a:\n                      ajout \u00E0 la fin du chemin de classe bootstrap\n    -Xcheck:jni       ex\u00E9cution de contr\u00F4les suppl\u00E9mentaires pour les fonctions JNI\n    -Xcomp            force la compilation de m\u00E9thodes au premier appel\n    -Xdebug           fourni pour la compatibilit\u00E9 amont\n    -Xdiag            affichage de messages de diagnostic suppl\u00E9mentaires\n    -Xfuture          activation des contr\u00F4les les plus stricts en vue d''anticiper la future valeur par d\u00E9faut\n    -Xint             ex\u00E9cution en mode interpr\u00E9t\u00E9 uniquement\n    -Xinternalversion\n                      affiche des informations de version JVM plus d\u00E9taill\u00E9es que\n                      l''option -version\n    -Xloggc:    journalisation du statut de l''op\u00E9ration de ramasse-miette dans un fichier avec horodatage\n    -Xmixed           ex\u00E9cution en mode mixte (valeur par d\u00E9faut)\n    -Xmn        d\u00E9finit les tailles initiale et maximale (en octets) de la portion de m\u00E9moire\n                      pour la jeune g\u00E9n\u00E9ration (nursery)\n    -Xms        d\u00E9finition de la taille initiale des portions de m\u00E9moire Java\n    -Xmx        d\u00E9finition de la taille maximale des portions de m\u00E9moire Java\n    -Xnoclassgc       d\u00E9sactivation de l''op\u00E9ration de ramasse-miette de la classe\n    -Xprof            sortie des donn\u00E9es de profilage d''UC (en phase d''abandon)\n    -Xrs              r\u00E9duction de l''utilisation des signaux OS par Java/la machine virtuelle (voir documentation)\n    -Xshare:auto      utilisation des donn\u00E9es de classe partag\u00E9es si possible (valeur par d\u00E9faut)\n    -Xshare:off       aucune tentative d''utilisation des donn\u00E9es de classe partag\u00E9es\n    -Xshare:on         utilisation des donn\u00E9es de classe partag\u00E9es obligatoire ou \u00E9chec de l''op\u00E9ration.\n    -XshowSettings    affichage de tous les param\u00E8tres et poursuite de l''op\u00E9ration\n    -XshowSettings:all\n                      affichage de tous les param\u00E8tres et poursuite de l''op\u00E9ration\n    -XshowSettings:locale\n                      affichage de tous les param\u00E8tres d''environnement local et poursuite de l''op\u00E9ration\n    -XshowSettings:properties\n                      affichage de tous les param\u00E8tres de propri\u00E9t\u00E9 et poursuite de l''op\u00E9ration\n    -XshowSettings:vm affichage de tous les param\u00E8tres de machine virtuelle et poursuite de l''op\u00E9ration\n    -Xss        d\u00E9finition de la taille de pile de threads Java\n    -Xverify          d\u00E9finit le mode du v\u00E9rificateur de code ex\u00E9cutable\n    --add-reads =(,)*\n                      met \u00E0 jour  pour lire , sans tenir compte\n                      de la d\u00E9claration de module. \n                       peut \u00EAtre ALL-UNNAMED pour lire tous les modules\n                      sans nom.\n    --add-exports /=(,)*\n                      met \u00E0 jour  pour exporter  vers ,\n                      sans tenir compte de la d\u00E9claration de module.\n                       peut \u00EAtre ALL-UNNAMED pour exporter tous les\n                      modules sans nom.\n    --add-opens /=(,)*\n                      met \u00E0 jour  pour ouvrir  dans\n                      , sans tenir compte de la d\u00E9claration de module.\n    --limit-modules [,...]\n                      limiter l''univers de modules observables\n    --patch-module =({0})*\n                      Remplacement ou augmentation d''un module avec des classes et des ressources\n                      dans des fichiers ou des r\u00E9pertoires JAR.\n    --disable-@files  d\u00E9sactivation d''autres d\u00E9veloppements de fichier d''argument\n\nCes options suppl\u00E9mentaires peuvent \u00EAtre modifi\u00E9es sans pr\u00E9avis.\n
+java.launcher.X.usage=\n    -Xbatch           d\u00E9sactivation de la compilation en arri\u00E8re-plan\n    -Xbootclasspath/a:\n                      ajout \u00E0 la fin du chemin de classe bootstrap\n    -Xcheck:jni        ex\u00E9cution de contr\u00F4les suppl\u00E9mentaires pour les fonctions JNI\n    -Xcomp            force la compilation de m\u00E9thodes au premier appel\n    -Xdebug           fourni pour la compatibilit\u00E9 amont\n    -Xdiag            affichage de messages de diagnostic suppl\u00E9mentaires\n    -Xfuture           activation des contr\u00F4les les plus stricts en vue d''anticiper la future valeur par d\u00E9faut\n    -Xint             ex\u00E9cution en mode interpr\u00E9t\u00E9 uniquement\n    -Xinternalversion\n                      affiche des informations de version JVM plus d\u00E9taill\u00E9es que\n                      l''option -version\n    -Xloggc:    journalisation du statut de l''op\u00E9ration de ramasse-miette dans un fichier avec horodatage\n    -Xmixed           ex\u00E9cution en mode mixte (valeur par d\u00E9faut)\n    -Xmn        d\u00E9finit les tailles initiale et maximale (en octets) de la portion de m\u00E9moire\n                      pour la jeune g\u00E9n\u00E9ration (nursery)\n    -Xms        d\u00E9finition de la taille initiale des portions de m\u00E9moire Java\n    -Xmx        d\u00E9finition de la taille maximale des portions de m\u00E9moire Java\n    -Xnoclassgc       d\u00E9sactivation de l''op\u00E9ration de ramasse-miette de la classe\n    -Xprof            sortie des donn\u00E9es de profilage d''UC (en phase d''abandon)\n    -Xrs              r\u00E9duction de l''utilisation des signaux OS par Java/la machine virtuelle (voir documentation)\n    -Xshare:auto      utilisation des donn\u00E9es de classe partag\u00E9es si possible (valeur par d\u00E9faut)\n    -Xshare:off       aucune tentative d''utilisation des donn\u00E9es de classe partag\u00E9es\n    -Xshare:on        utilisation des donn\u00E9es de classe partag\u00E9es obligatoire ou \u00E9chec de l''op\u00E9ration\n    -XshowSettings    affichage de tous les param\u00E8tres et poursuite de l''op\u00E9ration\n    -XshowSettings:all\n                      affichage de tous les param\u00E8tres et poursuite de l''op\u00E9ration\n    -XshowSettings:locale\n                      affichage de tous les param\u00E8tres d''environnement local et poursuite de l''op\u00E9ration\n    -XshowSettings:properties\n                       affichage de tous les param\u00E8tres de propri\u00E9t\u00E9 et poursuite de l''op\u00E9ration\n    -XshowSettings:vm affichage de tous les param\u00E8tres de machine virtuelle et poursuite de l''op\u00E9ration\n    -Xss        d\u00E9finition de la taille de pile de threads Java\n    -Xverify          d\u00E9finit le mode du v\u00E9rificateur de code ex\u00E9cutable\n    --add-reads =(,)*\n                      met \u00E0 jour  pour lire , sans tenir compte\n                      de la d\u00E9claration de module. \n                       peut \u00EAtre ALL-UNNAMED pour lire tous les modules\n                      sans nom.\n    --add-exports /=(,)*\n                      met \u00E0 jour  pour exporter  vers ,\n                      sans tenir compte de la d\u00E9claration de module.\n                       peut \u00EAtre ALL-UNNAMED pour effectuer un export vers tous\n                      les modules sans nom.\n    --add-opens /=(,)*\n                      met \u00E0 jour  pour ouvrir  vers\n                      , sans tenir compte de la d\u00E9claration de module\n    --illegal-access=\n                      autorise ou refuse l''acc\u00E8s \u00E0 \
+des membres de types dans des modules nomm\u00E9s\n                      par code dans des modules sans nom.\n                       est l''une des valeurs suivantes : "deny", "permit", "warn" ou "debug"\n                      Cette option sera enlev\u00E9e dans une version ult\u00E9rieure.\n    --limit-modules [,...]\n                      limite l''univers des modules observables\n    --patch-module =({0})*\n                      remplace ou augmente un module avec des classes et des ressources\n                      dans des fichiers ou r\u00E9pertoires JAR.\n    --disable-@files  d\u00E9sactive d''autres d\u00E9veloppements de fichier d''argument\n\nCes options suppl\u00E9mentaires peuvent \u00EAtre modifi\u00E9es sans pr\u00E9avis.\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\nLes options suivantes sont propres \u00E0 Mac OS X :\n    -XstartOnFirstThread\n                      ex\u00E9cute la m\u00E9thode main() sur le premier thread (AppKit)\n    -Xdock:name=\n                      remplace le nom d'application par d\u00E9faut affich\u00E9 dans l'ancrage\n    -Xdock:icon=\n                      remplace l'ic\u00F4ne par d\u00E9faut affich\u00E9e dans l'ancrage\n\n
@@ -46,6 +47,7 @@ java.launcher.cls.error3=Erreur : la m\u00E9thode principale doit renvoyer une v
 java.launcher.cls.error4=Erreur : la m\u00E9thode principale est introuvable dans la classe {0}, d\u00E9finissez la m\u00E9thode principale comme suit :\n   public static void main(String[] args)\nou une classe d''applications JavaFX doit \u00E9tendre {1}
 java.launcher.cls.error5=Erreur : des composants d'ex\u00E9cution JavaFX obligatoires pour ex\u00E9cuter cette application sont manquants.
 java.launcher.cls.error6=Erreur : LinkageError lors du chargement de la classe principale {0}\n\t{1}
+java.launcher.cls.error7=Erreur : impossible d''initialiser la classe principale {0}\nCaus\u00E9 par : {1}: {2}
 java.launcher.jar.error1=Erreur : une erreur inattendue est survenue lors de la tentative d''ouverture du fichier {0}
 java.launcher.jar.error2=fichier manifeste introuvable dans {0}
 java.launcher.jar.error3=aucun attribut manifest principal dans {0}
@@ -54,5 +56,6 @@ java.launcher.init.error=erreur d'initialisation
 java.launcher.javafx.error1=Erreur : la signature de la m\u00E9thode launchApplication JavaFX est incorrecte, la\nm\u00E9thode doit \u00EAtre d\u00E9clar\u00E9e statique et renvoyer une valeur de type void
 java.launcher.module.error1=le module {0} n''a pas d''attribut MainClass, utilisez -m /
 java.launcher.module.error2=Erreur : impossible de trouver ou charger la classe principale {0} dans le module {1}
-java.launcher.module.error3=Erreur : impossible de charger la classe principale {0} \u00E0 partir du module {1}\n\t{2}
+java.launcher.module.error3=Erreur : impossible de charger la classe principale {0} dans le module {1}\n\t{2}
 java.launcher.module.error4={0} introuvable
+java.launcher.module.error5=Erreur : impossible d''initialiser la classe principale {0} dans le module {1}\nCaus\u00E9 par : {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_it.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_it.properties
index 9c590b3c53..7dfff408af 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_it.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_it.properties
@@ -31,12 +31,12 @@ java.launcher.opt.vmselect   =\    {0}\t  per selezionare la VM "{1}"\n
 java.launcher.opt.hotspot    =\    {0}\t  \u00E8 un sinonimo per la VM "{1}" [non valido]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp \n    -classpath \n    -class-path \n                  Una lista separata da {0} di directory, archivi JAR\n                  e archivi ZIP in cui cercare i file di classe.\n    -p \n    --module-path ...\n                  Una lista separata da {0} di directory. Ogni directory\n                  \u00E8 una directory di moduli.\n    --upgrade-module-path ...\n                  Una lista separata da {0} di directory. Ogni directory\n                  \u00E8 una directory di moduli che sostituiscono i moduli\n                  aggiornabili nell'immagine in fase di esecuzione\n    --add-modules [,...]\n                  I moduli radice da risolvere in aggiunta al modulo iniziale.\n                   pu\u00F2 essere anche ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  Elenca i moduli osservabili ed esce\n    --d \n    --describe-module \n                  Descrive un modulo ed esce\n    --dry-run      Crea la VM e carica la classe principale ma non esegue il metodo principale.\n                  L'opzione --dry-run pu\u00F2 essere utile per la convalida delle\n                  opzioni della riga di comando, ad esempio quelle utilizzate per la configurazione del sistema di moduli.\n    --validate-modules\n                  Convalida tutti i moduli ed esce\n                  L'opzione --validate-modules pu\u00F2 essere utile per rilevare\n                  conflitti e altri errori con i moduli nel percorso dei moduli.\n    -D=\n                  Imposta una propriet\u00E0 di sistema\n    -verbose:[class|module|gc|jni]\n                  abilitare output descrittivo\n    -version      Visualizza la versione del prodotto nel flusso di errori ed esce\n    -version      Visualizza la versione del prodotto nel flusso di output ed esce\n    -showversion      Visualizza la versione del prodotto nel flusso di errori e continua\n    --show-version\n                  Visualizza la versione del prodotto nel flusso di output e continua\n    --show-module-resolution\n                  Mostra l'output della risoluzione del modulo durante l'avvio\n    -? -h -help\n                  Visualizza questo messaggio della Guida nel flusso di errori\n    --help        Visualizza questo messaggio della Guida nel flusso di output\n    -X            Visualizza la Guida relativa alle opzioni non standard nel flusso di errori\n    --help-extra  Visualizza la Guida relativa alle opzioni non standard nel flusso di output\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  Abilita le asserzioni con la granularit\u00E0 specificata\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  Disabilita le asserzioni con la granularit\u00E0 specificata\n    -esa | -enablesystemassertions\n                  Abilita le asserzioni di sistema\n    -dsa | -disablesystemassertions\n                  Disabilita le asserzioni di sistema\n    -agentlib:[=]\n                  Carica la libreria agenti nativa , ad esempio -agentlib:jdwp\n                  Vedere anche -agentlib:jdwp=help\n    -agentpath:[=]\n                  Carica la libreria agenti nativa con il percorso completo\n    -javaagent:[=]\n                  Carica l'agente del linguaggio di programmazione Java, vedere java.lang.instrument\n    -splash:\n                  Mostra la schermata iniziale con l'immagine specificata\n                  Le immagini ridimensionate HiDPI sono supportate e utilizzate \
+java.launcher.opt.footer = \    -cp \n    -classpath \n    -class-path \n                  Una lista separata da {0} di directory, archivi JAR\n                  e archivi ZIP in cui cercare i file di classe.\n    -p \n    --module-path ...\n                  Una lista separata da {0} di directory. Ogni directory\n                  \u00E8 una directory di moduli.\n    --upgrade-module-path ...\n                  Una lista separata da {0} di directory. Ogni directory\n                  \u00E8 una directory di moduli che sostituiscono i moduli\n                  aggiornabili nell'immagine in fase di esecuzione\n    --add-modules [,...]\n                  I moduli radice da risolvere in aggiunta al modulo iniziale.\n                   pu\u00F2 essere anche ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  Elenca i moduli osservabili ed esce\n    -d \n    --describe-module \n                  Descrive un modulo ed esce\n    --dry-run      Crea la VM e carica la classe principale ma non esegue il metodo principale.\n                  L'opzione --dry-run pu\u00F2 essere utile per la convalida delle\n                  opzioni della riga di comando, ad esempio quelle utilizzate per la configurazione del sistema di moduli.\n    --validate-modules\n                  Convalida tutti i moduli ed esce\n                  L'opzione --validate-modules pu\u00F2 essere utile per rilevare\n                  conflitti e altri errori con i moduli nel percorso dei moduli.\n    -D=\n                  Imposta una propriet\u00E0 di sistema\n    -verbose:[class|module|gc|jni]\n                  abilitare output descrittivo\n    -version      Visualizza la versione del prodotto nel flusso di errori ed esce\n    -version      Visualizza la versione del prodotto nel flusso di output ed esce\n    -showversion      Visualizza la versione del prodotto nel flusso di errori e continua\n    --show-version\n                  Visualizza la versione del prodotto nel flusso di output e continua\n    --show-module-resolution\n                  Mostra l'output della risoluzione del modulo durante l'avvio\n    -? -h -help\n                  Visualizza questo messaggio della Guida nel flusso di errori\n    --help        Visualizza questo messaggio della Guida nel flusso di output\n    -X            Visualizza la Guida relativa alle opzioni non standard nel flusso di errori\n    --help-extra  Visualizza la Guida relativa alle opzioni non standard nel flusso di output\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  Abilita le asserzioni con la granularit\u00E0 specificata\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  Disabilita le asserzioni con la granularit\u00E0 specificata\n    -esa | -enablesystemassertions\n                  Abilita le asserzioni di sistema\n    -dsa | -disablesystemassertions\n                  Disabilita le asserzioni di sistema\n    -agentlib:[=]\n                  Carica la libreria agenti nativa , ad esempio -agentlib:jdwp\n                  Vedere anche -agentlib:jdwp=help\n    -agentpath:[=]\n                  Carica la libreria agenti nativa con il percorso completo\n    -javaagent:[=]\n                  Carica l'agente del linguaggio di programmazione Java, vedere java.lang.instrument\n    -splash:\n                  Mostra la schermata iniziale con l'immagine specificata\n                  Le immagini ridimensionate HiDPI sono supportate e utilizzate \
 automaticamente\n                  se disponibili. I nomi file delle immagini non ridimensionate, ad esempio image.ext,\n                  devono essere sempre passati come argomenti all'opzione -splash.\n                  Verr\u00E0 scelta automaticamente l'immagine ridimensionata pi\u00F9 appropriata\n                  fornita.\n                  Per ulteriori informazioni, vedere la documentazione relativa all'API SplashScreen\n    @file argomenti\n                  Uno o pi\u00F9 file argomenti contenenti opzioni\n    -disable-@files\n                  Impedisce l'ulteriore espansione di file argomenti\nPer specificare un argomento per un'opzione lunga, \u00E8 possibile usare --= oppure\n-- .\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           Disabilita la compilazione in background.\n    -Xbootclasspath/a:\n                      Aggiunge alla fine del classpath di bootstrap.\n   -Xcheck:jni       Esegue controlli aggiuntivi per le funzioni JNI.\n    -Xcomp            Forza la compilazione dei metodi al primo richiamo.\n    -Xdebug           Fornito per la compatibilit\u00E0 con le versioni precedenti.\n    -Xdiag            Mostra ulteriori messaggi diagnostici.\n    -Xfuture          Abilita i controlli pi\u00F9 limitativi anticipando le impostazioni predefinite future.\n    -Xint             Esecuzione solo in modalit\u00E0 convertita.\n    -Xinternalversion\n                      Visualizza informazioni pi\u00F9 dettagliate sulla versione JVM rispetto\n                      all''opzione -version.\n    -Xloggc:    Registra lo stato GC in un file con indicatori orari.\n    -Xmixed           Esecuzione in modalit\u00E0 mista (impostazione predefinita).\n    -Xmn        Imposta le dimensioni iniziale e massima (in byte) dell''heap\n                      per la young generation (nursery).\n    -Xms        Imposta la dimensione heap Java iniziale.\n    -Xmx        Imposta la dimensione heap Java massima.\n    -Xnoclassgc       Disabilta la garbage collection della classe.\n    -Xprof            Visualizza i dati di profilo della CPU (non pi\u00F9 valida).\n    -Xrs              Riduce l''uso di segnali del sistema operativo da Java/VM (vedere la documentazione).\n    -Xshare:auto      Utilizza i dati di classe condivisi se possibile (impostazione predefinita).\n     -Xshare:off       Non tenta di utilizzare i dati di classe condivisi.\n    -Xshare:on        Richiede l''uso dei dati di classe condivisi, altrimenti l''esecuzione non riesce.\n    -XshowSettings    Mostra tutte le impostazioni e continua.\n    -XshowSettings:all\n                      Mostra tutte le impostazioni e continua.\n    -XshowSettings:locale\n                      Mostra tutte le impostazioni correlate alle impostazioni nazionali e continua.\n    -XshowSettings:properties\n                      Mostra tutte le impostazioni delle propriet\u00E0 e continua.\n    -XshowSettings:vm Mostra tutte le impostazioni correlate alla VM e continua.\n    -Xss        Imposta la dimensione dello stack di thread Java.\n     -Xverify          Imposta la modalit\u00E0 del verificatore bytecode.\n    --add-reads:=(,)*\n                      Aggiorna  per leggere , indipendentemente\n                      dalla dichiarazione del modulo.\n                       pu\u00F2 essere ALL-UNNAMED per leggere tutti i\n                      moduli senza nome.\n   -add-exports:/=(,)*\n                      Aggiorna  per esportare  in ,\n                      indipendentemente dalla dichiarazione del modulo.\n                       pu\u00F2 essere ALL-UNNAMED per esportare tutti i\n                      moduli senza nome.\n    --add-opens /=(,)*\n                      Aggiorna  per aprire  in\n                      , indipendentemente dalla dichiarazione del modulo.\n    --limit-modules [,...]\n                      Limita l''universo di moduli osservabili\n    -patch-module =({0})*\n                      Sostituisce o migliora un modulo con \
-classi e risorse\n                      in file JAR o directory.\n    --disable-@files  Disabilita l''ulteriore espansione di file argomenti.\n\nQueste opzioni non standard sono soggette a modifiche senza preavviso.\n
+java.launcher.X.usage=\n    -Xbatch           Disabilita la compilazione in background.\n    -Xbootclasspath/a:\n                      Aggiunge alla fine del classpath di bootstrap.\n    -Xcheck:jni       Esegue controlli aggiuntivi per le funzioni JNI.\n    -Xcomp            Forza la compilazione dei metodi al primo richiamo.\n    -Xdebug           Fornita per la compatibilit\u00E0 con le versioni precedenti.\n    -Xdiag            Mostra ulteriori messaggi diagnostici.\n    -Xfuture          Abilita i controlli pi\u00F9 limitativi anticipando le impostazioni predefinite future.\n    -Xint             Esecuzione solo in modalit\u00E0 convertita.\n    -Xinternalversion\n                      Visualizza informazioni pi\u00F9 dettagliate sulla versione JVM rispetto\n                      all''opzione -version.\n    -Xloggc:    Registra lo stato GC in un file con indicatori orari.\n    -Xmixed           Esecuzione in modalit\u00E0 mista (impostazione predefinita).\n    -Xmn        Imposta le dimensioni iniziale e massima (in byte) dell''heap\n                      per la young generation (nursery).\n    -Xms        Imposta la dimensione heap Java iniziale.\n    -Xmx        Imposta la dimensione heap Java massima.\n    -Xnoclassgc       Disabilita la garbage collection della classe.\n    -Xprof            Visualizza i dati di profiling della CPU (non pi\u00F9 valida).\n    -Xrs              Riduce l''uso di segnali del sistema operativo da Java/VM (vedere la documentazione).\n    -Xshare:auto      Utilizza i dati di classe condivisi se possibile (impostazione predefinita).\n    -Xshare:off       Non tenta di utilizzare i dati di classe condivisi.\n    -Xshare:on        Richiede l''uso dei dati di classe condivisi, altrimenti l''esecuzione non riesce.\n    -XshowSettings    Mostra tutte le impostazioni e continua.\n    -XshowSettings:all\n                      Mostra tutte le impostazioni e continua.\n    -XshowSettings:locale\n                      Mostra tutte le impostazioni correlate alle impostazioni nazionali e continua.\n    -XshowSettings:properties\n                      Mostra tutte le impostazioni delle propriet\u00E0 e continua.\n    -XshowSettings:vm Mostra tutte le impostazioni correlate alla VM e continua.\n    -Xss        Imposta la dimensione dello stack di thread Java.\n    -Xverify          Imposta la modalit\u00E0 del verificatore bytecode.\n    --add-reads =(,)*\n                      Aggiorna  per leggere , indipendentemente\n                      dalla dichiarazione del modulo.\n                       pu\u00F2 essere ALL-UNNAMED per leggere tutti i\n                      moduli senza nome.\n    --add-exports /=(,)*\n                      Aggiorna  per esportare  in ,\n                      indipendentemente dalla dichiarazione del modulo.\n                       pu\u00F2 essere ALL-UNNAMED per esportare tutti i\n                      moduli senza nome.\n    --add-opens /=(,)*\n                      Aggiorna  per aprire  in\n                      , indipendentemente dalla dichiarazione del modulo.\n    --illegal-access=\n                      Consente o nega l''accesso ai membri dei tipi nei moduli denominati\n                      mediante codice nei moduli senza nome.\n                       pu\u00F2 essere "deny", "permit", "warn" o "debug".\n                      Questa opzione verr\u00E0 rimossa in una release futura.\n    --limit-modules [,...]\n                      Limita l''universe dei moduli osservabili.\n    --patch-module =({0})*\n                      Sostituisce o migliora un modulo con classi e \
+risorse\n                      in file JAR o directory.\n    --disable-@files  Disabilita l''ulteriore espansione di file argomenti.\n\nQueste opzioni extra sono soggette a modifiche senza preavviso.\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\nLe opzioni riportate di seguito sono specifiche del sistema operativo Mac OS X:\n    -XstartOnFirstThread\n                      Esegue il metodo main() sul primo thread (AppKit).\n    -Xdock:name=\n                      Sostituisce il nome applicazione predefinito visualizzato nel dock\n    -Xdock:icon=\n                      Sostituisce l'icona predefinita visualizzata nel dock\n\n
@@ -47,6 +47,7 @@ java.launcher.cls.error3=Errore: il metodo principale deve restituire un valore
 java.launcher.cls.error4=Errore: il metodo principale non \u00E8 stato trovato nella classe {0}. Definire il metodo principale come:\n   public static void main(String[] args)\naltrimenti una classe applicazione JavaFX deve estendere {1}
 java.launcher.cls.error5=Errore: non sono presenti i componenti runtime di JavaFX necessari per eseguire questa applicazione
 java.launcher.cls.error6=Errore: LinkageError durante il caricamento della classe principale {0}\n\t{1}
+java.launcher.cls.error7=Errore: impossibile inizializzare la classe principale {0}\nCausato da: {1}: {2}
 java.launcher.jar.error1=Errore: si \u00E8 verificato un errore imprevisto durante il tentativo di aprire il file {0}
 java.launcher.jar.error2=manifest non trovato in {0}
 java.launcher.jar.error3=nessun attributo manifest principale in {0}
@@ -55,5 +56,6 @@ java.launcher.init.error=errore di inizializzazione
 java.launcher.javafx.error1=Errore: il metodo JavaFX launchApplication dispone di una firma errata, \nla firma deve essere dichiarata static e restituire un valore di tipo void
 java.launcher.module.error1=il modulo {0} non dispone di un attributo MainClass. Utilizzare -m /
 java.launcher.module.error2=Errore: impossibile trovare o caricare la classe principale {0} nel modulo {1}
-java.launcher.module.error3=Errore: impossibile caricare la classe principale {0} dal modulo {1}\n\t{2}
+java.launcher.module.error3=Errore: impossibile caricare la classe principale {0} nel modulo {1}\n\t{2}
 java.launcher.module.error4={0} non trovato
+java.launcher.module.error5=Errore: impossibile inizializzare la classe principale {0} nel modulo {1}\nCausato da: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_ja.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_ja.properties
index b8ef45ac9c..6271624094 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_ja.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_ja.properties
@@ -31,13 +31,13 @@ java.launcher.opt.vmselect   =\    {0}\t  "{1}" VM\u3092\u9078\u629E\u3059\u308B
 java.launcher.opt.hotspot    =\    {0}\t  \u306F"{1}" VM\u306E\u30B7\u30CE\u30CB\u30E0\u3067\u3059  [\u975E\u63A8\u5968]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp <\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304A\u3088\u3073zip/jar\u30D5\u30A1\u30A4\u30EB\u306E\u30AF\u30E9\u30B9\u691C\u7D22\u30D1\u30B9>\n    -classpath <\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304A\u3088\u3073zip/jar\u30D5\u30A1\u30A4\u30EB\u306E\u30AF\u30E9\u30B9\u691C\u7D22\u30D1\u30B9>\n    --class-path <\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304A\u3088\u3073zip/jar\u30D5\u30A1\u30A4\u30EB\u306E\u30AF\u30E9\u30B9\u691C\u7D22\u30D1\u30B9>\n                  {0}\u533A\u5207\u308A\u30EA\u30B9\u30C8(\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3001JAR\u30A2\u30FC\u30AB\u30A4\u30D6\u3001\n                  ZIP\u30A2\u30FC\u30AB\u30A4\u30D6)\u3067\u3001\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u306E\u691C\u7D22\u7528\u3002\n    -p \n    --module-path ...\n                  \u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E{0}\u533A\u5207\u308A\u30EA\u30B9\u30C8\u3001\u5404\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\n                  \u306F\u30E2\u30B8\u30E5\u30FC\u30EB\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3067\u3059\u3002\n    --upgrade-module-path ...\n                  \u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E{0}\u533A\u5207\u308A\u30EA\u30B9\u30C8\u3001\u5404\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\n                  \u306F\u3001\u30E9\u30F3\u30BF\u30A4\u30E0\u30FB\u30A4\u30E1\u30FC\u30B8\u5185\u306E\u30A2\u30C3\u30D7\u30B0\u30EC\u30FC\u30C9\u53EF\u80FD\u306A\n                  \u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u7F6E\u63DB\u3059\u308B\u30E2\u30B8\u30E5\u30FC\u30EB\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3067\u3059\n    --add-modules [,...]\n                  \u521D\u671F\u30E2\u30B8\u30E5\u30FC\u30EB\u306B\u52A0\u3048\u3066\u89E3\u6C7A\u3059\u308B\u30EB\u30FC\u30C8\u30FB\u30E2\u30B8\u30E5\u30FC\u30EB\u3002\n                  \u306B\u306F\u6B21\u3082\u6307\u5B9A\u3067\u304D\u307E\u3059: ALL-DEFAULT\u3001ALL-SYSTEM\u3001\n                  ALL-MODULE-PATH.\n    --list-modules\n                  \u53C2\u7167\u53EF\u80FD\u306A\u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u30EA\u30B9\u30C8\u3057\u7D42\u4E86\u3057\u307E\u3059\n    --d \n    --describe-module \n                  \u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u8AAC\u660E\u3057\u7D42\u4E86\u3057\u307E\u3059\n    --dry-run     VM\u3092\u4F5C\u6210\u3057\u30E1\u30A4\u30F3\u30FB\u30AF\u30E9\u30B9\u3092\u30ED\u30FC\u30C9\u3057\u307E\u3059\u304C\u3001\u30E1\u30A4\u30F3\u30FB\u30E1\u30BD\u30C3\u30C9\u306F\u5B9F\u884C\u3057\u307E\u305B\u3093\u3002\n                  --dry-run\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u3001\u6B21\u306E\u691C\u8A3C\u306B\u5F79\u7ACB\u3064\u5834\u5408\u304C\u3042\u308A\u307E\u3059:\n                  \u30E2\u30B8\u30E5\u30FC\u30EB\u30FB\u30B7\u30B9\u30C6\u30E0\u69CB\u6210\u306A\u3069\u306E\u30B3\u30DE\u30F3\u30C9\u884C\u30AA\u30D7\u30B7\u30E7\u30F3\u3002\n    --validate-modules\n                  \u3059\u3079\u3066\u306E\u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u691C\u8A3C\u3057\u7D42\u4E86\u3057\u307E\u3059\n                  --validate-modules\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u3001\u6B21\u306E\u691C\u7D22\u306B\u5F79\u7ACB\u3064\u5834\u5408\u304C\u3042\u308A\u307E\u3059:\n                  \u30E2\u30B8\u30E5\u30FC\u30EB\u30FB\u30D1\u30B9\u4E0A\u306E\u30E2\u30B8\u30E5\u30FC\u30EB\u3067\u306E\u7AF6\u5408\u304A\u3088\u3073\u305D\u306E\u4ED6\u306E\u30A8\u30E9\u30FC\u3002\n    -D=\n                  \u30B7\u30B9\u30C6\u30E0\u30FB\u30D7\u30ED\u30D1\u30C6\u30A3\u3092\u8A2D\u5B9A\u3057\u307E\u3059\n    -verbose:[class|module|gc|jni]\n                  \u8A73\u7D30\u51FA\u529B\u3092\u6709\u52B9\u306B\u3057\u307E\u3059\n    -version      \u88FD\u54C1\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u30A8\u30E9\u30FC\u30FB\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u3066\u7D42\u4E86\u3057\u307E\u3059\n    --version     \
+java.launcher.opt.footer = \    -cp <\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304A\u3088\u3073zip/jar\u30D5\u30A1\u30A4\u30EB\u306E\u30AF\u30E9\u30B9\u691C\u7D22\u30D1\u30B9>\n    -classpath <\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304A\u3088\u3073zip/jar\u30D5\u30A1\u30A4\u30EB\u306E\u30AF\u30E9\u30B9\u691C\u7D22\u30D1\u30B9>\n    --class-path <\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304A\u3088\u3073zip/jar\u30D5\u30A1\u30A4\u30EB\u306E\u30AF\u30E9\u30B9\u691C\u7D22\u30D1\u30B9>\n                  {0}\u533A\u5207\u308A\u30EA\u30B9\u30C8(\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3001JAR\u30A2\u30FC\u30AB\u30A4\u30D6\u3001\n                  ZIP\u30A2\u30FC\u30AB\u30A4\u30D6)\u3067\u3001\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u306E\u691C\u7D22\u7528\u3002\n    -p \n    --module-path ...\n                  \u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E{0}\u533A\u5207\u308A\u30EA\u30B9\u30C8\u3001\u5404\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\n                  \u306F\u30E2\u30B8\u30E5\u30FC\u30EB\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3067\u3059\u3002\n    --upgrade-module-path ...\n                  \u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E{0}\u533A\u5207\u308A\u30EA\u30B9\u30C8\u3001\u5404\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\n                  \u306F\u3001\u30E9\u30F3\u30BF\u30A4\u30E0\u30FB\u30A4\u30E1\u30FC\u30B8\u5185\u306E\u30A2\u30C3\u30D7\u30B0\u30EC\u30FC\u30C9\u53EF\u80FD\u306A\n                  \u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u7F6E\u63DB\u3059\u308B\u30E2\u30B8\u30E5\u30FC\u30EB\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u3067\u3059\n    --add-modules [,...]\n                  \u521D\u671F\u30E2\u30B8\u30E5\u30FC\u30EB\u306B\u52A0\u3048\u3066\u89E3\u6C7A\u3059\u308B\u30EB\u30FC\u30C8\u30FB\u30E2\u30B8\u30E5\u30FC\u30EB\u3002\n                  \u306B\u306F\u6B21\u3082\u6307\u5B9A\u3067\u304D\u307E\u3059: ALL-DEFAULT\u3001ALL-SYSTEM\u3001\n                  ALL-MODULE-PATH.\n    --list-modules\n                  \u53C2\u7167\u53EF\u80FD\u306A\u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u30EA\u30B9\u30C8\u3057\u7D42\u4E86\u3057\u307E\u3059\n    -d \n    --describe-module \n                  \u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u8AAC\u660E\u3057\u7D42\u4E86\u3057\u307E\u3059\n    --dry-run     VM\u3092\u4F5C\u6210\u3057\u30E1\u30A4\u30F3\u30FB\u30AF\u30E9\u30B9\u3092\u30ED\u30FC\u30C9\u3057\u307E\u3059\u304C\u3001\u30E1\u30A4\u30F3\u30FB\u30E1\u30BD\u30C3\u30C9\u306F\u5B9F\u884C\u3057\u307E\u305B\u3093\u3002\n                  --dry-run\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u3001\u6B21\u306E\u691C\u8A3C\u306B\u5F79\u7ACB\u3064\u5834\u5408\u304C\u3042\u308A\u307E\u3059:\n                  \u30E2\u30B8\u30E5\u30FC\u30EB\u30FB\u30B7\u30B9\u30C6\u30E0\u69CB\u6210\u306A\u3069\u306E\u30B3\u30DE\u30F3\u30C9\u884C\u30AA\u30D7\u30B7\u30E7\u30F3\u3002\n    --validate-modules\n                  \u3059\u3079\u3066\u306E\u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u691C\u8A3C\u3057\u7D42\u4E86\u3057\u307E\u3059\n                  --validate-modules\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u3001\u6B21\u306E\u691C\u7D22\u306B\u5F79\u7ACB\u3064\u5834\u5408\u304C\u3042\u308A\u307E\u3059:\n                  \u30E2\u30B8\u30E5\u30FC\u30EB\u30FB\u30D1\u30B9\u4E0A\u306E\u30E2\u30B8\u30E5\u30FC\u30EB\u3067\u306E\u7AF6\u5408\u304A\u3088\u3073\u305D\u306E\u4ED6\u306E\u30A8\u30E9\u30FC\u3002\n    -D=\n                  \u30B7\u30B9\u30C6\u30E0\u30FB\u30D7\u30ED\u30D1\u30C6\u30A3\u3092\u8A2D\u5B9A\u3057\u307E\u3059\n    -verbose:[class|module|gc|jni]\n                  \u8A73\u7D30\u51FA\u529B\u3092\u6709\u52B9\u306B\u3057\u307E\u3059\n    -version      \u88FD\u54C1\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u30A8\u30E9\u30FC\u30FB\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u3066\u7D42\u4E86\u3057\u307E\u3059\n    --version     \
 \u88FD\u54C1\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u51FA\u529B\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u3066\u7D42\u4E86\u3057\u307E\u3059\n    -showversion  \u88FD\u54C1\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u30A8\u30E9\u30FC\u30FB\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u3066\u7D9A\u884C\u3057\u307E\u3059\n    --show-version\n                  \u88FD\u54C1\u30D0\u30FC\u30B8\u30E7\u30F3\u3092\u51FA\u529B\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u3066\u7D9A\u884C\u3057\u307E\u3059\n    --show-module-resolution\n                  \u8D77\u52D5\u6642\u306B\u30E2\u30B8\u30E5\u30FC\u30EB\u89E3\u6C7A\u51FA\u529B\u3092\u8868\u793A\u3057\u307E\u3059\n    -? -h -help\n                  \u3053\u306E\u30D8\u30EB\u30D7\u30FB\u30E1\u30C3\u30BB\u30FC\u30B8\u3092\u30A8\u30E9\u30FC\u30FB\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u307E\u3059\n    --help        \u3053\u306E\u30D8\u30EB\u30D7\u30FB\u30E1\u30C3\u30BB\u30FC\u30B8\u3092\u51FA\u529B\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u307E\u3059\n    -X            \u8FFD\u52A0\u30AA\u30D7\u30B7\u30E7\u30F3\u306E\u30D8\u30EB\u30D7\u3092\u30A8\u30E9\u30FC\u30FB\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u307E\u3059\n    --help-extra  \u8FFD\u52A0\u30AA\u30D7\u30B7\u30E7\u30F3\u306E\u30D8\u30EB\u30D7\u3092\u51FA\u529B\u30B9\u30C8\u30EA\u30FC\u30E0\u306B\u51FA\u529B\u3057\u307E\u3059\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  \u6307\u5B9A\u3057\u305F\u7C92\u5EA6\u3067\u30A2\u30B5\u30FC\u30B7\u30E7\u30F3\u3092\u6709\u52B9\u306B\u3057\u307E\u3059\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  \u6307\u5B9A\u3057\u305F\u7C92\u5EA6\u3067\u30A2\u30B5\u30FC\u30B7\u30E7\u30F3\u3092\u7121\u52B9\u306B\u3057\u307E\u3059\n    -esa | -enablesystemassertions\n                  \u30B7\u30B9\u30C6\u30E0\u30FB\u30A2\u30B5\u30FC\u30B7\u30E7\u30F3\u3092\u6709\u52B9\u306B\u3057\u307E\u3059\n    -dsa | -disablesystemassertions\n                  \u30B7\u30B9\u30C6\u30E0\u30FB\u30A2\u30B5\u30FC\u30B7\u30E7\u30F3\u3092\u7121\u52B9\u306B\u3057\u307E\u3059\n    -agentlib:[=]\n                  \u30CD\u30A4\u30C6\u30A3\u30D6\u30FB\u30A8\u30FC\u30B8\u30A7\u30F3\u30C8\u30FB\u30E9\u30A4\u30D6\u30E9\u30EA\u3092\u30ED\u30FC\u30C9\u3057\u307E\u3059\u3002\u4F8B: -agentlib:jdwp\n                  -agentlib:jdwp=help\u3082\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\n    -agentpath:[=]\n                  \u30D5\u30EB\u30D1\u30B9\u540D\u3092\u4F7F\u7528\u3057\u3066\u3001\u30CD\u30A4\u30C6\u30A3\u30D6\u30FB\u30A8\u30FC\u30B8\u30A7\u30F3\u30C8\u30FB\u30E9\u30A4\u30D6\u30E9\u30EA\u3092\u30ED\u30FC\u30C9\u3057\u307E\u3059\n    -javaagent:[=]\n                  Java\u30D7\u30ED\u30B0\u30E9\u30DF\u30F3\u30B0\u8A00\u8A9E\u30A8\u30FC\u30B8\u30A7\u30F3\u30C8\u3092\u30ED\u30FC\u30C9\u3057\u307E\u3059\u3002java.lang.instrument\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\n    -splash:\n                  \u6307\u5B9A\u3055\u308C\u305F\u30A4\u30E1\u30FC\u30B8\u3092\u542B\u3080\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5\u753B\u9762\u3092\u8868\u793A\u3057\u307E\u3059\n                  HiDPI\u30B9\u30B1\u30FC\u30EB\u306E\u30A4\u30E1\u30FC\u30B8\u304C\u81EA\u52D5\u7684\u306B\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u3066\u4F7F\u7528\u3055\u308C\u307E\u3059\n                  (\u53EF\u80FD\u306A\u5834\u5408)\u3002\u30B9\u30B1\u30FC\u30EA\u30F3\u30B0\u3055\u308C\u306A\u3044\u30A4\u30E1\u30FC\u30B8\u306E\u30D5\u30A1\u30A4\u30EB\u540D(image.ext\u306A\u3069)\u3092\n                  \u5F15\u6570\u3068\u3057\u3066-splash\u30AA\u30D7\u30B7\u30E7\u30F3\u306B\u5FC5\u305A\u6E21\u3059\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002\n                  \
 \u6307\u5B9A\u3055\u308C\u305F\u6700\u3082\u9069\u5207\u306A\u30B9\u30B1\u30FC\u30EA\u30F3\u30B0\u6E08\u30A4\u30E1\u30FC\u30B8\u304C\u9078\u629E\u3055\u308C\u307E\u3059\n                  (\u81EA\u52D5\u7684)\u3002\n                  \u8A73\u7D30\u306F\u3001SplashScreen API\u306E\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044\n    @argument\u30D5\u30A1\u30A4\u30EB\n                  \u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u542B\u30801\u3064\u4EE5\u4E0A\u306E\u5F15\u6570\u30D5\u30A1\u30A4\u30EB\n    -disable-@files\n                  \u3055\u3089\u306A\u308B\u5F15\u6570\u30D5\u30A1\u30A4\u30EB\u62E1\u5F35\u3092\u7121\u52B9\u306B\u3057\u307E\u3059\n\u9577\u3044\u30AA\u30D7\u30B7\u30E7\u30F3\u306E\u5F15\u6570\u3092\u6307\u5B9A\u3059\u308B\u5834\u5408\u3001--=\u307E\u305F\u306F\n-- \u3092\u4F7F\u7528\u3067\u304D\u307E\u3059\u3002\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           \u30D0\u30C3\u30AF\u30B0\u30E9\u30A6\u30F3\u30C9\u306E\u30B3\u30F3\u30D1\u30A4\u30EB\u3092\u7121\u52B9\u306B\u3059\u308B\n    -Xbootclasspath/a:<{0}\u3067\u533A\u5207\u3089\u308C\u305F\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304A\u3088\u3073zip/jar\u30D5\u30A1\u30A4\u30EB>\n                      \u30D6\u30FC\u30C8\u30B9\u30C8\u30E9\u30C3\u30D7\u30FB\u30AF\u30E9\u30B9\u30FB\u30D1\u30B9\u306E\u6700\u5F8C\u306B\u8FFD\u52A0\u3059\u308B\n    -Xcheck:jni       JNI\u95A2\u6570\u306B\u5BFE\u3059\u308B\u8FFD\u52A0\u306E\u30C1\u30A7\u30C3\u30AF\u3092\u5B9F\u884C\u3059\u308B\n    -Xcomp            \u521D\u56DE\u547C\u51FA\u3057\u6642\u306B\u30E1\u30BD\u30C3\u30C9\u306E\u30B3\u30F3\u30D1\u30A4\u30EB\u3092\u5F37\u5236\u3059\u308B\n    -Xdebug           \u4E0B\u4F4D\u4E92\u63DB\u6027\u306E\u305F\u3081\u306B\u63D0\u4F9B\n    -Xdiag            \u8FFD\u52A0\u306E\u8A3A\u65AD\u30E1\u30C3\u30BB\u30FC\u30B8\u3092\u8868\u793A\u3059\u308B\n    -Xfuture          \u5C06\u6765\u306E\u30C7\u30D5\u30A9\u30EB\u30C8\u3092\u898B\u8D8A\u3057\u3066\u3001\u6700\u3082\u53B3\u5BC6\u306A\u30C1\u30A7\u30C3\u30AF\u3092\u6709\u52B9\u306B\u3059\u308B\n    -Xint             \u30A4\u30F3\u30BF\u30D7\u30EA\u30BF\u30FB\u30E2\u30FC\u30C9\u306E\u5B9F\u884C\u306E\u307F\n    -Xinternalversion\n                      -version\u30AA\u30D7\u30B7\u30E7\u30F3\u3088\u308A\u8A73\u7D30\u306AJVM\u30D0\u30FC\u30B8\u30E7\u30F3\u60C5\u5831\u3092\n                       \u8868\u793A\u3059\u308B\n    -Xloggc:    \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u4ED8\u3044\u305F\u30D5\u30A1\u30A4\u30EB\u306BGC\u30B9\u30C6\u30FC\u30BF\u30B9\u306E\u30ED\u30B0\u3092\u8A18\u9332\u3059\u308B\n    -Xmixed           \u6DF7\u5408\u30E2\u30FC\u30C9\u306E\u5B9F\u884C(\u30C7\u30D5\u30A9\u30EB\u30C8)\n    -Xmn        \u82E5\u3044\u4E16\u4EE3(\u30CA\u30FC\u30B5\u30EA)\u306E\u30D2\u30FC\u30D7\u306E\u521D\u671F\u304A\u3088\u3073\u6700\u5927\u30B5\u30A4\u30BA(\u30D0\u30A4\u30C8\u5358\u4F4D)\n                      \u3092\u8A2D\u5B9A\u3059\u308B\n    -Xms        Java\u306E\u521D\u671F\u30D2\u30FC\u30D7\u30FB\u30B5\u30A4\u30BA\u3092\u8A2D\u5B9A\u3059\u308B\n    -Xmx        Java\u306E\u6700\u5927\u30D2\u30FC\u30D7\u30FB\u30B5\u30A4\u30BA\u3092\u8A2D\u5B9A\u3059\u308B\n    -Xnoclassgc       \u30AF\u30E9\u30B9\u306E\u30AC\u30D9\u30FC\u30B8\u30FB\u30B3\u30EC\u30AF\u30B7\u30E7\u30F3\u3092\u7121\u52B9\u306B\u3059\u308B\n    -Xprof            CPU\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u30FB\u30C7\u30FC\u30BF\u3092\u51FA\u529B\u3059\u308B\n    -Xrs              Java/VM\u306B\u3088\u308BOS\u30B7\u30B0\u30CA\u30EB\u306E\u4F7F\u7528\u3092\u524A\u6E1B\u3059\u308B(\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u53C2\u7167)\n    -Xshare:auto      \u53EF\u80FD\u3067\u3042\u308C\u3070\u5171\u6709\u30AF\u30E9\u30B9\u306E\u30C7\u30FC\u30BF\u3092\u4F7F\u7528\u3059\u308B(\u30C7\u30D5\u30A9\u30EB\u30C8)\n    -Xshare:off       \u5171\u6709\u30AF\u30E9\u30B9\u306E\u30C7\u30FC\u30BF\u3092\u4F7F\u7528\u3057\u3088\u3046\u3068\u3057\u306A\u3044\n    -Xshare:on        \u5171\u6709\u30AF\u30E9\u30B9\u30FB\u30C7\u30FC\u30BF\u306E\u4F7F\u7528\u3092\u5FC5\u9808\u306B\u3057\u3001\u3067\u304D\u306A\u3051\u308C\u3070\u5931\u6557\u3059\u308B\u3002\n    -XshowSettings    \u3059\u3079\u3066\u306E\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -XshowSettings:all\n                      \u3059\u3079\u3066\u306E\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -XshowSettings:locale\n                      \u3059\u3079\u3066\u306E\u30ED\u30B1\u30FC\u30EB\u95A2\u9023\u306E\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -XshowSettings:properties\n                      \u3059\u3079\u3066\u306E\u30D7\u30ED\u30D1\u30C6\u30A3\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -XshowSettings:vm \u3059\u3079\u3066\u306EVM\u95A2\u9023\u306E\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    \
--Xss        Java\u306E\u30B9\u30EC\u30C3\u30C9\u30FB\u30B9\u30BF\u30C3\u30AF\u30FB\u30B5\u30A4\u30BA\u3092\u8A2D\u5B9A\u3059\u308B\n    -Xverify          \u30D0\u30A4\u30C8\u30B3\u30FC\u30C9\u691C\u8A3C\u6A5F\u80FD\u306E\u30E2\u30FC\u30C9\u3092\u8A2D\u5B9A\u3059\u308B\n    --add-reads =(,)*\n                      \u30E2\u30B8\u30E5\u30FC\u30EB\u5BA3\u8A00\u306B\u95A2\u4FC2\u306A\u304F\u3001\u3092\u66F4\u65B0\u3057\u3066\n                      \u3092\u8AAD\u307F\u53D6\u308A\u307E\u3059\u3002 \n                      \u3092ALL-UNNAMED\u306B\u8A2D\u5B9A\u3059\u308B\u3068\u3001\u3059\u3079\u3066\u306E\u540D\u524D\u306E\u306A\u3044\u30E2\u30B8\u30E5\u30FC\u30EB\u3092\n                      \u8AAD\u307F\u53D6\u308C\u307E\u3059\u3002\n    --add-exports /=(,)*\n                      \u30E2\u30B8\u30E5\u30FC\u30EB\u5BA3\u8A00\u306B\u95A2\u4FC2\u306A\u304F\u3001\u3092\u66F4\u65B0\u3057\u3066\u3092\u306B\n                      \u30A8\u30AF\u30B9\u30DD\u30FC\u30C8\u3057\u307E\u3059\u3002\n                      \u3092ALL-UNNAMED\u306B\u8A2D\u5B9A\u3059\u308B\u3068\u3001\u3059\u3079\u3066\u306E\u540D\u524D\u306E\u306A\u3044\u30E2\u30B8\u30E5\u30FC\u30EB\u306B\n                      \u30A8\u30AF\u30B9\u30DD\u30FC\u30C8\u3067\u304D\u307E\u3059\u3002\n    --add-opens /=(,)*\n                      \u30E2\u30B8\u30E5\u30FC\u30EB\u5BA3\u8A00\u306B\u95A2\u4FC2\u306A\u304F\u3001\u3092\u66F4\u65B0\u3057\u3066\n                      \u3092\u306B\u958B\u304D\u307E\u3059\u3002\n    --limit-modules [,...]\n                      \u53C2\u7167\u53EF\u80FD\u306A\u30E2\u30B8\u30E5\u30FC\u30EB\u306E\u9818\u57DF\u3092\u5236\u9650\u3057\u307E\u3059\n    --patch-module =({0})*\n                      JAR\u30D5\u30A1\u30A4\u30EB\u307E\u305F\u306F\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\u30AF\u30E9\u30B9\u304A\u3088\u3073\u30EA\u30BD\u30FC\u30B9\u3067\n                      \u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u30AA\u30FC\u30D0\u30FC\u30E9\u30A4\u30C9\u307E\u305F\u306F\u62E1\u5F35\u3057\u307E\u3059\n    --disable-@files  \u3055\u3089\u306A\u308B\u30D5\u30A1\u30A4\u30EB\u62E1\u5F35\u3092\u7121\u52B9\u306B\u3057\u307E\u3059\n\n\u3053\u308C\u3089\u306E\u8FFD\u52A0\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u4E88\u544A\u306A\u304F\u5909\u66F4\u3055\u308C\u308B\u5834\u5408\u304C\u3042\u308A\u307E\u3059\u3002\n
+java.launcher.X.usage=\n    -Xbatch           \u30D0\u30C3\u30AF\u30B0\u30E9\u30A6\u30F3\u30C9\u306E\u30B3\u30F3\u30D1\u30A4\u30EB\u3092\u7121\u52B9\u306B\u3059\u308B\n    -Xbootclasspath/a:<{0}\u3067\u533A\u5207\u3089\u308C\u305F\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304A\u3088\u3073zip/jar\u30D5\u30A1\u30A4\u30EB>\n                      \u30D6\u30FC\u30C8\u30B9\u30C8\u30E9\u30C3\u30D7\u30FB\u30AF\u30E9\u30B9\u30FB\u30D1\u30B9\u306E\u6700\u5F8C\u306B\u8FFD\u52A0\u3059\u308B\n    -Xcheck:jni       JNI\u95A2\u6570\u306B\u5BFE\u3059\u308B\u8FFD\u52A0\u306E\u30C1\u30A7\u30C3\u30AF\u3092\u5B9F\u884C\u3059\u308B\n    -Xcomp            \u521D\u56DE\u547C\u51FA\u3057\u6642\u306B\u30E1\u30BD\u30C3\u30C9\u306E\u30B3\u30F3\u30D1\u30A4\u30EB\u3092\u5F37\u5236\u3059\u308B\n    -Xdebug           \u4E0B\u4F4D\u4E92\u63DB\u6027\u306E\u305F\u3081\u306B\u63D0\u4F9B\n    -Xdiag            \u8FFD\u52A0\u306E\u8A3A\u65AD\u30E1\u30C3\u30BB\u30FC\u30B8\u3092\u8868\u793A\u3059\u308B\n    -Xfuture          \u5C06\u6765\u306E\u30C7\u30D5\u30A9\u30EB\u30C8\u3092\u898B\u8D8A\u3057\u3066\u3001\u6700\u3082\u53B3\u5BC6\u306A\u30C1\u30A7\u30C3\u30AF\u3092\u6709\u52B9\u306B\u3059\u308B\n    -Xint             \u30A4\u30F3\u30BF\u30D7\u30EA\u30BF\u30FB\u30E2\u30FC\u30C9\u306E\u5B9F\u884C\u306E\u307F\n    -Xinternalversion\n                      -version\u30AA\u30D7\u30B7\u30E7\u30F3\u3088\u308A\u8A73\u7D30\u306AJVM\u30D0\u30FC\u30B8\u30E7\u30F3\u60C5\u5831\u3092\n                      \u8868\u793A\u3059\u308B\n    -Xloggc:    \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u4ED8\u3044\u305F\u30D5\u30A1\u30A4\u30EB\u306BGC\u30B9\u30C6\u30FC\u30BF\u30B9\u306E\u30ED\u30B0\u3092\u8A18\u9332\u3059\u308B\n    -Xmixed           \u6DF7\u5408\u30E2\u30FC\u30C9\u306E\u5B9F\u884C(\u30C7\u30D5\u30A9\u30EB\u30C8)\n    -Xmn        \u82E5\u3044\u4E16\u4EE3(\u30CA\u30FC\u30B5\u30EA)\u306E\u30D2\u30FC\u30D7\u306E\u521D\u671F\u304A\u3088\u3073\u6700\u5927\u30B5\u30A4\u30BA(\u30D0\u30A4\u30C8\u5358\u4F4D)\n                      \u3092\u8A2D\u5B9A\u3059\u308B\n    -Xms        Java\u306E\u521D\u671F\u30D2\u30FC\u30D7\u30FB\u30B5\u30A4\u30BA\u3092\u8A2D\u5B9A\u3059\u308B\n    -Xmx        Java\u306E\u6700\u5927\u30D2\u30FC\u30D7\u30FB\u30B5\u30A4\u30BA\u3092\u8A2D\u5B9A\u3059\u308B\n    -Xnoclassgc       \u30AF\u30E9\u30B9\u306E\u30AC\u30D9\u30FC\u30B8\u30FB\u30B3\u30EC\u30AF\u30B7\u30E7\u30F3\u3092\u7121\u52B9\u306B\u3059\u308B\n    -Xprof            CPU\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u30FB\u30C7\u30FC\u30BF\u3092\u51FA\u529B\u3059\u308B(\u975E\u63A8\u5968)\n    -Xrs              Java/VM\u306B\u3088\u308BOS\u30B7\u30B0\u30CA\u30EB\u306E\u4F7F\u7528\u3092\u524A\u6E1B\u3059\u308B(\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u53C2\u7167)\n    -Xshare:auto      \u53EF\u80FD\u3067\u3042\u308C\u3070\u5171\u6709\u30AF\u30E9\u30B9\u306E\u30C7\u30FC\u30BF\u3092\u4F7F\u7528\u3059\u308B(\u30C7\u30D5\u30A9\u30EB\u30C8)\n    -Xshare:off       \u5171\u6709\u30AF\u30E9\u30B9\u306E\u30C7\u30FC\u30BF\u3092\u4F7F\u7528\u3057\u3088\u3046\u3068\u3057\u306A\u3044\n    -Xshare:on        \u5171\u6709\u30AF\u30E9\u30B9\u30FB\u30C7\u30FC\u30BF\u306E\u4F7F\u7528\u3092\u5FC5\u9808\u306B\u3057\u3001\u3067\u304D\u306A\u3051\u308C\u3070\u5931\u6557\u3059\u308B\u3002\n    -XshowSettings    \u3059\u3079\u3066\u306E\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -XshowSettings:all\n                      \u3059\u3079\u3066\u306E\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -XshowSettings:locale\n                      \u3059\u3079\u3066\u306E\u30ED\u30B1\u30FC\u30EB\u95A2\u9023\u306E\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -XshowSettings:properties\n                      \u3059\u3079\u3066\u306E\u30D7\u30ED\u30D1\u30C6\u30A3\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -XshowSettings:vm \
+\u3059\u3079\u3066\u306EVM\u95A2\u9023\u306E\u8A2D\u5B9A\u3092\u8868\u793A\u3057\u3066\u7D9A\u884C\u3059\u308B\n    -Xss        Java\u306E\u30B9\u30EC\u30C3\u30C9\u30FB\u30B9\u30BF\u30C3\u30AF\u30FB\u30B5\u30A4\u30BA\u3092\u8A2D\u5B9A\u3059\u308B\n    -Xverify          \u30D0\u30A4\u30C8\u30B3\u30FC\u30C9\u691C\u8A3C\u6A5F\u80FD\u306E\u30E2\u30FC\u30C9\u3092\u8A2D\u5B9A\u3059\u308B\n    --add-reads =(,)*\n                      \u30E2\u30B8\u30E5\u30FC\u30EB\u5BA3\u8A00\u306B\u95A2\u4FC2\u306A\u304F\u3001\u3092\u66F4\u65B0\u3057\u3066\n                      \u3092\u8AAD\u307F\u53D6\u308A\u307E\u3059\u3002 \n                      \u3092ALL-UNNAMED\u306B\u8A2D\u5B9A\u3059\u308B\u3068\u3001\u3059\u3079\u3066\u306E\u540D\u524D\u306E\u306A\u3044\u30E2\u30B8\u30E5\u30FC\u30EB\u3092\n                      \u8AAD\u307F\u53D6\u308C\u307E\u3059\u3002\n    --add-exports /=(,)*\n                      \u30E2\u30B8\u30E5\u30FC\u30EB\u5BA3\u8A00\u306B\u95A2\u4FC2\u306A\u304F\u3001\u3092\u66F4\u65B0\u3057\u3066\u3092\u306B\n                      \u30A8\u30AF\u30B9\u30DD\u30FC\u30C8\u3057\u307E\u3059\u3002\n                      \u3092ALL-UNNAMED\u306B\u8A2D\u5B9A\u3059\u308B\u3068\u3001\u3059\u3079\u3066\u306E\u540D\u524D\u306E\u306A\u3044\u30E2\u30B8\u30E5\u30FC\u30EB\u306B\n                      \u30A8\u30AF\u30B9\u30DD\u30FC\u30C8\u3067\u304D\u307E\u3059\u3002\n    --add-opens /=(,)*\n                      \u30E2\u30B8\u30E5\u30FC\u30EB\u5BA3\u8A00\u306B\u95A2\u4FC2\u306A\u304F\u3001\u3092\u66F4\u65B0\u3057\u3066\n                      \u3092\u306B\u958B\u304D\u307E\u3059\u3002\n    --illegal-access=\n                      \u540D\u524D\u306E\u306A\u3044\u30E2\u30B8\u30E5\u30FC\u30EB\u5185\u306E\u30B3\u30FC\u30C9\u306B\u3088\u308B\u3001\u540D\u524D\u306E\u3042\u308B\u30E2\u30B8\u30E5\u30FC\u30EB\u5185\u306E\n                      \u30BF\u30A4\u30D7\u306E\u30E1\u30F3\u30D0\u30FC\u3078\u306E\u30A2\u30AF\u30BB\u30B9\u3092\u8A31\u53EF\u307E\u305F\u306F\u62D2\u5426\u3057\u307E\u3059\u3002\n                      \u306F"deny"\u3001"permit"\u3001"warn"\u3001"debug"\u306E\u3044\u305A\u308C\u304B\u3067\u3059\n                      \u3053\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u5C06\u6765\u306E\u30EA\u30EA\u30FC\u30B9\u3067\u524A\u9664\u3055\u308C\u307E\u3059\u3002\n    --limit-modules [,...]\n                      \u53C2\u7167\u53EF\u80FD\u306A\u30E2\u30B8\u30E5\u30FC\u30EB\u306E\u9818\u57DF\u3092\u5236\u9650\u3057\u307E\u3059\n    --patch-module =({0})*\n                      JAR\u30D5\u30A1\u30A4\u30EB\u307E\u305F\u306F\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\u30AF\u30E9\u30B9\u304A\u3088\u3073\u30EA\u30BD\u30FC\u30B9\u3067\n                      \u30E2\u30B8\u30E5\u30FC\u30EB\u3092\u30AA\u30FC\u30D0\u30FC\u30E9\u30A4\u30C9\u307E\u305F\u306F\u62E1\u5F35\u3057\u307E\u3059\u3002\n    --disable-@files  \u3055\u3089\u306A\u308B\u30D5\u30A1\u30A4\u30EB\u62E1\u5F35\u3092\u7121\u52B9\u306B\u3057\u307E\u3059\n\n\u3053\u308C\u3089\u306E\u8FFD\u52A0\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u4E88\u544A\u306A\u304F\u5909\u66F4\u3055\u308C\u308B\u5834\u5408\u304C\u3042\u308A\u307E\u3059\u3002\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\n\u6B21\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306FMac OS X\u56FA\u6709\u3067\u3059:\n    -XstartOnFirstThread\n                      main()\u30E1\u30BD\u30C3\u30C9\u3092\u6700\u521D(AppKit)\u306E\u30B9\u30EC\u30C3\u30C9\u3067\u5B9F\u884C\u3059\u308B\n    -Xdock:name=\n                      Dock\u306B\u8868\u793A\u3055\u308C\u308B\u30C7\u30D5\u30A9\u30EB\u30C8\u30FB\u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u540D\u3092\u30AA\u30FC\u30D0\u30FC\u30E9\u30A4\u30C9\u3059\u308B\n    -Xdock:icon=\n                      Dock\u306B\u8868\u793A\u3055\u308C\u308B\u30C7\u30D5\u30A9\u30EB\u30C8\u30FB\u30A2\u30A4\u30B3\u30F3\u3092\u30AA\u30FC\u30D0\u30FC\u30E9\u30A4\u30C9\u3059\u308B\n\n
@@ -48,6 +48,7 @@ java.launcher.cls.error3=\u30A8\u30E9\u30FC: \u30E1\u30A4\u30F3\u30FB\u30E1\u30B
 java.launcher.cls.error4=\u30A8\u30E9\u30FC: \u30E1\u30A4\u30F3\u30FB\u30E1\u30BD\u30C3\u30C9\u304C\u30AF\u30E9\u30B9{0}\u3067\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3002\u6B21\u306E\u3088\u3046\u306B\u30E1\u30A4\u30F3\u30FB\u30E1\u30BD\u30C3\u30C9\u3092\u5B9A\u7FA9\u3057\u3066\u304F\u3060\u3055\u3044\u3002\n   public static void main(String[] args)\n\u307E\u305F\u306FJavaFX\u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u30FB\u30AF\u30E9\u30B9\u306F{1}\u3092\u62E1\u5F35\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059
 java.launcher.cls.error5=\u30A8\u30E9\u30FC: JavaFX\u30E9\u30F3\u30BF\u30A4\u30E0\u30FB\u30B3\u30F3\u30DD\u30FC\u30CD\u30F3\u30C8\u304C\u4E0D\u8DB3\u3057\u3066\u304A\u308A\u3001\u3053\u306E\u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u306E\u5B9F\u884C\u306B\u5FC5\u8981\u3067\u3059
 java.launcher.cls.error6=\u30A8\u30E9\u30FC: \u30E1\u30A4\u30F3\u30FB\u30AF\u30E9\u30B9{0}\u306E\u30ED\u30FC\u30C9\u4E2D\u306BLinkageError\u304C\u767A\u751F\u3057\u307E\u3057\u305F\n\t{1}
+java.launcher.cls.error7=\u30A8\u30E9\u30FC: \u30E1\u30A4\u30F3\u30FB\u30AF\u30E9\u30B9{0}\u3092\u521D\u671F\u5316\u3067\u304D\u307E\u305B\u3093\n\u539F\u56E0: {1}: {2}
 java.launcher.jar.error1=\u30A8\u30E9\u30FC: \u30D5\u30A1\u30A4\u30EB{0}\u3092\u958B\u3053\u3046\u3068\u3057\u3066\u3044\u308B\u3068\u304D\u306B\u3001\u4E88\u671F\u3057\u306A\u3044\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F
 java.launcher.jar.error2={0}\u306B\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093
 java.launcher.jar.error3={0}\u306B\u30E1\u30A4\u30F3\u30FB\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5C5E\u6027\u304C\u3042\u308A\u307E\u305B\u3093
@@ -56,5 +57,6 @@ java.launcher.init.error=\u521D\u671F\u5316\u30A8\u30E9\u30FC
 java.launcher.javafx.error1=\u30A8\u30E9\u30FC: JavaFX launchApplication\u30E1\u30BD\u30C3\u30C9\u306B\u8AA4\u3063\u305F\u30B7\u30B0\u30CD\u30C1\u30E3\u304C\u3042\u308A\u3001\nstatic\u3092\u5BA3\u8A00\u3057\u3066void\u578B\u306E\u5024\u3092\u8FD4\u3059\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059
 java.launcher.module.error1=\u30E2\u30B8\u30E5\u30FC\u30EB{0}\u306BMainClass\u5C5E\u6027\u304C\u3042\u308A\u307E\u305B\u3093\u3002-m /\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044
 java.launcher.module.error2=\u30A8\u30E9\u30FC: \u30E2\u30B8\u30E5\u30FC\u30EB{1}\u306B\u30E1\u30A4\u30F3\u30FB\u30AF\u30E9\u30B9{0}\u304C\u898B\u3064\u304B\u3089\u306A\u304B\u3063\u305F\u304B\u30ED\u30FC\u30C9\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F
-java.launcher.module.error3=\u30A8\u30E9\u30FC: \u30E2\u30B8\u30E5\u30FC\u30EB{1}\u304B\u3089\u306E\u30E1\u30A4\u30F3\u30FB\u30AF\u30E9\u30B9{0}\u306E\u30ED\u30FC\u30C9\u306B\u5931\u6557\u3057\u307E\u3057\u305F\n\t{2}
+java.launcher.module.error3=\u30A8\u30E9\u30FC: \u30E2\u30B8\u30E5\u30FC\u30EB{1}\u306E\u30E1\u30A4\u30F3\u30FB\u30AF\u30E9\u30B9{0}\u3092\u30ED\u30FC\u30C9\u3067\u304D\u307E\u305B\u3093\n\t{2}
 java.launcher.module.error4={0}\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093
+java.launcher.module.error5=\u30A8\u30E9\u30FC: \u30E2\u30B8\u30E5\u30FC\u30EB{1}\u306E\u30E1\u30A4\u30F3\u30FB\u30AF\u30E9\u30B9{0}\u3092\u521D\u671F\u5316\u3067\u304D\u307E\u305B\u3093\n\u539F\u56E0: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_ko.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_ko.properties
index 5ee8ae9c2b..d7b4123ef8 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_ko.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_ko.properties
@@ -31,12 +31,12 @@ java.launcher.opt.vmselect   =\    {0}\t  "{1}" VM\uC744 \uC120\uD0DD\uD569\uB2C
 java.launcher.opt.hotspot    =\    {0}\t  "{1}" VM\uC758 \uB3D9\uC758\uC5B4\uC785\uB2C8\uB2E4[\uC0AC\uC6A9\uB418\uC9C0 \uC54A\uC74C].\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp <\uB514\uB809\uD1A0\uB9AC \uBC0F zip/jar \uD30C\uC77C\uC758 \uD074\uB798\uC2A4 \uAC80\uC0C9 \uACBD\uB85C>\n    -classpath <\uB514\uB809\uD1A0\uB9AC \uBC0F zip/jar \uD30C\uC77C\uC758 \uD074\uB798\uC2A4 \uAC80\uC0C9 \uACBD\uB85C>\n    --class-path <\uB514\uB809\uD1A0\uB9AC \uBC0F zip/jar \uD30C\uC77C\uC758 \uD074\uB798\uC2A4 \uAC80\uC0C9 \uACBD\uB85C>\n                  \uD074\uB798\uC2A4 \uD30C\uC77C\uC744 \uAC80\uC0C9\uD558\uAE30 \uC704\uD55C \uB514\uB809\uD1A0\uB9AC, JAR \uC544\uCE74\uC774\uBE0C \uBC0F ZIP \uC544\uCE74\uC774\uBE0C\uC758 {0}(\uC73C)\uB85C\n                  \uAD6C\uBD84\uB41C \uBAA9\uB85D\uC785\uB2C8\uB2E4.\n    -p <\uBAA8\uB4C8 \uACBD\uB85C>\n    --module-path <\uBAA8\uB4C8 \uACBD\uB85C>...\n                  \uB514\uB809\uD1A0\uB9AC\uC758 {0}(\uC73C)\uB85C \uAD6C\uBD84\uB41C \uBAA9\uB85D\uC785\uB2C8\uB2E4. \uAC01 \uB514\uB809\uD1A0\uB9AC\uB294\n                  \uBAA8\uB4C8\uC758 \uB514\uB809\uD1A0\uB9AC\uC785\uB2C8\uB2E4.\n    --upgrade-module-path <\uBAA8\uB4C8 \uACBD\uB85C>...\n                  \uB514\uB809\uD1A0\uB9AC\uC758 {0}(\uC73C)\uB85C \uAD6C\uBD84\uB41C \uBAA9\uB85D\uC785\uB2C8\uB2E4. \uAC01 \uB514\uB809\uD1A0\uB9AC\uB294\n                  \uB7F0\uD0C0\uC784 \uC774\uBBF8\uC9C0\uC5D0\uC11C \uC5C5\uADF8\uB808\uC774\uB4DC \uAC00\uB2A5\uD55C \uBAA8\uB4C8\uC744 \uB300\uCCB4\uD558\uB294\n                  \uBAA8\uB4C8\uC758 \uB514\uB809\uD1A0\uB9AC\uC785\uB2C8\uB2E4.\n    --add-modules <\uBAA8\uB4C8 \uC774\uB984>[,<\uBAA8\uB4C8 \uC774\uB984>...]\n                  \uCD08\uAE30 \uBAA8\uB4C8 \uC774\uC678\uC758 \uD574\uACB0\uD560 \uB8E8\uD2B8 \uBAA8\uB4C8\uC785\uB2C8\uB2E4.\n                  <\uBAA8\uB4C8 \uC774\uB984>\uC740 ALL-DEFAULT, ALL-SYSTEM\uC77C \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n                  ALL-MODULE-PATH.\n    --list-modules\n                  \uAD00\uCC30 \uAC00\uB2A5\uD55C \uBAA8\uB4C8\uC744 \uB098\uC5F4\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n    --d <\uBAA8\uB4C8 \uC774\uB984>\n    --describe-module <\uBAA8\uB4C8 \uC774\uB984>\n                  \uBAA8\uB4C8\uC744 \uC124\uBA85\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n    --dry-run     VM\uC744 \uC0DD\uC131\uD558\uACE0 \uAE30\uBCF8 \uD074\uB798\uC2A4\uB97C \uB85C\uB4DC\uD558\uC9C0\uB9CC \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uC2E4\uD589\uD558\uC9C0\uB294 \uC54A\uC2B5\uB2C8\uB2E4.\n                  --dry-run \uC635\uC158\uC740 \uBAA8\uB4C8 \uC2DC\uC2A4\uD15C \uAD6C\uC131\uACFC \uAC19\uC740\n                  \uBA85\uB839\uC904 \uC635\uC158 \uAC80\uC99D\uC5D0 \uC720\uC6A9\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n    --validate-modules\n                  \uBAA8\uB4E0 \uBAA8\uB4C8\uC744 \uAC80\uC99D\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n                  --validate-modules \uC635\uC158\uC740 \uBAA8\uB4C8 \uACBD\uB85C\uC5D0\uC11C \uBAA8\uB4C8\uC5D0 \uB300\uD55C\n                  \uCDA9\uB3CC \uBC0F \uAE30\uD0C0 \uC624\uB958\uB97C \uCC3E\uB294 \uB370 \uC720\uC6A9\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n    -D<\uC774\uB984>=<\uAC12>\n                  \uC2DC\uC2A4\uD15C \uC18D\uC131\uC744 \uC124\uC815\uD569\uB2C8\uB2E4.\n    -verbose:[class|module|gc|jni]\n                  \uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825\uC744 \uC0AC\uC6A9\uC73C\uB85C \uC124\uC815\n    -version      \uC624\uB958 \uC2A4\uD2B8\uB9BC\uC5D0 \uC81C\uD488 \uBC84\uC804\uC744 \uC778\uC1C4\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n    --version     \uCD9C\uB825 \uC2A4\uD2B8\uB9BC\uC5D0 \uC81C\uD488 \uBC84\uC804\uC744 \uC778\uC1C4\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n    -showversion  \uC624\uB958 \uC2A4\uD2B8\uB9BC\uC5D0 \uC81C\uD488 \uBC84\uC804\uC744 \uC778\uC1C4\uD558\uACE0 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    --show-version\n                  \uCD9C\uB825 \uC2A4\uD2B8\uB9BC\uC5D0 \uC81C\uD488 \uBC84\uC804\uC744 \uC778\uC1C4\uD558\uACE0 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    --show-module-resolution\n                  \uC2DC\uC791 \uC911 \uBAA8\uB4C8 \uBD84\uC11D \uCD9C\uB825\uC744 \
+java.launcher.opt.footer = \    -cp <\uB514\uB809\uD1A0\uB9AC \uBC0F zip/jar \uD30C\uC77C\uC758 \uD074\uB798\uC2A4 \uAC80\uC0C9 \uACBD\uB85C>\n    -classpath <\uB514\uB809\uD1A0\uB9AC \uBC0F zip/jar \uD30C\uC77C\uC758 \uD074\uB798\uC2A4 \uAC80\uC0C9 \uACBD\uB85C>\n    --class-path <\uB514\uB809\uD1A0\uB9AC \uBC0F zip/jar \uD30C\uC77C\uC758 \uD074\uB798\uC2A4 \uAC80\uC0C9 \uACBD\uB85C>\n                  \uD074\uB798\uC2A4 \uD30C\uC77C\uC744 \uAC80\uC0C9\uD558\uAE30 \uC704\uD55C \uB514\uB809\uD1A0\uB9AC, JAR \uC544\uCE74\uC774\uBE0C \uBC0F ZIP \uC544\uCE74\uC774\uBE0C\uC758 {0}(\uC73C)\uB85C\n                  \uAD6C\uBD84\uB41C \uBAA9\uB85D\uC785\uB2C8\uB2E4.\n    -p <\uBAA8\uB4C8 \uACBD\uB85C>\n    --module-path <\uBAA8\uB4C8 \uACBD\uB85C>...\n                  \uB514\uB809\uD1A0\uB9AC\uC758 {0}(\uC73C)\uB85C \uAD6C\uBD84\uB41C \uBAA9\uB85D\uC785\uB2C8\uB2E4. \uAC01 \uB514\uB809\uD1A0\uB9AC\uB294\n                  \uBAA8\uB4C8\uC758 \uB514\uB809\uD1A0\uB9AC\uC785\uB2C8\uB2E4.\n    --upgrade-module-path <\uBAA8\uB4C8 \uACBD\uB85C>...\n                  \uB514\uB809\uD1A0\uB9AC\uC758 {0}(\uC73C)\uB85C \uAD6C\uBD84\uB41C \uBAA9\uB85D\uC785\uB2C8\uB2E4. \uAC01 \uB514\uB809\uD1A0\uB9AC\uB294\n                  \uB7F0\uD0C0\uC784 \uC774\uBBF8\uC9C0\uC5D0\uC11C \uC5C5\uADF8\uB808\uC774\uB4DC \uAC00\uB2A5\uD55C \uBAA8\uB4C8\uC744 \uB300\uCCB4\uD558\uB294\n                  \uBAA8\uB4C8\uC758 \uB514\uB809\uD1A0\uB9AC\uC785\uB2C8\uB2E4.\n    --add-modules <\uBAA8\uB4C8 \uC774\uB984>[,<\uBAA8\uB4C8 \uC774\uB984>...]\n                  \uCD08\uAE30 \uBAA8\uB4C8 \uC774\uC678\uC758 \uD574\uACB0\uD560 \uB8E8\uD2B8 \uBAA8\uB4C8\uC785\uB2C8\uB2E4.\n                  <\uBAA8\uB4C8 \uC774\uB984>\uC740 ALL-DEFAULT, ALL-SYSTEM\uC77C \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n                  ALL-MODULE-PATH.\n    --list-modules\n                  \uAD00\uCC30 \uAC00\uB2A5\uD55C \uBAA8\uB4C8\uC744 \uB098\uC5F4\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n    -d <\uBAA8\uB4C8 \uC774\uB984>\n    --describe-module <\uBAA8\uB4C8 \uC774\uB984>\n                  \uBAA8\uB4C8\uC744 \uC124\uBA85\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n    --dry-run     VM\uC744 \uC0DD\uC131\uD558\uACE0 \uAE30\uBCF8 \uD074\uB798\uC2A4\uB97C \uB85C\uB4DC\uD558\uC9C0\uB9CC \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uC2E4\uD589\uD558\uC9C0\uB294 \uC54A\uC2B5\uB2C8\uB2E4.\n                  --dry-run \uC635\uC158\uC740 \uBAA8\uB4C8 \uC2DC\uC2A4\uD15C \uAD6C\uC131\uACFC \uAC19\uC740\n                  \uBA85\uB839\uC904 \uC635\uC158 \uAC80\uC99D\uC5D0 \uC720\uC6A9\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n    --validate-modules\n                  \uBAA8\uB4E0 \uBAA8\uB4C8\uC744 \uAC80\uC99D\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n                  --validate-modules \uC635\uC158\uC740 \uBAA8\uB4C8 \uACBD\uB85C\uC5D0\uC11C \uBAA8\uB4C8\uC5D0 \uB300\uD55C\n                  \uCDA9\uB3CC \uBC0F \uAE30\uD0C0 \uC624\uB958\uB97C \uCC3E\uB294 \uB370 \uC720\uC6A9\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n    -D<\uC774\uB984>=<\uAC12>\n                  \uC2DC\uC2A4\uD15C \uC18D\uC131\uC744 \uC124\uC815\uD569\uB2C8\uB2E4.\n    -verbose:[class|module|gc|jni]\n                  \uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825\uC744 \uC0AC\uC6A9\uC73C\uB85C \uC124\uC815\n    -version      \uC624\uB958 \uC2A4\uD2B8\uB9BC\uC5D0 \uC81C\uD488 \uBC84\uC804\uC744 \uC778\uC1C4\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n    --version     \uCD9C\uB825 \uC2A4\uD2B8\uB9BC\uC5D0 \uC81C\uD488 \uBC84\uC804\uC744 \uC778\uC1C4\uD558\uACE0 \uC885\uB8CC\uD569\uB2C8\uB2E4.\n    -showversion  \uC624\uB958 \uC2A4\uD2B8\uB9BC\uC5D0 \uC81C\uD488 \uBC84\uC804\uC744 \uC778\uC1C4\uD558\uACE0 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    --show-version\n                  \uCD9C\uB825 \uC2A4\uD2B8\uB9BC\uC5D0 \uC81C\uD488 \uBC84\uC804\uC744 \uC778\uC1C4\uD558\uACE0 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    --show-module-resolution\n                  \uC2DC\uC791 \uC911 \uBAA8\uB4C8 \uBD84\uC11D \uCD9C\uB825\uC744 \
 \uD45C\uC2DC\uD569\uB2C8\uB2E4.\n    -? -h -help\n                  \uC624\uB958 \uC2A4\uD2B8\uB9BC\uC5D0 \uC774 \uB3C4\uC6C0\uB9D0 \uBA54\uC2DC\uC9C0\uB97C \uC778\uC1C4\uD569\uB2C8\uB2E4.\n    --help        \uCD9C\uB825 \uC2A4\uD2B8\uB9BC\uC5D0 \uC774 \uB3C4\uC6C0\uB9D0 \uBA54\uC2DC\uC9C0\uB97C \uC778\uC1C4\uD569\uB2C8\uB2E4.\n    -X            \uC624\uB958 \uC2A4\uD2B8\uB9BC\uC5D0 \uCD94\uAC00 \uC635\uC158\uC5D0 \uB300\uD55C \uB3C4\uC6C0\uB9D0\uC744 \uC778\uC1C4\uD569\uB2C8\uB2E4.\n    --help-extra  \uCD9C\uB825 \uC2A4\uD2B8\uB9BC\uC5D0 \uCD94\uAC00 \uC635\uC158\uC5D0 \uB300\uD55C \uB3C4\uC6C0\uB9D0\uC744 \uC778\uC1C4\uD569\uB2C8\uB2E4.\n    -ea[:<\uD328\uD0A4\uC9C0 \uC774\uB984>...|:<\uD074\uB798\uC2A4 \uC774\uB984>]\n    -enableassertions[:<\uD328\uD0A4\uC9C0 \uC774\uB984>...|:<\uD074\uB798\uC2A4 \uC774\uB984>]\n                  \uC138\uBD84\uC131\uC774 \uC9C0\uC815\uB41C \uAC80\uC99D\uC744 \uC0AC\uC6A9\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -da[:<\uD328\uD0A4\uC9C0 \uC774\uB984>...|:<\uD074\uB798\uC2A4 \uC774\uB984>]\n    -disableassertions[:<\uD328\uD0A4\uC9C0 \uC774\uB984>...|:<\uD074\uB798\uC2A4 \uC774\uB984>]\n                  \uC138\uBD84\uC131\uC774 \uC9C0\uC815\uB41C \uAC80\uC99D\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -esa | -enablesystemassertions\n                  \uC2DC\uC2A4\uD15C \uAC80\uC99D\uC744 \uC0AC\uC6A9\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -dsa | -disablesystemassertions\n                  \uC2DC\uC2A4\uD15C \uAC80\uC99D\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -agentlib:<\uB77C\uC774\uBE0C\uB7EC\uB9AC \uC774\uB984>[=<\uC635\uC158>]\n                  \uACE0\uC720 \uC5D0\uC774\uC804\uD2B8 \uB77C\uC774\uBE0C\uB7EC\uB9AC <\uB77C\uC774\uBE0C\uB7EC\uB9AC \uC774\uB984>\uC744 \uB85C\uB4DC\uD569\uB2C8\uB2E4(\uC608: -agentlib:jdwp).\n                  -agentlib:jdwp=help\uB3C4 \uCC38\uC870\uD558\uC2ED\uC2DC\uC624.\n    -agentpath:<\uACBD\uB85C \uC774\uB984>[=<\uC635\uC158>]\n                  \uC804\uCCB4 \uACBD\uB85C \uC774\uB984\uC744 \uC0AC\uC6A9\uD558\uC5EC \uACE0\uC720 \uC5D0\uC774\uC804\uD2B8 \uB77C\uC774\uBE0C\uB7EC\uB9AC\uB97C \uB85C\uB4DC\uD569\uB2C8\uB2E4.\n    -javaagent:[=<\uC635\uC158>]\n                  Java \uD504\uB85C\uADF8\uB798\uBC0D \uC5B8\uC5B4 \uC5D0\uC774\uC804\uD2B8\uB97C \uB85C\uB4DC\uD569\uB2C8\uB2E4. java.lang.instrument\uB97C \uCC38\uC870\uD558\uC2ED\uC2DC\uC624.\n    -splash:<\uC774\uBBF8\uC9C0 \uACBD\uB85C>\n                  \uC774\uBBF8\uC9C0\uAC00 \uC9C0\uC815\uB41C \uC2A4\uD50C\uB798\uC2DC \uD654\uBA74\uC744 \uD45C\uC2DC\uD569\uB2C8\uB2E4.\n                  HiDPI\uB85C \uC870\uC815\uB41C \uC774\uBBF8\uC9C0\uAC00 \uC790\uB3D9\uC73C\uB85C \uC9C0\uC6D0\uB418\uACE0 \uC0AC\uC6A9 \uAC00\uB2A5\uD55C \uACBD\uC6B0\n                  \uC0AC\uC6A9\uB429\uB2C8\uB2E4. \uBBF8\uC870\uC815 \uC774\uBBF8\uC9C0 \uD30C\uC77C \uC774\uB984(\uC608: image.ext)\uC740\n                  \uD56D\uC0C1 -splash \uC635\uC158\uC5D0 \uC778\uC218\uB85C \uC804\uB2EC\uB418\uC5B4\uC57C \uD569\uB2C8\uB2E4.\n                  \uAC00\uC7A5 \uC801\uC808\uD788 \uC870\uC815\uB41C \uC774\uBBF8\uC9C0\uAC00 \uC790\uB3D9\uC73C\uB85C\n                  \uCC44\uD0DD\uB429\uB2C8\uB2E4.\n                  \uC790\uC138\uD55C \uB0B4\uC6A9\uC740 SplashScreen API \uC124\uBA85\uC11C\uB97C \uCC38\uC870\uD558\uC2ED\uC2DC\uC624.\n    @\uC778\uC218 \uD30C\uC77C\n                  -disable-@files \uC635\uC158\uC774 \uD3EC\uD568\uB418\uC5B4 \uC788\uB294 \uD558\uB098 \uC774\uC0C1\uC758\n    \uC778\uC218 \uD30C\uC77C\n                  \uCD94\uAC00 \uC778\uC218 \uD30C\uC77C \uD655\uC7A5\uC744 \uBC29\uC9C0\uD569\uB2C8\uB2E4.\nlong \uC635\uC158\uC5D0 \uB300\uD55C \uC778\uC218\uB97C \uC9C0\uC815\uD558\uB824\uBA74 --<\uC774\uB984>=<\uAC12> \uB610\uB294\n--<\uC774\uB984> <\uAC12>\uC744 \uC0AC\uC6A9\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           \uBC31\uADF8\uB77C\uC6B4\uB4DC \uCEF4\uD30C\uC77C\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xbootclasspath/a:<{0}(\uC73C)\uB85C \uAD6C\uBD84\uB41C \uB514\uB809\uD1A0\uB9AC \uBC0F zip/jar \uD30C\uC77C>\n                      \uBD80\uD2B8\uC2A4\uD2B8\uB7A9 \uD074\uB798\uC2A4 \uACBD\uB85C \uB05D\uC5D0 \uCD94\uAC00\uD569\uB2C8\uB2E4.\n    -Xcheck:jni       JNI \uD568\uC218\uC5D0 \uB300\uD55C \uCD94\uAC00 \uAC80\uC0AC\uB97C \uC218\uD589\uD569\uB2C8\uB2E4.\n    -Xcomp            \uCCAB\uBC88\uC9F8 \uD638\uCD9C\uC5D0\uC11C \uBA54\uC18C\uB4DC \uCEF4\uD30C\uC77C\uC744 \uAC15\uC81C\uD569\uB2C8\uB2E4.\n    -Xdebug           \uC5ED \uD638\uD658\uC131\uC744 \uC704\uD574 \uC81C\uACF5\uB418\uC5C8\uC2B5\uB2C8\uB2E4.\n    -Xdiag            \uCD94\uAC00 \uC9C4\uB2E8 \uBA54\uC2DC\uC9C0\uB97C \uD45C\uC2DC\uD569\uB2C8\uB2E4.\n    -Xfuture          \uBBF8\uB798 \uAE30\uBCF8\uAC12\uC744 \uC608\uCE21\uD558\uC5EC \uAC00\uC7A5 \uC5C4\uACA9\uD55C \uAC80\uC0AC\uB97C \uC0AC\uC6A9\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xint             \uD574\uC11D\uB41C \uBAA8\uB4DC\uB9CC \uC2E4\uD589\uD569\uB2C8\uB2E4.\n    -Xinternalversion\n                      -version \uC635\uC158\uBCF4\uB2E4 \uC0C1\uC138\uD55C JVM \uBC84\uC804 \uC815\uBCF4\uB97C \uD45C\uC2DC\uD569\uB2C8\uB2E4.\n    -Xloggc:<\uD30C\uC77C>    \uC2DC\uAC04 \uAE30\uB85D\uACFC \uD568\uAED8 \uD30C\uC77C\uC5D0 GC \uC0C1\uD0DC\uB97C \uAE30\uB85D\uD569\uB2C8\uB2E4.\n    -Xmixed           \uD63C\uD569 \uBAA8\uB4DC\uB97C \uC2E4\uD589\uD569\uB2C8\uB2E4(\uAE30\uBCF8\uAC12).\n    -Xmn<\uD06C\uAE30>        \uC80A\uC740 \uC138\uB300(Nursery)\uB97C \uC704\uD574 \uD799\uC758 \uCD08\uAE30 \uBC0F \uCD5C\uB300\n                      \uD06C\uAE30(\uBC14\uC774\uD2B8)\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xms<\uD06C\uAE30>        \uCD08\uAE30 Java \uD799 \uD06C\uAE30\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xmx<\uD06C\uAE30>        \uCD5C\uB300 Java \uD799 \uD06C\uAE30\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xnoclassgc       \uD074\uB798\uC2A4\uC758 \uBD88\uD544\uC694\uD55C \uC815\uBCF4 \uBAA8\uC74C\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xprof            CPU \uD504\uB85C\uD30C\uC77C \uC791\uC131 \uB370\uC774\uD130\uB97C \uCD9C\uB825\uD569\uB2C8\uB2E4(\uC0AC\uC6A9\uB418\uC9C0 \uC54A\uC74C).\n    -Xrs              Java/VM\uC5D0 \uC758\uD55C OS \uC2E0\uD638 \uC0AC\uC6A9\uC744 \uC904\uC785\uB2C8\uB2E4(\uC124\uBA85\uC11C \uCC38\uC870).\n    -Xshare:auto      \uAC00\uB2A5\uD55C \uACBD\uC6B0 \uACF5\uC720 \uD074\uB798\uC2A4 \uB370\uC774\uD130\uB97C \uC0AC\uC6A9\uD569\uB2C8\uB2E4(\uAE30\uBCF8\uAC12).\n    -Xshare:off       \uACF5\uC720 \uD074\uB798\uC2A4 \uB370\uC774\uD130 \uC0AC\uC6A9\uC744 \uC2DC\uB3C4\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n    -Xshare:on        \uACF5\uC720 \uD074\uB798\uC2A4 \uB370\uC774\uD130\uB97C \uC0AC\uC6A9\uD574\uC57C \uD569\uB2C8\uB2E4. \uADF8\uB807\uC9C0 \uC54A\uC744 \uACBD\uC6B0 \uC2E4\uD328\uD569\uB2C8\uB2E4.\n    -XshowSettings    \uBAA8\uB4E0 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -XshowSettings:all\n                      \uBAA8\uB4E0 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -XshowSettings:locale\n                      \uBAA8\uB4E0 \uB85C\uCF00\uC77C \uAD00\uB828 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -XshowSettings:properties\n                      \uBAA8\uB4E0 \uC18D\uC131 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -XshowSettings:vm \uBAA8\uB4E0 VM \uAD00\uB828 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -Xss<\uD06C\uAE30>        Java \uC2A4\uB808\uB4DC \uC2A4\uD0DD \uD06C\uAE30\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xverify          \uBC14\uC774\uD2B8\uCF54\uB4DC \uAC80\uC99D\uC790\uC758 \uBAA8\uB4DC\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n  \
-  --add-reads <\uBAA8\uB4C8>=<\uB300\uC0C1-\uBAA8\uB4C8>(,<\uB300\uC0C1-\uBAA8\uB4C8>)*\n                      \uBAA8\uB4C8 \uC120\uC5B8\uC5D0 \uAD00\uACC4\uC5C6\uC774 <\uB300\uC0C1-\uBAA8\uB4C8>\uC744 \uC77D\uB3C4\uB85D\n                      <\uBAA8\uB4C8>\uC744 \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n                      <\uB300\uC0C1-\uBAA8\uB4C8>\uC740 \uC774\uB984\uC774 \uC9C0\uC815\uB418\uC9C0 \uC54A\uC740 \uBAA8\uB4E0 \uBAA8\uB4C8\uC744 \uC77D\uC744 \uC218 \uC788\uB294\n                      ALL-UNNAMED\uC77C \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n    --add-exports <\uBAA8\uB4C8>/<\uD328\uD0A4\uC9C0>=<\uB300\uC0C1-\uBAA8\uB4C8>(,<\uB300\uC0C1-\uBAA8\uB4C8>)*\n                      \uBAA8\uB4C8 \uC120\uC5B8\uC5D0 \uAD00\uACC4\uC5C6\uC774 <\uD328\uD0A4\uC9C0>\uB97C <\uB300\uC0C1-\uBAA8\uB4C8>\uB85C \uC775\uC2A4\uD3EC\uD2B8\uD558\uB3C4\uB85D\n                      <\uBAA8\uB4C8>\uC744 \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n                      <\uB300\uC0C1-\uBAA8\uB4C8>\uC740 \uC774\uB984\uC774 \uC9C0\uC815\uB418\uC9C0 \uC54A\uC740 \uBAA8\uB4E0 \uBAA8\uB4C8\uB85C \uC775\uC2A4\uD3EC\uD2B8\uD560 \uC218 \uC788\uB294\n                      ALL-UNNAMED\uC77C \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n    --add-opens <\uBAA8\uB4C8>/<\uD328\uD0A4\uC9C0>=<\uB300\uC0C1-\uBAA8\uB4C8>(,<\uB300\uC0C1-\uBAA8\uB4C8>)*\n                      \uBAA8\uB4C8 \uC120\uC5B8\uC5D0 \uAD00\uACC4\uC5C6\uC774 <\uD328\uD0A4\uC9C0>\uB97C <\uB300\uC0C1-\uBAA8\uB4C8>\uB85C \uC5F4\uB3C4\uB85D\n                      <\uBAA8\uB4C8>\uC744 \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n    --limit-modules <\uBAA8\uB4C8 \uC774\uB984>[,<\uBAA8\uB4C8 \uC774\uB984>...]\n                      \uAD00\uCC30 \uAC00\uB2A5\uD55C \uBAA8\uB4C8\uC758 \uACF5\uC6A9\uC744 \uC81C\uD55C\uD569\uB2C8\uB2E4.\n    --patch-module <\uBAA8\uB4C8>=<\uD30C\uC77C>({0}<\uD30C\uC77C>)*\n                      JAR \uD30C\uC77C \uB610\uB294 \uB514\uB809\uD1A0\uB9AC\uC758 \uD074\uB798\uC2A4\uC640 \uB9AC\uC18C\uC2A4\uB85C\n                      \uBAA8\uB4C8\uC744 \uBB34\uD6A8\uD654\uD558\uAC70\uB098 \uC778\uC218\uD654\uD569\uB2C8\uB2E4.\n    --disable-@files  \uCD94\uAC00 \uC778\uC218 \uD30C\uC77C \uD655\uC7A5\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n\n\uC774\uB7EC\uD55C \uCD94\uAC00 \uC635\uC158\uC740 \uD1B5\uC9C0 \uC5C6\uC774 \uBCC0\uACBD\uB420 \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n
+java.launcher.X.usage=\n    -Xbatch           \uBC31\uADF8\uB77C\uC6B4\uB4DC \uCEF4\uD30C\uC77C\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xbootclasspath/a:<{0}(\uC73C)\uB85C \uAD6C\uBD84\uB41C \uB514\uB809\uD1A0\uB9AC \uBC0F zip/jar \uD30C\uC77C>\n                      \uBD80\uD2B8\uC2A4\uD2B8\uB7A9 \uD074\uB798\uC2A4 \uACBD\uB85C \uB05D\uC5D0 \uCD94\uAC00\uD569\uB2C8\uB2E4.\n    -Xcheck:jni       JNI \uD568\uC218\uC5D0 \uB300\uD55C \uCD94\uAC00 \uAC80\uC0AC\uB97C \uC218\uD589\uD569\uB2C8\uB2E4.\n    -Xcomp            \uCCAB\uBC88\uC9F8 \uD638\uCD9C\uC5D0\uC11C \uBA54\uC18C\uB4DC \uCEF4\uD30C\uC77C\uC744 \uAC15\uC81C\uD569\uB2C8\uB2E4.\n    -Xdebug           \uC5ED\uD638\uD658\uC131\uC744 \uC704\uD574 \uC81C\uACF5\uB418\uC5C8\uC2B5\uB2C8\uB2E4.\n    -Xdiag            \uCD94\uAC00 \uC9C4\uB2E8 \uBA54\uC2DC\uC9C0\uB97C \uD45C\uC2DC\uD569\uB2C8\uB2E4.\n    -Xfuture          \uBBF8\uB798 \uAE30\uBCF8\uAC12\uC744 \uC608\uCE21\uD558\uC5EC \uAC00\uC7A5 \uC5C4\uACA9\uD55C \uAC80\uC0AC\uB97C \uC0AC\uC6A9\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xint             \uD574\uC11D\uB41C \uBAA8\uB4DC\uB9CC \uC2E4\uD589\uD569\uB2C8\uB2E4.\n    -Xinternalversion\n                      -version \uC635\uC158\uBCF4\uB2E4 \uC0C1\uC138\uD55C JVM \uBC84\uC804 \uC815\uBCF4\uB97C\n                      \uD45C\uC2DC\uD569\uB2C8\uB2E4.\n    -Xloggc:    \uC2DC\uAC04 \uAE30\uB85D\uACFC \uD568\uAED8 \uD30C\uC77C\uC5D0 GC \uC0C1\uD0DC\uB97C \uAE30\uB85D\uD569\uB2C8\uB2E4.\n    -Xmixed           \uD63C\uD569 \uBAA8\uB4DC\uB97C \uC2E4\uD589\uD569\uB2C8\uB2E4(\uAE30\uBCF8\uAC12).\n    -Xmn        \uC2E0\uC138\uB300(Nursery)\uB97C \uC704\uD574 \uD799\uC758 \uCD08\uAE30 \uBC0F \uCD5C\uB300\n                      \uD06C\uAE30(\uBC14\uC774\uD2B8)\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xms        \uCD08\uAE30 Java \uD799 \uD06C\uAE30\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xmx        \uCD5C\uB300 Java \uD799 \uD06C\uAE30\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xnoclassgc       \uD074\uB798\uC2A4\uC758 \uBD88\uD544\uC694\uD55C \uC815\uBCF4 \uBAA8\uC74C\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xprof            CPU \uD504\uB85C\uD30C\uC77C \uC791\uC131 \uB370\uC774\uD130\uB97C \uCD9C\uB825\uD569\uB2C8\uB2E4(\uC0AC\uC6A9\uB418\uC9C0 \uC54A\uC74C).\n    -Xrs              Java/VM\uC5D0 \uC758\uD55C OS \uC2E0\uD638 \uC0AC\uC6A9\uC744 \uC904\uC785\uB2C8\uB2E4(\uC124\uBA85\uC11C \uCC38\uC870).\n    -Xshare:auto      \uAC00\uB2A5\uD55C \uACBD\uC6B0 \uACF5\uC720 \uD074\uB798\uC2A4 \uB370\uC774\uD130\uB97C \uC0AC\uC6A9\uD569\uB2C8\uB2E4(\uAE30\uBCF8\uAC12).\n    -Xshare:off       \uACF5\uC720 \uD074\uB798\uC2A4 \uB370\uC774\uD130 \uC0AC\uC6A9\uC744 \uC2DC\uB3C4\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n    -Xshare:on        \uACF5\uC720 \uD074\uB798\uC2A4 \uB370\uC774\uD130\uB97C \uC0AC\uC6A9\uD574\uC57C \uD569\uB2C8\uB2E4. \uADF8\uB807\uC9C0 \uC54A\uC744 \uACBD\uC6B0 \uC2E4\uD328\uD569\uB2C8\uB2E4.\n    -XshowSettings    \uBAA8\uB4E0 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -XshowSettings:all\n                      \uBAA8\uB4E0 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -XshowSettings:locale\n                      \uBAA8\uB4E0 \uB85C\uCF00\uC77C \uAD00\uB828 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -XshowSettings:properties\n                      \uBAA8\uB4E0 \uC18D\uC131 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -XshowSettings:vm \uBAA8\uB4E0 VM \uAD00\uB828 \uC124\uC815\uC744 \uD45C\uC2DC\uD55C \uD6C4 \uACC4\uC18D\uD569\uB2C8\uB2E4.\n    -Xss        Java \uC2A4\uB808\uB4DC \uC2A4\uD0DD \uD06C\uAE30\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    -Xverify          \uBC14\uC774\uD2B8\uCF54\uB4DC \uAC80\uC99D\uC790\uC758 \uBAA8\uB4DC\uB97C \uC124\uC815\uD569\uB2C8\uB2E4.\n    --add-reads \
+=(,)*\n                      \uBAA8\uB4C8 \uC120\uC5B8\uC5D0 \uAD00\uACC4\uC5C6\uC774 \uC744 \uC77D\uB3C4\uB85D\n                      \uC744 \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4. \n                      \uC740 \uC774\uB984\uC774 \uC9C0\uC815\uB418\uC9C0 \uC54A\uC740 \uBAA8\uB4E0 \uBAA8\uB4C8\uC744 \uC77D\uC744 \uC218 \uC788\uB294\n                      ALL-UNNAMED\uC77C \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n    --add-exports /=(,)*\n                      \uBAA8\uB4C8 \uC120\uC5B8\uC5D0 \uAD00\uACC4\uC5C6\uC774 \uB97C \uB85C \uC775\uC2A4\uD3EC\uD2B8\uD558\uB3C4\uB85D\n                      \uC744 \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n                      \uC740 \uC774\uB984\uC774 \uC9C0\uC815\uB418\uC9C0 \uC54A\uC740 \uBAA8\uB4E0 \uBAA8\uB4C8\uB85C \uC775\uC2A4\uD3EC\uD2B8\uD560 \uC218 \uC788\uB294\n                      ALL-UNNAMED\uC77C \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n    --add-opens /=(,)*\n                      \uBAA8\uB4C8 \uC120\uC5B8\uC5D0 \uAD00\uACC4\uC5C6\uC774 \uB97C \uB85C \uC5F4\uB3C4\uB85D\n                      \uC744 \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n    --illegal-access=\n                      \uC774\uB984\uC774 \uC9C0\uC815\uB418\uC9C0 \uC54A\uC740 \uBAA8\uB4C8\uC758 \uCF54\uB4DC\uB97C \uC0AC\uC6A9\uD558\uC5EC \uC774\uB984\uC774 \uC9C0\uC815\uB41C \uBAA8\uB4C8\uC758 \uC720\uD615 \uBA64\uBC84\uC5D0 \uB300\uD55C\n                      \uC561\uC138\uC2A4 \uAD8C\uD55C\uC744 \uD5C8\uC6A9 \uB610\uB294 \uAC70\uBD80\uD569\uB2C8\uB2E4.\n                      \uB294 "deny", "permit", "warn" \uB610\uB294 "debug" \uC911 \uD558\uB098\uC785\uB2C8\uB2E4.\n                      \uC774 \uC635\uC158\uC740 \uC774\uD6C4 \uB9B4\uB9AC\uC2A4\uC5D0\uC11C \uC81C\uAC70\uB429\uB2C8\uB2E4.\n    --limit-modules [,...]\n                      \uAD00\uCC30 \uAC00\uB2A5\uD55C \uBAA8\uB4C8\uC758 \uACF5\uC6A9\uC744 \uC81C\uD55C\uD569\uB2C8\uB2E4.\n    --patch-module =({0})*\n                      JAR \uD30C\uC77C \uB610\uB294 \uB514\uB809\uD1A0\uB9AC\uC758 \uD074\uB798\uC2A4\uC640 \uB9AC\uC18C\uC2A4\uB85C \uBAA8\uB4C8\uC744\n                      \uBB34\uD6A8\uD654\uD558\uAC70\uB098 \uC778\uC218\uD654\uD569\uB2C8\uB2E4.\n    --disable-@files  \uCD94\uAC00 \uC778\uC218 \uD30C\uC77C \uD655\uC7A5\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD569\uB2C8\uB2E4.\n\n\uC774\uB7EC\uD55C \uCD94\uAC00 \uC635\uC158\uC740 \uD1B5\uC9C0 \uC5C6\uC774 \uBCC0\uACBD\uB420 \uC218 \uC788\uC2B5\uB2C8\uB2E4.\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\n\uB2E4\uC74C\uC740 Mac OS X\uC5D0 \uD2B9\uC815\uB41C \uC635\uC158\uC785\uB2C8\uB2E4.\n    -XstartOnFirstThread\n                      \uCCAB\uBC88\uC9F8 (AppKit) \uC2A4\uB808\uB4DC\uC5D0 main() \uBA54\uC18C\uB4DC\uB97C \uC2E4\uD589\uD569\uB2C8\uB2E4.\n    -Xdock:name=\n                      \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC560\uD50C\uB9AC\uCF00\uC774\uC158 \uC774\uB984\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n    -Xdock:icon=\n                      \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC544\uC774\uCF58\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n\n
@@ -45,8 +45,9 @@ java.launcher.cls.error1=\uC624\uB958: \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744
 java.launcher.cls.error2=\uC624\uB958: {1} \uD074\uB798\uC2A4\uC5D0\uC11C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uAC00 {0}\uC774(\uAC00) \uC544\uB2D9\uB2C8\uB2E4. \uB2E4\uC74C \uD615\uC2DD\uC73C\uB85C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uC815\uC758\uD558\uC2ED\uC2DC\uC624.\n   public static void main(String[] args)
 java.launcher.cls.error3=\uC624\uB958: \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB294 {0} \uD074\uB798\uC2A4\uC5D0\uC11C void \uC720\uD615\uC758 \uAC12\uC744 \uBC18\uD658\uD574\uC57C \uD569\uB2C8\uB2E4. \n\uB2E4\uC74C \uD615\uC2DD\uC73C\uB85C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uC815\uC758\uD558\uC2ED\uC2DC\uC624.\n   public static void main(String[] args)
 java.launcher.cls.error4=\uC624\uB958: {0} \uD074\uB798\uC2A4\uC5D0\uC11C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. \uB2E4\uC74C \uD615\uC2DD\uC73C\uB85C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uC815\uC758\uD558\uC2ED\uC2DC\uC624.\r\n   public static void main(String[] args)\r\n\uB610\uB294 JavaFX \uC560\uD50C\uB9AC\uCF00\uC774\uC158 \uD074\uB798\uC2A4\uB294 {1}\uC744(\uB97C) \uD655\uC7A5\uD574\uC57C \uD569\uB2C8\uB2E4.
-java.launcher.cls.error5=\uC624\uB958: \uC774 \uC560\uD50C\uB9AC\uCF00\uC774\uC158\uC744 \uC2E4\uD589\uD558\uB294 \uB370 \uD544\uC694\uD55C JavaFX \uB7F0\uD0C0\uC784 \uAD6C\uC131 \uC694\uC18C\uAC00 \uB204\uB77D\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
+java.launcher.cls.error5=\uC624\uB958: \uC774 \uC560\uD50C\uB9AC\uCF00\uC774\uC158\uC744 \uC2E4\uD589\uD558\uB294 \uB370 \uD544\uC694\uD55C JavaFX \uB7F0\uD0C0\uC784 \uAD6C\uC131\uC694\uC18C\uAC00 \uB204\uB77D\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
 java.launcher.cls.error6=\uC624\uB958: \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744(\uB97C) \uB85C\uB4DC\uD558\uB294 \uC911 LinkageError\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4.\n\t{1}
+java.launcher.cls.error7=\uC624\uB958: \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744(\uB97C) \uCD08\uAE30\uD654\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.\n\uC6D0\uC778: {1}: {2}
 java.launcher.jar.error1=\uC624\uB958: {0} \uD30C\uC77C\uC744 \uC5F4\uB824\uACE0 \uC2DC\uB3C4\uD558\uB294 \uC911 \uC608\uC0C1\uCE58 \uC54A\uC740 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4.
 java.launcher.jar.error2={0}\uC5D0\uC11C Manifest\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.
 java.launcher.jar.error3={0}\uC5D0 \uAE30\uBCF8 Manifest \uC18D\uC131\uC774 \uC5C6\uC2B5\uB2C8\uB2E4.
@@ -55,5 +56,6 @@ java.launcher.init.error=\uCD08\uAE30\uD654 \uC624\uB958
 java.launcher.javafx.error1=\uC624\uB958: JavaFX launchApplication \uBA54\uC18C\uB4DC\uC5D0 \uC798\uBABB\uB41C \uC11C\uBA85\uC774 \uC788\uC2B5\uB2C8\uB2E4.\\n\uB530\uB77C\uC11C static\uC73C\uB85C \uC120\uC5B8\uD558\uACE0 void \uC720\uD615\uC758 \uAC12\uC744 \uBC18\uD658\uD574\uC57C \uD569\uB2C8\uB2E4.
 java.launcher.module.error1={0} \uBAA8\uB4C8\uC5D0 MainClass \uC18D\uC131\uC774 \uC5C6\uC2B5\uB2C8\uB2E4. -m /\uB97C \uC0AC\uC6A9\uD558\uC2ED\uC2DC\uC624.
 java.launcher.module.error2=\uC624\uB958: {1} \uBAA8\uB4C8\uC758 \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744(\uB97C) \uCC3E\uAC70\uB098 \uB85C\uB4DC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.
-java.launcher.module.error3=\uC624\uB958: {1} \uBAA8\uB4C8\uC5D0\uC11C \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744(\uB97C) \uB85C\uB4DC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.\n\t{2}
+java.launcher.module.error3=\uC624\uB958: {1} \uBAA8\uB4C8\uC758 \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744(\uB97C) \uB85C\uB4DC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.\n\t{2}
 java.launcher.module.error4={0}\uC744(\uB97C) \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.
+java.launcher.module.error5=\uC624\uB958: {1} \uBAA8\uB4C8\uC758 \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744(\uB97C) \uCD08\uAE30\uD654\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.\n\uC6D0\uC778: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_pt_BR.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_pt_BR.properties
index cfe8507e56..d82c37173b 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_pt_BR.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_pt_BR.properties
@@ -31,12 +31,12 @@ java.launcher.opt.vmselect   =\    {0}\t  para selecionar a VM "{1}"\n
 java.launcher.opt.hotspot    =\    {0}\t  \u00E9 um sin\u00F4nimo da VM "{1}" [obsoleto]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  Uma lista separada por {0} de diret\u00F3rios, arquivos compactados JAR\n                  e arquivos compactados ZIP para procurar arquivos de classe.\n    -p \n    --module-path ...\n                  Uma lista separada por {0} de diret\u00F3rios, cada um\n                  sendo um diret\u00F3rio de m\u00F3dulos.\n    --upgrade-module-path ...\n                  Uma lista separada por {0} de diret\u00F3rios, cada um\n                  sendo um diret\u00F3rio de m\u00F3dulos que substituem m\u00F3dulos\n                  pass\u00EDveis de upgrade na imagem de runtime\n    --add-modules [,...]\n                  m\u00F3dulos-raiz a serem resolvidos al\u00E9m do m\u00F3dulo inicial.\n                   tamb\u00E9m pode ser ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  lista os m\u00F3dulos observ\u00E1veis e sai\n    --d \n    --describe-module \n                  descreve um m\u00F3dulo e sai\n    --dry-run     cria VM e carrega classe principal, mas n\u00E3o executa o m\u00E9todo principal.\n                  A op\u00E7\u00E3o --dry-run pode ser \u00FAtil para validar as\n                  op\u00E7\u00F5es de linha de comando como a configura\u00E7\u00E3o do sistema do m\u00F3dulo.\n    --validate-modules\n                  valida todos os m\u00F3dulos e sai\n                  A op\u00E7\u00E3o --validate-modules pode ser \u00FAtil para localizar\n                  conflitos e outros erros com m\u00F3dulos no caminho do m\u00F3dulo.\n    -D=\n                  define uma propriedade de sistema\n    -verbose:[class|module|gc|jni]\n                  ativar sa\u00EDda verbosa\n    -version      imprime a vers\u00E3o do produto no fluxo de erros e sai\n    -version      imprime a vers\u00E3o do produto no fluxo de sa\u00EDda e sai\n    -showversion  imprime a vers\u00E3o do produto no fluxo de erros e continua\n    --show-version\n                  imprime a vers\u00E3o do produto no fluxo de sa\u00EDda e continua\n    --show-module-resolution\n                  mostra a sa\u00EDda da resolu\u00E7\u00E3o do m\u00F3dulo durante a inicializa\u00E7\u00E3o\n    -? -h -help\n                  imprime esta mensagem de ajuda no fluxo de erros\n    --help        imprime esta mensagem de ajuda no fluxo de sa\u00EDda\n    -X            imprime ajuda sobre op\u00E7\u00F5es extras no fluxo de erros\n    --help-extra  imprime ajuda sobre op\u00E7\u00F5es extras no fluxo de sa\u00EDda\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  ativa asser\u00E7\u00F5es com granularidade especificada\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  desativa asser\u00E7\u00F5es com granularidade especificada\n    -esa | -enablesystemassertions\n                  ativa asser\u00E7\u00F5es de sistema\n    -dsa | -disablesystemassertions\n                  desativa asser\u00E7\u00F5es de sistema\n    -agentlib:[=]\n                  carrega biblioteca de agente nativo , por exemplo, -agentlib:jdwp\n                  consulte tamb\u00E9m -agentlib:jdwp=help\n    -agentpath:[=]\n                  carrega biblioteca de agente nativo por nome do caminho completo\n    -javaagent:[=]\n                  carrega agente de linguagem de programa\u00E7\u00E3o Java, consulte java.lang.instrument\n    -splash:\n                  \
-mostra a tela inicial com a imagem especificada\n                  Imagens HiDPI dimensionadas s\u00E3o suportadas automaticamente e utilizadas,\n                  se dispon\u00EDveis. O nome do arquivo de imagem n\u00E3o dimensionada, por exemplo, image.ext,\n                  deve ser informado sempre como argumento para a op\u00E7\u00E3o -splash.\n                  A imagem dimensionada mais apropriada fornecida ser\u00E1 selecionada\n                  automaticamente.\n                  Consulte a documenta\u00E7\u00E3o da API de Tela Inicial para obter mais informa\u00E7\u00F5es\n    @arquivos de argumento\n                  Um ou mais arquivos de argumentos que cont\u00EAm op\u00E7\u00F5es\n    -disable-@files\n                  impede expans\u00E3o adicional de arquivo de argumentos\nnPara especificar um argumento para uma op\u00E7\u00E3o longa, voc\u00EA pode usar --= ou\n-- .\n
+java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  Uma lista separada por {0} de diret\u00F3rios, arquivos compactados JAR\n                  e arquivos compactados ZIP para procurar arquivos de classe.\n    -p \n    --module-path ...\n                  Uma lista separada por {0} de diret\u00F3rios, cada um\n                  sendo um diret\u00F3rio de m\u00F3dulos.\n    --upgrade-module-path ...\n                  Uma lista separada por {0} de diret\u00F3rios, cada um\n                  sendo um diret\u00F3rio de m\u00F3dulos que substituem m\u00F3dulos\n                  pass\u00EDveis de upgrade na imagem de runtime\n    --add-modules [,...]\n                  m\u00F3dulos-raiz a serem resolvidos al\u00E9m do m\u00F3dulo inicial.\n                   tamb\u00E9m pode ser ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  lista os m\u00F3dulos observ\u00E1veis e sai\n    -d \n    --describe-module \n                  descreve um m\u00F3dulo e sai\n    --dry-run     cria VM e carrega classe principal, mas n\u00E3o executa o m\u00E9todo principal.\n                  A op\u00E7\u00E3o --dry-run pode ser \u00FAtil para validar as\n                  op\u00E7\u00F5es de linha de comando como a configura\u00E7\u00E3o do sistema do m\u00F3dulo.\n    --validate-modules\n                  valida todos os m\u00F3dulos e sai\n                  A op\u00E7\u00E3o --validate-modules pode ser \u00FAtil para localizar\n                  conflitos e outros erros com m\u00F3dulos no caminho do m\u00F3dulo.\n    -D=\n                  define uma propriedade de sistema\n    -verbose:[class|module|gc|jni]\n                  ativar sa\u00EDda verbosa\n    -version      imprime a vers\u00E3o do produto no fluxo de erros e sai\n    -version      imprime a vers\u00E3o do produto no fluxo de sa\u00EDda e sai\n    -showversion  imprime a vers\u00E3o do produto no fluxo de erros e continua\n    --show-version\n                  imprime a vers\u00E3o do produto no fluxo de sa\u00EDda e continua\n    --show-module-resolution\n                  mostra a sa\u00EDda da resolu\u00E7\u00E3o do m\u00F3dulo durante a inicializa\u00E7\u00E3o\n    -? -h -help\n                  imprime esta mensagem de ajuda no fluxo de erros\n    --help        imprime esta mensagem de ajuda no fluxo de sa\u00EDda\n    -X            imprime ajuda sobre op\u00E7\u00F5es extras no fluxo de erros\n    --help-extra  imprime ajuda sobre op\u00E7\u00F5es extras no fluxo de sa\u00EDda\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  ativa asser\u00E7\u00F5es com granularidade especificada\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  desativa asser\u00E7\u00F5es com granularidade especificada\n    -esa | -enablesystemassertions\n                  ativa asser\u00E7\u00F5es de sistema\n    -dsa | -disablesystemassertions\n                  desativa asser\u00E7\u00F5es de sistema\n    -agentlib:[=]\n                  carrega biblioteca de agente nativo , por exemplo, -agentlib:jdwp\n                  consulte tamb\u00E9m -agentlib:jdwp=help\n    -agentpath:[=]\n                  carrega biblioteca de agente nativo por nome do caminho completo\n    -javaagent:[=]\n                  carrega agente de linguagem de programa\u00E7\u00E3o Java, consulte java.lang.instrument\n    -splash:\n                  mostra \
+a tela inicial com a imagem especificada\n                  Imagens HiDPI dimensionadas s\u00E3o suportadas automaticamente e utilizadas,\n                  se dispon\u00EDveis. O nome do arquivo de imagem n\u00E3o dimensionada, por exemplo, image.ext,\n                  deve ser informado sempre como argumento para a op\u00E7\u00E3o -splash.\n                  A imagem dimensionada mais apropriada fornecida ser\u00E1 selecionada\n                  automaticamente.\n                  Consulte a documenta\u00E7\u00E3o da API de Tela Inicial para obter mais informa\u00E7\u00F5es\n    @arquivos de argumento\n                  Um ou mais arquivos de argumentos que cont\u00EAm op\u00E7\u00F5es\n    -disable-@files\n                  impede expans\u00E3o adicional de arquivo de argumentos\nnPara especificar um argumento para uma op\u00E7\u00E3o longa, voc\u00EA pode usar --= ou\n-- .\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           desativa compila\u00E7\u00E3o em segundo plano\n    -Xbootclasspath/a:\n                      anexa ao final do caminho de classe de bootstrap\n    -Xcheck:jni       executa verifica\u00E7\u00F5es adicionais de fun\u00E7\u00F5es JNI\n    -Xcomp            for\u00E7a a compila\u00E7\u00E3o de m\u00E9todos na primeira chamada\n    -Xdebug           fornecido para compatibilidade reversa\n    -Xdiag            mostra mensagens adicionais de diagn\u00F3stico\n        -Xfuture          ativa verifica\u00E7\u00F5es de n\u00EDvel m\u00E1ximo, antecipando padr\u00E3o futuro\n    -Xint             somente execu\u00E7\u00E3o de modo interpretado\n    -Xinternalversion\n                      exibe informa\u00E7\u00F5es mais detalhadas da vers\u00E3o da JVM do que a\n                      op\u00E7\u00E3o -version\n    -Xloggc:    registra status de GC em um arquivo com timestamps\n    -Xmixed           execu\u00E7\u00E3o em modo misto (padr\u00E3o)\n    -Xmn        define o tamanho inicial e m\u00E1ximo (em bytes) do heap\n                      para a gera\u00E7\u00E3o jovem (infantil)\n    -Xms        define tamanho inicial do heap Java\n    -Xmx        define tamanho m\u00E1ximo do heap Java\n    -Xnoclassgc       desativa coleta de lixo de classe\n    -Xprof            gera dados de perfil de cpu (obsoleto)\n    -Xrs              reduz uso de sinais do SO por Java/VM (ver documenta\u00E7\u00E3o)\n    -Xshare:auto      usa dados de classe compartilhados se poss\u00EDvel (padr\u00E3o)\n    -Xshare:off       n\u00E3o tenta usar dados de classe compartilhados\n    -Xshare:on        exige o uso de dados de classe compartilhados; caso contr\u00E1rio, falhar\u00E1.\n    -XshowSettings    mostra todas as defini\u00E7\u00F5es e continua\n    -XshowSettings:all\n                      mostra todas as defini\u00E7\u00F5es e continua\n    -XshowSettings:locale\n                      mostra todas as defini\u00E7\u00F5es relacionadas \u00E0 configura\u00E7\u00E3o regional e continua\n    -XshowSettings:properties\n                      mostra todas as defini\u00E7\u00F5es de propriedade e continua\n    -XshowSettings:vm mostra todas as defini\u00E7\u00F5es relacionadas a vm e continua\n    -Xss        define o tamanho da pilha de thread java\n    -Xverify          define o modo do verificador de c\u00F3digo de byte\n    --add-reads =(,)*\n                      atualiza  para ler , independentemente\n                      da declara\u00E7\u00E3o de m\u00F3dulo. \n                       pode ser ALL-UNNAMED para ler todos os m\u00F3dulos\n                      sem nome.\n    --add-exports /=(,)*\n                      atualiza  para exportar  para ,\n                      independentemente da declara\u00E7\u00E3o de m\u00F3dulo.\n                       pode ser ALL-UNNAMED para exportar todos os\n                      m\u00F3dulos sem nome.\n    --add-opens /=(,)*\n                      atualiza  para abrir  para\n                      , independentemente da declara\u00E7\u00E3o de m\u00F3dulo.\n    --limit-modules [,...]\n                      limita o universo de m\u00F3dulos observ\u00E1veis\n--patch-module =({0})*\n                      substitui ou amplia um m\u00F3dulo com classes e recursos\n                      em arquivos ou \
-diret\u00F3rios JAR.\n\nEssas op\u00E7\u00F5es extras est\u00E3o sujeitas a altera\u00E7\u00E3o sem aviso.\n
+java.launcher.X.usage=\n    -Xbatch           desativa compila\u00E7\u00E3o em segundo plano\n    -Xbootclasspath/a:\n                      anexa ao final do caminho de classe de bootstrap\n    -Xcheck:jni       executa verifica\u00E7\u00F5es adicionais de fun\u00E7\u00F5es JNI\n    -Xcomp            for\u00E7a a compila\u00E7\u00E3o de m\u00E9todos na primeira chamada\n    -Xdebug           fornecido para compatibilidade reversa\n    -Xdiag            mostra mensagens adicionais de diagn\u00F3stico\n        -Xfuture          ativa verifica\u00E7\u00F5es de n\u00EDvel m\u00E1ximo, antecipando padr\u00E3o futuro\n    -Xint             somente execu\u00E7\u00E3o de modo interpretado\n    -Xinternalversion\n                      exibe informa\u00E7\u00F5es mais detalhadas da vers\u00E3o da JVM do que a\n                      op\u00E7\u00E3o -version\n    -Xloggc:    registra status de GC em um arquivo com timestamps\n    -Xmixed           execu\u00E7\u00E3o em modo misto (padr\u00E3o)\n    -Xmn        define o tamanho inicial e m\u00E1ximo (em bytes) do heap\n                      para a gera\u00E7\u00E3o jovem (infantil)\n    -Xms        define tamanho inicial do heap Java\n    -Xmx        define tamanho m\u00E1ximo do heap Java\n    -Xnoclassgc       desativa coleta de lixo de classe\n    -Xprof            gera dados de perfil de cpu (obsoleto)\n    -Xrs              reduz uso de sinais do SO por Java/VM (ver documenta\u00E7\u00E3o)\n    -Xshare:auto      usa dados de classe compartilhados se poss\u00EDvel (padr\u00E3o)\n    -Xshare:off       n\u00E3o tenta usar dados de classe compartilhados\n    -Xshare:on        exige o uso de dados de classe compartilhados; caso contr\u00E1rio, falhar\u00E1.\n    -XshowSettings    mostra todas as defini\u00E7\u00F5es e continua\n    -XshowSettings:all\n                      mostra todas as defini\u00E7\u00F5es e continua\n    -XshowSettings:locale\n                      mostra todas as defini\u00E7\u00F5es relacionadas \u00E0 configura\u00E7\u00E3o regional e continua\n    -XshowSettings:properties\n                      mostra todas as defini\u00E7\u00F5es de propriedade e continua\n    -XshowSettings:vm mostra todas as defini\u00E7\u00F5es relacionadas a vm e continua\n    -Xss        define o tamanho da pilha de thread java\n    -Xverify          define o modo do verificador de c\u00F3digo de byte\n    --add-reads =(,)*\n                      atualiza  para ler , independentemente\n                      da declara\u00E7\u00E3o de m\u00F3dulo. \n                       pode ser ALL-UNNAMED para ler todos os m\u00F3dulos\n                      sem nome.\n    --add-exports /=(,)*\n                      atualiza  para exportar  para ,\n                      independentemente da declara\u00E7\u00E3o de m\u00F3dulo.\n                       pode ser ALL-UNNAMED para exportar para todos os\n                      m\u00F3dulos sem nome.\n    --add-opens /=(,)*\n                      atualiza  para abrir  para\n                      , independentemente da declara\u00E7\u00E3o de m\u00F3dulo.\n    --illegal-access=\n                      permite ou nega acesso aos membros dos tipos nos m\u00F3dulos com nome\n                     por c\u00F3digo nos m\u00F3dulos sem nomes.\n                       \u00E9 um entre "deny", "permit", "warn" ou "debug"\n                       Esta op\u00E7\u00E3o ser\u00E1 removida em uma futura release.\n    --limit-modules [,...]\n                      limita o universo de m\u00F3dulos observ\u00E1veis\n--patch-module =({0})*\n                      substitui ou amplia um m\u00F3dulo \
+com classes e recursos\n                      em arquivos ou diret\u00F3rios JAR.\n   --disable-@files  desativa uma maior expans\u00E3o do arquivo de argumento\n\nEssas op\u00E7\u00F5es extras est\u00E3o sujeitas a altera\u00E7\u00E3o sem aviso.\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\nAs op\u00E7\u00F5es a seguir s\u00E3o espec\u00EDficas para o Mac OS X:\n    -XstartOnFirstThread\n                      executa o m\u00E9todo main() no primeiro thread (AppKit)\n    -Xdock:name=\n                      substitui o nome do aplicativo padr\u00E3o exibido no encaixe\n    -Xdock:icon=\n                      substitui o \u00EDcone exibido no encaixe\n\n
@@ -47,6 +47,7 @@ java.launcher.cls.error3=Erro: o m\u00E9todo main deve retornar um valor do tipo
 java.launcher.cls.error4=Erro: o m\u00E9todo main n\u00E3o foi encontrado na classe {0}; defina o m\u00E9todo main como:\n   public static void main(String[] args)\nou uma classe de aplicativo JavaFX deve expandir {1}
 java.launcher.cls.error5=Erro: os componentes de runtime do JavaFX n\u00E3o foram encontrados. Eles s\u00E3o obrigat\u00F3rios para executar este aplicativo
 java.launcher.cls.error6=Erro: ocorreu LinkageError ao carregar a classe principal {0}\n\t{1}
+java.launcher.cls.error7=Erro: N\u00E3o \u00E9 poss\u00EDvel inicializar a classe principal {0}\nCausado por: {1}: {2}
 java.launcher.jar.error1=Erro: ocorreu um erro inesperado ao tentar abrir o arquivo {0}
 java.launcher.jar.error2=manifesto n\u00E3o encontrado em {0}
 java.launcher.jar.error3=nenhum atributo de manifesto principal em {0}
@@ -55,5 +56,6 @@ java.launcher.init.error=erro de inicializa\u00E7\u00E3o
 java.launcher.javafx.error1=Erro: O m\u00E9todo launchApplication do JavaFX tem a assinatura errada. Ele\\ndeve ser declarado como est\u00E1tico e retornar um valor do tipo void
 java.launcher.module.error1=o m\u00F3dulo {0} n\u00E3o tem um atributo MainClass, use -m /
 java.launcher.module.error2=Erro: N\u00E3o foi poss\u00EDvel localizar nem carregar a classe principal {0} no m\u00F3dulo {1}
-java.launcher.module.error3=Erro: N\u00E3o \u00E9 poss\u00EDvel carregar a classe principal {0} do m\u00F3dulo {1}\n\t{2}
+java.launcher.module.error3=Erro: N\u00E3o \u00E9 poss\u00EDvel carregar a classe principal {0} no m\u00F3dulo {1}\n\t{2}
 java.launcher.module.error4={0} n\u00E3o encontrado.
+java.launcher.module.error5=Erro: N\u00E3o \u00E9 poss\u00EDvel inicializar a classe principal {0} no m\u00F3dulo {1}\nCausado por: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_sv.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_sv.properties
index 885602e9a2..04e67e5371 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_sv.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_sv.properties
@@ -31,12 +31,12 @@ java.launcher.opt.vmselect   =\    {0}\t  f\u00F6r att v\u00E4lja "{1}" VM\n
 java.launcher.opt.hotspot    =\    {0}\t  \u00E4r en synonym f\u00F6r "{1}" VM  [inaktuell]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  En {0}-avgr\u00E4nsad lista \u00F6ver kataloger, JAR-arkiv\n                  och ZIP-arkiv att s\u00F6ka efter klassfiler i.\n    -p \n    --module-path ...\n                  En {0}-avgr\u00E4nsad lista \u00F6ver kataloger, d\u00E4r varje katalog\n                  \u00E4r en katalog \u00F6ver moduler.\n    --upgrade-module-path ...\n                  En {0}-avgr\u00E4nsad lista \u00F6ver kataloger, d\u00E4r varje katalog\n                  \u00E4r en katalog \u00F6ver moduler som ers\u00E4tter uppgraderingsbara\n                  moduler i exekveringsavbilden\n    --add-modules [,...]\n                  rotmoduler att l\u00F6sa f\u00F6rutom den ursprungliga modulen.\n                   kan \u00E4ven vara ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  visa observerbara moduler och avsluta\n    --d \n    --describe-module \n                  beskriv en modul och avsluta\n    --dry-run     skapa VM och ladda huvudklassen men k\u00F6r inte huvudmetoden.\n                  Alternativet --dry-run kan vara anv\u00E4ndbart f\u00F6r att validera\n                  kommandoradsalternativ, som modulsystemkonfigurationen.\n    --validate-modules\n                  validera alla moduler och avsluta\n                  Alternativet --validate-modules kan vara anv\u00E4ndbart f\u00F6r att hitta\n                  konflikter och andra fel i modulerna p\u00E5 moduls\u00F6kv\u00E4gen.\n    -D=\n                  ange en systemegenskap\n    -verbose:[class|module|gc|jni]\n                  aktivera utf\u00F6rliga utdata\n    -version      skriv ut produktversion till felstr\u00F6mmen och avsluta\n    --version     skriv ut produktversion till utdatastr\u00F6mmen och avsluta\n    -showversion  skriv ut produktversion till felstr\u00F6mmen och forts\u00E4tt\n    --show-version\n                  skriv ut produktversion till utdatastr\u00F6mmen och forts\u00E4tt\n    --show-module-resolution\n                  visa modull\u00F6sningsutdata vid start\n    -? -h -help\n                  skriv ut det h\u00E4r hj\u00E4lpmeddelandet till felstr\u00F6mmen\n    --help        skriv ut det h\u00E4r hj\u00E4lpmeddelandet till utdatastr\u00F6mmen\n    -X            skriv ut hj\u00E4lp f\u00F6r extraalternativ till felstr\u00F6mmen\n    --help-extra  skriv ut hj\u00E4lp f\u00F6r extraalternativ till utdatastr\u00F6mmen\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  aktivera verifieringar med den angivna detaljgraden\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  avaktivera verifieringar med den angivna detaljgraden\n    -esa | -enablesystemassertions\n                  aktivera systemverifieringar\n    -dsa | -disablesystemassertions\n                  avaktivera systemverifieringar\n    -agentlib:[=]\n                  ladda det ursprungliga agentbiblioteket , t.ex. -agentlib:jdwp\n                  se \u00E4ven -agentlib:jdwp=help\n    -agentpath:[=]\n                  ladda det ursprungliga agentbiblioteket med fullst\u00E4ndigt s\u00F6kv\u00E4gsnamn\n    -javaagent:[=]\n                  ladda Java-programmeringsspr\u00E5ksagenten, se java.lang.instrument\n    -splash:\n                  visa v\u00E4lkomstsk\u00E4rmen med den angivna bilden\n                  HiDPI-skal\u00E4ndrade bilder st\u00F6ds automatiskt och anv\u00E4nds om de \u00E4r\n       \
-           tillg\u00E4ngliga. Filnamnet p\u00E5 den oskal\u00E4ndrade bilden, t.ex. image.ext,\n                  ska alltid \u00F6verf\u00F6ras som argument till alternativet -splash.\n                  Den l\u00E4mpligaste skal\u00E4ndrade bilden v\u00E4ljs\n                  automatiskt.\n                  Mer information finns i dokumentationen f\u00F6r API:t SplashScreen\n    @argument filer\n                  en eller flera argumentfiler som inneh\u00E5ller alternativ\n    -disable-@files\n                  f\u00F6rhindra ytterligare ut\u00F6kning av argumentfiler\nOm du vill ange ett argument f\u00F6r ett l\u00E5ngt alternativ kan du anv\u00E4nda --= eller\n-- .\n
+java.launcher.opt.footer = \    -cp \n    -classpath \n    --class-path \n                  En {0}-avgr\u00E4nsad lista \u00F6ver kataloger, JAR-arkiv\n                  och ZIP-arkiv att s\u00F6ka efter klassfiler i.\n    -p \n    --module-path ...\n                  En {0}-avgr\u00E4nsad lista \u00F6ver kataloger, d\u00E4r varje katalog\n                  \u00E4r en katalog \u00F6ver moduler.\n    --upgrade-module-path ...\n                  En {0}-avgr\u00E4nsad lista \u00F6ver kataloger, d\u00E4r varje katalog\n                  \u00E4r en katalog \u00F6ver moduler som ers\u00E4tter uppgraderingsbara\n                  moduler i exekveringsavbilden\n    --add-modules [,...]\n                  rotmoduler att l\u00F6sa f\u00F6rutom den ursprungliga modulen.\n                   kan \u00E4ven vara ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  visa observerbara moduler och avsluta\n    -d \n    --describe-module \n                  beskriv en modul och avsluta\n    --dry-run     skapa VM och ladda huvudklassen men k\u00F6r inte huvudmetoden.\n                  Alternativet --dry-run kan vara anv\u00E4ndbart f\u00F6r att validera\n                  kommandoradsalternativ, som modulsystemkonfigurationen.\n    --validate-modules\n                  validera alla moduler och avsluta\n                  Alternativet --validate-modules kan vara anv\u00E4ndbart f\u00F6r att hitta\n                  konflikter och andra fel i modulerna p\u00E5 moduls\u00F6kv\u00E4gen.\n    -D=\n                  ange en systemegenskap\n    -verbose:[class|module|gc|jni]\n                  aktivera utf\u00F6rliga utdata\n    -version      skriv ut produktversion till felstr\u00F6mmen och avsluta\n    --version     skriv ut produktversion till utdatastr\u00F6mmen och avsluta\n    -showversion  skriv ut produktversion till felstr\u00F6mmen och forts\u00E4tt\n    --show-version\n                  skriv ut produktversion till utdatastr\u00F6mmen och forts\u00E4tt\n    --show-module-resolution\n                  visa modull\u00F6sningsutdata vid start\n    -? -h -help\n                  skriv ut det h\u00E4r hj\u00E4lpmeddelandet till felstr\u00F6mmen\n    --help        skriv ut det h\u00E4r hj\u00E4lpmeddelandet till utdatastr\u00F6mmen\n    -X            skriv ut hj\u00E4lp f\u00F6r extraalternativ till felstr\u00F6mmen\n    --help-extra  skriv ut hj\u00E4lp f\u00F6r extraalternativ till utdatastr\u00F6mmen\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  aktivera verifieringar med den angivna detaljgraden\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  avaktivera verifieringar med den angivna detaljgraden\n    -esa | -enablesystemassertions\n                  aktivera systemverifieringar\n    -dsa | -disablesystemassertions\n                  avaktivera systemverifieringar\n    -agentlib:[=]\n                  ladda det ursprungliga agentbiblioteket , t.ex. -agentlib:jdwp\n                  se \u00E4ven -agentlib:jdwp=help\n    -agentpath:[=]\n                  ladda det ursprungliga agentbiblioteket med fullst\u00E4ndigt s\u00F6kv\u00E4gsnamn\n    -javaagent:[=]\n                  ladda Java-programmeringsspr\u00E5ksagenten, se java.lang.instrument\n    -splash:\n                  visa v\u00E4lkomstsk\u00E4rmen med den angivna bilden\n                  HiDPI-skal\u00E4ndrade bilder st\u00F6ds automatiskt och anv\u00E4nds om de \u00E4r\n        \
+          tillg\u00E4ngliga. Filnamnet p\u00E5 den oskal\u00E4ndrade bilden, t.ex. image.ext,\n                  ska alltid \u00F6verf\u00F6ras som argument till alternativet -splash.\n                  Den l\u00E4mpligaste skal\u00E4ndrade bilden v\u00E4ljs\n                  automatiskt.\n                  Mer information finns i dokumentationen f\u00F6r API:t SplashScreen\n    @argument filer\n                  en eller flera argumentfiler som inneh\u00E5ller alternativ\n    -disable-@files\n                  f\u00F6rhindra ytterligare ut\u00F6kning av argumentfiler\nOm du vill ange ett argument f\u00F6r ett l\u00E5ngt alternativ kan du anv\u00E4nda --= eller\n-- .\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           avaktivera bakgrundskompilering\n    -Xbootclasspath/a:\n                      l\u00E4gg till sist i klass\u00F6kv\u00E4gen f\u00F6r programladdning\n    -Xcheck:jni       utf\u00F6r fler kontroller f\u00F6r JNI-funktioner\n    -Xcomp            tvingar kompilering av metoder vid det f\u00F6rsta anropet\n    -Xdebug           tillhandah\u00E5lls f\u00F6r bak\u00E5tkompatibilitet\n    -Xdiag            visa fler diagnostiska meddelanden\n    -Xfuture          aktivera str\u00E4ngaste kontroller, f\u00F6rv\u00E4ntad framtida standard\n    -Xint             endast exekvering i tolkat l\u00E4ge\n    -Xinternalversion\n                      visar mer detaljerad information om JVM-version \u00E4n\n                      alternativet -version\n    -Xloggc:    logga GC-status till en fil med tidsst\u00E4mplar\n    -Xmixed           exekvering i blandat l\u00E4ge (standard)\n    -Xmn     anger ursprunglig och maximal storlek (i byte) f\u00F6r h\u00F6gen f\u00F6r\n                      generationen med nyare objekt (h\u00F6gen f\u00F6r tilldelning av nya objekt)\n    -Xms     ange ursprunglig storlek f\u00F6r Java-heap-utrymmet\n    -Xmx     ange st\u00F6rsta storlek f\u00F6r Java-heap-utrymmet\n    -Xnoclassgc       avaktivera klasskr\u00E4pinsamling\n    -Xprof            utdata f\u00F6r processorprofilering (inaktuellt)\n    -Xrs              minska operativsystemssignalanv\u00E4ndning f\u00F6r Java/VM (se dokumentationen)\n    -Xshare:auto      anv\u00E4nd delade klassdata om m\u00F6jligt (standard)\n    -Xshare:off       f\u00F6rs\u00F6k inte anv\u00E4nda delade klassdata\n    -Xshare:on        kr\u00E4v anv\u00E4ndning av delade klassdata, utf\u00F6r inte i annat fall.\n    -XshowSettings    visa alla inst\u00E4llningar och forts\u00E4tt\n    -XshowSettings:all\n                      visa alla inst\u00E4llningar och forts\u00E4tt\n    -XshowSettings:locale\n                      visa alla spr\u00E5kkonventionsrelaterade inst\u00E4llningar och forts\u00E4tt\n    -XshowSettings:properties\n                      visa alla egenskapsinst\u00E4llningar och forts\u00E4tt\n    -XshowSettings:vm visa alla vm-relaterade inst\u00E4llningar och forts\u00E4tt\n    -Xss     ange storlek f\u00F6r java-tr\u00E5dsstacken\n    -Xverify          anger l\u00E4ge f\u00F6r bytekodverifieraren\n    --add-reads =(,)*\n                      uppdaterar  f\u00F6r att l\u00E4sa , oavsett\n                      moduldeklarationen. \n                       kan vara ALL-UNNAMED f\u00F6r att l\u00E4sa alla\n                      ej namngivna moduler.\n    --add-exports /=(,)*\n                      uppdaterar  f\u00F6r att exportera  till ,\n                      oavsett moduldeklarationen.\n                       kan vara ALL-UNNAMED f\u00F6r att exportera till alla\n                      ej namngivna moduler.\n    --add-opens /=(,)*\n                      uppdaterar  f\u00F6r att \u00F6ppna  till\n                      , oavsett moduldeklarationen.\n    --limit-modules [,...]\n                      begr\u00E4nsar universumet med observerbara moduler\n    --patch-module =({0})*\n                      \u00E5sidos\u00E4tt eller ut\u00F6ka en modul med klasser och resurser\n                      i JAR-filer eller kataloger.\n    --disable-@files  avaktivera ytterligare \
-argumentfilsut\u00F6kning\n\nDe h\u00E4r extraalternativen kan \u00E4ndras utan f\u00F6reg\u00E5ende meddelande.\n
+java.launcher.X.usage=\n    -Xbatch           avaktivera bakgrundskompilering\n    -Xbootclasspath/a:\n                      l\u00E4gg till sist i klass\u00F6kv\u00E4gen f\u00F6r programladdning\n    -Xcheck:jni       utf\u00F6r fler kontroller f\u00F6r JNI-funktioner\n    -Xcomp            tvingar kompilering av metoder vid det f\u00F6rsta anropet\n    -Xdebug           tillhandah\u00E5lls f\u00F6r bak\u00E5tkompatibilitet\n    -Xdiag            visa fler diagnostiska meddelanden\n    -Xfuture          aktivera str\u00E4ngaste kontroller, f\u00F6rv\u00E4ntad framtida standard\n    -Xint             endast exekvering i tolkat l\u00E4ge\n    -Xinternalversion\n                      visar mer detaljerad information om JVM-version \u00E4n\n                      alternativet -version\n    -Xloggc:    logga GC-status till en fil med tidsst\u00E4mplar\n    -Xmixed           exekvering i blandat l\u00E4ge (standard)\n    -Xmn     anger ursprunglig och maximal storlek (i byte) f\u00F6r h\u00F6gen f\u00F6r\n                      generationen med nyare objekt (h\u00F6gen f\u00F6r tilldelning av nya objekt)\n    -Xms     ange ursprunglig storlek f\u00F6r Java-heap-utrymmet\n    -Xmx     ange st\u00F6rsta storlek f\u00F6r Java-heap-utrymmet\n    -Xnoclassgc       avaktivera klasskr\u00E4pinsamling\n    -Xprof            utdata f\u00F6r processorprofilering (inaktuellt)\n    -Xrs              minska operativsystemssignalanv\u00E4ndning f\u00F6r Java/VM (se dokumentationen)\n    -Xshare:auto      anv\u00E4nd delade klassdata om m\u00F6jligt (standard)\n    -Xshare:off       f\u00F6rs\u00F6k inte anv\u00E4nda delade klassdata\n    -Xshare:on        kr\u00E4v anv\u00E4ndning av delade klassdata, utf\u00F6r inte i annat fall.\n    -XshowSettings    visa alla inst\u00E4llningar och forts\u00E4tt\n    -XshowSettings:all\n                      visa alla inst\u00E4llningar och forts\u00E4tt\n    -XshowSettings:locale\n                      visa alla spr\u00E5kkonventionsrelaterade inst\u00E4llningar och forts\u00E4tt\n    -XshowSettings:properties\n                      visa alla egenskapsinst\u00E4llningar och forts\u00E4tt\n    -XshowSettings:vm visa alla vm-relaterade inst\u00E4llningar och forts\u00E4tt\n    -Xss     ange storlek f\u00F6r java-tr\u00E5dsstacken\n    -Xverify          anger l\u00E4ge f\u00F6r bytekodverifieraren\n    --add-reads =(,)*\n                      uppdaterar  f\u00F6r att l\u00E4sa , oavsett\n                      moduldeklarationen. \n                       kan vara ALL-UNNAMED f\u00F6r att l\u00E4sa alla\n                      ej namngivna moduler.\n    --add-exports /=(,)*\n                      uppdaterar  f\u00F6r att exportera  till ,\n                      oavsett moduldeklarationen.\n                       kan vara ALL-UNNAMED f\u00F6r att exportera till alla\n                      ej namngivna moduler.\n    --add-opens /=(,)*\n                      uppdaterar  f\u00F6r att \u00F6ppna  till\n                      , oavsett moduldeklarationen.\n    --illegal-access=\n                      till\u00E5t eller neka \u00E5tkomst till medlemmar av typer i namngivna\n                      moduler av kod i ej namngivna moduler.\n                       \u00E4r "deny", "permit", "warn" eller "debug"\n                      Det h\u00E4r alternativet tas bort i en kommande utg\u00E5va.\n    --limit-modules [,...]\n                      begr\u00E4nsar universumet med observerbara moduler\n    --patch-module =({0})*\n                      \u00E5sidos\u00E4tt eller ut\u00F6ka en modul med klasser och resurser\n                      i \
+JAR-filer eller kataloger.\n    --disable-@files  avaktivera ytterligare argumentfilsut\u00F6kning\n\nDe h\u00E4r extraalternativen kan \u00E4ndras utan f\u00F6reg\u00E5ende meddelande.
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\nF\u00F6ljande alternativ \u00E4r Mac OS X-specifika:\n    -XstartOnFirstThread\n                      k\u00F6r main()-metoden p\u00E5 den f\u00F6rsta (AppKit)-tr\u00E5den\n    -Xdock:name=\n                      \u00E5sidos\u00E4tt det standardapplikationsnamn som visas i dockan\n    -Xdock:icon=\n                      \u00E5sidos\u00E4tt den standardikon som visas i dockan\n\n
@@ -47,6 +47,7 @@ java.launcher.cls.error3=Fel: Huvudmetoden m\u00E5ste returnera ett v\u00E4rde a
 java.launcher.cls.error4=Fel: Huvudmetoden finns inte i klassen {0}, definiera huvudmetoden som:\n   public static void main(String[] args)\neller s\u00E5 m\u00E5ste en JavaFX-applikationsklass ut\u00F6ka {1}
 java.launcher.cls.error5=Fel: JavaFX-exekveringskomponenter saknas, och de kr\u00E4vs f\u00F6r att kunna k\u00F6ra den h\u00E4r applikationen
 java.launcher.cls.error6=Fel: LinkageError intr\u00E4ffade vid laddning av huvudklassen {0}\n\t{1}
+java.launcher.cls.error7=Fel: Kan inte initiera huvudklassen {0}\nOrsakades av: {1}: {2}
 java.launcher.jar.error1=Fel: Ett ov\u00E4ntat fel intr\u00E4ffade n\u00E4r filen {0} skulle \u00F6ppnas
 java.launcher.jar.error2=manifest finns inte i {0}
 java.launcher.jar.error3=inget huvudmanifestattribut i {0}
@@ -55,5 +56,6 @@ java.launcher.init.error=initieringsfel
 java.launcher.javafx.error1=Fel: JavaFX launchApplication-metoden har fel signatur, den \nm\u00E5ste ha deklarerats som statisk och returnera ett v\u00E4rde av typen void
 java.launcher.module.error1=modulen {0} har inget MainClass-attribut, anv\u00E4nd -m /
 java.launcher.module.error2=Fel: kunde inte hitta eller ladda huvudklassen {0} i modulen {1}
-java.launcher.module.error3=Fel: kan inte ladda huvudklassen {0} fr\u00E5n modulen {1}\n\t{2}
+java.launcher.module.error3=Fel: Kan inte ladda huvudklassen {0} i modulen {1}\n\t{2}
 java.launcher.module.error4={0} hittades inte
+java.launcher.module.error5=Fel: Kan inte initiera huvudklassen {0} i modulen {1}\nOrsakades av: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_zh_CN.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_zh_CN.properties
index 574a3d2629..68935fb5c4 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_zh_CN.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_zh_CN.properties
@@ -31,12 +31,12 @@ java.launcher.opt.vmselect   =\    {0}\t  \u9009\u62E9 "{1}" VM\n
 java.launcher.opt.hotspot    =\    {0}\t  \u662F "{1}" VM \u7684\u540C\u4E49\u8BCD [\u5DF2\u8FC7\u65F6]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp <\u76EE\u5F55\u548C zip/jar \u6587\u4EF6\u7684\u7C7B\u641C\u7D22\u8DEF\u5F84>\n    -classpath <\u76EE\u5F55\u548C zip/jar \u6587\u4EF6\u7684\u7C7B\u641C\u7D22\u8DEF\u5F84>\n    --class-path <\u76EE\u5F55\u548C zip/jar \u6587\u4EF6\u7684\u7C7B\u641C\u7D22\u8DEF\u5F84>\n                  \u4F7F\u7528 {0} \u5206\u9694\u7684, \u7528\u4E8E\u641C\u7D22\u7C7B\u6587\u4EF6\u7684\u76EE\u5F55, JAR \u6863\u6848\n                  \u548C ZIP \u6863\u6848\u5217\u8868\u3002\n    -p <\u6A21\u5757\u8DEF\u5F84>\n    --module-path <\u6A21\u5757\u8DEF\u5F84>...\n                  \u7528 {0} \u5206\u9694\u7684\u76EE\u5F55\u5217\u8868, \u6BCF\u4E2A\u76EE\u5F55\n                  \u90FD\u662F\u4E00\u4E2A\u5305\u542B\u6A21\u5757\u7684\u76EE\u5F55\u3002\n    --upgrade-module-path <\u6A21\u5757\u8DEF\u5F84>...\n                  \u7528 {0} \u5206\u9694\u7684\u76EE\u5F55\u5217\u8868, \u6BCF\u4E2A\u76EE\u5F55\n                  \u90FD\u662F\u4E00\u4E2A\u5305\u542B\u6A21\u5757\u7684\u76EE\u5F55, \u8FD9\u4E9B\u6A21\u5757\n                  \u7528\u4E8E\u66FF\u6362\u8FD0\u884C\u65F6\u6620\u50CF\u4E2D\u7684\u53EF\u5347\u7EA7\u6A21\u5757\n    --add-modules <\u6A21\u5757\u540D\u79F0>[,<\u6A21\u5757\u540D\u79F0>...]\n                  \u9664\u4E86\u521D\u59CB\u6A21\u5757\u4E4B\u5916\u8981\u89E3\u6790\u7684\u6839\u6A21\u5757\u3002\n                  <\u6A21\u5757\u540D\u79F0> \u8FD8\u53EF\u4EE5\u4E3A ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  \u5217\u51FA\u53EF\u89C2\u5BDF\u6A21\u5757\u5E76\u9000\u51FA\n    --d <\u6A21\u5757\u540D\u79F0>\n    --describe-module <\u6A21\u5757\u540D\u79F0>\n                  \u63CF\u8FF0\u6A21\u5757\u5E76\u9000\u51FA\n    --dry-run     \u521B\u5EFA VM \u5E76\u52A0\u8F7D\u4E3B\u7C7B, \u4F46\u4E0D\u6267\u884C main \u65B9\u6CD5\u3002\n                  \u6B64 --dry-run \u9009\u9879\u5BF9\u4E8E\u9A8C\u8BC1\u8BF8\u5982\n                  \u6A21\u5757\u7CFB\u7EDF\u914D\u7F6E\u8FD9\u6837\u7684\u547D\u4EE4\u884C\u9009\u9879\u53EF\u80FD\u975E\u5E38\u6709\u7528\u3002\n    --validate-modules\n                  \u9A8C\u8BC1\u6240\u6709\u6A21\u5757\u5E76\u9000\u51FA\n                  --validate-modules \u9009\u9879\u5BF9\u4E8E\u67E5\u627E\n                  \u6A21\u5757\u8DEF\u5F84\u4E2D\u6A21\u5757\u7684\u51B2\u7A81\u53CA\u5176\u4ED6\u9519\u8BEF\u53EF\u80FD\u975E\u5E38\u6709\u7528\u3002\n    -D<\u540D\u79F0>=<\u503C>\n                  \u8BBE\u7F6E\u7CFB\u7EDF\u5C5E\u6027\n    -verbose:[class|module|gc|jni]\n                  \u542F\u7528\u8BE6\u7EC6\u8F93\u51FA\n    -version      \u5C06\u4EA7\u54C1\u7248\u672C\u8F93\u51FA\u5230\u9519\u8BEF\u6D41\u5E76\u9000\u51FA\n    --version     \u5C06\u4EA7\u54C1\u7248\u672C\u8F93\u51FA\u5230\u8F93\u51FA\u6D41\u5E76\u9000\u51FA\n    -showversion  \u5C06\u4EA7\u54C1\u7248\u672C\u8F93\u51FA\u5230\u9519\u8BEF\u6D41\u5E76\u7EE7\u7EED\n    --show-version\n                  \u5C06\u4EA7\u54C1\u7248\u672C\u8F93\u51FA\u5230\u8F93\u51FA\u6D41\u5E76\u7EE7\u7EED\n    --show-module-resolution\n                  \u5728\u542F\u52A8\u8FC7\u7A0B\u4E2D\u663E\u793A\u6A21\u5757\u89E3\u6790\u8F93\u51FA\n    -? -h -help\n                  \u5C06\u6B64\u5E2E\u52A9\u6D88\u606F\u8F93\u51FA\u5230\u9519\u8BEF\u6D41\n    --help        \u5C06\u6B64\u5E2E\u52A9\u6D88\u606F\u8F93\u51FA\u5230\u8F93\u51FA\u6D41\n    -X            \u5C06\u989D\u5916\u9009\u9879\u7684\u5E2E\u52A9\u8F93\u51FA\u5230\u9519\u8BEF\u6D41\n    --help-extra  \u5C06\u989D\u5916\u9009\u9879\u7684\u5E2E\u52A9\u8F93\u51FA\u5230\u8F93\u51FA\u6D41\n    -ea[:<\u7A0B\u5E8F\u5305\u540D\u79F0>...|:<\u7C7B\u540D>]\n    -enableassertions[:<\u7A0B\u5E8F\u5305\u540D\u79F0>...|:<\u7C7B\u540D>]\n                  \u6309\u6307\u5B9A\u7684\u7C92\u5EA6\u542F\u7528\u65AD\u8A00\n    -da[:<\u7A0B\u5E8F\u5305\u540D\u79F0>...|:<\u7C7B\u540D>]\n    -disableassertions[:<\u7A0B\u5E8F\u5305\u540D\u79F0>...|:<\u7C7B\u540D>]\n                  \
-\u6309\u6307\u5B9A\u7684\u7C92\u5EA6\u7981\u7528\u65AD\u8A00\n    -esa | -enablesystemassertions\n                  \u542F\u7528\u7CFB\u7EDF\u65AD\u8A00\n    -dsa | -disablesystemassertions\n                  \u7981\u7528\u7CFB\u7EDF\u65AD\u8A00\n    -agentlib:<\u5E93\u540D>[=<\u9009\u9879>]\n                  \u52A0\u8F7D\u672C\u673A\u4EE3\u7406\u5E93 <\u5E93\u540D>, \u4F8B\u5982 -agentlib:jdwp\n                  \u53E6\u8BF7\u53C2\u9605 -agentlib:jdwp=help\n    -agentpath:<\u8DEF\u5F84\u540D>[=<\u9009\u9879>]\n                  \u6309\u5B8C\u6574\u8DEF\u5F84\u540D\u52A0\u8F7D\u672C\u673A\u4EE3\u7406\u5E93\n    -javaagent:[=<\u9009\u9879>]\n                  \u52A0\u8F7D Java \u7F16\u7A0B\u8BED\u8A00\u4EE3\u7406, \u8BF7\u53C2\u9605 java.lang.instrument\n    -splash:<\u56FE\u50CF\u8DEF\u5F84>\n                  \u4F7F\u7528\u6307\u5B9A\u7684\u56FE\u50CF\u663E\u793A\u542F\u52A8\u5C4F\u5E55\n                  \u81EA\u52A8\u652F\u6301\u548C\u4F7F\u7528 HiDPI \u7F29\u653E\u56FE\u50CF\n                  (\u5982\u679C\u53EF\u7528)\u3002\u5E94\u59CB\u7EC8\u5C06\u672A\u7F29\u653E\u7684\u56FE\u50CF\u6587\u4EF6\u540D (\u4F8B\u5982, image.ext)\n                  \u4F5C\u4E3A\u53C2\u6570\u4F20\u9012\u7ED9 -splash \u9009\u9879\u3002\n                  \u5C06\u81EA\u52A8\u9009\u53D6\u63D0\u4F9B\u7684\u6700\u5408\u9002\u7684\u7F29\u653E\n                  \u56FE\u50CF\u3002\n                  \u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u53C2\u9605 SplashScreen API \u6587\u6863\n    @argument \u6587\u4EF6\n                  \u4E00\u4E2A\u6216\u591A\u4E2A\u5305\u542B\u9009\u9879\u7684\u53C2\u6570\u6587\u4EF6\n    -disable-@files\n                  \u963B\u6B62\u8FDB\u4E00\u6B65\u6269\u5C55\u53C2\u6570\u6587\u4EF6\n\u8981\u4E3A\u957F\u9009\u9879\u6307\u5B9A\u53C2\u6570, \u53EF\u4EE5\u4F7F\u7528 --<\u540D\u79F0>=<\u503C> \u6216\n--<\u540D\u79F0> <\u503C>\u3002\n
+java.launcher.opt.footer = \    -cp <\u76EE\u5F55\u548C zip/jar \u6587\u4EF6\u7684\u7C7B\u641C\u7D22\u8DEF\u5F84>\n    -classpath <\u76EE\u5F55\u548C zip/jar \u6587\u4EF6\u7684\u7C7B\u641C\u7D22\u8DEF\u5F84>\n    --class-path <\u76EE\u5F55\u548C zip/jar \u6587\u4EF6\u7684\u7C7B\u641C\u7D22\u8DEF\u5F84>\n                  \u4F7F\u7528 {0} \u5206\u9694\u7684, \u7528\u4E8E\u641C\u7D22\u7C7B\u6587\u4EF6\u7684\u76EE\u5F55, JAR \u6863\u6848\n                  \u548C ZIP \u6863\u6848\u5217\u8868\u3002\n    -p <\u6A21\u5757\u8DEF\u5F84>\n    --module-path <\u6A21\u5757\u8DEF\u5F84>...\n                  \u7528 {0} \u5206\u9694\u7684\u76EE\u5F55\u5217\u8868, \u6BCF\u4E2A\u76EE\u5F55\n                  \u90FD\u662F\u4E00\u4E2A\u5305\u542B\u6A21\u5757\u7684\u76EE\u5F55\u3002\n    --upgrade-module-path <\u6A21\u5757\u8DEF\u5F84>...\n                  \u7528 {0} \u5206\u9694\u7684\u76EE\u5F55\u5217\u8868, \u6BCF\u4E2A\u76EE\u5F55\n                  \u90FD\u662F\u4E00\u4E2A\u5305\u542B\u6A21\u5757\u7684\u76EE\u5F55, \u8FD9\u4E9B\u6A21\u5757\n                  \u7528\u4E8E\u66FF\u6362\u8FD0\u884C\u65F6\u6620\u50CF\u4E2D\u7684\u53EF\u5347\u7EA7\u6A21\u5757\n    --add-modules <\u6A21\u5757\u540D\u79F0>[,<\u6A21\u5757\u540D\u79F0>...]\n                  \u9664\u4E86\u521D\u59CB\u6A21\u5757\u4E4B\u5916\u8981\u89E3\u6790\u7684\u6839\u6A21\u5757\u3002\n                  <\u6A21\u5757\u540D\u79F0> \u8FD8\u53EF\u4EE5\u4E3A ALL-DEFAULT, ALL-SYSTEM,\n                  ALL-MODULE-PATH.\n    --list-modules\n                  \u5217\u51FA\u53EF\u89C2\u5BDF\u6A21\u5757\u5E76\u9000\u51FA\n    -d \n    --describe-module <\u6A21\u5757\u540D\u79F0>\n                  \u63CF\u8FF0\u6A21\u5757\u5E76\u9000\u51FA\n    --dry-run     \u521B\u5EFA VM \u5E76\u52A0\u8F7D\u4E3B\u7C7B, \u4F46\u4E0D\u6267\u884C main \u65B9\u6CD5\u3002\n                  \u6B64 --dry-run \u9009\u9879\u5BF9\u4E8E\u9A8C\u8BC1\u8BF8\u5982\n                  \u6A21\u5757\u7CFB\u7EDF\u914D\u7F6E\u8FD9\u6837\u7684\u547D\u4EE4\u884C\u9009\u9879\u53EF\u80FD\u975E\u5E38\u6709\u7528\u3002\n    --validate-modules\n                  \u9A8C\u8BC1\u6240\u6709\u6A21\u5757\u5E76\u9000\u51FA\n                  --validate-modules \u9009\u9879\u5BF9\u4E8E\u67E5\u627E\n                  \u6A21\u5757\u8DEF\u5F84\u4E2D\u6A21\u5757\u7684\u51B2\u7A81\u53CA\u5176\u4ED6\u9519\u8BEF\u53EF\u80FD\u975E\u5E38\u6709\u7528\u3002\n    -D<\u540D\u79F0>=<\u503C>\n                  \u8BBE\u7F6E\u7CFB\u7EDF\u5C5E\u6027\n    -verbose:[class|module|gc|jni]\n                  \u542F\u7528\u8BE6\u7EC6\u8F93\u51FA\n    -version      \u5C06\u4EA7\u54C1\u7248\u672C\u8F93\u51FA\u5230\u9519\u8BEF\u6D41\u5E76\u9000\u51FA\n    --version     \u5C06\u4EA7\u54C1\u7248\u672C\u8F93\u51FA\u5230\u8F93\u51FA\u6D41\u5E76\u9000\u51FA\n    -showversion  \u5C06\u4EA7\u54C1\u7248\u672C\u8F93\u51FA\u5230\u9519\u8BEF\u6D41\u5E76\u7EE7\u7EED\n    --show-version\n                  \u5C06\u4EA7\u54C1\u7248\u672C\u8F93\u51FA\u5230\u8F93\u51FA\u6D41\u5E76\u7EE7\u7EED\n    --show-module-resolution\n                  \u5728\u542F\u52A8\u8FC7\u7A0B\u4E2D\u663E\u793A\u6A21\u5757\u89E3\u6790\u8F93\u51FA\n    -? -h -help\n                  \u5C06\u6B64\u5E2E\u52A9\u6D88\u606F\u8F93\u51FA\u5230\u9519\u8BEF\u6D41\n    --help        \u5C06\u6B64\u5E2E\u52A9\u6D88\u606F\u8F93\u51FA\u5230\u8F93\u51FA\u6D41\n    -X            \u5C06\u989D\u5916\u9009\u9879\u7684\u5E2E\u52A9\u8F93\u51FA\u5230\u9519\u8BEF\u6D41\n    --help-extra  \u5C06\u989D\u5916\u9009\u9879\u7684\u5E2E\u52A9\u8F93\u51FA\u5230\u8F93\u51FA\u6D41\n    -ea[:<\u7A0B\u5E8F\u5305\u540D\u79F0>...|:<\u7C7B\u540D>]\n    -enableassertions[:<\u7A0B\u5E8F\u5305\u540D\u79F0>...|:<\u7C7B\u540D>]\n                  \u6309\u6307\u5B9A\u7684\u7C92\u5EA6\u542F\u7528\u65AD\u8A00\n    -da[:<\u7A0B\u5E8F\u5305\u540D\u79F0>...|:<\u7C7B\u540D>]\n    -disableassertions[:<\u7A0B\u5E8F\u5305\u540D\u79F0>...|:<\u7C7B\u540D>]\n                  \u6309\u6307\u5B9A\u7684\u7C92\u5EA6\u7981\u7528\u65AD\u8A00\n    -esa \
+| -enablesystemassertions\n                  \u542F\u7528\u7CFB\u7EDF\u65AD\u8A00\n    -dsa | -disablesystemassertions\n                  \u7981\u7528\u7CFB\u7EDF\u65AD\u8A00\n    -agentlib:<\u5E93\u540D>[=<\u9009\u9879>]\n                  \u52A0\u8F7D\u672C\u673A\u4EE3\u7406\u5E93 <\u5E93\u540D>, \u4F8B\u5982 -agentlib:jdwp\n                  \u53E6\u8BF7\u53C2\u9605 -agentlib:jdwp=help\n    -agentpath:<\u8DEF\u5F84\u540D>[=<\u9009\u9879>]\n                  \u6309\u5B8C\u6574\u8DEF\u5F84\u540D\u52A0\u8F7D\u672C\u673A\u4EE3\u7406\u5E93\n    -javaagent:[=<\u9009\u9879>]\n                  \u52A0\u8F7D Java \u7F16\u7A0B\u8BED\u8A00\u4EE3\u7406, \u8BF7\u53C2\u9605 java.lang.instrument\n    -splash:<\u56FE\u50CF\u8DEF\u5F84>\n                  \u4F7F\u7528\u6307\u5B9A\u7684\u56FE\u50CF\u663E\u793A\u542F\u52A8\u5C4F\u5E55\n                  \u81EA\u52A8\u652F\u6301\u548C\u4F7F\u7528 HiDPI \u7F29\u653E\u56FE\u50CF\n                  (\u5982\u679C\u53EF\u7528)\u3002\u5E94\u59CB\u7EC8\u5C06\u672A\u7F29\u653E\u7684\u56FE\u50CF\u6587\u4EF6\u540D (\u4F8B\u5982, image.ext)\n                  \u4F5C\u4E3A\u53C2\u6570\u4F20\u9012\u7ED9 -splash \u9009\u9879\u3002\n                  \u5C06\u81EA\u52A8\u9009\u53D6\u63D0\u4F9B\u7684\u6700\u5408\u9002\u7684\u7F29\u653E\n                  \u56FE\u50CF\u3002\n                  \u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u53C2\u9605 SplashScreen API \u6587\u6863\n    @argument \u6587\u4EF6\n                  \u4E00\u4E2A\u6216\u591A\u4E2A\u5305\u542B\u9009\u9879\u7684\u53C2\u6570\u6587\u4EF6\n    -disable-@files\n                  \u963B\u6B62\u8FDB\u4E00\u6B65\u6269\u5C55\u53C2\u6570\u6587\u4EF6\n\u8981\u4E3A\u957F\u9009\u9879\u6307\u5B9A\u53C2\u6570, \u53EF\u4EE5\u4F7F\u7528 --<\u540D\u79F0>=<\u503C> \u6216\n--<\u540D\u79F0> <\u503C>\u3002\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           \u7981\u7528\u540E\u53F0\u7F16\u8BD1\n    -Xbootclasspath/a:<\u7528 {0} \u5206\u9694\u7684\u76EE\u5F55\u548C zip/jar \u6587\u4EF6>\n                      \u9644\u52A0\u5728\u5F15\u5BFC\u7C7B\u8DEF\u5F84\u672B\u5C3E\n    -Xcheck:jni       \u5BF9 JNI \u51FD\u6570\u6267\u884C\u5176\u4ED6\u68C0\u67E5\n    -Xcomp            \u5728\u9996\u6B21\u8C03\u7528\u65F6\u5F3A\u5236\u4F7F\u7528\u7684\u7F16\u8BD1\u65B9\u6CD5\n    -Xdebug           \u4E3A\u5B9E\u73B0\u5411\u540E\u517C\u5BB9\u800C\u63D0\u4F9B\n    -Xdiag            \u663E\u793A\u9644\u52A0\u8BCA\u65AD\u6D88\u606F\n    -Xfuture          \u542F\u7528\u6700\u4E25\u683C\u7684\u68C0\u67E5, \u9884\u671F\u5C06\u6765\u7684\u9ED8\u8BA4\u503C\n    -Xint             \u4EC5\u89E3\u91CA\u6A21\u5F0F\u6267\u884C\n    -Xinternalversion\n                      \u663E\u793A\u6BD4 -version \u9009\u9879\u66F4\u8BE6\u7EC6\u7684 JVM\n                      \u7248\u672C\u4FE1\u606F\n    -Xloggc:<\u6587\u4EF6>    \u5C06 GC \u72B6\u6001\u8BB0\u5F55\u5728\u6587\u4EF6\u4E2D (\u5E26\u65F6\u95F4\u6233)\n    -Xmixed           \u6DF7\u5408\u6A21\u5F0F\u6267\u884C (\u9ED8\u8BA4\u503C)\n    -Xmn<\u5927\u5C0F>        \u4E3A\u5E74\u8F7B\u4EE3 (\u65B0\u751F\u4EE3) \u8BBE\u7F6E\u521D\u59CB\u548C\u6700\u5927\u5806\u5927\u5C0F\n                      (\u4EE5\u5B57\u8282\u4E3A\u5355\u4F4D)\n    -Xms<\u5927\u5C0F>        \u8BBE\u7F6E\u521D\u59CB Java \u5806\u5927\u5C0F\n    -Xmx<\u5927\u5C0F>        \u8BBE\u7F6E\u6700\u5927 Java \u5806\u5927\u5C0F\n    -Xnoclassgc       \u7981\u7528\u7C7B\u5783\u573E\u6536\u96C6\n    -Xprof            \u8F93\u51FA cpu \u5206\u6790\u6570\u636E (\u5DF2\u8FC7\u65F6)\n    -Xrs              \u51CF\u5C11 Java/VM \u5BF9\u64CD\u4F5C\u7CFB\u7EDF\u4FE1\u53F7\u7684\u4F7F\u7528 (\u8BF7\u53C2\u9605\u6587\u6863)\n    -Xshare:auto      \u5728\u53EF\u80FD\u7684\u60C5\u51B5\u4E0B\u4F7F\u7528\u5171\u4EAB\u7C7B\u6570\u636E (\u9ED8\u8BA4\u503C)\n    -Xshare:off       \u4E0D\u5C1D\u8BD5\u4F7F\u7528\u5171\u4EAB\u7C7B\u6570\u636E\n    -Xshare:on        \u8981\u6C42\u4F7F\u7528\u5171\u4EAB\u7C7B\u6570\u636E, \u5426\u5219\u5C06\u5931\u8D25\u3002\n    -XshowSettings    \u663E\u793A\u6240\u6709\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -XshowSettings:all\n                      \u663E\u793A\u6240\u6709\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -XshowSettings:locale\n                      \u663E\u793A\u6240\u6709\u4E0E\u533A\u57DF\u8BBE\u7F6E\u76F8\u5173\u7684\u8BBE\u7F6E\u5E76\u7EE7\u7EEDe\n    -XshowSettings:properties\n                      \u663E\u793A\u6240\u6709\u5C5E\u6027\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -XshowSettings:vm \u663E\u793A\u6240\u6709\u4E0E vm \u76F8\u5173\u7684\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -Xss<\u5927\u5C0F>        \u8BBE\u7F6E Java \u7EBF\u7A0B\u5806\u6808\u5927\u5C0F\n    -Xverify          \u8BBE\u7F6E\u5B57\u8282\u7801\u9A8C\u8BC1\u5668\u7684\u6A21\u5F0F\n    --add-reads <\u6A21\u5757>=<\u76EE\u6807\u6A21\u5757>(,<\u76EE\u6807\u6A21\u5757>)*\n                      \u66F4\u65B0 <\u6A21\u5757> \u4EE5\u8BFB\u53D6 <\u76EE\u6807\u6A21\u5757>,\n                      \u800C\u65E0\u8BBA\u6A21\u5757\u58F0\u660E\u5982\u4F55\u3002\n                      <\u76EE\u6807\u6A21\u5757> \u53EF\u4EE5\u662F ALL-UNNAMED \u4EE5\u8BFB\u53D6\u6240\u6709\u672A\u547D\u540D\n                      \u6A21\u5757\u3002\n    --add-exports <\u6A21\u5757>/<\u7A0B\u5E8F\u5305>=<\u76EE\u6807\u6A21\u5757>(,<\u76EE\u6807\u6A21\u5757>)*\n                      \u66F4\u65B0 <\u6A21\u5757> \u4EE5\u5C06 <\u7A0B\u5E8F\u5305> \u5BFC\u51FA\u5230 <\u76EE\u6807\u6A21\u5757>,\n                      \u800C\u65E0\u8BBA\u6A21\u5757\u58F0\u660E\u5982\u4F55\u3002\n                      <\u76EE\u6807\u6A21\u5757> \u53EF\u4EE5\u662F ALL-UNNAMED \u4EE5\u5BFC\u51FA\u5230\u6240\u6709\n                      \u672A\u547D\u540D\u6A21\u5757\u3002\n    --add-opens <\u6A21\u5757>/<\u7A0B\u5E8F\u5305>=<\u76EE\u6807\u6A21\u5757>(,<\u76EE\u6807\u6A21\u5757>)*\n                      \u66F4\u65B0 <\u6A21\u5757> \
-\u4EE5\u5728 <\u76EE\u6807\u6A21\u5757> \u4E2D\n                      \u6253\u5F00 <\u7A0B\u5E8F\u5305>, \u800C\u65E0\u8BBA\u6A21\u5757\u58F0\u660E\u5982\u4F55\u3002\n    --limit-modules <\u6A21\u5757\u540D\u79F0>[,<\u6A21\u5757\u540D\u79F0>...]\n                      \u9650\u5236\u53EF\u89C2\u5BDF\u6A21\u5757\u7684\u9886\u57DF\n    --patch-module <\u6A21\u5757>=<\u6587\u4EF6>({0}<\u6587\u4EF6>)*\n                      \u4F7F\u7528 JAR \u6587\u4EF6\u6216\u76EE\u5F55\u4E2D\u7684\u7C7B\u548C\u8D44\u6E90\n                      \u8986\u76D6\u6216\u589E\u5F3A\u6A21\u5757\u3002\n    --disable-@files  \u7981\u6B62\u8FDB\u4E00\u6B65\u6269\u5C55\u53C2\u6570\u6587\u4EF6\n\n\u8FD9\u4E9B\u989D\u5916\u9009\u9879\u5982\u6709\u66F4\u6539, \u6055\u4E0D\u53E6\u884C\u901A\u77E5\u3002\n
+java.launcher.X.usage=\n    -Xbatch           \u7981\u7528\u540E\u53F0\u7F16\u8BD1\n    -Xbootclasspath/a:\n                      \u9644\u52A0\u5728\u5F15\u5BFC\u7C7B\u8DEF\u5F84\u672B\u5C3E\n    -Xcheck:jni       \u5BF9 JNI \u51FD\u6570\u6267\u884C\u5176\u4ED6\u68C0\u67E5\n    -Xcomp            \u5728\u9996\u6B21\u8C03\u7528\u65F6\u5F3A\u5236\u7F16\u8BD1\u65B9\u6CD5\n    -Xdebug           \u4E3A\u5B9E\u73B0\u5411\u540E\u517C\u5BB9\u800C\u63D0\u4F9B\n    -Xdiag            \u663E\u793A\u9644\u52A0\u8BCA\u65AD\u6D88\u606F\n    -Xfuture          \u542F\u7528\u6700\u4E25\u683C\u7684\u68C0\u67E5, \u9884\u671F\u5C06\u6765\u7684\u9ED8\u8BA4\u503C\n    -Xint             \u4EC5\u89E3\u91CA\u6A21\u5F0F\u6267\u884C\n    -Xinternalversion\n                      \u663E\u793A\u6BD4 -version \u9009\u9879\u66F4\u8BE6\u7EC6\u7684 JVM\n                      \u7248\u672C\u4FE1\u606F\n    -Xloggc:    \u5C06 GC \u72B6\u6001\u8BB0\u5F55\u5728\u6587\u4EF6\u4E2D (\u5E26\u65F6\u95F4\u6233)\n    -Xmixed           \u6DF7\u5408\u6A21\u5F0F\u6267\u884C (\u9ED8\u8BA4\u503C)\n    -Xmn        \u4E3A\u5E74\u8F7B\u4EE3 (\u65B0\u751F\u4EE3) \u8BBE\u7F6E\u521D\u59CB\u548C\u6700\u5927\u5806\u5927\u5C0F\n                      (\u4EE5\u5B57\u8282\u4E3A\u5355\u4F4D)\n    -Xms        \u8BBE\u7F6E\u521D\u59CB Java \u5806\u5927\u5C0F\n    -Xmx        \u8BBE\u7F6E\u6700\u5927 Java \u5806\u5927\u5C0F\n    -Xnoclassgc       \u7981\u7528\u7C7B\u5783\u573E\u6536\u96C6\n    -Xprof            \u8F93\u51FA cpu \u5206\u6790\u6570\u636E (\u5DF2\u8FC7\u65F6)\n    -Xrs              \u51CF\u5C11 Java/VM \u5BF9\u64CD\u4F5C\u7CFB\u7EDF\u4FE1\u53F7\u7684\u4F7F\u7528 (\u8BF7\u53C2\u9605\u6587\u6863)\n    -Xshare:auto      \u5728\u53EF\u80FD\u7684\u60C5\u51B5\u4E0B\u4F7F\u7528\u5171\u4EAB\u7C7B\u6570\u636E (\u9ED8\u8BA4\u503C)\n    -Xshare:off       \u4E0D\u5C1D\u8BD5\u4F7F\u7528\u5171\u4EAB\u7C7B\u6570\u636E\n    -Xshare:on        \u8981\u6C42\u4F7F\u7528\u5171\u4EAB\u7C7B\u6570\u636E, \u5426\u5219\u5C06\u5931\u8D25\u3002\n    -XshowSettings    \u663E\u793A\u6240\u6709\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -XshowSettings:all\n                      \u663E\u793A\u6240\u6709\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -XshowSettings:locale\n                      \u663E\u793A\u6240\u6709\u4E0E\u533A\u57DF\u8BBE\u7F6E\u76F8\u5173\u7684\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -XshowSettings:properties\n                      \u663E\u793A\u6240\u6709\u5C5E\u6027\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -XshowSettings:vm \u663E\u793A\u6240\u6709\u4E0E vm \u76F8\u5173\u7684\u8BBE\u7F6E\u5E76\u7EE7\u7EED\n    -Xss        \u8BBE\u7F6E Java \u7EBF\u7A0B\u5806\u6808\u5927\u5C0F\n    -Xverify          \u8BBE\u7F6E\u5B57\u8282\u7801\u9A8C\u8BC1\u5668\u7684\u6A21\u5F0F\n    --add-reads =(,)*\n                      \u66F4\u65B0  \u4EE5\u8BFB\u53D6 , \u800C\u65E0\u8BBA\n                      \u6A21\u5757\u58F0\u660E\u5982\u4F55\u3002\n                       \u53EF\u4EE5\u662F ALL-UNNAMED \u4EE5\u8BFB\u53D6\u6240\u6709\u672A\u547D\u540D\n                      \u6A21\u5757\u3002\n    --add-exports /=(,)*\n                      \u66F4\u65B0  \u4EE5\u5C06  \u5230\u5904\u5230 ,\n                      \u800C\u65E0\u8BBA\u6A21\u5757\u58F0\u660E\u5982\u4F55\u3002\n                       \u53EF\u4EE5\u662F ALL-UNNAMED \u4EE5\u5BFC\u51FA\u5230\u6240\u6709\n                      \u672A\u547D\u540D\u6A21\u5757\u3002\n    --add-opens /=(,)*\n                      \u66F4\u65B0  \u4EE5\u5728  \u4E2D\u6253\u5F00\n                      , \u800C\u65E0\u8BBA\u6A21\u5757\u58F0\u660E\u5982\u4F55\u3002\n    --illegal-access=\n                      \
+\u5141\u8BB8\u6216\u62D2\u7EDD\u901A\u8FC7\u672A\u547D\u540D\u6A21\u5757\u4E2D\u7684\u4EE3\u7801\u5BF9\u547D\u540D\u6A21\u5757\u4E2D\u7684\n                      \u7C7B\u578B\u6210\u5458\u8FDB\u884C\u8BBF\u95EE\u3002\n                       \u4E3A "deny", "permit", "warn" \u6216 "debug" \u4E4B\u4E00\n                      \u6B64\u9009\u9879\u5C06\u5728\u672A\u6765\u53D1\u884C\u7248\u4E2D\u5220\u9664\u3002\n    --limit-modules [,...]\n                      \u9650\u5236\u53EF\u89C2\u5BDF\u6A21\u5757\u7684\u9886\u57DF\n    --patch-module =({0})*\n                      \u4F7F\u7528 JAR \u6587\u4EF6\u6216\u76EE\u5F55\u4E2D\u7684\u7C7B\u548C\u8D44\u6E90\n                      \u8986\u76D6\u6216\u589E\u5F3A\u6A21\u5757\u3002\n    --disable-@files \u7981\u6B62\u8FDB\u4E00\u6B65\u6269\u5C55\u53C2\u6570\u6587\u4EF6\n\n\u8FD9\u4E9B\u989D\u5916\u9009\u9879\u5982\u6709\u66F4\u6539, \u6055\u4E0D\u53E6\u884C\u901A\u77E5\u3002\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\n\u4EE5\u4E0B\u9009\u9879\u4E3A Mac OS X \u7279\u5B9A\u7684\u9009\u9879:\n    -XstartOnFirstThread\n                      \u5728\u7B2C\u4E00\u4E2A (AppKit) \u7EBF\u7A0B\u4E0A\u8FD0\u884C main() \u65B9\u6CD5\n    -Xdock:name=<\u5E94\u7528\u7A0B\u5E8F\u540D\u79F0>\n                      \u8986\u76D6\u505C\u9760\u680F\u4E2D\u663E\u793A\u7684\u9ED8\u8BA4\u5E94\u7528\u7A0B\u5E8F\u540D\u79F0\n    -Xdock:icon=<\u56FE\u6807\u6587\u4EF6\u7684\u8DEF\u5F84>\n                      \u8986\u76D6\u505C\u9760\u680F\u4E2D\u663E\u793A\u7684\u9ED8\u8BA4\u56FE\u6807\n\n
@@ -47,6 +47,7 @@ java.launcher.cls.error3=\u9519\u8BEF: main \u65B9\u6CD5\u5FC5\u987B\u8FD4\u56DE
 java.launcher.cls.error4=\u9519\u8BEF: \u5728\u7C7B {0} \u4E2D\u627E\u4E0D\u5230 main \u65B9\u6CD5, \u8BF7\u5C06 main \u65B9\u6CD5\u5B9A\u4E49\u4E3A:\n   public static void main(String[] args)\n\u5426\u5219 JavaFX \u5E94\u7528\u7A0B\u5E8F\u7C7B\u5FC5\u987B\u6269\u5C55{1}
 java.launcher.cls.error5=\u9519\u8BEF: \u7F3A\u5C11 JavaFX \u8FD0\u884C\u65F6\u7EC4\u4EF6, \u9700\u8981\u4F7F\u7528\u8BE5\u7EC4\u4EF6\u6765\u8FD0\u884C\u6B64\u5E94\u7528\u7A0B\u5E8F
 java.launcher.cls.error6=\u9519\u8BEF: \u52A0\u8F7D\u4E3B\u7C7B {0} \u65F6\u51FA\u73B0 LinkageError\n\t{1}
+java.launcher.cls.error7=\u9519\u8BEF: \u65E0\u6CD5\u521D\u59CB\u5316\u4E3B\u7C7B {0}\n\u539F\u56E0: {1}: {2}
 java.launcher.jar.error1=\u9519\u8BEF: \u5C1D\u8BD5\u6253\u5F00\u6587\u4EF6{0}\u65F6\u51FA\u73B0\u610F\u5916\u9519\u8BEF
 java.launcher.jar.error2=\u5728{0}\u4E2D\u627E\u4E0D\u5230\u6E05\u5355
 java.launcher.jar.error3={0}\u4E2D\u6CA1\u6709\u4E3B\u6E05\u5355\u5C5E\u6027
@@ -55,5 +56,6 @@ java.launcher.init.error=\u521D\u59CB\u5316\u9519\u8BEF
 java.launcher.javafx.error1=\u9519\u8BEF: JavaFX launchApplication \u65B9\u6CD5\u5177\u6709\u9519\u8BEF\u7684\u7B7E\u540D, \u5FC5\u987B\n\u5C06\u65B9\u6CD5\u58F0\u660E\u4E3A\u9759\u6001\u65B9\u6CD5\u5E76\u8FD4\u56DE\u7A7A\u7C7B\u578B\u7684\u503C
 java.launcher.module.error1=\u6A21\u5757 {0} \u4E0D\u5177\u6709 MainClass \u5C5E\u6027, \u8BF7\u4F7F\u7528 -m /
 java.launcher.module.error2=\u9519\u8BEF: \u5728\u6A21\u5757 {1} \u4E2D\u627E\u4E0D\u5230\u6216\u65E0\u6CD5\u52A0\u8F7D\u4E3B\u7C7B {0}
-java.launcher.module.error3=\u9519\u8BEF: \u65E0\u6CD5\u4ECE\u6A21\u5757 {1} \u52A0\u8F7D\u4E3B\u7C7B {0}\n\t{2}
+java.launcher.module.error3=\u9519\u8BEF: \u65E0\u6CD5\u5C06\u4E3B\u7C7B {0} \u52A0\u8F7D\u5230\u6A21\u5757 {1} \u4E2D\n\t{2}
 java.launcher.module.error4=\u627E\u4E0D\u5230{0}
+java.launcher.module.error5=\u9519\u8BEF: \u65E0\u6CD5\u521D\u59CB\u5316\u6A21\u5757 {1} \u4E2D\u7684\u4E3B\u7C7B {0}\n\u539F\u56E0: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_zh_TW.properties b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_zh_TW.properties
index 5b9cafa63f..16de9973cd 100644
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_zh_TW.properties
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher_zh_TW.properties
@@ -31,12 +31,12 @@ java.launcher.opt.vmselect   =\    {0}\t  \u9078\u53D6 "{1}" VM\n
 java.launcher.opt.hotspot    =\    {0}\t  \u662F "{1}" VM \u7684\u540C\u7FA9\u5B57  [\u5DF2\u4E0D\u518D\u4F7F\u7528]\n
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.footer = \    -cp <\u76EE\u9304\u548C zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n    -classpath <\u76EE\u9304\u548C zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n    --class-path <\u76EE\u9304\u548C zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n                  \u4EE5 {0} \u5340\u9694\u7684\u76EE\u9304\u3001JAR \u5B58\u6A94\n                  \u4EE5\u53CA ZIP \u5B58\u6A94\u6E05\u55AE (\u5C07\u65BC\u5176\u4E2D\u641C\u5C0B\u985E\u5225\u6A94\u6848)\u3002\n    -p <\u6A21\u7D44\u8DEF\u5F91>\n    --module-path <\u6A21\u7D44\u8DEF\u5F91>...\n                  \u4EE5 {0} \u5340\u9694\u7684\u76EE\u9304\u6E05\u55AE\uFF0C\u6BCF\u500B\u76EE\u9304\n                  \u90FD\u662F\u4E00\u500B\u6A21\u7D44\u76EE\u9304\u3002\n    --upgrade-module-path <\u6A21\u7D44\u8DEF\u5F91>...\n                  \u4EE5 {0} \u5340\u9694\u7684\u76EE\u9304\u6E05\u55AE\uFF0C\u6BCF\u500B\u76EE\u9304\n                  \u90FD\u662F\u4E00\u500B\u6A21\u7D44\u76EE\u9304\uFF0C\u7576\u4E2D\u7684\u6A21\u7D44\u53EF\u53D6\u4EE3\u53EF\u5347\u7D1A\n                  \u6A21\u7D44 (\u5728\u7A0B\u5F0F\u5BE6\u969B\u57F7\u884C\u5F71\u50CF\u4E2D)\n    --add-modules [,...]\n                  \u9664\u4E86\u8D77\u59CB\u6A21\u7D44\u4E4B\u5916\uFF0C\u8981\u89E3\u6790\u7684\u6839\u6A21\u7D44\u3002\n                   \u4E5F\u53EF\u4EE5\u662F ALL-DEFAULT\u3001ALL-SYSTEM\u3001\n                  ALL-MODULE-PATH.\n    --list-modules\n                  \u5217\u51FA\u53EF\u76E3\u6E2C\u7684\u6A21\u7D44\u4E26\u7D50\u675F\n    --d <\u6A21\u7D44\u540D\u7A31>\n    --describe-module <\u6A21\u7D44\u540D\u7A31>\n                  \u63CF\u8FF0\u6A21\u7D44\u4E26\u7D50\u675F\n    --dry-run     \u5EFA\u7ACB VM \u4E26\u8F09\u5165\u4E3B\u8981\u985E\u5225\uFF0C\u4F46\u4E0D\u57F7\u884C\u4E3B\u8981\u65B9\u6CD5\u3002\n                  --dry-run \u9078\u9805\u9069\u5408\u7528\u5728\u9A57\u8B49\n                  \u50CF\u6A21\u7D44\u7CFB\u7D71\u7D44\u614B\u7684\u547D\u4EE4\u884C\u9078\u9805\u3002\n    --validate-modules\n                  \u9A57\u8B49\u6240\u6709\u6A21\u7D44\u4E26\u7D50\u675F\n                  --validate-modules \u9078\u9805\u9069\u5408\u7528\u5728\u5C0B\u627E\n                  \u6A21\u7D44\u8DEF\u5F91\u4E0A\u4E4B\u6A21\u7D44\u7684\u885D\u7A81\u548C\u5176\u4ED6\u932F\u8AA4\u3002\n    -D=\n                  \u8A2D\u5B9A\u7CFB\u7D71\u7279\u6027\n    -verbose:[class|module|gc|jni]\n                  \u555F\u7528\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA\n    -version      \u5728\u932F\u8AA4\u4E32\u6D41\u5370\u51FA\u7522\u54C1\u7248\u672C\u4E26\u7D50\u675F\n    --version      \u5728\u8F38\u51FA\u4E32\u6D41\u5370\u51FA\u7522\u54C1\u7248\u672C\u4E26\u7D50\u675F\n    -showversion  \u5728\u932F\u8AA4\u4E32\u6D41\u5370\u51FA\u7522\u54C1\u7248\u672C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    --show-version\n                  \u5728\u8F38\u51FA\u4E32\u6D41\u5370\u51FA\u7522\u54C1\u7248\u672C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    --show-module-resolution\n                  \u5728\u555F\u52D5\u6642\u986F\u793A\u6A21\u7D44\u89E3\u6790\u8F38\u51FA\n    -? -h -help\n                  \u5728\u932F\u8AA4\u4E32\u6D41\u5370\u51FA\u6B64\u8AAA\u660E\u8A0A\u606F\n    --help        \u5728\u8F38\u51FA\u4E32\u6D41\u5370\u51FA\u6B64\u8AAA\u660E\u8A0A\u606F\n    -X            \u5728\u932F\u8AA4\u4E32\u6D41\u5370\u51FA\u984D\u5916\u9078\u9805\u7684\u8AAA\u660E\n    --help-extra  \u5728\u8F38\u51FA\u4E32\u6D41\u5370\u51FA\u984D\u5916\u9078\u9805\u7684\u8AAA\u660E\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  \u555F\u7528\u6307\u5B9A\u4E4B\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  \u505C\u7528\u6307\u5B9A\u4E4B\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n    -esa | -enablesystemassertions\n               \
-   \u555F\u7528\u7CFB\u7D71\u5BA3\u544A\n    -dsa | -disablesystemassertions\n                  \u505C\u7528\u7CFB\u7D71\u5BA3\u544A\n    -agentlib:[=]\n                  \u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB \uFF0C\u4F8B\u5982 -agentlib:jdwp\n                  \u53E6\u8ACB\u53C3\u95B1 -agentlib:jdwp=help\n    -agentpath:[=]\n                  \u4F9D\u5B8C\u6574\u8DEF\u5F91\u540D\u7A31\u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB\n    -javaagent:[=]\n                  \u8F09\u5165 Java \u7A0B\u5F0F\u8A9E\u8A00\u4EE3\u7406\u7A0B\u5F0F\uFF0C\u8ACB\u53C3\u95B1 java.lang.instrument\n    -splash:\n                  \u986F\u793A\u542B\u6307\u5B9A\u5F71\u50CF\u7684\u8EDF\u9AD4\u8CC7\u8A0A\u756B\u9762\n                  \u7CFB\u7D71\u6703\u81EA\u52D5\u652F\u63F4\u4E26\u4F7F\u7528 HiDPI \u7E2E\u653E\u7684\u5F71\u50CF\n                  (\u82E5\u6709\u7684\u8A71)\u3002\u672A\u7E2E\u653E\u5F71\u50CF\u6A94\u6848\u540D\u7A31 (\u4F8B\u5982 image.ext)\n                  \u61C9\u4E00\u5F8B\u4EE5\u5F15\u6578\u7684\u5F62\u5F0F\u50B3\u9001\u7D66 -splash \u9078\u9805\u3002\n                  \u7CFB\u7D71\u5C07\u6703\u81EA\u52D5\u9078\u64C7\u4F7F\u7528\u6700\u9069\u5408\u7684\u7E2E\u653E\u5F71\u50CF\n                  \u3002\n                  \u8ACB\u53C3\u95B1 SplashScreen API \u6587\u4EF6\u77AD\u89E3\u8A73\u7D30\u8CC7\u8A0A\u3002\n    @argument files\n                  \u4E00\u6216\u591A\u500B\u5305\u542B\u9078\u9805\u7684\u5F15\u6578\u6A94\u6848\n    -disable-@files\n                  \u505C\u7528\u9032\u4E00\u6B65\u7684\u5F15\u6578\u6A94\u6848\u64F4\u5145\n\u82E5\u8981\u6307\u5B9A\u9577\u9078\u9805\u7684\u5F15\u6578\uFF0C\u53EF\u4EE5\u4F7F\u7528 --= \u6216\n-- \u3002\n
+java.launcher.opt.footer = \    -cp <\u76EE\u9304\u548C zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n    -classpath <\u76EE\u9304\u548C zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n    --class-path <\u76EE\u9304\u548C zip/jar \u6A94\u6848\u7684\u985E\u5225\u641C\u5C0B\u8DEF\u5F91>\n                  \u4EE5 {0} \u5340\u9694\u7684\u76EE\u9304\u3001JAR \u5B58\u6A94\n                  \u4EE5\u53CA ZIP \u5B58\u6A94\u6E05\u55AE (\u5C07\u65BC\u5176\u4E2D\u641C\u5C0B\u985E\u5225\u6A94\u6848)\u3002\n    -p <\u6A21\u7D44\u8DEF\u5F91>\n    --module-path <\u6A21\u7D44\u8DEF\u5F91>...\n                  \u4EE5 {0} \u5340\u9694\u7684\u76EE\u9304\u6E05\u55AE\uFF0C\u6BCF\u500B\u76EE\u9304\n                  \u90FD\u662F\u4E00\u500B\u6A21\u7D44\u76EE\u9304\u3002\n    --upgrade-module-path <\u6A21\u7D44\u8DEF\u5F91>...\n                  \u4EE5 {0} \u5340\u9694\u7684\u76EE\u9304\u6E05\u55AE\uFF0C\u6BCF\u500B\u76EE\u9304\n                  \u90FD\u662F\u4E00\u500B\u6A21\u7D44\u76EE\u9304\uFF0C\u7576\u4E2D\u7684\u6A21\u7D44\u53EF\u53D6\u4EE3\u53EF\u5347\u7D1A\n                  \u6A21\u7D44 (\u5728\u7A0B\u5F0F\u5BE6\u969B\u57F7\u884C\u5F71\u50CF\u4E2D)\n    --add-modules [,...]\n                  \u9664\u4E86\u8D77\u59CB\u6A21\u7D44\u4E4B\u5916\uFF0C\u8981\u89E3\u6790\u7684\u6839\u6A21\u7D44\u3002\n                   \u4E5F\u53EF\u4EE5\u662F ALL-DEFAULT\u3001ALL-SYSTEM\u3001\n                  ALL-MODULE-PATH.\n    --list-modules\n                  \u5217\u51FA\u53EF\u76E3\u6E2C\u7684\u6A21\u7D44\u4E26\u7D50\u675F\n    -d <\u6A21\u7D44\u540D\u7A31>\n    --describe-module <\u6A21\u7D44\u540D\u7A31>\n                  \u63CF\u8FF0\u6A21\u7D44\u4E26\u7D50\u675F\n    --dry-run     \u5EFA\u7ACB VM \u4E26\u8F09\u5165\u4E3B\u8981\u985E\u5225\uFF0C\u4F46\u4E0D\u57F7\u884C\u4E3B\u8981\u65B9\u6CD5\u3002\n                  --dry-run \u9078\u9805\u9069\u5408\u7528\u5728\u9A57\u8B49\n                  \u50CF\u6A21\u7D44\u7CFB\u7D71\u7D44\u614B\u7684\u547D\u4EE4\u884C\u9078\u9805\u3002\n    --validate-modules\n                  \u9A57\u8B49\u6240\u6709\u6A21\u7D44\u4E26\u7D50\u675F\n                  --validate-modules \u9078\u9805\u9069\u5408\u7528\u5728\u5C0B\u627E\n                  \u6A21\u7D44\u8DEF\u5F91\u4E0A\u4E4B\u6A21\u7D44\u7684\u885D\u7A81\u548C\u5176\u4ED6\u932F\u8AA4\u3002\n    -D=\n                  \u8A2D\u5B9A\u7CFB\u7D71\u7279\u6027\n    -verbose:[class|module|gc|jni]\n                  \u555F\u7528\u8A73\u7D30\u8CC7\u8A0A\u8F38\u51FA\n    -version      \u5728\u932F\u8AA4\u4E32\u6D41\u5370\u51FA\u7522\u54C1\u7248\u672C\u4E26\u7D50\u675F\n    --version      \u5728\u8F38\u51FA\u4E32\u6D41\u5370\u51FA\u7522\u54C1\u7248\u672C\u4E26\u7D50\u675F\n    -showversion  \u5728\u932F\u8AA4\u4E32\u6D41\u5370\u51FA\u7522\u54C1\u7248\u672C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    --show-version\n                  \u5728\u8F38\u51FA\u4E32\u6D41\u5370\u51FA\u7522\u54C1\u7248\u672C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    --show-module-resolution\n                  \u5728\u555F\u52D5\u6642\u986F\u793A\u6A21\u7D44\u89E3\u6790\u8F38\u51FA\n    -? -h -help\n                  \u5728\u932F\u8AA4\u4E32\u6D41\u5370\u51FA\u6B64\u8AAA\u660E\u8A0A\u606F\n    --help        \u5728\u8F38\u51FA\u4E32\u6D41\u5370\u51FA\u6B64\u8AAA\u660E\u8A0A\u606F\n    -X            \u5728\u932F\u8AA4\u4E32\u6D41\u5370\u51FA\u984D\u5916\u9078\u9805\u7684\u8AAA\u660E\n    --help-extra  \u5728\u8F38\u51FA\u4E32\u6D41\u5370\u51FA\u984D\u5916\u9078\u9805\u7684\u8AAA\u660E\n    -ea[:...|:]\n    -enableassertions[:...|:]\n                  \u555F\u7528\u6307\u5B9A\u4E4B\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n    -da[:...|:]\n    -disableassertions[:...|:]\n                  \u505C\u7528\u6307\u5B9A\u4E4B\u8A73\u7D30\u7A0B\u5EA6\u7684\u5BA3\u544A\n    -esa | -enablesystemassertions\n                \
+  \u555F\u7528\u7CFB\u7D71\u5BA3\u544A\n    -dsa | -disablesystemassertions\n                  \u505C\u7528\u7CFB\u7D71\u5BA3\u544A\n    -agentlib:[=]\n                  \u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB \uFF0C\u4F8B\u5982 -agentlib:jdwp\n                  \u53E6\u8ACB\u53C3\u95B1 -agentlib:jdwp=help\n    -agentpath:[=]\n                  \u4F9D\u5B8C\u6574\u8DEF\u5F91\u540D\u7A31\u8F09\u5165\u539F\u751F\u4EE3\u7406\u7A0B\u5F0F\u7A0B\u5F0F\u5EAB\n    -javaagent:[=]\n                  \u8F09\u5165 Java \u7A0B\u5F0F\u8A9E\u8A00\u4EE3\u7406\u7A0B\u5F0F\uFF0C\u8ACB\u53C3\u95B1 java.lang.instrument\n    -splash:\n                  \u986F\u793A\u542B\u6307\u5B9A\u5F71\u50CF\u7684\u8EDF\u9AD4\u8CC7\u8A0A\u756B\u9762\n                  \u7CFB\u7D71\u6703\u81EA\u52D5\u652F\u63F4\u4E26\u4F7F\u7528 HiDPI \u7E2E\u653E\u7684\u5F71\u50CF\n                  (\u82E5\u6709\u7684\u8A71)\u3002\u672A\u7E2E\u653E\u5F71\u50CF\u6A94\u6848\u540D\u7A31 (\u4F8B\u5982 image.ext)\n                  \u61C9\u4E00\u5F8B\u4EE5\u5F15\u6578\u7684\u5F62\u5F0F\u50B3\u9001\u7D66 -splash \u9078\u9805\u3002\n                  \u7CFB\u7D71\u5C07\u6703\u81EA\u52D5\u9078\u64C7\u4F7F\u7528\u6700\u9069\u5408\u7684\u7E2E\u653E\u5F71\u50CF\n                  \u3002\n                  \u8ACB\u53C3\u95B1 SplashScreen API \u6587\u4EF6\u77AD\u89E3\u8A73\u7D30\u8CC7\u8A0A\u3002\n    @argument files\n                  \u4E00\u6216\u591A\u500B\u5305\u542B\u9078\u9805\u7684\u5F15\u6578\u6A94\u6848\n    -disable-@files\n                  \u505C\u7528\u9032\u4E00\u6B65\u7684\u5F15\u6578\u6A94\u6848\u64F4\u5145\n\u82E5\u8981\u6307\u5B9A\u9577\u9078\u9805\u7684\u5F15\u6578\uFF0C\u53EF\u4EE5\u4F7F\u7528 --= \u6216\n-- \u3002\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.usage=\n    -Xbatch           \u505C\u7528\u80CC\u666F\u7DE8\u8B6F\n    -Xbootclasspath/a:<\u4EE5 {0} \u5340\u9694\u7684\u76EE\u9304\u548C zip/jar \u6A94\u6848>\n                      \u9644\u52A0\u81F3\u555F\u52D5\u5B89\u88DD\u985E\u5225\u8DEF\u5F91\u7684\u7D50\u5C3E\n    -Xcheck:jni       \u57F7\u884C\u984D\u5916\u7684 JNI \u51FD\u6578\u6AA2\u67E5\n    -Xcomp            \u5F37\u5236\u7DE8\u8B6F\u7B2C\u4E00\u500B\u547C\u53EB\u7684\u65B9\u6CD5\n    -Xdebug           \u91DD\u5C0D\u56DE\u6EAF\u76F8\u5BB9\u6027\u63D0\u4F9B\n    -Xdiag            \u986F\u793A\u984D\u5916\u7684\u8A3A\u65B7\u8A0A\u606F\n    -Xfuture          \u555F\u7528\u6700\u56B4\u683C\u7684\u6AA2\u67E5\uFF0C\u9810\u5148\u4F5C\u70BA\u5C07\u4F86\u7684\u9810\u8A2D\n    -Xint             \u50C5\u9650\u89E3\u8B6F\u6A21\u5F0F\u57F7\u884C\n    -Xinternalversion\n                      \u986F\u793A\u6BD4 -version \u9078\u9805\u66F4\u70BA\u8A73\u7D30\u7684\n                      JVM \u7248\u672C\u8CC7\u8A0A\n    -Xloggc:    \u5C07 GC \u72C0\u614B\u8A18\u9304\u81F3\u6A94\u6848\u4E14\u9023\u540C\u6642\u6233\n    -Xmixed           \u6DF7\u5408\u6A21\u5F0F\u57F7\u884C (\u9810\u8A2D)\n    -Xmn        \u8A2D\u5B9A\u65B0\u751F\u4EE3 (\u990A\u6210\u5340) \u4E4B\u5806\u96C6\u7684\u8D77\u59CB\u5927\u5C0F\u548C\n                      \u5927\u5C0F\u4E0A\u9650 (\u4F4D\u5143\u7D44)\n    -Xms        \u8A2D\u5B9A\u8D77\u59CB Java \u5806\u96C6\u5927\u5C0F\n    -Xmx        \u8A2D\u5B9A Java \u5806\u96C6\u5927\u5C0F\u4E0A\u9650\n    -Xnoclassgc       \u505C\u7528\u985E\u5225\u8CC7\u6E90\u56DE\u6536\n    -Xprof            \u8F38\u51FA cpu \u5206\u6790\u8CC7\u6599 (\u5DF2\u4E0D\u518D\u4F7F\u7528)\n    -Xrs              \u6E1B\u5C11 Java/VM \u4F7F\u7528\u7684\u4F5C\u696D\u7CFB\u7D71\u4FE1\u865F (\u8ACB\u53C3\u95B1\u6587\u4EF6)\n    -Xshare:auto      \u5728\u53EF\u80FD\u7684\u60C5\u6CC1\u4E0B\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599 (\u9810\u8A2D)\n    -Xshare:off       \u4E0D\u5617\u8A66\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599\n    -Xshare:on        \u9700\u8981\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599\uFF0C\u5426\u5247\u6703\u5931\u6557\u3002\n    -XshowSettings    \u986F\u793A\u6240\u6709\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -XshowSettings:all\n                      \u986F\u793A\u6240\u6709\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -XshowSettings:locale\n                      \u986F\u793A\u6240\u6709\u5730\u5340\u8A2D\u5B9A\u76F8\u95DC\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -XshowSettings:properties\n                      \u986F\u793A\u6240\u6709\u5C6C\u6027\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -XshowSettings:vm \u986F\u793A\u6240\u6709 VM \u76F8\u95DC\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -Xss        \u8A2D\u5B9A Java \u57F7\u884C\u7DD2\u5806\u758A\u5927\u5C0F\n    -Xverify          \u8A2D\u5B9A Bytecode \u9A57\u8B49\u7A0B\u5F0F\u7684\u6A21\u5F0F\n    --add-reads =(,)*\n                      \u66F4\u65B0  \u4EE5\u8B80\u53D6 \uFF0C\u4E0D\u8AD6\n                      \u6A21\u7D44\u5BA3\u544A\u70BA\u4F55\u3002\n                      \u53EF\u5C07  \u8A2D\u70BA ALL-UNNAMED \u4EE5\u8B80\u53D6\u6240\u6709\u672A\u547D\u540D\u7684\n                      \u6A21\u7D44\u3002\n    --add-exports /=(,)*\n                      \u66F4\u65B0  \u4EE5\u4FBF\u5C07  \u532F\u51FA\u81F3 \uFF0C\n                      \u4E0D\u8AD6\u6A21\u7D44\u5BA3\u544A\u70BA\u4F55\u3002\n                      \u53EF\u5C07  \u8A2D\u70BA ALL-UNNAMED \u4EE5\u532F\u51FA\u81F3\u6240\u6709\n                      \u672A\u547D\u540D\u7684\u6A21\u7D44\u3002\n    --add-opens /=(,)*\n                      \u66F4\u65B0  \
-\u4EE5\u4FBF\u5C07  \u958B\u555F\u81F3\n                      \uFF0C\u4E0D\u8AD6\u6A21\u7D44\u5BA3\u544A\u70BA\u4F55\u3002\n    --limit-modules [,...]\n                      \u9650\u5236\u53EF\u76E3\u6E2C\u6A21\u7D44\u7684\u7BC4\u570D\n    --patch-module =({0})*\n                      \u8986\u5BEB\u6216\u52A0\u5F37\u542B\u6709 JAR \u6A94\u6848\u6216\u76EE\u9304\u4E2D\n                      \u985E\u5225\u548C\u8CC7\u6E90\u7684\u6A21\u7D44\u3002\n    --disable-@files  \u505C\u7528\u9032\u4E00\u6B65\u7684\u5F15\u6578\u6A94\u6848\u64F4\u5145\n\n\u4E0A\u8FF0\u7684\u984D\u5916\u9078\u9805\u82E5\u6709\u8B8A\u66F4\u4E0D\u53E6\u884C\u901A\u77E5\u3002\n
+java.launcher.X.usage=\n    -Xbatch           \u505C\u7528\u80CC\u666F\u7DE8\u8B6F\n    -Xbootclasspath/a:<\u4EE5 {0} \u5340\u9694\u7684\u76EE\u9304\u548C zip/jar \u6A94\u6848>\n                      \u9644\u52A0\u81F3\u555F\u52D5\u5B89\u88DD\u985E\u5225\u8DEF\u5F91\u7684\u7D50\u5C3E\n    -Xcheck:jni       \u57F7\u884C\u984D\u5916\u7684 JNI \u51FD\u6578\u6AA2\u67E5\n    -Xcomp            \u5F37\u5236\u7DE8\u8B6F\u7B2C\u4E00\u500B\u547C\u53EB\u7684\u65B9\u6CD5\n    -Xdebug           \u91DD\u5C0D\u56DE\u6EAF\u76F8\u5BB9\u6027\u63D0\u4F9B\n    -Xdiag            \u986F\u793A\u984D\u5916\u7684\u8A3A\u65B7\u8A0A\u606F\n    -Xfuture          \u555F\u7528\u6700\u56B4\u683C\u7684\u6AA2\u67E5\uFF0C\u9810\u5148\u4F5C\u70BA\u5C07\u4F86\u7684\u9810\u8A2D\n    -Xint             \u50C5\u9650\u89E3\u8B6F\u6A21\u5F0F\u57F7\u884C\n    -Xinternalversion\n                      \u986F\u793A\u6BD4 -version \u9078\u9805\u66F4\u70BA\u8A73\u7D30\u7684\n                      JVM \u7248\u672C\u8CC7\u8A0A\n    -Xloggc:    \u9023\u540C\u6642\u6233\u5C07 GC \u72C0\u614B\u8A18\u9304\u81F3\u6A94\u6848\n    -Xmixed           \u6DF7\u5408\u6A21\u5F0F\u57F7\u884C (\u9810\u8A2D)\n    -Xmn        \u8A2D\u5B9A\u65B0\u751F\u4EE3 (\u990A\u6210\u5340) \u4E4B\u5806\u96C6\u7684\u8D77\u59CB\u5927\u5C0F\u548C\n                      \u5927\u5C0F\u4E0A\u9650 (\u4F4D\u5143\u7D44)\n    -Xms        \u8A2D\u5B9A\u8D77\u59CB Java \u5806\u96C6\u5927\u5C0F\n    -Xmx        \u8A2D\u5B9A Java \u5806\u96C6\u5927\u5C0F\u4E0A\u9650\n    -Xnoclassgc       \u505C\u7528\u985E\u5225\u8CC7\u6E90\u56DE\u6536\n    -Xprof            \u8F38\u51FA cpu \u5206\u6790\u8CC7\u6599 (\u5DF2\u4E0D\u518D\u4F7F\u7528)\n    -Xrs              \u6E1B\u5C11 Java/VM \u4F7F\u7528\u7684\u4F5C\u696D\u7CFB\u7D71\u4FE1\u865F (\u8ACB\u53C3\u95B1\u6587\u4EF6)\n    -Xshare:auto      \u5728\u53EF\u80FD\u7684\u60C5\u6CC1\u4E0B\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599 (\u9810\u8A2D)\n    -Xshare:off       \u4E0D\u5617\u8A66\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599\n    -Xshare:on        \u9700\u8981\u4F7F\u7528\u5171\u7528\u985E\u5225\u8CC7\u6599\uFF0C\u5426\u5247\u6703\u5931\u6557\u3002\n    -XshowSettings    \u986F\u793A\u6240\u6709\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -XshowSettings:all\n                      \u986F\u793A\u6240\u6709\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -XshowSettings:locale\n                      \u986F\u793A\u6240\u6709\u5730\u5340\u8A2D\u5B9A\u76F8\u95DC\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -XshowSettings:properties\n                      \u986F\u793A\u6240\u6709\u5C6C\u6027\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -XshowSettings:vm \u986F\u793A\u6240\u6709 VM \u76F8\u95DC\u8A2D\u5B9A\u503C\u4E26\u7E7C\u7E8C\u9032\u884C\u4F5C\u696D\n    -Xss        \u8A2D\u5B9A Java \u57F7\u884C\u7DD2\u5806\u758A\u5927\u5C0F\n    -Xverify          \u8A2D\u5B9A Bytecode \u9A57\u8B49\u7A0B\u5F0F\u7684\u6A21\u5F0F\n    --add-reads =(,)*\n                      \u66F4\u65B0  \u4EE5\u8B80\u53D6 \uFF0C\u4E0D\u8AD6\n                      \u6A21\u7D44\u5BA3\u544A\u70BA\u4F55\u3002\n                      \u53EF\u5C07  \u8A2D\u70BA ALL-UNNAMED \u4EE5\u8B80\u53D6\u6240\u6709\u672A\u547D\u540D\u7684\n                      \u6A21\u7D44\u3002\n    --add-exports /=(,)*\n                      \u66F4\u65B0  \u4EE5\u4FBF\u5C07  \u532F\u51FA\u81F3 \uFF0C\n                      \u4E0D\u8AD6\u6A21\u7D44\u5BA3\u544A\u70BA\u4F55\u3002\n                      \u53EF\u5C07  \u8A2D\u70BA ALL-UNNAMED \u4EE5\u532F\u51FA\u81F3\u6240\u6709\n                      \u672A\u547D\u540D\u7684\u6A21\u7D44\u3002\n    --add-opens /=(,)*\n                      \u66F4\u65B0  \
+\u4EE5\u4FBF\u5C07  \u958B\u555F\u81F3\n                      \uFF0C\u4E0D\u8AD6\u6A21\u7D44\u5BA3\u544A\u70BA\u4F55\u3002\n    --illegal-access=\n                      \u5141\u8A31\u6216\u62D2\u7D55\u672A\u547D\u540D\u6A21\u7D44\u4E2D\u7684\u7A0B\u5F0F\u78BC\u5C0D\u5DF2\u547D\u540D\u6A21\u7D44\u4E2D\u7684\n                      \u985E\u578B\u6210\u54E1\u9032\u884C\u5B58\u53D6\u3002\n                       \u70BA "deny"\u3001"permit"\u3001"warn" \u6216 "debug" \u5176\u4E2D\u4E4B\u4E00\n                      \u6B64\u9078\u9805\u5C07\u5728\u672A\u4F86\u7248\u672C\u4E2D\u79FB\u9664\u3002\n    --limit-modules [,...]\n                      \u9650\u5236\u53EF\u76E3\u6E2C\u6A21\u7D44\u7684\u7BC4\u570D\n    --patch-module =({0})*\n                      \u8986\u5BEB\u6216\u52A0\u5F37\u542B\u6709 JAR \u6A94\u6848\u6216\u76EE\u9304\u4E2D\n                      \u985E\u5225\u548C\u8CC7\u6E90\u7684\u6A21\u7D44\u3002\n    --disable-@files  \u505C\u7528\u9032\u4E00\u6B65\u7684\u5F15\u6578\u6A94\u6848\u64F4\u5145\n\n\u4E0A\u8FF0\u7684\u984D\u5916\u9078\u9805\u82E5\u6709\u8B8A\u66F4\u4E0D\u53E6\u884C\u901A\u77E5\u3002\n
 
 # Translators please note do not translate the options themselves
 java.launcher.X.macosx.usage=\n\u4E0B\u5217\u662F Mac OS X \u7279\u5B9A\u9078\u9805:\n    -XstartOnFirstThread\n                      \u5728\u7B2C\u4E00\u500B (AppKit) \u57F7\u884C\u7DD2\u57F7\u884C main() \u65B9\u6CD5\n    -Xdock:name=\n                      \u8986\u5BEB\u7D50\u5408\u8AAA\u660E\u756B\u9762\u4E2D\u986F\u793A\u7684\u9810\u8A2D\u61C9\u7528\u7A0B\u5F0F\u540D\u7A31\n    -Xdock:icon=\n                      \u8986\u5BEB\u7D50\u5408\u8AAA\u660E\u756B\u9762\u4E2D\u986F\u793A\u7684\u9810\u8A2D\u5716\u793A\n\n
@@ -47,6 +47,7 @@ java.launcher.cls.error3=\u932F\u8AA4: \u4E3B\u8981\u65B9\u6CD5\u5FC5\u9808\u50B
 java.launcher.cls.error4=\u932F\u8AA4: \u5728\u985E\u5225 {0} \u4E2D\u627E\u4E0D\u5230\u4E3B\u8981\u65B9\u6CD5\uFF0C\u8ACB\u5B9A\u7FA9\u4E3B\u8981\u65B9\u6CD5\u70BA:\n   public static void main(String[] args)\n\u6216\u8005 JavaFX \u61C9\u7528\u7A0B\u5F0F\u985E\u5225\u5FC5\u9808\u64F4\u5145 {1}
 java.launcher.cls.error5=\u932F\u8AA4: \u907A\u6F0F\u57F7\u884C\u6B64\u61C9\u7528\u7A0B\u5F0F\u6240\u9700\u7684 JavaFX \u7A0B\u5F0F\u5BE6\u969B\u57F7\u884C\u5143\u4EF6
 java.launcher.cls.error6=\u932F\u8AA4: \u8F09\u5165\u4E3B\u8981\u985E\u5225 {0} \u6642\u767C\u751F LinkageError\n\t{1}
+java.launcher.cls.error7=\u932F\u8AA4: \u7121\u6CD5\u8D77\u59CB\u4E3B\u8981\u985E\u5225 {0}\n\u539F\u56E0: {1}: {2}
 java.launcher.jar.error1=\u932F\u8AA4: \u5617\u8A66\u958B\u555F\u6A94\u6848 {0} \u6642\u767C\u751F\u672A\u9810\u671F\u7684\u932F\u8AA4
 java.launcher.jar.error2=\u5728 {0} \u4E2D\u627E\u4E0D\u5230\u8CC7\u8A0A\u6E05\u55AE
 java.launcher.jar.error3={0} \u4E2D\u6C92\u6709\u4E3B\u8981\u8CC7\u8A0A\u6E05\u55AE\u5C6C\u6027
@@ -55,5 +56,6 @@ java.launcher.init.error=\u521D\u59CB\u5316\u932F\u8AA4
 java.launcher.javafx.error1=\u932F\u8AA4: JavaFX launchApplication \u65B9\u6CD5\u7684\u7C3D\u7AE0\u932F\u8AA4\uFF0C\u5B83\n\u5FC5\u9808\u5BA3\u544A\u70BA\u975C\u614B\u4E26\u50B3\u56DE void \u985E\u578B\u7684\u503C
 java.launcher.module.error1=\u6A21\u7D44 {0} \u4E0D\u542B MainClass \u5C6C\u6027\uFF0C\u8ACB\u4F7F\u7528 -m /
 java.launcher.module.error2=\u932F\u8AA4: \u627E\u4E0D\u5230\u6216\u7121\u6CD5\u8F09\u5165\u6A21\u7D44 {1} \u4E2D\u7684\u4E3B\u8981\u985E\u5225 {0}
-java.launcher.module.error3=\u932F\u8AA4: \u7121\u6CD5\u5F9E\u6A21\u7D44 {1} \u8F09\u5165\u4E3B\u8981\u985E\u5225 {0}\n\t{2}
+java.launcher.module.error3=\u932F\u8AA4: \u7121\u6CD5\u8F09\u5165\u6A21\u7D44 {1} \u4E2D\u7684\u4E3B\u8981\u985E\u5225 {0}\n\t{2}
 java.launcher.module.error4=\u627E\u4E0D\u5230 {0}
+java.launcher.module.error5=\u932F\u8AA4: \u7121\u6CD5\u8D77\u59CB\u6A21\u7D44 {1} \u4E2D\u7684\u4E3B\u8981\u985E\u5225 {0}\n\u539F\u56E0: {1}: {2}
diff --git a/jdk/src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java b/jdk/src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java
index 7180884ec6..21994bde72 100644
--- a/jdk/src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java
+++ b/jdk/src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java
@@ -115,8 +115,8 @@ public class FtpClient extends sun.net.ftp.FtpClient {
                 new PrivilegedAction() {
 
                     public Object run() {
-                        vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 0).intValue();
-                        vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0).intValue();
+                        vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 300_000).intValue();
+                        vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 300_000).intValue();
                         encs[0] = System.getProperty("file.encoding", "ISO8859_1");
                         return null;
                     }
diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
index 5e23b043a6..17e158541c 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
@@ -843,18 +843,36 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
         this(u, null, handler);
     }
 
-    public HttpURLConnection(URL u, String host, int port) {
-        this(u, new Proxy(Proxy.Type.HTTP, InetSocketAddress.createUnresolved(host, port)));
+    private static String checkHost(String h) throws IOException {
+        if (h != null) {
+            if (h.indexOf('\n') > -1) {
+                throw new MalformedURLException("Illegal character in host");
+            }
+        }
+        return h;
+    }
+    public HttpURLConnection(URL u, String host, int port) throws IOException {
+        this(u, new Proxy(Proxy.Type.HTTP,
+                InetSocketAddress.createUnresolved(checkHost(host), port)));
     }
 
     /** this constructor is used by other protocol handlers such as ftp
         that want to use http to fetch urls on their behalf.*/
-    public HttpURLConnection(URL u, Proxy p) {
+    public HttpURLConnection(URL u, Proxy p) throws IOException {
         this(u, p, new Handler());
     }
 
-    protected HttpURLConnection(URL u, Proxy p, Handler handler) {
-        super(u);
+    private static URL checkURL(URL u) throws IOException {
+        if (u != null) {
+            if (u.toExternalForm().indexOf('\n') > -1) {
+                throw new MalformedURLException("Illegal character in URL");
+            }
+        }
+        return u;
+    }
+    protected HttpURLConnection(URL u, Proxy p, Handler handler)
+            throws IOException {
+        super(checkURL(u));
         requests = new MessageHeader();
         responses = new MessageHeader();
         userHeaders = new MessageHeader();
diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java
index 792af78675..8b49800c78 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java
@@ -38,6 +38,7 @@ package sun.net.www.protocol.https;
 import java.net.URL;
 import java.net.Proxy;
 import java.net.ProtocolException;
+import java.net.MalformedURLException;
 import java.io.*;
 import java.net.Authenticator;
 import javax.net.ssl.*;
@@ -80,10 +81,18 @@ public class HttpsURLConnectionImpl
         this(u, null, handler);
     }
 
+    static URL checkURL(URL u) throws IOException {
+        if (u != null) {
+            if (u.toExternalForm().indexOf('\n') > -1) {
+                throw new MalformedURLException("Illegal character in URL");
+            }
+        }
+        return u;
+    }
 // For both copies of the file, uncomment one line and comment the other
     HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException {
 //    HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException {
-        super(u);
+        super(checkURL(u));
         delegate = new DelegateHttpsURLConnection(url, p, handler, this);
     }
 
diff --git a/jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
index 9c0e0b7dc0..23f8df52e3 100644
--- a/jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@@ -46,6 +46,7 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
 import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.KeySpec;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.*;
@@ -147,6 +148,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
         "keystore.PKCS12.keyProtectionAlgorithm"
     };
 
+    private static final int MAX_ITERATION_COUNT = 5000000;
+    private static final int PBE_ITERATION_COUNT = 50000; // default
+    private static final int MAC_ITERATION_COUNT = 100000; // default
+    private static final int SALT_LEN = 20;
+
     // friendlyName, localKeyId, trustedKeyUsage
     private static final String[] CORE_ATTRIBUTES = {
         "1.2.840.113549.1.9.20",
@@ -192,8 +198,6 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
     private static ObjectIdentifier[] AnyUsage;
 
     private int counter = 0;
-    private static final int iterationCount = 1024;
-    private static final int SALT_LEN = 20;
 
     // private key count
     // Note: This is a workaround to allow null localKeyID attribute
@@ -327,6 +331,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
         byte[] encryptedKey;
         AlgorithmParameters algParams;
         ObjectIdentifier algOid;
+
         try {
             // get the encrypted private key
             EncryptedPrivateKeyInfo encrInfo =
@@ -347,7 +352,24 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
             throw uke;
         }
 
-        try {
+       try {
+            PBEParameterSpec pbeSpec;
+            int ic = 0;
+
+            if (algParams != null) {
+                try {
+                    pbeSpec =
+                        algParams.getParameterSpec(PBEParameterSpec.class);
+                } catch (InvalidParameterSpecException ipse) {
+                    throw new IOException("Invalid PBE algorithm parameters");
+                }
+                ic = pbeSpec.getIterationCount();
+
+                if (ic > MAX_ITERATION_COUNT) {
+                    throw new IOException("PBE iteration count too large");
+                }
+            }
+
             byte[] keyInfo;
             while (true) {
                 try {
@@ -387,9 +409,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                 key = kfac.generatePrivate(kspec);
 
                 if (debug != null) {
-                    debug.println("Retrieved a protected private key (" +
-                        key.getClass().getName() + ") at alias '" + alias +
-                        "'");
+                    debug.println("Retrieved a protected private key at alias" +
+                        " '" + alias + "' (" +
+                        new AlgorithmId(algOid).getName() +
+                        " iterations: " + ic + ")");
                 }
 
             // decode secret key
@@ -410,9 +433,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                 }
 
                 if (debug != null) {
-                    debug.println("Retrieved a protected secret key (" +
-                        key.getClass().getName() + ") at alias '" + alias +
-                        "'");
+                    debug.println("Retrieved a protected secret key at alias " +
+                        "'" + alias + "' (" +
+                        new AlgorithmId(algOid).getName() +
+                        " iterations: " + ic + ")");
                 }
             }
         } catch (Exception e) {
@@ -590,9 +614,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                     (key.getFormat().equals("PKCS8"))) {
 
                     if (debug != null) {
-                        debug.println("Setting a protected private key (" +
-                            key.getClass().getName() + ") at alias '" + alias +
-                            "'");
+                        debug.println(
+                            "Setting a protected private key at alias '" +
+                            alias + "'");
                         }
 
                     // Encrypt the private key
@@ -638,9 +662,8 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                     encryptPrivateKey(pkcs8.toByteArray(), passwordProtection);
 
                 if (debug != null) {
-                    debug.println("Setting a protected secret key (" +
-                        key.getClass().getName() + ") at alias '" + alias +
-                        "'");
+                    debug.println("Setting a protected secret key at alias '" +
+                        alias + "'");
                 }
                 secretKeyCount++;
                 entry = keyEntry;
@@ -761,19 +784,19 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
     /*
      * Generate PBE Algorithm Parameters
      */
-    private AlgorithmParameters getAlgorithmParameters(String algorithm)
+    private AlgorithmParameters getPBEAlgorithmParameters(String algorithm)
         throws IOException
     {
         AlgorithmParameters algParams = null;
 
         // create PBE parameters from salt and iteration count
         PBEParameterSpec paramSpec =
-                new PBEParameterSpec(getSalt(), iterationCount);
+                new PBEParameterSpec(getSalt(), PBE_ITERATION_COUNT);
         try {
            algParams = AlgorithmParameters.getInstance(algorithm);
            algParams.init(paramSpec);
         } catch (Exception e) {
-           throw new IOException("getAlgorithmParameters failed: " +
+           throw new IOException("getPBEAlgorithmParameters failed: " +
                                  e.getMessage(), e);
         }
         return algParams;
@@ -859,7 +882,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                     algParams = AlgorithmParameters.getInstance(algorithm);
                     algParams.init(algParamSpec);
                 } else {
-                    algParams = getAlgorithmParameters(algorithm);
+                    algParams = getPBEAlgorithmParameters(algorithm);
                 }
             } else {
                 // Check default key protection algorithm for PKCS12 keystores
@@ -879,7 +902,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                 if (algorithm == null || algorithm.isEmpty()) {
                     algorithm = "PBEWithSHA1AndDESede";
                 }
-                algParams = getAlgorithmParameters(algorithm);
+                algParams = getPBEAlgorithmParameters(algorithm);
             }
 
             ObjectIdentifier pbeOID = mapPBEAlgorithmToOID(algorithm);
@@ -1194,7 +1217,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
 
             if (debug != null) {
                 debug.println("Storing " + (privateKeyCount + secretKeyCount) +
-                    " protected key(s) in a PKCS#7 data content-type");
+                    " protected key(s) in a PKCS#7 data");
             }
 
             byte[] safeContentData = createSafeContent();
@@ -1207,7 +1230,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
 
             if (debug != null) {
                 debug.println("Storing " + certificateCount +
-                    " certificate(s) in a PKCS#7 encryptedData content-type");
+                    " certificate(s) in a PKCS#7 encryptedData");
             }
 
             byte[] encrData = createEncryptedData(password);
@@ -1478,7 +1501,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
             // generate MAC (MAC key is generated within JCE)
             Mac m = Mac.getInstance("HmacPBESHA1");
             PBEParameterSpec params =
-                        new PBEParameterSpec(salt, iterationCount);
+                        new PBEParameterSpec(salt, MAC_ITERATION_COUNT);
             SecretKey key = getPBEKey(passwd);
             m.init(key, params);
             m.update(data);
@@ -1486,7 +1509,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
 
             // encode as MacData
             MacData macData = new MacData(algName, macResult, salt,
-                                                iterationCount);
+                                                MAC_ITERATION_COUNT);
             DerOutputStream bytes = new DerOutputStream();
             bytes.write(macData.getEncoded());
             mData = bytes.toByteArray();
@@ -1878,7 +1901,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
 
         // create AlgorithmParameters
         AlgorithmParameters algParams =
-                getAlgorithmParameters("PBEWithSHA1AndRC2_40");
+                getPBEAlgorithmParameters("PBEWithSHA1AndRC2_40");
         DerOutputStream bytes = new DerOutputStream();
         AlgorithmId algId =
                 new AlgorithmId(pbeWithSHAAnd40BitRC2CBC_OID, algParams);
@@ -1998,7 +2021,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
             if (contentType.equals(ContentInfo.DATA_OID)) {
 
                 if (debug != null) {
-                    debug.println("Loading PKCS#7 data content-type");
+                    debug.println("Loading PKCS#7 data");
                 }
 
                 safeContentsData = safeContents.getData();
@@ -2007,15 +2030,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
 
                     if (debug != null) {
                         debug.println("Warning: skipping PKCS#7 encryptedData" +
-                            " content-type - no password was supplied");
+                            " - no password was supplied");
                     }
                     continue;
                 }
 
-                if (debug != null) {
-                    debug.println("Loading PKCS#7 encryptedData content-type");
-                }
-
                 DerInputStream edi =
                                 safeContents.getContent().toDerInputStream();
                 int edVersion = edi.getInteger();
@@ -2036,6 +2055,30 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                 ObjectIdentifier algOid = in.getOID();
                 AlgorithmParameters algParams = parseAlgParameters(algOid, in);
 
+                PBEParameterSpec pbeSpec;
+                int ic = 0;
+
+                if (algParams != null) {
+                    try {
+                        pbeSpec =
+                            algParams.getParameterSpec(PBEParameterSpec.class);
+                    } catch (InvalidParameterSpecException ipse) {
+                        throw new IOException(
+                            "Invalid PBE algorithm parameters");
+                    }
+                    ic = pbeSpec.getIterationCount();
+
+                    if (ic > MAX_ITERATION_COUNT) {
+                        throw new IOException("PBE iteration count too large");
+                    }
+                }
+
+                if (debug != null) {
+                    debug.println("Loading PKCS#7 encryptedData " +
+                        "(" + new AlgorithmId(algOid).getName() +
+                        " iterations: " + ic + ")");
+                }
+
                 while (true) {
                     try {
                         // Use JCE
@@ -2066,8 +2109,15 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
 
         // The MacData is optional.
         if (password != null && s.available() > 0) {
-           MacData macData = new MacData(s);
-           try {
+            MacData macData = new MacData(s);
+            int ic = macData.getIterations();
+
+            try {
+                if (ic > MAX_ITERATION_COUNT) {
+                    throw new InvalidAlgorithmParameterException(
+                        "MAC iteration count too large: " + ic);
+                }
+
                 String algName =
                         macData.getDigestAlgName().toUpperCase(Locale.ENGLISH);
 
@@ -2077,8 +2127,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                 // generate MAC (MAC key is created within JCE)
                 Mac m = Mac.getInstance("HmacPBE" + algName);
                 PBEParameterSpec params =
-                        new PBEParameterSpec(macData.getSalt(),
-                                        macData.getIterations());
+                        new PBEParameterSpec(macData.getSalt(), ic);
                 SecretKey key = getPBEKey(password);
                 m.init(key, params);
                 m.update(authSafeData);
@@ -2086,16 +2135,16 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
 
                 if (debug != null) {
                     debug.println("Checking keystore integrity " +
-                        "(MAC algorithm: " + m.getAlgorithm() + ")");
+                        "(" + m.getAlgorithm() + " iterations: " + ic + ")");
                 }
 
                 if (!MessageDigest.isEqual(macData.getDigest(), macResult)) {
                    throw new UnrecoverableKeyException("Failed PKCS12" +
                                         " integrity checking");
                 }
-           } catch (Exception e) {
+            } catch (Exception e) {
                 throw new IOException("Integrity check failed: " + e, e);
-           }
+            }
         }
 
         /*
diff --git a/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java b/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java
index f162b595f4..50d9bcc2bc 100644
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,8 @@ import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.DSAParameterSpec;
 
 import sun.security.jca.JCAUtil;
+import static sun.security.util.SecurityProviderConstants.DEF_DSA_KEY_SIZE;
+import static sun.security.util.SecurityProviderConstants.getDefDSASubprimeSize;
 
 /**
  * This class generates DSA key parameters and public/private key
@@ -45,15 +47,14 @@ import sun.security.jca.JCAUtil;
  * @author Andreas Sterbenz
  *
  */
-public class DSAKeyPairGenerator extends KeyPairGenerator
-        implements java.security.interfaces.DSAKeyPairGenerator {
+class DSAKeyPairGenerator extends KeyPairGenerator {
 
     /* Length for prime P and subPrime Q in bits */
     private int plen;
     private int qlen;
 
     /* whether to force new parameters to be generated for each KeyPair */
-    private boolean forceNewParameters;
+    boolean forceNewParameters;
 
     /* preset algorithm parameters. */
     private DSAParameterSpec params;
@@ -61,9 +62,9 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
     /* The source of random bits to use */
     private SecureRandom random;
 
-    public DSAKeyPairGenerator() {
+    DSAKeyPairGenerator(int defaultKeySize) {
         super("DSA");
-        initialize(1024, null);
+        initialize(defaultKeySize, null);
     }
 
     private static void checkStrength(int sizeP, int sizeQ) {
@@ -84,61 +85,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
     }
 
     public void initialize(int modlen, SecureRandom random) {
-        // generate new parameters when no precomputed ones available.
-        initialize(modlen, true, random);
-        this.forceNewParameters = false;
-    }
-
-    /**
-     * Initializes the DSA key pair generator. If genParams
-     * is false, a set of pre-computed parameters is used.
-     */
-    @Override
-    public void initialize(int modlen, boolean genParams, SecureRandom random)
-            throws InvalidParameterException {
-
-        int subPrimeLen = -1;
-        if (modlen <= 1024) {
-            subPrimeLen = 160;
-        } else if (modlen == 2048) {
-            subPrimeLen = 224;
-        } else if (modlen == 3072) {
-            subPrimeLen = 256;
-        }
-        checkStrength(modlen, subPrimeLen);
-        if (genParams) {
-            params = null;
-        } else {
-            params = ParameterCache.getCachedDSAParameterSpec(modlen,
-                subPrimeLen);
-            if (params == null) {
-                throw new InvalidParameterException
-                    ("No precomputed parameters for requested modulus size "
-                     + "available");
-            }
-
-        }
-        this.plen = modlen;
-        this.qlen = subPrimeLen;
-        this.random = random;
-        this.forceNewParameters = genParams;
-    }
-
-    /**
-     * Initializes the DSA object using a DSA parameter object.
-     *
-     * @param params a fully initialized DSA parameter object.
-     */
-    @Override
-    public void initialize(DSAParams params, SecureRandom random)
-            throws InvalidParameterException {
-
-        if (params == null) {
-            throw new InvalidParameterException("Params must not be null");
-        }
-        DSAParameterSpec spec = new DSAParameterSpec
-                                (params.getP(), params.getQ(), params.getG());
-        initialize0(spec, random);
+        init(modlen, random, false);
     }
 
     /**
@@ -157,10 +104,21 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
             throw new InvalidAlgorithmParameterException
                 ("Inappropriate parameter");
         }
-        initialize0((DSAParameterSpec)params, random);
+        init((DSAParameterSpec)params, random, false);
     }
 
-    private void initialize0(DSAParameterSpec params, SecureRandom random) {
+    void init(int modlen, SecureRandom random, boolean forceNew) {
+        int subPrimeLen = getDefDSASubprimeSize(modlen);
+        checkStrength(modlen, subPrimeLen);
+        this.plen = modlen;
+        this.qlen = subPrimeLen;
+        this.params = null;
+        this.random = random;
+        this.forceNewParameters = forceNew;
+    }
+
+    void init(DSAParameterSpec params, SecureRandom random,
+        boolean forceNew) {
         int sizeP = params.getP().bitLength();
         int sizeQ = params.getQ().bitLength();
         checkStrength(sizeP, sizeQ);
@@ -168,7 +126,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
         this.qlen = sizeQ;
         this.params = params;
         this.random = random;
-        this.forceNewParameters = false;
+        this.forceNewParameters = forceNew;
     }
 
     /**
@@ -197,7 +155,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
         return generateKeyPair(spec.getP(), spec.getQ(), spec.getG(), random);
     }
 
-    public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g,
+    private KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g,
                                    SecureRandom random) {
 
         BigInteger x = generateX(random, q);
@@ -252,4 +210,55 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
         return y;
     }
 
+    public static final class Current extends DSAKeyPairGenerator {
+        public Current() {
+            super(DEF_DSA_KEY_SIZE);
+        }
+    }
+
+    public static final class Legacy extends DSAKeyPairGenerator
+        implements java.security.interfaces.DSAKeyPairGenerator {
+
+        public Legacy() {
+            super(1024);
+        }
+
+        /**
+         * Initializes the DSA key pair generator. If genParams
+         * is false, a set of pre-computed parameters is used.
+         */
+        @Override
+        public void initialize(int modlen, boolean genParams,
+            SecureRandom random) throws InvalidParameterException {
+            if (genParams) {
+                super.init(modlen, random, true);
+            } else {
+                DSAParameterSpec cachedParams =
+                    ParameterCache.getCachedDSAParameterSpec(modlen,
+                        getDefDSASubprimeSize(modlen));
+                if (cachedParams == null) {
+                    throw new InvalidParameterException
+                        ("No precomputed parameters for requested modulus" +
+                         " size available");
+                }
+                super.init(cachedParams, random, false);
+            }
+        }
+
+        /**
+         * Initializes the DSA object using a DSA parameter object.
+         *
+         * @param params a fully initialized DSA parameter object.
+         */
+        @Override
+        public void initialize(DSAParams params, SecureRandom random)
+            throws InvalidParameterException {
+            if (params == null) {
+                throw new InvalidParameterException("Params must not be null");
+             }
+             DSAParameterSpec spec = new DSAParameterSpec
+                 (params.getP(), params.getQ(), params.getG());
+             super.init(spec, random, false);
+        }
+    }
 }
diff --git a/jdk/src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java b/jdk/src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java
index 220b5989f5..8c8ca9b42d 100644
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,15 +34,18 @@ import java.security.NoSuchProviderException;
 import java.security.InvalidParameterException;
 import java.security.MessageDigest;
 import java.security.SecureRandom;
+import java.security.ProviderException;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.DSAParameterSpec;
 import java.security.spec.DSAGenParameterSpec;
 
+import static sun.security.util.SecurityProviderConstants.DEF_DSA_KEY_SIZE;
+import static sun.security.util.SecurityProviderConstants.getDefDSASubprimeSize;
+
+
 /**
- * This class generates parameters for the DSA algorithm. It uses a default
- * prime modulus size of 1024 bits, which can be overwritten during
- * initialization.
+ * This class generates parameters for the DSA algorithm.
  *
  * @author Jan Luehe
  *
@@ -56,10 +59,6 @@ import java.security.spec.DSAGenParameterSpec;
 
 public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
 
-    // the default parameters
-    private static final DSAGenParameterSpec DEFAULTS =
-        new DSAGenParameterSpec(1024, 160, 160);
-
     // the length of prime P, subPrime Q, and seed in bits
     private int valueL = -1;
     private int valueN = -1;
@@ -80,18 +79,14 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
      */
     @Override
     protected void engineInit(int strength, SecureRandom random) {
-        if ((strength >= 512) && (strength <= 1024) && (strength % 64 == 0)) {
-            this.valueN = 160;
-        } else if (strength == 2048) {
-            this.valueN = 224;
-        } else if (strength == 3072) {
-            this.valueN = 256;
-        } else {
+        if ((strength != 2048) && (strength != 3072) &&
+            ((strength < 512) || (strength > 1024) || (strength % 64 != 0))) {
             throw new InvalidParameterException(
-                "Unexpected strength (size of prime): " + strength + ". " +
-                "Prime size should be 512 - 1024, or 2048, 3072");
+                "Unexpected strength (size of prime): " + strength +
+                ". Prime size should be 512-1024, 2048, or 3072");
         }
         this.valueL = strength;
+        this.valueN = getDefDSASubprimeSize(strength);
         this.seedLen = valueN;
         this.random = random;
     }
@@ -110,7 +105,6 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
     @Override
     protected void engineInit(AlgorithmParameterSpec genParamSpec,
             SecureRandom random) throws InvalidAlgorithmParameterException {
-
         if (!(genParamSpec instanceof DSAGenParameterSpec)) {
             throw new InvalidAlgorithmParameterException("Invalid parameter");
         }
@@ -136,11 +130,7 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
                 this.random = new SecureRandom();
             }
             if (valueL == -1) {
-                try {
-                    engineInit(DEFAULTS, this.random);
-                } catch (InvalidAlgorithmParameterException iape) {
-                    // should never happen
-                }
+                engineInit(DEF_DSA_KEY_SIZE, this.random);
             }
             BigInteger[] pAndQ = generatePandQ(this.random, valueL,
                                                valueN, seedLen);
@@ -206,13 +196,17 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
         int b = (valueL - 1) % outLen;
         byte[] seedBytes = new byte[seedLen/8];
         BigInteger twoSl = BigInteger.TWO.pow(seedLen);
-        int primeCertainty = 80; // for 1024-bit prime P
-        if (valueL == 2048) {
+        int primeCertainty = -1;
+        if (valueL <= 1024) {
+            primeCertainty = 80;
+        } else if (valueL == 2048) {
             primeCertainty = 112;
         } else if (valueL == 3072) {
             primeCertainty = 128;
         }
-
+        if (primeCertainty < 0) {
+            throw new ProviderException("Invalid valueL: " + valueL);
+        }
         BigInteger resultP, resultQ, seed = null;
         int counter;
         while (true) {
diff --git a/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java b/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
index 31164695ec..f440f1556c 100644
--- a/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.io.*;
 import java.net.*;
 import java.util.Map;
 import java.security.*;
+import sun.security.action.GetPropertyAction;
 
 /**
  * Defines the entries of the SUN provider.
@@ -74,6 +75,10 @@ import java.security.*;
 
 final class SunEntries {
 
+    private static final boolean useLegacyDSA =
+        Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
+            ("jdk.security.legacyDSAKeyPairGenerator"));
+
     private SunEntries() {
         // empty
     }
@@ -174,8 +179,9 @@ final class SunEntries {
         /*
          *  Key Pair Generator engines
          */
-        map.put("KeyPairGenerator.DSA",
-            "sun.security.provider.DSAKeyPairGenerator");
+        String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
+        dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
+        map.put("KeyPairGenerator.DSA", dsaKPGImplClass);
         map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
         map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
         map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
diff --git a/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java b/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
index 0901e4c7af..6ad77b5236 100644
--- a/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
+++ b/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@ import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.RSAKeyGenParameterSpec;
 
 import sun.security.jca.JCAUtil;
+import static sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE;
 
 /**
  * RSA keypair generation. Standard algorithm, minimum key length 512 bit.
@@ -55,7 +56,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
 
     public RSAKeyPairGenerator() {
         // initialize to default in case the app does not call initialize()
-        initialize(2048, null);
+        initialize(DEF_RSA_KEY_SIZE, null);
     }
 
     // initialize the generator. See JCA doc
diff --git a/jdk/src/java.base/share/classes/sun/security/rsa/RSAPublicKeyImpl.java b/jdk/src/java.base/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
index 5f2afac4df..b2739171e0 100644
--- a/jdk/src/java.base/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
+++ b/jdk/src/java.base/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
@@ -48,6 +48,7 @@ import sun.security.x509.X509Key;
 public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
 
     private static final long serialVersionUID = 2644735423591199609L;
+    private static final BigInteger THREE = BigInteger.valueOf(3);
 
     private BigInteger n;       // modulus
     private BigInteger e;       // public exponent
@@ -61,6 +62,7 @@ public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
         this.n = n;
         this.e = e;
         RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
+        checkExponentRange();
         // generate the encoding
         algid = RSAPrivateCrtKeyImpl.rsaId;
         try {
@@ -83,6 +85,19 @@ public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
     public RSAPublicKeyImpl(byte[] encoded) throws InvalidKeyException {
         decode(encoded);
         RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
+        checkExponentRange();
+    }
+
+    private void checkExponentRange() throws InvalidKeyException {
+        // the exponent should be smaller than the modulus
+        if (e.compareTo(n) >= 0) {
+            throw new InvalidKeyException("exponent is larger than modulus");
+        }
+
+        // the exponent should be at least 3
+        if (e.compareTo(THREE) < 0) {
+            throw new InvalidKeyException("exponent is smaller than 3");
+        }
     }
 
     // see JCA doc
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
index 2ffb5f32b4..c8080ca9a6 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,6 +44,7 @@ import static sun.security.ssl.CipherSuite.CipherType.*;
 import static sun.security.ssl.CipherSuite.MacAlg.*;
 import static sun.security.ssl.CipherSuite.BulkCipher.*;
 import static sun.security.ssl.JsseJce.*;
+import static sun.security.ssl.NamedGroupType.*;
 
 /**
  * An SSL/TLS CipherSuite. Constants for the standard key exchange, cipher,
@@ -376,38 +377,38 @@ final class CipherSuite implements Comparable {
     static enum KeyExchange {
 
         // key exchange algorithms
-        K_NULL       ("NULL",       false,      false),
-        K_RSA        ("RSA",        true,       false),
-        K_RSA_EXPORT ("RSA_EXPORT", true,       false),
-        K_DH_RSA     ("DH_RSA",     false,      false),
-        K_DH_DSS     ("DH_DSS",     false,      false),
-        K_DHE_DSS    ("DHE_DSS",    true,       false),
-        K_DHE_RSA    ("DHE_RSA",    true,       false),
-        K_DH_ANON    ("DH_anon",    true,       false),
+        K_NULL       ("NULL",       false,      NAMED_GROUP_NONE),
+        K_RSA        ("RSA",        true,       NAMED_GROUP_NONE),
+        K_RSA_EXPORT ("RSA_EXPORT", true,       NAMED_GROUP_NONE),
+        K_DH_RSA     ("DH_RSA",     false,      NAMED_GROUP_NONE),
+        K_DH_DSS     ("DH_DSS",     false,      NAMED_GROUP_NONE),
+        K_DHE_DSS    ("DHE_DSS",    true,       NAMED_GROUP_FFDHE),
+        K_DHE_RSA    ("DHE_RSA",    true,       NAMED_GROUP_FFDHE),
+        K_DH_ANON    ("DH_anon",    true,       NAMED_GROUP_FFDHE),
 
-        K_ECDH_ECDSA ("ECDH_ECDSA",  ALLOW_ECC, true),
-        K_ECDH_RSA   ("ECDH_RSA",    ALLOW_ECC, true),
-        K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC, true),
-        K_ECDHE_RSA  ("ECDHE_RSA",   ALLOW_ECC, true),
-        K_ECDH_ANON  ("ECDH_anon",   ALLOW_ECC, true),
+        K_ECDH_ECDSA ("ECDH_ECDSA",  ALLOW_ECC, NAMED_GROUP_ECDHE),
+        K_ECDH_RSA   ("ECDH_RSA",    ALLOW_ECC, NAMED_GROUP_ECDHE),
+        K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC, NAMED_GROUP_ECDHE),
+        K_ECDHE_RSA  ("ECDHE_RSA",   ALLOW_ECC, NAMED_GROUP_ECDHE),
+        K_ECDH_ANON  ("ECDH_anon",   ALLOW_ECC, NAMED_GROUP_ECDHE),
 
         // Kerberos cipher suites
-        K_KRB5       ("KRB5", true,             false),
-        K_KRB5_EXPORT("KRB5_EXPORT", true,      false),
+        K_KRB5       ("KRB5", true,             NAMED_GROUP_NONE),
+        K_KRB5_EXPORT("KRB5_EXPORT", true,      NAMED_GROUP_NONE),
 
         // renegotiation protection request signaling cipher suite
-        K_SCSV       ("SCSV",        true,      false);
+        K_SCSV       ("SCSV",        true,      NAMED_GROUP_NONE);
 
         // name of the key exchange algorithm, e.g. DHE_DSS
         final String name;
         final boolean allowed;
-        final boolean isEC;
+        final NamedGroupType groupType;
         private final boolean alwaysAvailable;
 
-        KeyExchange(String name, boolean allowed, boolean isEC) {
+        KeyExchange(String name, boolean allowed, NamedGroupType groupType) {
             this.name = name;
             this.allowed = allowed;
-            this.isEC = isEC;
+            this.groupType = groupType;
             this.alwaysAvailable = allowed &&
                 (!name.startsWith("EC")) && (!name.startsWith("KRB"));
         }
@@ -417,7 +418,7 @@ final class CipherSuite implements Comparable {
                 return true;
             }
 
-            if (isEC) {
+            if (groupType == NAMED_GROUP_ECDHE) {
                 return (allowed && JsseJce.isEcAvailable());
             } else if (name.startsWith("KRB")) {
                 return (allowed && JsseJce.isKerberosAvailable());
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuiteList.java b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuiteList.java
index a114f4acb8..025f40bda6 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuiteList.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuiteList.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@ import java.io.*;
 import java.util.*;
 
 import javax.net.ssl.SSLException;
+import static sun.security.ssl.NamedGroupType.*;
 
 /**
  * A list of CipherSuites. Also maintains the lists of supported and
@@ -42,15 +43,16 @@ final class CipherSuiteList {
 
     private final Collection cipherSuites;
     private String[] suiteNames;
-
-    // flag indicating whether this list contains any ECC ciphersuites.
-    // null if not yet checked.
-    private volatile Boolean containsEC;
+    private final EnumSet groupsTypes =
+            EnumSet.noneOf(NamedGroupType.class);
 
     // for use by buildAvailableCache() and
     // Handshaker.getKickstartMessage() only
     CipherSuiteList(Collection cipherSuites) {
         this.cipherSuites = cipherSuites;
+        for (CipherSuite suite : cipherSuites) {
+            updateGroupTypes(suite);
+        }
     }
 
     /**
@@ -59,6 +61,7 @@ final class CipherSuiteList {
     CipherSuiteList(CipherSuite suite) {
         cipherSuites = new ArrayList(1);
         cipherSuites.add(suite);
+        updateGroupTypes(suite);
     }
 
     /**
@@ -82,6 +85,7 @@ final class CipherSuiteList {
                     + suiteName + " with currently installed providers");
             }
             cipherSuites.add(suite);
+            updateGroupTypes(suite);
         }
     }
 
@@ -97,7 +101,20 @@ final class CipherSuiteList {
         }
         cipherSuites = new ArrayList(bytes.length >> 1);
         for (int i = 0; i < bytes.length; i += 2) {
-            cipherSuites.add(CipherSuite.valueOf(bytes[i], bytes[i+1]));
+            CipherSuite suite = CipherSuite.valueOf(bytes[i], bytes[i+1]);
+            cipherSuites.add(suite);
+            updateGroupTypes(suite);
+        }
+    }
+
+    // Please don't use this method except constructors.
+    private void updateGroupTypes(CipherSuite cipherSuite) {
+        if (cipherSuite.keyExchange != null && (!cipherSuite.exportable)) {
+            NamedGroupType groupType = cipherSuite.keyExchange.groupType;
+            if ((groupType != NAMED_GROUP_NONE) &&
+                    (!groupsTypes.contains(groupType))) {
+                groupsTypes.add(groupType);
+            }
         }
     }
 
@@ -108,20 +125,9 @@ final class CipherSuiteList {
         return cipherSuites.contains(suite);
     }
 
-    // Return whether this list contains any ECC ciphersuites
-    boolean containsEC() {
-        if (containsEC == null) {
-            for (CipherSuite c : cipherSuites) {
-                if (c.keyExchange.isEC) {
-                    containsEC = true;
-                    return true;
-                }
-            }
-
-            containsEC = false;
-        }
-
-        return containsEC;
+    // Return whether this list contains cipher suites of a named group type.
+    boolean contains(NamedGroupType groupType) {
+        return groupsTypes.contains(groupType);
     }
 
     /**
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java b/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
index b95de5ecde..1d6c74eab3 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -148,6 +148,10 @@ final class ClientHandshaker extends Handshaker {
     private static final boolean enableMFLExtension =
             Debug.getBooleanProperty("jsse.enableMFLExtension", false);
 
+    // To switch off the supported_groups extension for DHE cipher suite.
+    private static final boolean enableFFDHE =
+            Debug.getBooleanProperty("jsse.enableFFDHE", true);
+
     // Whether an ALPN extension was sent in the ClientHello
     private boolean alpnActive = false;
 
@@ -767,13 +771,15 @@ final class ClientHandshaker extends Handshaker {
                     fatalSE(Alerts.alert_unexpected_message, "Server set " +
                             type + " extension when not requested by client");
                 }
-            } else if ((type != ExtensionType.EXT_ELLIPTIC_CURVES)
+            } else if ((type != ExtensionType.EXT_SUPPORTED_GROUPS)
                     && (type != ExtensionType.EXT_EC_POINT_FORMATS)
                     && (type != ExtensionType.EXT_SERVER_NAME)
                     && (type != ExtensionType.EXT_ALPN)
                     && (type != ExtensionType.EXT_RENEGOTIATION_INFO)
                     && (type != ExtensionType.EXT_STATUS_REQUEST)
                     && (type != ExtensionType.EXT_STATUS_REQUEST_V2)) {
+                // Note: Better to check client requested extensions rather
+                // than all supported extensions.
                 fatalSE(Alerts.alert_unsupported_extension,
                     "Server sent an unsupported extension: " + type);
             }
@@ -823,6 +829,17 @@ final class ClientHandshaker extends Handshaker {
      * our own D-H algorithm object so we can defer key calculations
      * until after we've sent the client key exchange message (which
      * gives client and server some useful parallelism).
+     *
+     * Note per section 3 of RFC 7919, if the server is not compatible with
+     * FFDHE specification, the client MAY decide to continue the connection
+     * if the selected DHE group is acceptable under local policy, or it MAY
+     * decide to terminate the connection with a fatal insufficient_security
+     * (71) alert.  The algorithm constraints mechanism is JDK local policy
+     * used for additional DHE parameters checking.  So this implementation
+     * does not check the server compatibility and just pass to the local
+     * algorithm constraints checking.  The client will continue the
+     * connection if the server selected DHE group is acceptable by the
+     * specified algorithm constraints.
      */
     private void serverKeyExchange(DH_ServerKeyExchange mesg)
             throws IOException {
@@ -1495,14 +1512,17 @@ final class ClientHandshaker extends Handshaker {
                 sslContext.getSecureRandom(), maxProtocolVersion,
                 sessionId, cipherSuites, isDTLS);
 
-        // add elliptic curves and point format extensions
-        if (cipherSuites.containsEC()) {
-            EllipticCurvesExtension ece =
-                EllipticCurvesExtension.createExtension(algorithmConstraints);
-            if (ece != null) {
-                clientHelloMessage.extensions.add(ece);
+        // Add named groups extension for ECDHE and FFDHE if necessary.
+        SupportedGroupsExtension sge =
+                SupportedGroupsExtension.createExtension(
+                        algorithmConstraints,
+                        cipherSuites, enableFFDHE);
+        if (sge != null) {
+            clientHelloMessage.extensions.add(sge);
+            // Add elliptic point format extensions
+            if (cipherSuites.contains(NamedGroupType.NAMED_GROUP_ECDHE)) {
                 clientHelloMessage.extensions.add(
-                        EllipticPointFormatsExtension.DEFAULT);
+                    EllipticPointFormatsExtension.DEFAULT);
             }
         }
 
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/DHCrypt.java b/jdk/src/java.base/share/classes/sun/security/ssl/DHCrypt.java
index f7dadcaf66..a9d4c2a37e 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/DHCrypt.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/DHCrypt.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,14 +26,8 @@
 
 package sun.security.ssl;
 
-import java.util.Map;
-import java.util.HashMap;
-import java.util.Collections;
-import java.util.regex.Pattern;
-import java.util.regex.Matcher;
 import java.math.BigInteger;
 import java.security.*;
-import java.io.IOException;
 import javax.net.ssl.SSLHandshakeException;
 import javax.crypto.SecretKey;
 import javax.crypto.KeyAgreement;
@@ -101,7 +95,7 @@ final class DHCrypt {
      */
     DHCrypt(int keyLength, SecureRandom random) {
         this(keyLength,
-                ParametersHolder.definedParams.get(keyLength), random);
+            PredefinedDHParameterSpecs.definedParams.get(keyLength), random);
     }
 
     /**
@@ -115,6 +109,14 @@ final class DHCrypt {
                 new DHParameterSpec(modulus, base), random);
     }
 
+    /**
+     * Generate a Diffie-Hellman keypair using the named group.
+     */
+    DHCrypt(NamedGroup namedGroup, SecureRandom random) {
+        this(-1,        // The length (-1) is not used in the implementation.
+            SupportedGroupsExtension.getDHParameterSpec(namedGroup), random);
+    }
+
     /**
      * Generate a Diffie-Hellman keypair using the specified size and
      * parameters.
@@ -272,266 +274,5 @@ final class DHCrypt {
 
         return null;
     }
-
-    // lazy initialization holder class idiom for static default parameters
-    //
-    // See Effective Java Second Edition: Item 71.
-    private static class ParametersHolder {
-        private final static boolean debugIsOn =
-                (Debug.getInstance("ssl") != null) && Debug.isOn("sslctx");
-
-        //
-        // Default DH ephemeral parameters
-        //
-        private static final BigInteger p512 = new BigInteger(   // generated
-                "D87780E15FF50B4ABBE89870188B049406B5BEA98AB23A02" +
-                "41D88EA75B7755E669C08093D3F0CA7FC3A5A25CF067DCB9" +
-                "A43DD89D1D90921C6328884461E0B6D3", 16);
-        private static final BigInteger p768 = new BigInteger(   // RFC 2409
-                "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +
-                "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +
-                "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +
-                "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF", 16);
-
-        private static final BigInteger p1024 = new BigInteger(  // RFC 2409
-                "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +
-                "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +
-                "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +
-                "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +
-                "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" +
-                "FFFFFFFFFFFFFFFF", 16);
-        private static final BigInteger p1536 = new BigInteger(  // RFC 3526
-                "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +
-                "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +
-                "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +
-                "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +
-                "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" +
-                "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" +
-                "83655D23DCA3AD961C62F356208552BB9ED529077096966D" +
-                "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", 16);
-        private static final BigInteger p2048 = new BigInteger(  // TLS FFDHE
-                "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
-                "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
-                "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
-                "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
-                "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
-                "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
-                "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
-                "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
-                "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
-                "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
-                "886B423861285C97FFFFFFFFFFFFFFFF", 16);
-        private static final BigInteger p3072 = new BigInteger(  // TLS FFDHE
-                "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
-                "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
-                "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
-                "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
-                "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
-                "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
-                "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
-                "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
-                "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
-                "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
-                "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
-                "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
-                "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
-                "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
-                "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
-                "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF", 16);
-        private static final BigInteger p4096 = new BigInteger(  // TLS FFDHE
-                "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
-                "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
-                "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
-                "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
-                "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
-                "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
-                "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
-                "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
-                "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
-                "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
-                "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
-                "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
-                "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
-                "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
-                "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
-                "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" +
-                "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" +
-                "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" +
-                "A907600A918130C46DC778F971AD0038092999A333CB8B7A" +
-                "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" +
-                "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A" +
-                "FFFFFFFFFFFFFFFF", 16);
-        private static final BigInteger p6144 = new BigInteger(  // TLS FFDHE
-                "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
-                "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
-                "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
-                "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
-                "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
-                "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
-                "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
-                "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
-                "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
-                "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
-                "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
-                "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
-                "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
-                "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
-                "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
-                "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" +
-                "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" +
-                "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" +
-                "A907600A918130C46DC778F971AD0038092999A333CB8B7A" +
-                "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" +
-                "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" +
-                "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" +
-                "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" +
-                "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" +
-                "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" +
-                "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" +
-                "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" +
-                "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" +
-                "D72B03746AE77F5E62292C311562A846505DC82DB854338A" +
-                "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" +
-                "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" +
-                "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF", 16);
-        private static final BigInteger p8192 = new BigInteger(  // TLS FFDHE
-                "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
-                "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
-                "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
-                "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
-                "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
-                "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
-                "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
-                "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
-                "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
-                "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
-                "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
-                "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
-                "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
-                "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
-                "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
-                "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" +
-                "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" +
-                "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" +
-                "A907600A918130C46DC778F971AD0038092999A333CB8B7A" +
-                "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" +
-                "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" +
-                "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" +
-                "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" +
-                "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" +
-                "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" +
-                "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" +
-                "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" +
-                "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" +
-                "D72B03746AE77F5E62292C311562A846505DC82DB854338A" +
-                "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" +
-                "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" +
-                "A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C838" +
-                "1E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E" +
-                "0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665" +
-                "CB2C0F1CC01BD70229388839D2AF05E454504AC78B758282" +
-                "2846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022" +
-                "BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C" +
-                "51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9" +
-                "D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA457" +
-                "1EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30" +
-                "FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D" +
-                "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C" +
-                "D68C8BB7C5C6424CFFFFFFFFFFFFFFFF", 16);
-
-        private static final BigInteger[] supportedPrimes = {
-                p512, p768, p1024, p1536, p2048, p3072, p4096, p6144, p8192};
-
-        // a measure of the uncertainty that prime modulus p is not a prime
-        //
-        // see BigInteger.isProbablePrime(int certainty)
-        private final static int PRIME_CERTAINTY = 120;
-
-        // the known security property, jdk.tls.server.defaultDHEParameters
-        private final static String PROPERTY_NAME =
-                "jdk.tls.server.defaultDHEParameters";
-
-        private static final Pattern spacesPattern = Pattern.compile("\\s+");
-
-        private final static Pattern syntaxPattern = Pattern.compile(
-                "(\\{[0-9A-Fa-f]+,[0-9A-Fa-f]+\\})" +
-                "(,\\{[0-9A-Fa-f]+,[0-9A-Fa-f]+\\})*");
-
-        private static final Pattern paramsPattern = Pattern.compile(
-                "\\{([0-9A-Fa-f]+),([0-9A-Fa-f]+)\\}");
-
-        // cache of predefined default DH ephemeral parameters
-        private final static Map definedParams;
-
-        static {
-            String property = AccessController.doPrivileged(
-                new PrivilegedAction() {
-                    public String run() {
-                        return Security.getProperty(PROPERTY_NAME);
-                    }
-                });
-
-            if (property != null && !property.isEmpty()) {
-                // remove double quote marks from beginning/end of the property
-                if (property.length() >= 2 && property.charAt(0) == '"' &&
-                        property.charAt(property.length() - 1) == '"') {
-                    property = property.substring(1, property.length() - 1);
-                }
-
-                property = property.trim();
-            }
-
-            if (property != null && !property.isEmpty()) {
-                Matcher spacesMatcher = spacesPattern.matcher(property);
-                property = spacesMatcher.replaceAll("");
-
-                if (debugIsOn) {
-                    System.out.println("The Security Property " +
-                            PROPERTY_NAME + ": " + property);
-                }
-            }
-
-            Map defaultParams = new HashMap<>();
-            if (property != null && !property.isEmpty()) {
-                Matcher syntaxMatcher = syntaxPattern.matcher(property);
-                if (syntaxMatcher.matches()) {
-                    Matcher paramsFinder = paramsPattern.matcher(property);
-                    while(paramsFinder.find()) {
-                        String primeModulus = paramsFinder.group(1);
-                        BigInteger p = new BigInteger(primeModulus, 16);
-                        if (!p.isProbablePrime(PRIME_CERTAINTY)) {
-                            if (debugIsOn) {
-                                System.out.println(
-                                    "Prime modulus p in Security Property, " +
-                                    PROPERTY_NAME + ", is not a prime: " +
-                                    primeModulus);
-                            }
-
-                            continue;
-                        }
-
-                        String baseGenerator = paramsFinder.group(2);
-                        BigInteger g = new BigInteger(baseGenerator, 16);
-
-                        DHParameterSpec spec = new DHParameterSpec(p, g);
-                        int primeLen = p.bitLength();
-                        defaultParams.put(primeLen, spec);
-                    }
-                } else if (debugIsOn) {
-                    System.out.println("Invalid Security Property, " +
-                            PROPERTY_NAME + ", definition");
-                }
-            }
-
-            for (BigInteger p : supportedPrimes) {
-                int primeLen = p.bitLength();
-                defaultParams.putIfAbsent(primeLen,
-                        new DHParameterSpec(p, BigInteger.TWO));
-            }
-
-            definedParams =
-                    Collections.unmodifiableMap(
-                                                                defaultParams);
-        }
-    }
 }
+
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/ECDHCrypt.java b/jdk/src/java.base/share/classes/sun/security/ssl/ECDHCrypt.java
index 929c592d69..7e4f5932a5 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ECDHCrypt.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ECDHCrypt.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,17 +56,17 @@ final class ECDHCrypt {
     }
 
     // Called by ServerHandshaker for ephemeral ECDH
-    ECDHCrypt(int curveId, SecureRandom random) {
+    ECDHCrypt(NamedGroup namedGroup, SecureRandom random) {
         try {
             KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("EC");
             ECGenParameterSpec params =
-                    EllipticCurvesExtension.getECGenParamSpec(curveId);
+                    SupportedGroupsExtension.getECGenParamSpec(namedGroup);
             kpg.initialize(params, random);
             KeyPair kp = kpg.generateKeyPair();
             privateKey = kp.getPrivate();
             publicKey = (ECPublicKey)kp.getPublic();
         } catch (GeneralSecurityException e) {
-            throw new RuntimeException("Could not generate DH keypair", e);
+            throw new RuntimeException("Could not generate ECDH keypair", e);
         }
     }
 
@@ -79,7 +79,7 @@ final class ECDHCrypt {
             privateKey = kp.getPrivate();
             publicKey = (ECPublicKey)kp.getPublic();
         } catch (GeneralSecurityException e) {
-            throw new RuntimeException("Could not generate DH keypair", e);
+            throw new RuntimeException("Could not generate ECDH keypair", e);
         }
     }
 
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java b/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java
deleted file mode 100644
index c91b25e72e..0000000000
--- a/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java
+++ /dev/null
@@ -1,400 +0,0 @@
-/*
- * Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.ssl;
-
-import java.io.IOException;
-import java.security.spec.ECParameterSpec;
-import java.security.spec.ECGenParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.security.AlgorithmParameters;
-import java.security.AlgorithmConstraints;
-import java.security.CryptoPrimitive;
-import java.security.AccessController;
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.ArrayList;
-import javax.net.ssl.SSLProtocolException;
-
-import sun.security.action.GetPropertyAction;
-
-final class EllipticCurvesExtension extends HelloExtension {
-
-    /* Class and subclass dynamic debugging support */
-    private static final Debug debug = Debug.getInstance("ssl");
-
-    private static final int ARBITRARY_PRIME = 0xff01;
-    private static final int ARBITRARY_CHAR2 = 0xff02;
-
-    // speed up the searching
-    private static final Map oidToIdMap = new HashMap<>();
-    private static final Map idToOidMap = new HashMap<>();
-
-    // speed up the parameters construction
-    private static final Map idToParams = new HashMap<>();
-
-    // the supported elliptic curves
-    private static final int[] supportedCurveIds;
-
-    // the curves of the extension
-    private final int[] curveIds;
-
-    // See sun.security.util.CurveDB for the OIDs
-    private static enum NamedEllipticCurve {
-        T163_K1(1,  "sect163k1",    "1.3.132.0.1",      true),  // NIST K-163
-        T163_R1(2,  "sect163r1",    "1.3.132.0.2",      false),
-        T163_R2(3,  "sect163r2",    "1.3.132.0.15",     true),  // NIST B-163
-        T193_R1(4,  "sect193r1",    "1.3.132.0.24",     false),
-        T193_R2(5,  "sect193r2",    "1.3.132.0.25",     false),
-        T233_K1(6,  "sect233k1",    "1.3.132.0.26",     true),  // NIST K-233
-        T233_R1(7,  "sect233r1",    "1.3.132.0.27",     true),  // NIST B-233
-        T239_K1(8,  "sect239k1",    "1.3.132.0.3",      false),
-        T283_K1(9,  "sect283k1",    "1.3.132.0.16",     true),  // NIST K-283
-        T283_R1(10, "sect283r1",    "1.3.132.0.17",     true),  // NIST B-283
-        T409_K1(11, "sect409k1",    "1.3.132.0.36",     true),  // NIST K-409
-        T409_R1(12, "sect409r1",    "1.3.132.0.37",     true),  // NIST B-409
-        T571_K1(13, "sect571k1",    "1.3.132.0.38",     true),  // NIST K-571
-        T571_R1(14, "sect571r1",    "1.3.132.0.39",     true),  // NIST B-571
-
-        P160_K1(15, "secp160k1",    "1.3.132.0.9",      false),
-        P160_R1(16, "secp160r1",    "1.3.132.0.8",      false),
-        P160_R2(17, "secp160r2",    "1.3.132.0.30",     false),
-        P192_K1(18, "secp192k1",    "1.3.132.0.31",     false),
-        P192_R1(19, "secp192r1",    "1.2.840.10045.3.1.1", true), // NIST P-192
-        P224_K1(20, "secp224k1",    "1.3.132.0.32",     false),
-        P224_R1(21, "secp224r1",    "1.3.132.0.33",     true),  // NIST P-224
-        P256_K1(22, "secp256k1",    "1.3.132.0.10",     false),
-        P256_R1(23, "secp256r1",    "1.2.840.10045.3.1.7", true), // NIST P-256
-        P384_R1(24, "secp384r1",    "1.3.132.0.34",     true),  // NIST P-384
-        P521_R1(25, "secp521r1",    "1.3.132.0.35",     true);  // NIST P-521
-
-        int          id;
-        String       name;
-        String       oid;
-        boolean      isFips;
-
-        NamedEllipticCurve(int id, String name, String oid, boolean isFips) {
-            this.id = id;
-            this.name = name;
-            this.oid = oid;
-            this.isFips = isFips;
-
-            if (oidToIdMap.put(oid, id) != null ||
-                idToOidMap.put(id, oid) != null) {
-
-                throw new RuntimeException(
-                        "Duplicate named elliptic curve definition: " + name);
-            }
-        }
-
-        static NamedEllipticCurve getCurve(String name, boolean requireFips) {
-            for (NamedEllipticCurve curve : NamedEllipticCurve.values()) {
-                if (curve.name.equals(name) && (!requireFips || curve.isFips)) {
-                    return curve;
-                }
-            }
-
-            return null;
-        }
-    }
-
-    static {
-        boolean requireFips = SunJSSE.isFIPS();
-
-        // hack code to initialize NamedEllipticCurve
-        NamedEllipticCurve nec =
-                NamedEllipticCurve.getCurve("secp256r1", false);
-
-        // The value of the System Property defines a list of enabled named
-        // curves in preference order, separated with comma.  For example:
-        //
-        //      jdk.tls.namedGroups="secp521r1, secp256r1, secp384r1"
-        //
-        // If the System Property is not defined or the value is empty, the
-        // default curves and preferences will be used.
-        String property = AccessController.doPrivileged(
-                    new GetPropertyAction("jdk.tls.namedGroups"));
-        if (property != null && property.length() != 0) {
-            // remove double quote marks from beginning/end of the property
-            if (property.length() > 1 && property.charAt(0) == '"' &&
-                    property.charAt(property.length() - 1) == '"') {
-                property = property.substring(1, property.length() - 1);
-            }
-        }
-
-        ArrayList idList;
-        if (property != null && property.length() != 0) {   // customized curves
-            String[] curves = property.split(",");
-            idList = new ArrayList<>(curves.length);
-            for (String curve : curves) {
-                curve = curve.trim();
-                if (!curve.isEmpty()) {
-                    NamedEllipticCurve namedCurve =
-                            NamedEllipticCurve.getCurve(curve, requireFips);
-                    if (namedCurve != null) {
-                        if (isAvailableCurve(namedCurve.id)) {
-                            idList.add(namedCurve.id);
-                        }
-                    }   // ignore unknown curves
-                }
-            }
-            if (idList.isEmpty() && JsseJce.isEcAvailable()) {
-                throw new IllegalArgumentException(
-                    "System property jdk.tls.namedGroups(" + property + ") " +
-                    "contains no supported elliptic curves");
-            }
-        } else {        // default curves
-            int[] ids;
-            if (requireFips) {
-                ids = new int[] {
-                    // only NIST curves in FIPS mode
-                    23, 24, 25, 9, 10, 11, 12, 13, 14,
-                };
-            } else {
-                ids = new int[] {
-                    // NIST curves first
-                    23, 24, 25, 9, 10, 11, 12, 13, 14,
-                    // non-NIST curves
-                    22,
-                };
-            }
-
-            idList = new ArrayList<>(ids.length);
-            for (int curveId : ids) {
-                if (isAvailableCurve(curveId)) {
-                    idList.add(curveId);
-                }
-            }
-        }
-
-        if (debug != null && idList.isEmpty()) {
-            Debug.log(
-                "Initialized [jdk.tls.namedGroups|default] list contains " +
-                "no available elliptic curves. " +
-                (property != null ? "(" + property + ")" : "[Default]"));
-        }
-
-        supportedCurveIds = new int[idList.size()];
-        int i = 0;
-        for (Integer id : idList) {
-            supportedCurveIds[i++] = id;
-        }
-    }
-
-    // check whether the curve is supported by the underlying providers
-    private static boolean isAvailableCurve(int curveId) {
-        String oid = idToOidMap.get(curveId);
-        if (oid != null) {
-            AlgorithmParameters params = null;
-            try {
-                params = JsseJce.getAlgorithmParameters("EC");
-                params.init(new ECGenParameterSpec(oid));
-            } catch (Exception e) {
-                return false;
-            }
-
-            // cache the parameters
-            idToParams.put(curveId, params);
-
-            return true;
-        }
-
-        return false;
-    }
-
-    private EllipticCurvesExtension(int[] curveIds) {
-        super(ExtensionType.EXT_ELLIPTIC_CURVES);
-
-        this.curveIds = curveIds;
-    }
-
-    EllipticCurvesExtension(HandshakeInStream s, int len)
-            throws IOException {
-        super(ExtensionType.EXT_ELLIPTIC_CURVES);
-
-        int k = s.getInt16();
-        if (((len & 1) != 0) || (k + 2 != len)) {
-            throw new SSLProtocolException("Invalid " + type + " extension");
-        }
-
-        // Note: unknown curves will be ignored later.
-        curveIds = new int[k >> 1];
-        for (int i = 0; i < curveIds.length; i++) {
-            curveIds[i] = s.getInt16();
-        }
-    }
-
-    // get the preferred active curve
-    static int getActiveCurves(AlgorithmConstraints constraints) {
-        return getPreferredCurve(supportedCurveIds, constraints);
-    }
-
-    static boolean hasActiveCurves(AlgorithmConstraints constraints) {
-        return getActiveCurves(constraints) >= 0;
-    }
-
-    static EllipticCurvesExtension createExtension(
-                AlgorithmConstraints constraints) {
-
-        ArrayList idList = new ArrayList<>(supportedCurveIds.length);
-        for (int curveId : supportedCurveIds) {
-            if (constraints.permits(
-                    EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
-                                "EC", idToParams.get(curveId))) {
-                idList.add(curveId);
-            }
-        }
-
-        if (!idList.isEmpty()) {
-            int[] ids = new int[idList.size()];
-            int i = 0;
-            for (Integer id : idList) {
-                ids[i++] = id;
-            }
-
-            return new EllipticCurvesExtension(ids);
-        }
-
-        return null;
-    }
-
-    // get the preferred activated curve
-    int getPreferredCurve(AlgorithmConstraints constraints) {
-        return getPreferredCurve(curveIds, constraints);
-    }
-
-    // get a preferred activated curve
-    private static int getPreferredCurve(int[] curves,
-                AlgorithmConstraints constraints) {
-        for (int curveId : curves) {
-            if (isSupported(curveId) && constraints.permits(
-                    EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
-                                "EC", idToParams.get(curveId))) {
-                return curveId;
-            }
-        }
-
-        return -1;
-    }
-
-    boolean contains(int index) {
-        for (int curveId : curveIds) {
-            if (index == curveId) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    @Override
-    int length() {
-        return 6 + (curveIds.length << 1);
-    }
-
-    @Override
-    void send(HandshakeOutStream s) throws IOException {
-        s.putInt16(type.id);
-        int k = curveIds.length << 1;
-        s.putInt16(k + 2);
-        s.putInt16(k);
-        for (int curveId : curveIds) {
-            s.putInt16(curveId);
-        }
-    }
-
-    @Override
-    public String toString() {
-        StringBuilder sb = new StringBuilder();
-        sb.append("Extension " + type + ", curve names: {");
-        boolean first = true;
-        for (int curveId : curveIds) {
-            if (first) {
-                first = false;
-            } else {
-                sb.append(", ");
-            }
-            // first check if it is a known named curve, then try other cases.
-            String curveName = getCurveName(curveId);
-            if (curveName != null) {
-                sb.append(curveName);
-            } else if (curveId == ARBITRARY_PRIME) {
-                sb.append("arbitrary_explicit_prime_curves");
-            } else if (curveId == ARBITRARY_CHAR2) {
-                sb.append("arbitrary_explicit_char2_curves");
-            } else {
-                sb.append("unknown curve " + curveId);
-            }
-        }
-        sb.append("}");
-        return sb.toString();
-    }
-
-    // Test whether the given curve is supported.
-    static boolean isSupported(int index) {
-        for (int curveId : supportedCurveIds) {
-            if (index == curveId) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    static int getCurveIndex(ECParameterSpec params) {
-        String oid = JsseJce.getNamedCurveOid(params);
-        if (oid == null) {
-            return -1;
-        }
-        Integer n = oidToIdMap.get(oid);
-        return (n == null) ? -1 : n;
-    }
-
-    static String getCurveOid(int index) {
-        return idToOidMap.get(index);
-    }
-
-    static ECGenParameterSpec getECGenParamSpec(int index) {
-        AlgorithmParameters params = idToParams.get(index);
-        try {
-            return params.getParameterSpec(ECGenParameterSpec.class);
-        } catch (InvalidParameterSpecException ipse) {
-            // should be unlikely
-            String curveOid = getCurveOid(index);
-            return new ECGenParameterSpec(curveOid);
-        }
-    }
-
-    private static String getCurveName(int index) {
-        for (NamedEllipticCurve namedCurve : NamedEllipticCurve.values()) {
-            if (namedCurve.id == index) {
-                return namedCurve.name;
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/ExtensionType.java b/jdk/src/java.base/share/classes/sun/security/ssl/ExtensionType.java
index be64dfde62..5338807bbd 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ExtensionType.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ExtensionType.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -82,9 +82,9 @@ final class ExtensionType {
     static final ExtensionType EXT_CERT_TYPE =
             e(0x0009, "cert_type");              // IANA registry value: 9
 
-    // extensions defined in RFC 4492 (ECC)
-    static final ExtensionType EXT_ELLIPTIC_CURVES =
-            e(0x000A, "elliptic_curves");        // IANA registry value: 10
+    // extensions defined in RFC 4492 (ECC) and RFC 7919 (FFDHE)
+    static final ExtensionType EXT_SUPPORTED_GROUPS =
+            e(0x000A, "supported_groups");       // IANA registry value: 10
     static final ExtensionType EXT_EC_POINT_FORMATS =
             e(0x000B, "ec_point_formats");       // IANA registry value: 11
 
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java b/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java
index 4717fbba17..8477456c4d 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1369,8 +1369,9 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange {
     private static final int CURVE_EXPLICIT_CHAR2 = 2;
     private static final int CURVE_NAMED_CURVE    = 3;
 
-    // id of the curve we are using
-    private int curveId;
+    // id of the named group we are using
+    private int groupId;
+
     // encoded public point
     private byte[] pointBytes;
 
@@ -1389,7 +1390,8 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange {
     ECDH_ServerKeyExchange(ECDHCrypt obj, PrivateKey privateKey,
             byte[] clntNonce, byte[] svrNonce, SecureRandom sr,
             SignatureAndHashAlgorithm signAlgorithm,
-            ProtocolVersion protocolVersion) throws GeneralSecurityException {
+            ProtocolVersion protocolVersion)
+            throws SSLHandshakeException, GeneralSecurityException {
 
         this.protocolVersion = protocolVersion;
 
@@ -1397,7 +1399,14 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange {
         ECParameterSpec params = publicKey.getParams();
         ECPoint point = publicKey.getW();
         pointBytes = JsseJce.encodePoint(point, params.getCurve());
-        curveId = EllipticCurvesExtension.getCurveIndex(params);
+
+        NamedGroup namedGroup = NamedGroup.valueOf(params);
+        if ((namedGroup == null) || (namedGroup.oid == null) ){
+            // unlikely
+            throw new SSLHandshakeException(
+                "Unnamed EC parameter spec: " + params);
+        }
+        groupId = namedGroup.id;
 
         if (privateKey == null) {
             // ECDH_anon
@@ -1434,20 +1443,27 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange {
         // These parsing errors should never occur as we negotiated
         // the supported curves during the exchange of the Hello messages.
         if (curveType == CURVE_NAMED_CURVE) {
-            curveId = input.getInt16();
-            if (!EllipticCurvesExtension.isSupported(curveId)) {
+            groupId = input.getInt16();
+            NamedGroup namedGroup = NamedGroup.valueOf(groupId);
+            if (namedGroup == null) {
                 throw new SSLHandshakeException(
-                    "Unsupported curveId: " + curveId);
+                    "Unknown named group ID: " + groupId);
             }
-            String curveOid = EllipticCurvesExtension.getCurveOid(curveId);
-            if (curveOid == null) {
+
+            if (!SupportedGroupsExtension.supports(namedGroup)) {
                 throw new SSLHandshakeException(
-                    "Unknown named curve: " + curveId);
+                    "Unsupported named group: " + namedGroup);
             }
-            parameters = JsseJce.getECParameterSpec(curveOid);
+
+            if (namedGroup.oid == null) {
+                throw new SSLHandshakeException(
+                    "Unknown named EC curve: " + namedGroup);
+            }
+
+            parameters = JsseJce.getECParameterSpec(namedGroup.oid);
             if (parameters == null) {
                 throw new SSLHandshakeException(
-                    "Unsupported curve: " + curveOid);
+                    "No supported EC parameter for named group: " + namedGroup);
             }
         } else {
             throw new SSLHandshakeException(
@@ -1530,8 +1546,8 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange {
         sig.update(svrNonce);
 
         sig.update((byte)CURVE_NAMED_CURVE);
-        sig.update((byte)(curveId >> 8));
-        sig.update((byte)curveId);
+        sig.update((byte)(groupId >> 8));
+        sig.update((byte)groupId);
         sig.update((byte)pointBytes.length);
         sig.update(pointBytes);
     }
@@ -1552,7 +1568,7 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange {
     @Override
     void send(HandshakeOutStream s) throws IOException {
         s.putInt8(CURVE_NAMED_CURVE);
-        s.putInt16(curveId);
+        s.putInt16(groupId);
         s.putBytes8(pointBytes);
 
         if (signatureBytes != null) {
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java
index f830bc70ce..e26495b3c5 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,6 +52,7 @@ import sun.security.ssl.CipherSuite.*;
 
 import static sun.security.ssl.CipherSuite.PRF.*;
 import static sun.security.ssl.CipherSuite.CipherType.*;
+import static sun.security.ssl.NamedGroupType.*;
 
 /**
  * Handshaker ... processes handshake records from an SSL V3.0
@@ -685,42 +686,14 @@ abstract class Handshaker {
             ArrayList suites = new ArrayList<>();
             if (!(activeProtocols.collection().isEmpty()) &&
                     activeProtocols.min.v != ProtocolVersion.NONE.v) {
-                boolean checkedCurves = false;
-                boolean hasCurves = false;
+                Map cachedStatus =
+                        new EnumMap<>(NamedGroupType.class);
                 for (CipherSuite suite : enabledCipherSuites.collection()) {
-                    if (!activeProtocols.min.obsoletes(suite) &&
+                    if (suite.isAvailable() &&
+                            (!activeProtocols.min.obsoletes(suite)) &&
                             activeProtocols.max.supports(suite)) {
-                        if (algorithmConstraints.permits(
-                                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
-                                suite.name, null)) {
-
-                            boolean available = true;
-                            if (suite.keyExchange.isEC) {
-                                if (!checkedCurves) {
-                                    hasCurves = EllipticCurvesExtension
-                                        .hasActiveCurves(algorithmConstraints);
-                                    checkedCurves = true;
-
-                                    if (!hasCurves && debug != null &&
-                                                Debug.isOn("verbose")) {
-                                        System.out.println(
-                                            "No available elliptic curves");
-                                    }
-                                }
-
-                                available = hasCurves;
-
-                                if (!available && debug != null &&
-                                        Debug.isOn("verbose")) {
-                                    System.out.println(
-                                        "No active elliptic curves, ignore " +
-                                        suite);
-                                }
-                            }
-
-                            if (available) {
-                                suites.add(suite);
-                            }
+                        if (isActivatable(suite, cachedStatus)) {
+                            suites.add(suite);
                         }
                     } else if (debug != null && Debug.isOn("verbose")) {
                         if (activeProtocols.min.obsoletes(suite)) {
@@ -779,46 +752,15 @@ abstract class Handshaker {
                 }
 
                 boolean found = false;
+                Map cachedStatus =
+                        new EnumMap<>(NamedGroupType.class);
                 for (CipherSuite suite : enabledCipherSuites.collection()) {
                     if (suite.isAvailable() && (!protocol.obsoletes(suite)) &&
                                                protocol.supports(suite)) {
-                        if (algorithmConstraints.permits(
-                                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
-                                suite.name, null)) {
-
-                            boolean available = true;
-                            if (suite.keyExchange.isEC) {
-                                if (!checkedCurves) {
-                                    hasCurves = EllipticCurvesExtension
-                                        .hasActiveCurves(algorithmConstraints);
-                                    checkedCurves = true;
-
-                                    if (!hasCurves && debug != null &&
-                                                Debug.isOn("verbose")) {
-                                        System.out.println(
-                                            "No activated elliptic curves");
-                                    }
-                                }
-
-                                available = hasCurves;
-
-                                if (!available && debug != null &&
-                                        Debug.isOn("verbose")) {
-                                    System.out.println(
-                                        "No active elliptic curves, ignore " +
-                                        suite + " for " + protocol);
-                                }
-                            }
-
-                            if (available) {
-                                protocols.add(protocol);
-                                found = true;
-                                break;
-                            }
-                        } else if (debug != null && Debug.isOn("verbose")) {
-                            System.out.println(
-                                "Ignoring disabled cipher suite: " + suite +
-                                 " for " + protocol);
+                        if (isActivatable(suite, cachedStatus)) {
+                            protocols.add(protocol);
+                            found = true;
+                            break;
                         }
                     } else if (debug != null && Debug.isOn("verbose")) {
                         System.out.println(
@@ -826,6 +768,7 @@ abstract class Handshaker {
                                  " for " + protocol);
                     }
                 }
+
                 if (!found && (debug != null) && Debug.isOn("handshake")) {
                     System.out.println(
                         "No available cipher suite for " + protocol);
@@ -842,6 +785,43 @@ abstract class Handshaker {
         return activeProtocols;
     }
 
+    private boolean isActivatable(CipherSuite suite,
+            Map cachedStatus) {
+
+        if (algorithmConstraints.permits(
+                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) {
+            boolean available = true;
+            NamedGroupType groupType = suite.keyExchange.groupType;
+            if (groupType != NAMED_GROUP_NONE) {
+                Boolean checkedStatus = cachedStatus.get(groupType);
+                if (checkedStatus == null) {
+                    available = SupportedGroupsExtension.isActivatable(
+                            algorithmConstraints, groupType);
+                    cachedStatus.put(groupType, available);
+
+                    if (!available && debug != null && Debug.isOn("verbose")) {
+                        System.out.println("No activated named group");
+                    }
+                } else {
+                    available = checkedStatus.booleanValue();
+                }
+
+                if (!available && debug != null && Debug.isOn("verbose")) {
+                    System.out.println(
+                        "No active named group, ignore " + suite);
+                }
+
+                return available;
+            } else {
+                return true;
+            }
+        } else if (debug != null && Debug.isOn("verbose")) {
+            System.out.println("Ignoring disabled cipher suite: " + suite);
+        }
+
+        return false;
+    }
+
     /**
      * As long as handshaking has not activated, we can
      * change whether session creations are allowed.
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/HelloExtensions.java b/jdk/src/java.base/share/classes/sun/security/ssl/HelloExtensions.java
index f831db1239..82975c962f 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/HelloExtensions.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/HelloExtensions.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,7 +49,7 @@ import javax.net.ssl.*;
  *      explicitly support.
  *  . ServerNameExtension: the server_name extension.
  *  . SignatureAlgorithmsExtension: the signature_algorithms extension.
- *  . EllipticCurvesExtension: the ECC supported curves extension.
+ *  . SupportedGroupsExtension: the supported groups extension.
  *  . EllipticPointFormatsExtension: the ECC supported point formats
  *      (compressed/uncompressed) extension.
  *  . ALPNExtension: the application_layer_protocol_negotiation extension.
@@ -79,8 +79,8 @@ final class HelloExtensions {
                 extension = new ServerNameExtension(s, extlen);
             } else if (extType == ExtensionType.EXT_SIGNATURE_ALGORITHMS) {
                 extension = new SignatureAlgorithmsExtension(s, extlen);
-            } else if (extType == ExtensionType.EXT_ELLIPTIC_CURVES) {
-                extension = new EllipticCurvesExtension(s, extlen);
+            } else if (extType == ExtensionType.EXT_SUPPORTED_GROUPS) {
+                extension = new SupportedGroupsExtension(s, extlen);
             } else if (extType == ExtensionType.EXT_EC_POINT_FORMATS) {
                 extension = new EllipticPointFormatsExtension(s, extlen);
             } else if (extType == ExtensionType.EXT_RENEGOTIATION_INFO) {
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/NamedGroup.java b/jdk/src/java.base/share/classes/sun/security/ssl/NamedGroup.java
new file mode 100644
index 0000000000..452e839a20
--- /dev/null
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/NamedGroup.java
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.ssl;
+
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import static sun.security.ssl.NamedGroupType.*;
+
+enum NamedGroup {
+    // Elliptic Curves (RFC 4492)
+    //
+    // See sun.security.util.CurveDB for the OIDs
+
+    // NIST K-163
+    SECT163_K1(1, NAMED_GROUP_ECDHE, "sect163k1", "1.3.132.0.1", true),
+
+    SECT163_R1(2, NAMED_GROUP_ECDHE, "sect163r1", "1.3.132.0.2", false),
+
+    // NIST B-163
+    SECT163_R2(3, NAMED_GROUP_ECDHE, "sect163r2", "1.3.132.0.15", true),
+
+    SECT193_R1(4, NAMED_GROUP_ECDHE, "sect193r1", "1.3.132.0.24", false),
+    SECT193_R2(5, NAMED_GROUP_ECDHE, "sect193r2", "1.3.132.0.25", false),
+
+    // NIST K-233
+    SECT233_K1(6, NAMED_GROUP_ECDHE, "sect233k1", "1.3.132.0.26", true),
+
+    // NIST B-233
+    SECT233_R1(7, NAMED_GROUP_ECDHE, "sect233r1", "1.3.132.0.27", true),
+
+    SECT239_K1(8, NAMED_GROUP_ECDHE, "sect239k1", "1.3.132.0.3", false),
+
+    // NIST K-283
+    SECT283_K1(9, NAMED_GROUP_ECDHE, "sect283k1", "1.3.132.0.16", true),
+
+    // NIST B-283
+    SECT283_R1(10, NAMED_GROUP_ECDHE, "sect283r1", "1.3.132.0.17", true),
+
+    // NIST K-409
+    SECT409_K1(11, NAMED_GROUP_ECDHE, "sect409k1", "1.3.132.0.36", true),
+
+    // NIST B-409
+    SECT409_R1(12, NAMED_GROUP_ECDHE, "sect409r1", "1.3.132.0.37", true),
+
+    // NIST K-571
+    SECT571_K1(13, NAMED_GROUP_ECDHE, "sect571k1", "1.3.132.0.38", true),
+
+    // NIST B-571
+    SECT571_R1(14, NAMED_GROUP_ECDHE, "sect571r1", "1.3.132.0.39", true),
+
+    SECP160_K1(15, NAMED_GROUP_ECDHE, "secp160k1", "1.3.132.0.9", false),
+    SECP160_R1(16, NAMED_GROUP_ECDHE, "secp160r1", "1.3.132.0.8", false),
+    SECP160_R2(17, NAMED_GROUP_ECDHE, "secp160r2", "1.3.132.0.30", false),
+    SECP192_K1(18, NAMED_GROUP_ECDHE, "secp192k1", "1.3.132.0.31", false),
+
+    // NIST P-192
+    SECP192_R1(19, NAMED_GROUP_ECDHE, "secp192r1", "1.2.840.10045.3.1.1", true),
+
+    SECP224_K1(20, NAMED_GROUP_ECDHE, "secp224k1", "1.3.132.0.32", false),
+    // NIST P-224
+    SECP224_R1(21, NAMED_GROUP_ECDHE, "secp224r1", "1.3.132.0.33", true),
+
+    SECP256_K1(22, NAMED_GROUP_ECDHE, "secp256k1", "1.3.132.0.10", false),
+
+    // NIST P-256
+    SECP256_R1(23, NAMED_GROUP_ECDHE, "secp256r1", "1.2.840.10045.3.1.7", true),
+
+    // NIST P-384
+    SECP384_R1(24, NAMED_GROUP_ECDHE, "secp384r1", "1.3.132.0.34", true),
+
+    // NIST P-521
+    SECP521_R1(25, NAMED_GROUP_ECDHE, "secp521r1", "1.3.132.0.35", true),
+
+    // Finite Field Diffie-Hellman Ephemeral Parameters (RFC 7919)
+    FFDHE_2048(256, NAMED_GROUP_FFDHE, "ffdhe2048",  true),
+    FFDHE_3072(257, NAMED_GROUP_FFDHE, "ffdhe3072",  true),
+    FFDHE_4096(258, NAMED_GROUP_FFDHE, "ffdhe4096",  true),
+    FFDHE_6144(259, NAMED_GROUP_FFDHE, "ffdhe6144",  true),
+    FFDHE_8192(260, NAMED_GROUP_FFDHE, "ffdhe8192",  true);
+
+    int             id;
+    NamedGroupType  type;
+    String          name;
+    String          oid;
+    String          algorithm;
+    boolean         isFips;
+
+    // Constructor used for Elliptic Curve Groups (ECDHE)
+    NamedGroup(int id, NamedGroupType type,
+                String name, String oid, boolean isFips) {
+        this.id = id;
+        this.type = type;
+        this.name = name;
+        this.oid = oid;
+        this.algorithm = "EC";
+        this.isFips = isFips;
+    }
+
+    // Constructor used for Finite Field Diffie-Hellman Groups (FFDHE)
+    NamedGroup(int id, NamedGroupType type, String name, boolean isFips) {
+        this.id = id;
+        this.type = type;
+        this.name = name;
+        this.oid = null;
+        this.algorithm = "DiffieHellman";
+        this.isFips = isFips;
+    }
+
+    static NamedGroup valueOf(int id) {
+        for (NamedGroup group : NamedGroup.values()) {
+            if (group.id == id) {
+                return group;
+            }
+        }
+
+        return null;
+    }
+
+    static NamedGroup nameOf(String name) {
+        for (NamedGroup group : NamedGroup.values()) {
+            if (group.name.equals(name)) {
+                return group;
+            }
+        }
+
+        return null;
+    }
+
+    static NamedGroup valueOf(ECParameterSpec params) {
+        String oid = JsseJce.getNamedCurveOid(params);
+        if ((oid != null) && (!oid.isEmpty())) {
+            for (NamedGroup group : NamedGroup.values()) {
+                if (oid.equals(group.oid)) {
+                    return group;
+                }
+            }
+        }
+
+        return null;
+    }
+
+    @Override
+    public String toString() {
+        return this.name;
+    }
+}
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/NamedGroupType.java b/jdk/src/java.base/share/classes/sun/security/ssl/NamedGroupType.java
new file mode 100644
index 0000000000..0e0c982e4a
--- /dev/null
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/NamedGroupType.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.ssl;
+
+enum NamedGroupType {
+    NAMED_GROUP_ECDHE,          // Elliptic Curve Groups (ECDHE)
+    NAMED_GROUP_FFDHE,          // Finite Field Groups (DHE)
+    NAMED_GROUP_NONE            // No predefined named group
+}
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java b/jdk/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java
new file mode 100644
index 0000000000..54d8c7d310
--- /dev/null
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java
@@ -0,0 +1,314 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.ssl;
+
+import java.security.*;
+import java.math.BigInteger;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Collections;
+import javax.crypto.spec.DHParameterSpec;
+
+/**
+ * Predefined default DH ephemeral parameters.
+ */
+final class PredefinedDHParameterSpecs {
+    private final static boolean debugIsOn =
+            (Debug.getInstance("ssl") != null) && Debug.isOn("sslctx");
+
+    //
+    // Default DH ephemeral parameters
+    //
+    private static final BigInteger p512 = new BigInteger(       // generated
+            "D87780E15FF50B4ABBE89870188B049406B5BEA98AB23A02" +
+            "41D88EA75B7755E669C08093D3F0CA7FC3A5A25CF067DCB9" +
+            "A43DD89D1D90921C6328884461E0B6D3", 16);
+    private static final BigInteger p768 = new BigInteger(       // RFC 2409
+            "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +
+            "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +
+            "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +
+            "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF", 16);
+
+    private static final BigInteger p1024 = new BigInteger(      // RFC 2409
+            "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +
+            "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +
+            "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +
+            "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +
+            "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" +
+            "FFFFFFFFFFFFFFFF", 16);
+    private static final BigInteger p1536 = new BigInteger(      // RFC 3526
+            "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +
+            "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +
+            "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +
+            "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +
+            "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" +
+            "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" +
+            "83655D23DCA3AD961C62F356208552BB9ED529077096966D" +
+            "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", 16);
+    private static final BigInteger p2048 = new BigInteger(      // TLS FFDHE
+            "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
+            "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
+            "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
+            "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
+            "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
+            "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
+            "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
+            "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
+            "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
+            "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
+            "886B423861285C97FFFFFFFFFFFFFFFF", 16);
+    private static final BigInteger p3072 = new BigInteger(      // TLS FFDHE
+            "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
+            "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
+            "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
+            "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
+            "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
+            "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
+            "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
+            "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
+            "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
+            "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
+            "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
+            "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
+            "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
+            "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
+            "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
+            "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF", 16);
+    private static final BigInteger p4096 = new BigInteger(      // TLS FFDHE
+            "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
+            "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
+            "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
+            "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
+            "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
+            "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
+            "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
+            "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
+            "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
+            "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
+            "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
+            "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
+            "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
+            "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
+            "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
+            "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" +
+            "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" +
+            "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" +
+            "A907600A918130C46DC778F971AD0038092999A333CB8B7A" +
+            "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" +
+            "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A" +
+            "FFFFFFFFFFFFFFFF", 16);
+    private static final BigInteger p6144 = new BigInteger(      // TLS FFDHE
+            "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
+            "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
+            "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
+            "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
+            "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
+            "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
+            "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
+            "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
+            "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
+            "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
+            "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
+            "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
+            "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
+            "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
+            "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
+            "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" +
+            "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" +
+            "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" +
+            "A907600A918130C46DC778F971AD0038092999A333CB8B7A" +
+            "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" +
+            "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" +
+            "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" +
+            "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" +
+            "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" +
+            "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" +
+            "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" +
+            "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" +
+            "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" +
+            "D72B03746AE77F5E62292C311562A846505DC82DB854338A" +
+            "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" +
+            "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" +
+            "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF", 16);
+    private static final BigInteger p8192 = new BigInteger(      // TLS FFDHE
+            "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
+            "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
+            "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
+            "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
+            "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
+            "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
+            "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
+            "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
+            "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
+            "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
+            "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
+            "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
+            "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
+            "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
+            "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
+            "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" +
+            "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" +
+            "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" +
+            "A907600A918130C46DC778F971AD0038092999A333CB8B7A" +
+            "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" +
+            "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" +
+            "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" +
+            "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" +
+            "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" +
+            "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" +
+            "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" +
+            "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" +
+            "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" +
+            "D72B03746AE77F5E62292C311562A846505DC82DB854338A" +
+            "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" +
+            "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" +
+            "A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C838" +
+            "1E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E" +
+            "0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665" +
+            "CB2C0F1CC01BD70229388839D2AF05E454504AC78B758282" +
+            "2846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022" +
+            "BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C" +
+            "51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9" +
+            "D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA457" +
+            "1EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30" +
+            "FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D" +
+            "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C" +
+            "D68C8BB7C5C6424CFFFFFFFFFFFFFFFF", 16);
+
+    private static final BigInteger[] supportedPrimes = {
+            p512, p768, p1024, p1536, p2048, p3072, p4096, p6144, p8192};
+
+    private static final BigInteger[] ffdhePrimes = {
+            p2048, p3072, p4096, p6144, p8192};
+
+    // a measure of the uncertainty that prime modulus p is not a prime
+    //
+    // see BigInteger.isProbablePrime(int certainty)
+    private final static int PRIME_CERTAINTY = 120;
+
+    // the known security property, jdk.tls.server.defaultDHEParameters
+    private final static String PROPERTY_NAME =
+            "jdk.tls.server.defaultDHEParameters";
+
+    private static final Pattern spacesPattern = Pattern.compile("\\s+");
+
+    private final static Pattern syntaxPattern = Pattern.compile(
+            "(\\{[0-9A-Fa-f]+,[0-9A-Fa-f]+\\})" +
+            "(,\\{[0-9A-Fa-f]+,[0-9A-Fa-f]+\\})*");
+
+    private static final Pattern paramsPattern = Pattern.compile(
+            "\\{([0-9A-Fa-f]+),([0-9A-Fa-f]+)\\}");
+
+    // cache of predefined default DH ephemeral parameters
+    final static Map definedParams;
+
+    // cache of Finite Field DH Ephemeral parameters (RFC 7919/FFDHE)
+    final static Map ffdheParams;
+
+    static {
+        String property = AccessController.doPrivileged(
+            new PrivilegedAction() {
+                public String run() {
+                    return Security.getProperty(PROPERTY_NAME);
+                }
+            });
+
+        if (property != null && !property.isEmpty()) {
+            // remove double quote marks from beginning/end of the property
+            if (property.length() >= 2 && property.charAt(0) == '"' &&
+                    property.charAt(property.length() - 1) == '"') {
+                property = property.substring(1, property.length() - 1);
+            }
+
+            property = property.trim();
+        }
+
+        if (property != null && !property.isEmpty()) {
+            Matcher spacesMatcher = spacesPattern.matcher(property);
+            property = spacesMatcher.replaceAll("");
+
+            if (debugIsOn) {
+                System.out.println("The Security Property " +
+                        PROPERTY_NAME + ": " + property);
+            }
+        }
+
+        Map defaultParams = new HashMap<>();
+        if (property != null && !property.isEmpty()) {
+            Matcher syntaxMatcher = syntaxPattern.matcher(property);
+            if (syntaxMatcher.matches()) {
+                Matcher paramsFinder = paramsPattern.matcher(property);
+                while(paramsFinder.find()) {
+                    String primeModulus = paramsFinder.group(1);
+                    BigInteger p = new BigInteger(primeModulus, 16);
+                    if (!p.isProbablePrime(PRIME_CERTAINTY)) {
+                        if (debugIsOn) {
+                            System.out.println(
+                                "Prime modulus p in Security Property, " +
+                                PROPERTY_NAME + ", is not a prime: " +
+                                primeModulus);
+                        }
+
+                        continue;
+                    }
+
+                    String baseGenerator = paramsFinder.group(2);
+                    BigInteger g = new BigInteger(baseGenerator, 16);
+
+                    DHParameterSpec spec = new DHParameterSpec(p, g);
+                    int primeLen = p.bitLength();
+                    defaultParams.put(primeLen, spec);
+                }
+            } else if (debugIsOn) {
+                System.out.println("Invalid Security Property, " +
+                        PROPERTY_NAME + ", definition");
+            }
+        }
+
+        Map tempFFDHEs = new HashMap<>();
+        for (BigInteger p : ffdhePrimes) {
+            int primeLen = p.bitLength();
+            DHParameterSpec dhps = new DHParameterSpec(p, BigInteger.TWO);
+            tempFFDHEs.put(primeLen, dhps);
+            defaultParams.putIfAbsent(primeLen, dhps);
+        }
+
+        for (BigInteger p : supportedPrimes) {
+            int primeLen = p.bitLength();
+            if (defaultParams.get(primeLen) == null) {
+                defaultParams.put(primeLen,
+                    new DHParameterSpec(p, BigInteger.TWO));
+            }
+        }
+
+        ffdheParams =
+            Collections.unmodifiableMap(tempFFDHEs);
+        definedParams =
+            Collections.unmodifiableMap(defaultParams);
+    }
+}
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java
index 4ad18b163e..85b96cd3f8 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -96,7 +96,7 @@ final class ServerHandshaker extends Handshaker {
     private ProtocolVersion clientRequestedVersion;
 
     // client supported elliptic curves
-    private EllipticCurvesExtension requestedCurves;
+    private SupportedGroupsExtension requestedGroups;
 
     // the preferable signature algorithm used by ServerKeyExchange message
     SignatureAndHashAlgorithm preferableSignatureAlgorithm;
@@ -751,8 +751,8 @@ final class ServerHandshaker extends Handshaker {
                 throw new SSLException("Client did not resume a session");
             }
 
-            requestedCurves = (EllipticCurvesExtension)
-                        mesg.extensions.get(ExtensionType.EXT_ELLIPTIC_CURVES);
+            requestedGroups = (SupportedGroupsExtension)
+                    mesg.extensions.get(ExtensionType.EXT_SUPPORTED_GROUPS);
 
             // We only need to handle the "signature_algorithm" extension
             // for full handshakes and TLS 1.2 or later.
@@ -1341,6 +1341,8 @@ final class ServerHandshaker extends Handshaker {
             }
         }
 
+        // The named group used for ECDHE and FFDHE.
+        NamedGroup namedGroup = null;
         switch (keyExchange) {
         case K_RSA:
             // need RSA certs for authentication
@@ -1366,6 +1368,37 @@ final class ServerHandshaker extends Handshaker {
             }
             break;
         case K_DHE_RSA:
+            // Is ephemeral DH cipher suite usable for the connection?
+            //
+            // [RFC 7919] If a compatible TLS server receives a Supported
+            // Groups extension from a client that includes any FFDHE group
+            // (i.e., any codepoint between 256 and 511, inclusive, even if
+            // unknown to the server), and if none of the client-proposed
+            // FFDHE groups are known and acceptable to the server, then
+            // the server MUST NOT select an FFDHE cipher suite.  In this
+            // case, the server SHOULD select an acceptable non-FFDHE cipher
+            // suite from the client's offered list.  If the extension is
+            // present with FFDHE groups, none of the client's offered
+            // groups are acceptable by the server, and none of the client's
+            // proposed non-FFDHE cipher suites are acceptable to the server,
+            // the server MUST end the connection with a fatal TLS alert
+            // of type insufficient_security(71).
+            //
+            // Note: For compatibility, if an application is customized to
+            // use legacy sizes (512 bits for exportable cipher suites and
+            // 768 bits for others), or the cipher suite is exportable, the
+            // FFDHE extension will not be used.
+            if ((!useLegacyEphemeralDHKeys) && (!suite.exportable) &&
+                (requestedGroups != null) && requestedGroups.hasFFDHEGroup()) {
+
+                namedGroup = requestedGroups.getPreferredGroup(
+                    algorithmConstraints, NamedGroupType.NAMED_GROUP_FFDHE);
+                if (namedGroup == null) {
+                    // no match found, cannot use this cipher suite.
+                    return false;
+                }
+            }
+
             // need RSA certs for authentication
             if (setupPrivateKeyAndChain("RSA") == false) {
                 return false;
@@ -1386,9 +1419,20 @@ final class ServerHandshaker extends Handshaker {
                 }
             }
 
-            setupEphemeralDHKeys(suite.exportable, privateKey);
+            setupEphemeralDHKeys(namedGroup, suite.exportable, privateKey);
             break;
         case K_ECDHE_RSA:
+            // Is ECDHE cipher suite usable for the connection?
+            namedGroup = (requestedGroups != null) ?
+                requestedGroups.getPreferredGroup(
+                    algorithmConstraints, NamedGroupType.NAMED_GROUP_ECDHE) :
+                SupportedGroupsExtension.getPreferredECGroup(
+                    algorithmConstraints);
+            if (namedGroup == null) {
+                // no match found, cannot use this ciphersuite
+                return false;
+            }
+
             // need RSA certs for authentication
             if (setupPrivateKeyAndChain("RSA") == false) {
                 return false;
@@ -1409,11 +1453,23 @@ final class ServerHandshaker extends Handshaker {
                 }
             }
 
-            if (setupEphemeralECDHKeys() == false) {
-                return false;
-            }
+            setupEphemeralECDHKeys(namedGroup);
             break;
         case K_DHE_DSS:
+            // Is ephemeral DH cipher suite usable for the connection?
+            //
+            // See comment in K_DHE_RSA case.
+            if ((!useLegacyEphemeralDHKeys) && (!suite.exportable) &&
+                (requestedGroups != null) && requestedGroups.hasFFDHEGroup()) {
+
+                namedGroup = requestedGroups.getPreferredGroup(
+                    algorithmConstraints, NamedGroupType.NAMED_GROUP_FFDHE);
+                if (namedGroup == null) {
+                    // no match found, cannot use this cipher suite.
+                    return false;
+                }
+            }
+
             // get preferable peer signature algorithm for server key exchange
             if (protocolVersion.useTLS12PlusSpec()) {
                 preferableSignatureAlgorithm =
@@ -1434,9 +1490,20 @@ final class ServerHandshaker extends Handshaker {
                 return false;
             }
 
-            setupEphemeralDHKeys(suite.exportable, privateKey);
+            setupEphemeralDHKeys(namedGroup, suite.exportable, privateKey);
             break;
         case K_ECDHE_ECDSA:
+            // Is ECDHE cipher suite usable for the connection?
+            namedGroup = (requestedGroups != null) ?
+                requestedGroups.getPreferredGroup(
+                    algorithmConstraints, NamedGroupType.NAMED_GROUP_ECDHE) :
+                SupportedGroupsExtension.getPreferredECGroup(
+                    algorithmConstraints);
+            if (namedGroup == null) {
+                // no match found, cannot use this ciphersuite
+                return false;
+            }
+
             // get preferable peer signature algorithm for server key exchange
             if (protocolVersion.useTLS12PlusSpec()) {
                 preferableSignatureAlgorithm =
@@ -1456,9 +1523,8 @@ final class ServerHandshaker extends Handshaker {
             if (setupPrivateKeyAndChain("EC") == false) {
                 return false;
             }
-            if (setupEphemeralECDHKeys() == false) {
-                return false;
-            }
+
+            setupEphemeralECDHKeys(namedGroup);
             break;
         case K_ECDH_RSA:
             // need EC cert
@@ -1475,14 +1541,36 @@ final class ServerHandshaker extends Handshaker {
             setupStaticECDHKeys();
             break;
         case K_DH_ANON:
+            // Is ephemeral DH cipher suite usable for the connection?
+            //
+            // See comment in K_DHE_RSA case.
+            if ((!useLegacyEphemeralDHKeys) && (!suite.exportable) &&
+                (requestedGroups != null) && requestedGroups.hasFFDHEGroup()) {
+                namedGroup = requestedGroups.getPreferredGroup(
+                    algorithmConstraints, NamedGroupType.NAMED_GROUP_FFDHE);
+                if (namedGroup == null) {
+                    // no match found, cannot use this cipher suite.
+                    return false;
+                }
+            }
+
             // no certs needed for anonymous
-            setupEphemeralDHKeys(suite.exportable, null);
+            setupEphemeralDHKeys(namedGroup, suite.exportable, null);
             break;
         case K_ECDH_ANON:
-            // no certs needed for anonymous
-            if (setupEphemeralECDHKeys() == false) {
+            // Is ECDHE cipher suite usable for the connection?
+            namedGroup = (requestedGroups != null) ?
+                requestedGroups.getPreferredGroup(
+                    algorithmConstraints, NamedGroupType.NAMED_GROUP_ECDHE) :
+                SupportedGroupsExtension.getPreferredECGroup(
+                    algorithmConstraints);
+            if (namedGroup == null) {
+                // no match found, cannot use this ciphersuite
                 return false;
             }
+
+            // no certs needed for anonymous
+            setupEphemeralECDHKeys(namedGroup);
             break;
         default:
             ClientKeyExchangeService p =
@@ -1544,7 +1632,15 @@ final class ServerHandshaker extends Handshaker {
      * Acquire some "ephemeral" Diffie-Hellman  keys for this handshake.
      * We don't reuse these, for improved forward secrecy.
      */
-    private void setupEphemeralDHKeys(boolean export, Key key) {
+    private void setupEphemeralDHKeys(
+            NamedGroup namedGroup, boolean export, Key key) {
+        // Are the client and server willing to negotiate FFDHE groups?
+        if ((!useLegacyEphemeralDHKeys) && (!export) && (namedGroup != null)) {
+            dh = new DHCrypt(namedGroup, sslContext.getSecureRandom());
+
+            return;
+        }   // Otherwise, the client is not compatible with FFDHE extension.
+
         /*
          * 768 bits ephemeral DH private keys were used to be used in
          * ServerKeyExchange except that exportable ciphers max out at 512
@@ -1613,20 +1709,11 @@ final class ServerHandshaker extends Handshaker {
         dh = new DHCrypt(keySize, sslContext.getSecureRandom());
     }
 
-    // Setup the ephemeral ECDH parameters.
-    // If we cannot continue because we do not support any of the curves that
-    // the client requested, return false. Otherwise (all is well), return true.
-    private boolean setupEphemeralECDHKeys() {
-        int index = (requestedCurves != null) ?
-                requestedCurves.getPreferredCurve(algorithmConstraints) :
-                EllipticCurvesExtension.getActiveCurves(algorithmConstraints);
-        if (index < 0) {
-            // no match found, cannot use this ciphersuite
-            return false;
-        }
-
-        ecdh = new ECDHCrypt(index, sslContext.getSecureRandom());
-        return true;
+    /**
+     * Setup the ephemeral ECDH parameters.
+     */
+    private void setupEphemeralECDHKeys(NamedGroup namedGroup) {
+        ecdh = new ECDHCrypt(namedGroup, sslContext.getSecureRandom());
     }
 
     private void setupStaticECDHKeys() {
@@ -1674,9 +1761,11 @@ final class ServerHandshaker extends Handshaker {
                 return false;
             }
             ECParameterSpec params = ((ECPublicKey)publicKey).getParams();
-            int id = EllipticCurvesExtension.getCurveIndex(params);
-            if ((id <= 0) || !EllipticCurvesExtension.isSupported(id) ||
-                ((requestedCurves != null) && !requestedCurves.contains(id))) {
+            NamedGroup namedGroup = NamedGroup.valueOf(params);
+            if ((namedGroup == null) ||
+                (!SupportedGroupsExtension.supports(namedGroup)) ||
+                ((requestedGroups != null) &&
+                        !requestedGroups.contains(namedGroup.id))) {
                 return false;
             }
         }
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java b/jdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
new file mode 100644
index 0000000000..b33cc1e6e5
--- /dev/null
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
@@ -0,0 +1,491 @@
+/*
+ * Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.ssl;
+
+import java.io.IOException;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.security.AlgorithmParameters;
+import java.security.AlgorithmConstraints;
+import java.security.CryptoPrimitive;
+import java.security.AccessController;
+import java.security.spec.AlgorithmParameterSpec;
+import javax.crypto.spec.DHParameterSpec;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.ArrayList;
+import javax.net.ssl.SSLProtocolException;
+
+import sun.security.action.GetPropertyAction;
+
+//
+// Note: Since RFC 7919, the extension's semantics are expanded from
+// "Supported Elliptic Curves" to "Supported Groups".  The enum datatype
+// used in the extension has been renamed from NamedCurve to NamedGroup.
+// Its semantics are likewise expanded from "named curve" to "named group".
+//
+final class SupportedGroupsExtension extends HelloExtension {
+
+    /* Class and subclass dynamic debugging support */
+    private static final Debug debug = Debug.getInstance("ssl");
+
+    private static final int ARBITRARY_PRIME = 0xff01;
+    private static final int ARBITRARY_CHAR2 = 0xff02;
+
+    // cache to speed up the parameters construction
+    private static final Map namedGroupParams = new HashMap<>();
+
+    // the supported named groups
+    private static final NamedGroup[] supportedNamedGroups;
+
+    // the named group presented in the extension
+    private final int[] requestedNamedGroupIds;
+
+    static {
+        boolean requireFips = SunJSSE.isFIPS();
+
+        // The value of the System Property defines a list of enabled named
+        // groups in preference order, separated with comma.  For example:
+        //
+        //      jdk.tls.namedGroups="secp521r1, secp256r1, ffdhe2048"
+        //
+        // If the System Property is not defined or the value is empty, the
+        // default groups and preferences will be used.
+        String property = AccessController.doPrivileged(
+                    new GetPropertyAction("jdk.tls.namedGroups"));
+        if (property != null && property.length() != 0) {
+            // remove double quote marks from beginning/end of the property
+            if (property.length() > 1 && property.charAt(0) == '"' &&
+                    property.charAt(property.length() - 1) == '"') {
+                property = property.substring(1, property.length() - 1);
+            }
+        }
+
+        ArrayList groupList;
+        if (property != null && property.length() != 0) {   // customized groups
+            String[] groups = property.split(",");
+            groupList = new ArrayList<>(groups.length);
+            for (String group : groups) {
+                group = group.trim();
+                if (!group.isEmpty()) {
+                    NamedGroup namedGroup = NamedGroup.nameOf(group);
+                    if (namedGroup != null &&
+                            (!requireFips || namedGroup.isFips)) {
+                        if (isAvailableGroup(namedGroup)) {
+                            groupList.add(namedGroup);
+                        }
+                    }   // ignore unknown groups
+                }
+            }
+
+            if (groupList.isEmpty() && JsseJce.isEcAvailable()) {
+                throw new IllegalArgumentException(
+                    "System property jdk.tls.namedGroups(" + property + ") " +
+                    "contains no supported elliptic curves");
+            }
+        } else {        // default groups
+            NamedGroup[] groups;
+            if (requireFips) {
+                groups = new NamedGroup[] {
+                    // only NIST curves in FIPS mode
+                    NamedGroup.SECP256_R1,
+                    NamedGroup.SECP384_R1,
+                    NamedGroup.SECP521_R1,
+                    NamedGroup.SECT283_K1,
+                    NamedGroup.SECT283_R1,
+                    NamedGroup.SECT409_K1,
+                    NamedGroup.SECT409_R1,
+                    NamedGroup.SECT571_K1,
+                    NamedGroup.SECT571_R1,
+
+                    // FFDHE 2048
+                    NamedGroup.FFDHE_2048,
+                    NamedGroup.FFDHE_3072,
+                    NamedGroup.FFDHE_4096,
+                    NamedGroup.FFDHE_6144,
+                    NamedGroup.FFDHE_8192,
+                };
+            } else {
+                groups = new NamedGroup[] {
+                    // NIST curves first
+                    NamedGroup.SECP256_R1,
+                    NamedGroup.SECP384_R1,
+                    NamedGroup.SECP521_R1,
+                    NamedGroup.SECT283_K1,
+                    NamedGroup.SECT283_R1,
+                    NamedGroup.SECT409_K1,
+                    NamedGroup.SECT409_R1,
+                    NamedGroup.SECT571_K1,
+                    NamedGroup.SECT571_R1,
+
+                    // non-NIST curves
+                    NamedGroup.SECP256_K1,
+
+                    // FFDHE 2048
+                    NamedGroup.FFDHE_2048,
+                    NamedGroup.FFDHE_3072,
+                    NamedGroup.FFDHE_4096,
+                    NamedGroup.FFDHE_6144,
+                    NamedGroup.FFDHE_8192,
+                };
+            }
+
+            groupList = new ArrayList<>(groups.length);
+            for (NamedGroup group : groups) {
+                if (isAvailableGroup(group)) {
+                    groupList.add(group);
+                }
+            }
+        }
+
+        if (debug != null && groupList.isEmpty()) {
+            Debug.log(
+                "Initialized [jdk.tls.namedGroups|default] list contains " +
+                "no available elliptic curves. " +
+                (property != null ? "(" + property + ")" : "[Default]"));
+        }
+
+        supportedNamedGroups = new NamedGroup[groupList.size()];
+        int i = 0;
+        for (NamedGroup namedGroup : groupList) {
+            supportedNamedGroups[i++] = namedGroup;
+        }
+    }
+
+    // check whether the group is supported by the underlying providers
+    private static boolean isAvailableGroup(NamedGroup namedGroup) {
+        AlgorithmParameters params = null;
+        AlgorithmParameterSpec spec = null;
+        if ("EC".equals(namedGroup.algorithm)) {
+            if (namedGroup.oid != null) {
+                try {
+                    params = JsseJce.getAlgorithmParameters("EC");
+                    spec = new ECGenParameterSpec(namedGroup.oid);
+                } catch (Exception e) {
+                    return false;
+                }
+            }
+        } else if ("DiffieHellman".equals(namedGroup.algorithm)) {
+            try {
+                params = JsseJce.getAlgorithmParameters("DiffieHellman");
+                spec = getFFDHEDHParameterSpec(namedGroup);
+            } catch (Exception e) {
+                return false;
+            }
+        }
+
+        if ((params != null) && (spec != null)) {
+            try {
+                params.init(spec);
+            } catch (Exception e) {
+                return false;
+            }
+
+            // cache the parameters
+            namedGroupParams.put(namedGroup, params);
+
+            return true;
+        }
+
+        return false;
+    }
+
+    private static DHParameterSpec getFFDHEDHParameterSpec(
+            NamedGroup namedGroup) {
+        DHParameterSpec spec = null;
+        switch (namedGroup) {
+            case FFDHE_2048:
+                spec = PredefinedDHParameterSpecs.ffdheParams.get(2048);
+                break;
+            case FFDHE_3072:
+                spec = PredefinedDHParameterSpecs.ffdheParams.get(3072);
+                break;
+            case FFDHE_4096:
+                spec = PredefinedDHParameterSpecs.ffdheParams.get(4096);
+                break;
+            case FFDHE_6144:
+                spec = PredefinedDHParameterSpecs.ffdheParams.get(6144);
+                break;
+            case FFDHE_8192:
+                spec = PredefinedDHParameterSpecs.ffdheParams.get(8192);
+        }
+
+        return spec;
+    }
+
+    private static DHParameterSpec getPredefinedDHParameterSpec(
+            NamedGroup namedGroup) {
+        DHParameterSpec spec = null;
+        switch (namedGroup) {
+            case FFDHE_2048:
+                spec = PredefinedDHParameterSpecs.definedParams.get(2048);
+                break;
+            case FFDHE_3072:
+                spec = PredefinedDHParameterSpecs.definedParams.get(3072);
+                break;
+            case FFDHE_4096:
+                spec = PredefinedDHParameterSpecs.definedParams.get(4096);
+                break;
+            case FFDHE_6144:
+                spec = PredefinedDHParameterSpecs.definedParams.get(6144);
+                break;
+            case FFDHE_8192:
+                spec = PredefinedDHParameterSpecs.definedParams.get(8192);
+        }
+
+        return spec;
+    }
+
+    private SupportedGroupsExtension(int[] requestedNamedGroupIds) {
+        super(ExtensionType.EXT_SUPPORTED_GROUPS);
+
+        this.requestedNamedGroupIds = requestedNamedGroupIds;
+    }
+
+    SupportedGroupsExtension(HandshakeInStream s, int len) throws IOException {
+        super(ExtensionType.EXT_SUPPORTED_GROUPS);
+
+        int k = s.getInt16();
+        if (((len & 1) != 0) || (k == 0) || (k + 2 != len)) {
+            throw new SSLProtocolException("Invalid " + type + " extension");
+        }
+
+        // Note: unknown named group will be ignored later.
+        requestedNamedGroupIds = new int[k >> 1];
+        for (int i = 0; i < requestedNamedGroupIds.length; i++) {
+            requestedNamedGroupIds[i] = s.getInt16();
+        }
+    }
+
+    // Get a local preferred supported ECDHE group permitted by the constraints.
+    static NamedGroup getPreferredECGroup(AlgorithmConstraints constraints) {
+        for (NamedGroup namedGroup : supportedNamedGroups) {
+            if ((namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) &&
+                constraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+                    namedGroup.algorithm, namedGroupParams.get(namedGroup))) {
+
+                return namedGroup;
+            }
+        }
+
+        return null;
+    }
+
+    // Is there any supported group permitted by the constraints?
+    static boolean isActivatable(
+            AlgorithmConstraints constraints, NamedGroupType type) {
+
+        boolean hasFFDHEGroups = false;
+        for (NamedGroup namedGroup : supportedNamedGroups) {
+            if (namedGroup.type == type) {
+                if (constraints.permits(
+                        EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+                        namedGroup.algorithm,
+                        namedGroupParams.get(namedGroup))) {
+
+                    return true;
+                }
+
+                if (!hasFFDHEGroups &&
+                        (type == NamedGroupType.NAMED_GROUP_FFDHE)) {
+
+                    hasFFDHEGroups = true;
+                }
+            }
+        }
+
+        // For compatibility, if no FFDHE groups are defined, the non-FFDHE
+        // compatible mode (using DHE cipher suite without FFDHE extension)
+        // is allowed.
+        //
+        // Note that the constraints checking on DHE parameters will be
+        // performed during key exchanging in a handshake.
+        if (!hasFFDHEGroups && (type == NamedGroupType.NAMED_GROUP_FFDHE)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    // Create the default supported groups extension.
+    static SupportedGroupsExtension createExtension(
+            AlgorithmConstraints constraints,
+            CipherSuiteList cipherSuites, boolean enableFFDHE) {
+
+        ArrayList groupList =
+                new ArrayList<>(supportedNamedGroups.length);
+        for (NamedGroup namedGroup : supportedNamedGroups) {
+            if ((!enableFFDHE) &&
+                (namedGroup.type == NamedGroupType.NAMED_GROUP_FFDHE)) {
+                continue;
+            }
+
+            if (cipherSuites.contains(namedGroup.type) &&
+                constraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+                    namedGroup.algorithm, namedGroupParams.get(namedGroup))) {
+
+                groupList.add(namedGroup.id);
+            }
+        }
+
+        if (!groupList.isEmpty()) {
+            int[] ids = new int[groupList.size()];
+            int i = 0;
+            for (Integer id : groupList) {
+                ids[i++] = id;
+            }
+
+            return new SupportedGroupsExtension(ids);
+        }
+
+        return null;
+    }
+
+    // get the preferred activated named group
+    NamedGroup getPreferredGroup(
+            AlgorithmConstraints constraints, NamedGroupType type) {
+
+        for (int groupId : requestedNamedGroupIds) {
+            NamedGroup namedGroup = NamedGroup.valueOf(groupId);
+            if ((namedGroup != null) && (namedGroup.type == type) &&
+                SupportedGroupsExtension.supports(namedGroup) &&
+                constraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+                    namedGroup.algorithm, namedGroupParams.get(namedGroup))) {
+
+                return namedGroup;
+            }
+        }
+
+        return null;
+    }
+
+    boolean hasFFDHEGroup() {
+        for (int groupId : requestedNamedGroupIds) {
+            /*
+             * [RFC 7919] Codepoints in the "Supported Groups Registry"
+             * with a high byte of 0x01 (that is, between 256 and 511,
+             * inclusive) are set aside for FFDHE groups.
+             */
+            if ((groupId >= 256) && (groupId <= 511)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    boolean contains(int index) {
+        for (int groupId : requestedNamedGroupIds) {
+            if (index == groupId) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @Override
+    int length() {
+        return 6 + (requestedNamedGroupIds.length << 1);
+    }
+
+    @Override
+    void send(HandshakeOutStream s) throws IOException {
+        s.putInt16(type.id);
+        int k = requestedNamedGroupIds.length << 1;
+        s.putInt16(k + 2);
+        s.putInt16(k);
+        for (int groupId : requestedNamedGroupIds) {
+            s.putInt16(groupId);
+        }
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder();
+        sb.append("Extension " + type + ", group names: {");
+        boolean first = true;
+        for (int groupId : requestedNamedGroupIds) {
+            if (first) {
+                first = false;
+            } else {
+                sb.append(", ");
+            }
+            // first check if it is a known named group, then try other cases.
+            NamedGroup namedGroup = NamedGroup.valueOf(groupId);
+            if (namedGroup != null) {
+                sb.append(namedGroup.name);
+            } else if (groupId == ARBITRARY_PRIME) {
+                sb.append("arbitrary_explicit_prime_curves");
+            } else if (groupId == ARBITRARY_CHAR2) {
+                sb.append("arbitrary_explicit_char2_curves");
+            } else {
+                sb.append("unknown named group " + groupId);
+            }
+        }
+        sb.append("}");
+        return sb.toString();
+    }
+
+    static boolean supports(NamedGroup namedGroup) {
+        for (NamedGroup group : supportedNamedGroups) {
+            if (namedGroup.id == group.id) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    static ECGenParameterSpec getECGenParamSpec(NamedGroup namedGroup) {
+        if (namedGroup.type != NamedGroupType.NAMED_GROUP_ECDHE) {
+            throw new RuntimeException("Not a named EC group: " + namedGroup);
+        }
+
+        AlgorithmParameters params = namedGroupParams.get(namedGroup);
+        try {
+            return params.getParameterSpec(ECGenParameterSpec.class);
+        } catch (InvalidParameterSpecException ipse) {
+            // should be unlikely
+            return new ECGenParameterSpec(namedGroup.oid);
+        }
+    }
+
+    static DHParameterSpec getDHParameterSpec(NamedGroup namedGroup) {
+        if (namedGroup.type != NamedGroupType.NAMED_GROUP_FFDHE) {
+            throw new RuntimeException("Not a named DH group: " + namedGroup);
+        }
+
+        AlgorithmParameters params = namedGroupParams.get(namedGroup);
+        try {
+            return params.getParameterSpec(DHParameterSpec.class);
+        } catch (InvalidParameterSpecException ipse) {
+            // should be unlikely
+            return getPredefinedDHParameterSpec(namedGroup);
+        }
+    }
+}
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
index 53ea970620..19c419394e 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@@ -26,6 +26,8 @@
 package sun.security.tools.keytool;
 
 import java.io.*;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.security.CodeSigner;
 import java.security.CryptoPrimitive;
 import java.security.KeyStore;
@@ -72,6 +74,7 @@ import sun.security.pkcs10.PKCS10Attribute;
 import sun.security.provider.X509Factory;
 import sun.security.provider.certpath.ssl.SSLServerCertStore;
 import sun.security.util.Password;
+import sun.security.util.SecurityProviderConstants;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
@@ -168,7 +171,12 @@ public final class Main {
     private List ids = new ArrayList<>();   // used in GENCRL
     private List v3ext = new ArrayList<>();
 
-    // Warnings on weak algorithms
+    // In-place importkeystore is special.
+    // A backup is needed, and no need to prompt for deststorepass.
+    private boolean inplaceImport = false;
+    private String inplaceBackupName = null;
+
+    // Warnings on weak algorithms etc
     private List weakWarnings = new ArrayList<>();
 
     private static final DisabledAlgorithmConstraints DISABLED_CHECK =
@@ -812,37 +820,52 @@ public final class Main {
                 ("New.password.must.be.at.least.6.characters"));
         }
 
+        // Set this before inplaceImport check so we can compare name.
+        if (ksfname == null) {
+            ksfname = System.getProperty("user.home") + File.separator
+                    + ".keystore";
+        }
+
+        KeyStore srcKeyStore = null;
+        if (command == IMPORTKEYSTORE) {
+            inplaceImport = inplaceImportCheck();
+            if (inplaceImport) {
+                // We load srckeystore first so we have srcstorePass that
+                // can be assigned to storePass
+                srcKeyStore = loadSourceKeyStore();
+                if (storePass == null) {
+                    storePass = srcstorePass;
+                }
+            }
+        }
+
         // Check if keystore exists.
         // If no keystore has been specified at the command line, try to use
         // the default, which is located in $HOME/.keystore.
         // If the command is "genkey", "identitydb", "import", or "printcert",
         // it is OK not to have a keystore.
-        if (isKeyStoreRelated(command)) {
-            if (ksfname == null) {
-                ksfname = System.getProperty("user.home") + File.separator
-                    + ".keystore";
-            }
 
-            if (!nullStream) {
-                try {
-                    ksfile = new File(ksfname);
-                    // Check if keystore file is empty
-                    if (ksfile.exists() && ksfile.length() == 0) {
-                        throw new Exception(rb.getString
-                        ("Keystore.file.exists.but.is.empty.") + ksfname);
-                    }
-                    ksStream = new FileInputStream(ksfile);
-                } catch (FileNotFoundException e) {
-                    if (command != GENKEYPAIR &&
+        // DO NOT open the existing keystore if this is an in-place import.
+        // The keystore should be created as brand new.
+        if (isKeyStoreRelated(command) && !nullStream && !inplaceImport) {
+            try {
+                ksfile = new File(ksfname);
+                // Check if keystore file is empty
+                if (ksfile.exists() && ksfile.length() == 0) {
+                    throw new Exception(rb.getString
+                            ("Keystore.file.exists.but.is.empty.") + ksfname);
+                }
+                ksStream = new FileInputStream(ksfile);
+            } catch (FileNotFoundException e) {
+                if (command != GENKEYPAIR &&
                         command != GENSECKEY &&
                         command != IDENTITYDB &&
                         command != IMPORTCERT &&
                         command != IMPORTPASS &&
                         command != IMPORTKEYSTORE &&
                         command != PRINTCRL) {
-                        throw new Exception(rb.getString
-                                ("Keystore.file.does.not.exist.") + ksfname);
-                    }
+                    throw new Exception(rb.getString
+                            ("Keystore.file.does.not.exist.") + ksfname);
                 }
             }
         }
@@ -866,7 +889,7 @@ public final class Main {
         // Create new keystore
         // Probe for keystore type when filename is available
         if (ksfile != null && ksStream != null && providerName == null &&
-            hasStoretypeOption == false) {
+                hasStoretypeOption == false && !inplaceImport) {
             keyStore = KeyStore.getInstance(ksfile, storePass);
         } else {
             if (providerName == null) {
@@ -896,7 +919,11 @@ public final class Main {
              * Null stream keystores are loaded later.
              */
             if (!nullStream) {
-                keyStore.load(ksStream, storePass);
+                if (inplaceImport) {
+                    keyStore.load(null, storePass);
+                } else {
+                    keyStore.load(ksStream, storePass);
+                }
                 if (ksStream != null) {
                     ksStream.close();
                 }
@@ -1133,7 +1160,11 @@ public final class Main {
                 }
             }
         } else if (command == IMPORTKEYSTORE) {
-            doImportKeyStore();
+            // When not in-place import, srcKeyStore is not loaded yet.
+            if (srcKeyStore == null) {
+                srcKeyStore = loadSourceKeyStore();
+            }
+            doImportKeyStore(srcKeyStore);
             kssave = true;
         } else if (command == KEYCLONE) {
             keyPassNew = newPass;
@@ -1264,6 +1295,51 @@ public final class Main {
                 }
             }
         }
+
+        if (isKeyStoreRelated(command)
+                && !token && !nullStream && ksfname != null) {
+
+            // JKS storetype warning on the final result keystore
+            File f = new File(ksfname);
+            char[] pass = (storePassNew!=null) ? storePassNew : storePass;
+            if (f.exists()) {
+                // Probe for real type. A JKS can be loaded as PKCS12 because
+                // DualFormat support, vice versa.
+                keyStore = KeyStore.getInstance(f, pass);
+                String realType = keyStore.getType();
+                if (realType.equalsIgnoreCase("JKS")
+                        || realType.equalsIgnoreCase("JCEKS")) {
+                    boolean allCerts = true;
+                    for (String a : Collections.list(keyStore.aliases())) {
+                        if (!keyStore.entryInstanceOf(
+                                a, TrustedCertificateEntry.class)) {
+                            allCerts = false;
+                            break;
+                        }
+                    }
+                    // Don't warn for "cacerts" style keystore.
+                    if (!allCerts) {
+                        weakWarnings.add(String.format(
+                                rb.getString("jks.storetype.warning"),
+                                realType, ksfname));
+                    }
+                }
+                if (inplaceImport) {
+                    String realSourceStoreType = KeyStore.getInstance(
+                            new File(inplaceBackupName), srcstorePass).getType();
+                    String format =
+                            realType.equalsIgnoreCase(realSourceStoreType) ?
+                            rb.getString("backup.keystore.warning") :
+                            rb.getString("migrate.keystore.warning");
+                    weakWarnings.add(
+                            String.format(format,
+                                    srcksfname,
+                                    realSourceStoreType,
+                                    inplaceBackupName,
+                                    realType));
+                }
+            }
+        }
     }
 
     /**
@@ -1708,9 +1784,11 @@ public final class Main {
     {
         if (keysize == -1) {
             if ("EC".equalsIgnoreCase(keyAlgName)) {
-                keysize = 256;
-            } else {
-                keysize = 2048;     // RSA and DSA
+                keysize = SecurityProviderConstants.DEF_EC_KEY_SIZE;
+            } else if ("RSA".equalsIgnoreCase(keyAlgName)) {
+                keysize = SecurityProviderConstants.DEF_RSA_KEY_SIZE;
+            } else if ("DSA".equalsIgnoreCase(keyAlgName)) {
+                keysize = SecurityProviderConstants.DEF_DSA_KEY_SIZE;
             }
         }
 
@@ -1955,12 +2033,40 @@ public final class Main {
         }
     }
 
+    boolean inplaceImportCheck() throws Exception {
+        if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
+                KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
+            return false;
+        }
+
+        if (srcksfname != null) {
+            File srcksfile = new File(srcksfname);
+            if (srcksfile.exists() && srcksfile.length() == 0) {
+                throw new Exception(rb.getString
+                        ("Source.keystore.file.exists.but.is.empty.") +
+                        srcksfname);
+            }
+            if (srcksfile.getCanonicalFile()
+                    .equals(new File(ksfname).getCanonicalFile())) {
+                return true;
+            } else {
+                // Informational, especially if destkeystore is not
+                // provided, which default to ~/.keystore.
+                System.err.println(String.format(rb.getString(
+                        "importing.keystore.status"), srcksfname, ksfname));
+                return false;
+            }
+        } else {
+            throw new Exception(rb.getString
+                    ("Please.specify.srckeystore"));
+        }
+    }
+
     /**
      * Load the srckeystore from a stream, used in -importkeystore
      * @return the src KeyStore
      */
     KeyStore loadSourceKeyStore() throws Exception {
-        boolean isPkcs11 = false;
 
         InputStream is = null;
         File srcksfile = null;
@@ -1973,20 +2079,9 @@ public final class Main {
                 System.err.println();
                 tinyHelp();
             }
-            isPkcs11 = true;
         } else {
-            if (srcksfname != null) {
-                srcksfile = new File(srcksfname);
-                    if (srcksfile.exists() && srcksfile.length() == 0) {
-                        throw new Exception(rb.getString
-                                ("Source.keystore.file.exists.but.is.empty.") +
-                                srcksfname);
-                }
-                is = new FileInputStream(srcksfile);
-            } else {
-                throw new Exception(rb.getString
-                        ("Please.specify.srckeystore"));
-            }
+            srcksfile = new File(srcksfname);
+            is = new FileInputStream(srcksfile);
         }
 
         KeyStore store;
@@ -2053,17 +2148,32 @@ public final class Main {
      * keep alias unchanged if no name conflict, otherwise, prompt.
      * keep keypass unchanged for keys
      */
-    private void doImportKeyStore() throws Exception {
+    private void doImportKeyStore(KeyStore srcKS) throws Exception {
 
         if (alias != null) {
-            doImportKeyStoreSingle(loadSourceKeyStore(), alias);
+            doImportKeyStoreSingle(srcKS, alias);
         } else {
             if (dest != null || srckeyPass != null) {
                 throw new Exception(rb.getString(
                         "if.alias.not.specified.destalias.and.srckeypass.must.not.be.specified"));
             }
-            doImportKeyStoreAll(loadSourceKeyStore());
+            doImportKeyStoreAll(srcKS);
         }
+
+        if (inplaceImport) {
+            // Backup to file.old or file.old2...
+            // The keystore is not rewritten yet now.
+            for (int n = 1; /* forever */; n++) {
+                inplaceBackupName = srcksfname + ".old" + (n == 1 ? "" : n);
+                File bkFile = new File(inplaceBackupName);
+                if (!bkFile.exists()) {
+                    Files.copy(Paths.get(srcksfname), bkFile.toPath());
+                    break;
+                }
+            }
+
+        }
+
         /*
          * Information display rule of -importkeystore
          * 1. inside single, shows failure
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java
index 522449c366..8a2dfe62c1 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -454,20 +454,24 @@ public class Resources extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "The TSA certificate"},
         {"the.input", "The input"},
         {"reply", "Reply"},
-        {"one.in.many", "%s #%d of %d"},
+        {"one.in.many", "%1$s #%2$d of %3$d"},
         {"alias.in.cacerts", "Issuer <%s> in cacerts"},
         {"alias.in.keystore", "Issuer <%s>"},
         {"with.weak", "%s (weak)"},
-        {"key.bit", "%d-bit %s key"},
-        {"key.bit.weak", "%d-bit %s key (weak)"},
+        {"key.bit", "%1$d-bit %2$s key"},
+        {"key.bit.weak", "%1$d-bit %2$s key (weak)"},
         {".PATTERN.printX509Cert.with.weak",
                 "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t SHA1: {5}\n\t SHA256: {6}\nSignature algorithm name: {7}\nSubject Public Key Algorithm: {8}\nVersion: {9}"},
         {"PKCS.10.with.weak",
                 "PKCS #10 Certificate Request (Version 1.0)\n" +
-                        "Subject: %s\nFormat: %s\nPublic Key: %s\nSignature algorithm: %s\n"},
-        {"verified.by.s.in.s.weak", "Verified by %s in %s with a %s"},
-        {"whose.sigalg.risk", "%s uses the %s signature algorithm which is considered a security risk."},
-        {"whose.key.risk", "%s uses a %s which is considered a security risk."},
+                        "Subject: %1$s\nFormat: %2$s\nPublic Key: %3$s\nSignature algorithm: %4$s\n"},
+        {"verified.by.s.in.s.weak", "Verified by %1$s in %2$s with a %3$s"},
+        {"whose.sigalg.risk", "%1$s uses the %2$s signature algorithm which is considered a security risk."},
+        {"whose.key.risk", "%1$s uses a %2$s which is considered a security risk."},
+        {"jks.storetype.warning", "The %1$s keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."},
+        {"migrate.keystore.warning", "Migrated \"%1$s\" to %4$s. The %2$s keystore is backed up as \"%3$s\"."},
+        {"backup.keystore.warning", "The original keystore \"%1$s\" is backed up as \"%3$s\"..."},
+        {"importing.keystore.status", "Importing keystore %1$s to %2$s..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_de.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_de.java
index e3af1fdcf4..097f1bbf44 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_de.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_de.java
@@ -447,19 +447,23 @@ public class Resources_de extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "Das TSA-Zertifikat"},
         {"the.input", "Die Eingabe"},
         {"reply", "Antwort"},
-        {"one.in.many", "%s #%d von %d"},
+        {"one.in.many", "%1$s #%2$d von %3$d"},
         {"alias.in.cacerts", "Aussteller <%s> in cacerts"},
         {"alias.in.keystore", "Aussteller <%s>"},
         {"with.weak", "%s (schwach)"},
-        {"key.bit", "%d-Bit-%s-Schl\u00FCssel"},
-        {"key.bit.weak", "%d-Bit-%s-Schl\u00FCssel (schwach)"},
+        {"key.bit", "%1$d-Bit-%2$s-Schl\u00FCssel"},
+        {"key.bit.weak", "%1$d-Bit-%2$s-Schl\u00FCssel (schwach)"},
         {".PATTERN.printX509Cert.with.weak",
                 "Eigent\u00FCmer: {0}\nAussteller: {1}\nSeriennummer: {2}\nG\u00FCltig von: {3} bis: {4}\nZertifikatsfingerprints:\n\t SHA1: {5}\n\t SHA256: {6}\nSignaturalgorithmusname: {7}\nPublic Key-Algorithmus von Subject: {8}\nVersion: {9}"},
         {"PKCS.10.with.weak",
-                "PKCS #10-Zertifikatsanforderung (Version 1.0)\nSubject: %s\nFormat: %s\nPublic Key: %s\nSignaturalgorithmus: %s\n"},
-        {"verified.by.s.in.s.weak", "Von %s in %s mit %s verifiziert"},
-        {"whose.sigalg.risk", "%s verwendet den Signaturalgorithmus %s. Dies gilt als Sicherheitsrisiko."},
-        {"whose.key.risk", "%s verwendet %s. Dies gilt als Sicherheitsrisiko."},
+                "PKCS #10-Zertifikatsanforderung (Version 1.0)\nSubject: %1$s\nFormat: %2$s\nPublic Key: %3$s\nSignaturalgorithmus: %4$s\n"},
+        {"verified.by.s.in.s.weak", "Von %1$s in %2$s mit %3$s verifiziert"},
+        {"whose.sigalg.risk", "%1$s verwendet den Signaturalgorithmus %2$s. Dies gilt als Sicherheitsrisiko."},
+        {"whose.key.risk", "%1$s verwendet %2$s. Dies gilt als Sicherheitsrisiko."},
+        {"jks.storetype.warning", "Der %1$s-Keystore verwendet ein propriet\u00E4res Format. Es wird empfohlen, auf PKCS12 zu migrieren, das ein Industriestandardformat mit \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\" ist."},
+        {"migrate.keystore.warning", "\"%1$s\" zu %4$s migriert. Der %2$s-Keystore wurde als \"%3$s\" gesichert."},
+        {"backup.keystore.warning", "Der urspr\u00FCngliche Keystore \"%1$s\" wird als \"%3$s\" gesichert..."},
+        {"importing.keystore.status", "Keystore %1$s wird in %2$s importiert..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_es.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_es.java
index 31a0fe38b2..19141d6ab5 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_es.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_es.java
@@ -447,19 +447,23 @@ public class Resources_es extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "El certificado de TSA"},
         {"the.input", "La entrada"},
         {"reply", "Responder"},
-        {"one.in.many", "%s #%d de %d"},
+        {"one.in.many", "%1$s #%2$d de %3$d"},
         {"alias.in.cacerts", "Emisor <%s> en cacerts"},
         {"alias.in.keystore", "Emisor <%s>"},
         {"with.weak", "%s (d\u00E9bil)"},
-        {"key.bit", "Clave %s de %d bits"},
-        {"key.bit.weak", "Clave %s de %d bits (d\u00E9bil)"},
+        {"key.bit", "Clave %2$s de %1$d bits"},
+        {"key.bit.weak", "Clave %2$s de %1$d bits (d\u00E9bil)"},
         {".PATTERN.printX509Cert.with.weak",
                 "Propietario: {0}\nEmisor: {1}\nN\u00FAmero de serie: {2}\nV\u00E1lido desde: {3} hasta: {4}\nHuellas digitales del certificado:\n\t SHA1: {5}\n\t SHA256: {6}\nNombre del algoritmo de firma: {7}\nAlgoritmo de clave p\u00FAblica de asunto: {8}\nVersi\u00F3n: {9}"},
         {"PKCS.10.with.weak",
-                "Solicitud de certificado PKCS #10 (Versi\u00F3n 1.0)\nAsunto: %s\nFormato: %s\nClave p\u00FAblica:%s\nAlgoritmo de firma: %s\n"},
-        {"verified.by.s.in.s.weak", "Verificado por %s en %s con %s"},
-        {"whose.sigalg.risk", "%s usa el algoritmo de firma %s, lo que se considera un riesgo de seguridad."},
-        {"whose.key.risk", "%s usa %s, lo que se considera un riesgo de seguridad."},
+                "Solicitud de certificado PKCS #10 (Versi\u00F3n 1.0)\nAsunto: %1$s\nFormato: %2$s\nClave p\u00FAblica: %3$s\nAlgoritmo de firma %4$s\n"},
+        {"verified.by.s.in.s.weak", "Verificado por %1$s en %2$s con un %3$s"},
+        {"whose.sigalg.risk", "%1$s utiliza el algoritmo de firma %2$s, lo que se considera un riesgo de seguridad."},
+        {"whose.key.risk", "%1$s utiliza %2$s, lo que se considera un riesgo de seguridad."},
+        {"jks.storetype.warning", "El almac\u00E9n de claves %1$s utiliza un formato propietario. Se recomienda migrar a PKCS12, que es un formato est\u00E1ndar del sector que utiliza \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."},
+        {"migrate.keystore.warning", "Se ha migrado \"%1$s\" a %4$s. Se ha realizado la copia de seguridad del almac\u00E9n de claves %2$s como \"%3$s\"."},
+        {"backup.keystore.warning", "La copia de seguridad del almac\u00E9n de claves \"%1$s\" se ha realizado como \"%3$s\"..."},
+        {"importing.keystore.status", "Importando el almac\u00E9n de claves de %1$s a %2$s..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_fr.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_fr.java
index 892001d28f..676fdbc6f6 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_fr.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_fr.java
@@ -447,19 +447,23 @@ public class Resources_fr extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "Certificat TSA"},
         {"the.input", "Entr\u00E9e"},
         {"reply", "R\u00E9pondre"},
-        {"one.in.many", "%s #%d sur %d"},
+        {"one.in.many", "%1$s #%2$d sur %3$d"},
         {"alias.in.cacerts", "Emetteur <%s> dans les certificats CA"},
         {"alias.in.keystore", "Emetteur <%s>"},
         {"with.weak", "%s (faible)"},
-        {"key.bit", "Cl\u00E9 %s %d bits"},
-        {"key.bit.weak", "Cl\u00E9 %s %d bits (faible)"},
+        {"key.bit", "Cl\u00E9 %2$s %1$d bits"},
+        {"key.bit.weak", "Cl\u00E9 %2$s %1$d bits (faible)"},
         {".PATTERN.printX509Cert.with.weak",
                 "Propri\u00E9taire : {0}\nEmetteur : {1}\nNum\u00E9ro de s\u00E9rie : {2}\nValide du {3} au {4}\nEmpreintes du certificat :\n\t SHA 1: {5}\n\t SHA 256: {6}\nNom de l''algorithme de signature : {7}\nAlgorithme de cl\u00E9 publique du sujet : {8}\nVersion : {9}"},
         {"PKCS.10.with.weak",
-                "Demande de certificat PKCS #10 (version 1.0)\nSujet : %s\nFormat : %s\nCl\u00E9 publique : %s\nAlgorithme de signature : %s\n"},
-        {"verified.by.s.in.s.weak", "V\u00E9rifi\u00E9 par %s dans %s avec un \u00E9l\u00E9ment %s"},
-        {"whose.sigalg.risk", "%s utilise l'algorithme de signature %s, qui repr\u00E9sente un risque pour la s\u00E9curit\u00E9."},
-        {"whose.key.risk", "%s utilise un \u00E9l\u00E9ment %s, qui repr\u00E9sente un risque pour la s\u00E9curit\u00E9."},
+                "Demande de certificat PKCS #10 (version 1.0)\nSujet : %1$s\nFormat : %2$s\nCl\u00E9 publique : %3$s\nAlgorithme de signature : %4$s\n"},
+        {"verified.by.s.in.s.weak", "V\u00E9rifi\u00E9 par %1$s dans %2$s avec un \u00E9l\u00E9ment %3$s"},
+        {"whose.sigalg.risk", "%1$s utilise l'algorithme de signature %2$s, qui repr\u00E9sente un risque pour la s\u00E9curit\u00E9."},
+        {"whose.key.risk", "%1$s utilise un \u00E9l\u00E9ment %2$s, qui repr\u00E9sente un risque pour la s\u00E9curit\u00E9."},
+        {"jks.storetype.warning", "Le fichier de cl\u00E9s %1$s utilise un format propri\u00E9taire. Il est recommand\u00E9 de migrer vers PKCS12, qui est un format standard de l'industrie en utilisant \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."},
+        {"migrate.keystore.warning", "El\u00E9ment \"%1$s\" migr\u00E9 vers %4$s. Le fichier de cl\u00E9s %2$s est sauvegard\u00E9 en tant que \"%3$s\"."},
+        {"backup.keystore.warning", "Le fichier de cl\u00E9s d'origine \"%1$s\" est sauvegard\u00E9 en tant que \"%3$s\"..."},
+        {"importing.keystore.status", "Import du fichier de cl\u00E9s %1$s vers %2$s..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_it.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_it.java
index 4f7013f71d..313a244354 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_it.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_it.java
@@ -447,19 +447,23 @@ public class Resources_it extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "Il certificato TSA"},
         {"the.input", "L'input"},
         {"reply", "Rispondi"},
-        {"one.in.many", "%s #%d di %d"},
+        {"one.in.many", "%1$s #%2$d di %3$d"},
         {"alias.in.cacerts", "Emittente <%s> in cacerts"},
         {"alias.in.keystore", "Emittente <%s>"},
         {"with.weak", "%s (debole)"},
-        {"key.bit", "Chiave %s a %d bit"},
-        {"key.bit.weak", "Chiave %s a %d bit (debole)"},
+        {"key.bit", "Chiave %2$s a %1$d bit"},
+        {"key.bit.weak", "Chiave %2$s a %1$d bit (debole)"},
         {".PATTERN.printX509Cert.with.weak",
                 "Proprietario: {0}\nEmittente: {1}\nNumero di serie: {2}\nValido da: {3} a: {4}\nImpronte digitali certificato:\n\t SHA1: {5}\n\t SHA256: {6}\nNome algoritmo firma: {7}\nAlgoritmo di chiave pubblica oggetto: {8}\nVersione: {9}"},
         {"PKCS.10.with.weak",
-                "Richiesta di certificato PKCS #10 (versione 1.0)\nOggetto: %s\nFormato: %s\nChiave pubblica: %s\nAlgoritmo firma: %s\n"},
-        {"verified.by.s.in.s.weak", "Verificato da %s in %s con un %s"},
-        {"whose.sigalg.risk", "%s utilizza l'algoritmo firma %s che \u00E8 considerato un rischio per la sicurezza."},
-        {"whose.key.risk", "%s utilizza un %s che \u00E8 considerato un rischio per la sicurezza."},
+                "Richiesta di certificato PKCS #10 (versione 1.0)\nOggetto: %1$s\nFormato: %2$s\nChiave pubblica: %3$s\nAlgoritmo firma: %4$s\n"},
+        {"verified.by.s.in.s.weak", "Verificato da %1$s in %2$s con un %3$s"},
+        {"whose.sigalg.risk", "%1$s utilizza l'algoritmo firma %2$s che \u00E8 considerato un rischio per la sicurezza."},
+        {"whose.key.risk", "%1$s utilizza un %2$s che \u00E8 considerato un rischio per la sicurezza."},
+        {"jks.storetype.warning", "Il keystore %1$s utilizza un formato proprietario. Si consiglia di eseguire la migrazione a PKCS12, un formato standard di settore, utilizzando il comando \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."},
+        {"migrate.keystore.warning", "Migrazione di \"%1$s\" in %4$s eseguita. Backup del keystore %2$s eseguito con il nome \"%3$s\"."},
+        {"backup.keystore.warning", "Backup del keystore originale \"%1$s\" eseguito con il nome \"%3$s\"..."},
+        {"importing.keystore.status", "Importazione del keystore %1$s in %2$s in corso..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_ja.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_ja.java
index 5d47830cf9..c08be5cf25 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_ja.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_ja.java
@@ -447,19 +447,23 @@ public class Resources_ja extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "TSA\u8A3C\u660E\u66F8"},
         {"the.input", "\u5165\u529B"},
         {"reply", "\u5FDC\u7B54"},
-        {"one.in.many", "%s #%d / %d"},
+        {"one.in.many", "%1$s #%2$d / %3$d"},
         {"alias.in.cacerts", "cacerts\u5185\u306E\u767A\u884C\u8005<%s>"},
         {"alias.in.keystore", "\u767A\u884C\u8005<%s>"},
         {"with.weak", "%s (\u5F31)"},
-        {"key.bit", "%d\u30D3\u30C3\u30C8%s\u9375"},
-        {"key.bit.weak", "%d\u30D3\u30C3\u30C8%s\u9375(\u5F31)"},
+        {"key.bit", "%1$d\u30D3\u30C3\u30C8%2$s\u9375"},
+        {"key.bit.weak", "%1$d\u30D3\u30C3\u30C8%2$s\u9375(\u5F31)"},
         {".PATTERN.printX509Cert.with.weak",
                 "\u6240\u6709\u8005: {0}\n\u767A\u884C\u8005: {1}\n\u30B7\u30EA\u30A2\u30EB\u756A\u53F7: {2}\n\u6709\u52B9\u671F\u9593\u306E\u958B\u59CB\u65E5: {3}\u7D42\u4E86\u65E5: {4}\n\u8A3C\u660E\u66F8\u306E\u30D5\u30A3\u30F3\u30AC\u30D7\u30EA\u30F3\u30C8:\n\t SHA1: {5}\n\t SHA256: {6}\n\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u540D: {7}\n\u30B5\u30D6\u30B8\u30A7\u30AF\u30C8\u516C\u958B\u9375\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: {8}\n\u30D0\u30FC\u30B8\u30E7\u30F3: {9}"},
         {"PKCS.10.with.weak",
-                "PKCS #10\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8(\u30D0\u30FC\u30B8\u30E7\u30F31.0)\n\u30B5\u30D6\u30B8\u30A7\u30AF\u30C8: %s\n\u30D5\u30A9\u30FC\u30DE\u30C3\u30C8 %s\n\u516C\u958B\u9375: %s\n\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: %s\n"},
-        {"verified.by.s.in.s.weak", "%s(%s\u5185)\u306B\u3088\u308A%s\u3067\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F"},
-        {"whose.sigalg.risk", "%s\u306F\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30FB\u30EA\u30B9\u30AF\u3068\u307F\u306A\u3055\u308C\u308B%s\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u3092\u4F7F\u7528\u3057\u3066\u3044\u307E\u3059\u3002"},
-        {"whose.key.risk", "%s\u306F\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30FB\u30EA\u30B9\u30AF\u3068\u307F\u306A\u3055\u308C\u308B%s\u3092\u4F7F\u7528\u3057\u3066\u3044\u307E\u3059\u3002"},
+                "PKCS #10\u8A3C\u660E\u66F8\u30EA\u30AF\u30A8\u30B9\u30C8(\u30D0\u30FC\u30B8\u30E7\u30F31.0)\n\u30B5\u30D6\u30B8\u30A7\u30AF\u30C8: %1$s\n\u30D5\u30A9\u30FC\u30DE\u30C3\u30C8: %2$s\n\u516C\u958B\u9375: %3$s\n\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: %4$s\n"},
+        {"verified.by.s.in.s.weak", "%2$s\u5185\u306E%1$s\u306B\u3088\u308A%3$s\u3067\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F"},
+        {"whose.sigalg.risk", "%1$s\u306F%2$s\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u3092\u4F7F\u7528\u3057\u3066\u304A\u308A\u3001\u3053\u308C\u306F\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30FB\u30EA\u30B9\u30AF\u3068\u307F\u306A\u3055\u308C\u307E\u3059\u3002"},
+        {"whose.key.risk", "%1$s\u306F%2$s\u3092\u4F7F\u7528\u3057\u3066\u304A\u308A\u3001\u3053\u308C\u306F\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30FB\u30EA\u30B9\u30AF\u3068\u307F\u306A\u3055\u308C\u307E\u3059\u3002"},
+        {"jks.storetype.warning", "%1$s\u30AD\u30FC\u30B9\u30C8\u30A2\u306F\u72EC\u81EA\u306E\u5F62\u5F0F\u3092\u4F7F\u7528\u3057\u3066\u3044\u307E\u3059\u3002\"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"\u3092\u4F7F\u7528\u3059\u308B\u696D\u754C\u6A19\u6E96\u306E\u5F62\u5F0F\u3067\u3042\u308BPKCS12\u306B\u79FB\u884C\u3059\u308B\u3053\u3068\u3092\u304A\u85A6\u3081\u3057\u307E\u3059\u3002"},
+        {"migrate.keystore.warning", "\"%1$s\"\u304C%4$s\u306B\u79FB\u884C\u3055\u308C\u307E\u3057\u305F\u3002%2$s\u30AD\u30FC\u30B9\u30C8\u30A2\u306F\"%3$s\"\u3068\u3057\u3066\u30D0\u30C3\u30AF\u30A2\u30C3\u30D7\u3055\u308C\u307E\u3059\u3002"},
+        {"backup.keystore.warning", "\u5143\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\"%1$s\"\u306F\"%3$s\"\u3068\u3057\u3066\u30D0\u30C3\u30AF\u30A2\u30C3\u30D7\u3055\u308C\u307E\u3059..."},
+        {"importing.keystore.status", "\u30AD\u30FC\u30B9\u30C8\u30A2%1$s\u3092%2$s\u306B\u30A4\u30F3\u30DD\u30FC\u30C8\u3057\u3066\u3044\u307E\u3059..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_ko.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_ko.java
index b25180899c..78f219780a 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_ko.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_ko.java
@@ -382,7 +382,7 @@ public class Resources_ko extends java.util.ListResourceBundle {
         {".WARNING.WARNING.WARNING.",
             "*****************  WARNING WARNING WARNING  *****************"},
         {"Signer.d.", "\uC11C\uBA85\uC790 #%d:"},
-        {"Timestamp.", "\uC2DC\uAC04 \uAE30\uB85D:"},
+        {"Timestamp.", "\uC2DC\uAC04\uAE30\uB85D:"},
         {"Signature.", "\uC11C\uBA85:"},
         {"CRLs.", "CRL:"},
         {"Certificate.owner.", "\uC778\uC99D\uC11C \uC18C\uC720\uC790: "},
@@ -447,19 +447,23 @@ public class Resources_ko extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "TSA \uC778\uC99D\uC11C"},
         {"the.input", "\uC785\uB825"},
         {"reply", "\uD68C\uC2E0"},
-        {"one.in.many", "%s #%d/%d"},
+        {"one.in.many", "%1$s #%2$d/%3$d"},
         {"alias.in.cacerts", "cacerts\uC758 <%s> \uBC1C\uD589\uC790"},
         {"alias.in.keystore", "<%s> \uBC1C\uD589\uC790"},
         {"with.weak", "%s(\uC57D\uD568)"},
-        {"key.bit", "%d\uBE44\uD2B8 %s \uD0A4"},
-        {"key.bit.weak", "%d\uBE44\uD2B8 %s \uD0A4(\uC57D\uD568)"},
+        {"key.bit", "%1$d\uBE44\uD2B8 %2$s \uD0A4"},
+        {"key.bit.weak", "%1$d\uBE44\uD2B8 %2$s \uD0A4(\uC57D\uD568)"},
         {".PATTERN.printX509Cert.with.weak",
                 "\uC18C\uC720\uC790: {0}\n\uBC1C\uD589\uC790: {1}\n\uC77C\uB828 \uBC88\uD638: {2}\n\uC801\uD569\uD55C \uC2DC\uC791 \uB0A0\uC9DC: {3} \uC885\uB8CC \uB0A0\uC9DC: {4}\n\uC778\uC99D\uC11C \uC9C0\uBB38:\n\t SHA1: {5}\n\t SHA256: {6}\n\uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998 \uC774\uB984: {7}\n\uC8FC\uCCB4 \uACF5\uC6A9 \uD0A4 \uC54C\uACE0\uB9AC\uC998: {8}\n\uBC84\uC804: {9}"},
         {"PKCS.10.with.weak",
-                "PKCS #10 \uC778\uC99D\uC11C \uC694\uCCAD(1.0 \uBC84\uC804)\n\uC81C\uBAA9: %s\n\uD615\uC2DD: %s\n\uACF5\uC6A9 \uD0A4: %s\n\uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998: %s\n"},
-        {"verified.by.s.in.s.weak", "%s\uC774(\uAC00) %s\uC5D0\uC11C %s\uC744(\uB97C) \uC0AC\uC6A9\uD558\uC5EC \uD655\uC778"},
-        {"whose.sigalg.risk", "%s\uC774(\uAC00) \uBCF4\uC548 \uC704\uD5D8\uC73C\uB85C \uAC04\uC8FC\uB418\uB294 %s \uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998\uC744 \uC0AC\uC6A9\uD569\uB2C8\uB2E4."},
-        {"whose.key.risk", "%s\uC774(\uAC00) \uBCF4\uC548 \uC704\uD5D8\uC73C\uB85C \uAC04\uC8FC\uB418\uB294 %s\uC744(\uB97C) \uC0AC\uC6A9\uD569\uB2C8\uB2E4."},
+                "PKCS #10 \uC778\uC99D\uC11C \uC694\uCCAD(1.0 \uBC84\uC804)\n\uC81C\uBAA9: %1$s\n\uD615\uC2DD: %2$s\n\uACF5\uC6A9 \uD0A4: %3$s\n\uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998: %4$s\n"},
+        {"verified.by.s.in.s.weak", "%3$s\uC744(\uB97C) \uD3EC\uD568\uD558\uB294 %2$s\uC758 %1$s\uC5D0 \uC758\uD574 \uD655\uC778\uB428"},
+        {"whose.sigalg.risk", "%1$s\uC774(\uAC00) \uBCF4\uC548 \uC704\uD5D8\uC73C\uB85C \uAC04\uC8FC\uB418\uB294 %2$s \uC11C\uBA85 \uC54C\uACE0\uB9AC\uC998\uC744 \uC0AC\uC6A9\uD569\uB2C8\uB2E4."},
+        {"whose.key.risk", "%1$s\uC774(\uAC00) \uBCF4\uC548 \uC704\uD5D8\uC73C\uB85C \uAC04\uC8FC\uB418\uB294 %2$s\uC744(\uB97C) \uC0AC\uC6A9\uD569\uB2C8\uB2E4."},
+        {"jks.storetype.warning", "%1$s \uD0A4 \uC800\uC7A5\uC18C\uB294 \uACE0\uC720 \uD615\uC2DD\uC744 \uC0AC\uC6A9\uD569\uB2C8\uB2E4. \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"\uB97C \uC0AC\uC6A9\uD558\uB294 \uC0B0\uC5C5 \uD45C\uC900 \uD615\uC2DD\uC778 PKCS12\uB85C \uC774\uC804\uD558\uB294 \uAC83\uC774 \uC88B\uC2B5\uB2C8\uB2E4."},
+        {"migrate.keystore.warning", "\"%1$s\"\uC744(\uB97C) %4$s(\uC73C)\uB85C \uC774\uC804\uD588\uC2B5\uB2C8\uB2E4. %2$s \uD0A4 \uC800\uC7A5\uC18C\uAC00 \"%3$s\"(\uC73C)\uB85C \uBC31\uC5C5\uB418\uC5C8\uC2B5\uB2C8\uB2E4."},
+        {"backup.keystore.warning", "\uC6D0\uBCF8 \uD0A4 \uC800\uC7A5\uC18C \"%1$s\"\uC774(\uAC00) \"%3$s\"(\uC73C)\uB85C \uBC31\uC5C5\uB418\uC5C8\uC2B5\uB2C8\uB2E4."},
+        {"importing.keystore.status", "\uD0A4 \uC800\uC7A5\uC18C %1$s\uC744(\uB97C) %2$s(\uC73C)\uB85C \uC784\uD3EC\uD2B8\uD558\uB294 \uC911..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_pt_BR.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_pt_BR.java
index fa00132217..1faf1a624d 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_pt_BR.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_pt_BR.java
@@ -447,19 +447,23 @@ public class Resources_pt_BR extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "O certificado TSA"},
         {"the.input", "A entrada"},
         {"reply", "Resposta"},
-        {"one.in.many", "%s #%d de %d"},
+        {"one.in.many", "%1$s #%2$d de %3$d"},
         {"alias.in.cacerts", "Emissor <%s> no cacerts"},
         {"alias.in.keystore", "Emissor <%s>"},
         {"with.weak", "%s (fraca)"},
-        {"key.bit", "Chave %s de %d bits"},
-        {"key.bit.weak", "Chave %s de %d bits (fraca)"},
+        {"key.bit", "Chave %2$s de %1$d bits"},
+        {"key.bit.weak", "Chave %2$s de %1$d bits (fraca)"},
         {".PATTERN.printX509Cert.with.weak",
                 "Propriet\u00E1rio: {0}\nEmissor: {1}\nN\u00FAmero de s\u00E9rie: {2}\nV\u00E1lido de: {3} at\u00E9: {4}\nFingerprints do certificado:\n\t SHA1: {5}\n\t SHA256: {6}\nNome do algoritmo de assinatura: {7}\nAlgoritmo de Chave P\u00FAblica do Assunto: {8}\nVers\u00E3o: {9}"},
         {"PKCS.10.with.weak",
-                "Solicita\u00E7\u00E3o do Certificado PKCS #10 (Vers\u00E3o 1.0)\nAssunto: %s\nFormato: %s\nChave P\u00FAblica: %s\nAlgoritmo de assinatura: %s\n"},
-        {"verified.by.s.in.s.weak", "Verificado por %s em %s com um %s"},
-        {"whose.sigalg.risk", "%s usa o algoritmo de assinatura %s que \u00E9 considerado um risco \u00E0 seguran\u00E7a."},
-        {"whose.key.risk", "%s usa um %s que \u00E9 considerado um risco \u00E0 seguran\u00E7a."},
+                "Solicita\u00E7\u00E3o do Certificado PKCS #10 (Vers\u00E3o 1.0)\nAssunto: %1$s\nFormato: %2$s\nChave P\u00FAblica: %3$s\nAlgoritmo de assinatura:%4$s\n"},
+        {"verified.by.s.in.s.weak", "Verificado por %1$s em %2$s com um %3$s"},
+        {"whose.sigalg.risk", "%1$s usa o algoritmo de assinatura %2$s que \u00E9 considerado um risco \u00E0 seguran\u00E7a."},
+        {"whose.key.risk", "%1$s usa um %2$s que \u00E9 considerado um risco \u00E0 seguran\u00E7a."},
+        {"jks.storetype.warning", "O armazenamento de chaves %1$s usa um formato propriet\u00E1rio. \u00C9 recomendada a migra\u00E7\u00E3o para PKCS12, que \u00E9 um formato de padr\u00E3o industrial que usa \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."},
+        {"migrate.keystore.warning", "\"%1$s\" foi migrado para %4$s. O backup do armazenamento de chaves %2$s \u00E9 feito como \"%3$s\"."},
+        {"backup.keystore.warning", "O backup do armazenamento de chaves original \"%1$s\" \u00E9 feito como \"%3$s\"..."},
+        {"importing.keystore.status", "Importando armazenamento de chaves %1$s to %2$s..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_sv.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_sv.java
index bf53bf8b8e..9ac381f51f 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_sv.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_sv.java
@@ -447,19 +447,23 @@ public class Resources_sv extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "TSA-certifikatet"},
         {"the.input", "Indata"},
         {"reply", "Svar"},
-        {"one.in.many", "%s %d av %d"},
+        {"one.in.many", "%1$s %2$d av %3$d"},
         {"alias.in.cacerts", "Utf\u00E4rdaren <%s> i cacerts"},
         {"alias.in.keystore", "Utf\u00E4rdaren <%s>"},
         {"with.weak", "%s (svag)"},
-        {"key.bit", "%d-bitars %s-nyckel"},
-        {"key.bit.weak", "%d-bitars %s-nyckel (svag)"},
+        {"key.bit", "%1$d-bitars %2$s-nyckel"},
+        {"key.bit.weak", "%1$d-bitars %2$s-nyckel (svag)"},
         {".PATTERN.printX509Cert.with.weak",
                 "\u00C4gare: {0}\nUtf\u00E4rdare: {1}\nSerienummer: {2}\nGiltigt fr\u00E5n: {3}, till: {4}\nCertifikatfingeravtryck:\n\t SHA1: {5}\n\t SHA256: {6}\nSignaturalgoritmnamn: {7}\nAlgoritm f\u00F6r \u00F6ppen nyckel f\u00F6r \u00E4mne: {8}\nVersion: {9}"},
         {"PKCS.10.with.weak",
-                "PKCS #10-certifikatbeg\u00E4ran (version 1.0)\n\u00C4mne: %s\nFormat: %s\n\u00D6ppen nyckel: %s\nSignaturalgoritm: %s\n"},
-        {"verified.by.s.in.s.weak", "Verifierades av %s i %s med en %s"},
-        {"whose.sigalg.risk", "%s anv\u00E4nder signaturalgoritmen %s, vilket anses utg\u00F6ra en s\u00E4kerhetsrisk."},
-        {"whose.key.risk", "%s anv\u00E4nder en %s, vilket anses utg\u00F6ra en s\u00E4kerhetsrisk."},
+                "PKCS #10-certifikatbeg\u00E4ran (version 1.0)\n\u00C4mne: %1$s\nFormat: %2$s\n\u00D6ppen nyckel: %3$s\nSignaturalgoritm: %4$s\n"},
+        {"verified.by.s.in.s.weak", "Verifierades av %1$s i %2$s med en %3$s"},
+        {"whose.sigalg.risk", "%1$s anv\u00E4nder signaturalgoritmen %2$s, vilket anses utg\u00F6ra en s\u00E4kerhetsrisk."},
+        {"whose.key.risk", "%1$s anv\u00E4nder en %2$s, vilket anses utg\u00F6ra en s\u00E4kerhetsrisk."},
+        {"jks.storetype.warning", "Nyckellagret %1$s anv\u00E4nder ett propriet\u00E4rt format. Du b\u00F6r migrera till PKCS12, som \u00E4r ett branschstandardformat, med \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."},
+        {"migrate.keystore.warning", "Migrerade \"%1$s\" till %4$s. Nyckellagret %2$s s\u00E4kerhetskopierades som \"%3$s\"."},
+        {"backup.keystore.warning", "Det ursprungliga nyckellagret, \"%1$s\", s\u00E4kerhetskopieras som \"%3$s\"..."},
+        {"importing.keystore.status", "Importerar nyckellagret %1$s till %2$s..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_CN.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_CN.java
index dbaf741de9..2062cba179 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_CN.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_CN.java
@@ -447,19 +447,23 @@ public class Resources_zh_CN extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "TSA \u8BC1\u4E66"},
         {"the.input", "\u8F93\u5165"},
         {"reply", "\u56DE\u590D"},
-        {"one.in.many", "%s #%d/%d"},
+        {"one.in.many", "%1$s #%2$d/%3$d"},
         {"alias.in.cacerts", "cacerts \u4E2D\u7684\u53D1\u5E03\u8005 <%s>"},
         {"alias.in.keystore", "\u53D1\u5E03\u8005 <%s>"},
         {"with.weak", "%s (\u5F31)"},
-        {"key.bit", "%d \u4F4D %s \u5BC6\u94A5"},
-        {"key.bit.weak", "%d \u4F4D %s \u5BC6\u94A5 (\u5F31)"},
+        {"key.bit", "%1$d \u4F4D %2$s \u5BC6\u94A5"},
+        {"key.bit.weak", "%1$d \u4F4D %2$s \u5BC6\u94A5 (\u5F31)"},
         {".PATTERN.printX509Cert.with.weak",
                 "\u6240\u6709\u8005: {0}\n\u53D1\u5E03\u8005: {1}\n\u5E8F\u5217\u53F7: {2}\n\u751F\u6548\u65F6\u95F4: {3}, \u5931\u6548\u65F6\u95F4: {4}\n\u8BC1\u4E66\u6307\u7EB9:\n\t SHA1: {5}\n\t SHA256: {6}\n\u7B7E\u540D\u7B97\u6CD5\u540D\u79F0: {7}\n\u4E3B\u4F53\u516C\u5171\u5BC6\u94A5\u7B97\u6CD5: {8}\n\u7248\u672C: {9}"},
         {"PKCS.10.with.weak",
-                "PKCS #10 \u8BC1\u4E66\u8BF7\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u4F53: %s\n\u683C\u5F0F: %s\n\u516C\u5171\u5BC6\u94A5: %s\n\u7B7E\u540D\u7B97\u6CD5: %s\n"},
+                "PKCS #10 \u8BC1\u4E66\u8BF7\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u4F53: %1$s\n\u683C\u5F0F: %2$s\n\u516C\u5171\u5BC6\u94A5: %3$s\n\u7B7E\u540D\u7B97\u6CD5: %4$s\n"},
         {"verified.by.s.in.s.weak", "\u7531 %2$s \u4E2D\u7684 %1$s \u4EE5 %3$s \u9A8C\u8BC1"},
-        {"whose.sigalg.risk", "%s \u4F7F\u7528\u7684 %s \u7B7E\u540D\u7B97\u6CD5\u5B58\u5728\u5B89\u5168\u98CE\u9669\u3002"},
-        {"whose.key.risk", "%s \u4F7F\u7528\u7684 %s \u5B58\u5728\u5B89\u5168\u98CE\u9669\u3002"},
+        {"whose.sigalg.risk", "%1$s \u4F7F\u7528\u7684 %2$s \u7B7E\u540D\u7B97\u6CD5\u5B58\u5728\u5B89\u5168\u98CE\u9669\u3002"},
+        {"whose.key.risk", "%1$s \u4F7F\u7528\u7684 %2$s \u5B58\u5728\u5B89\u5168\u98CE\u9669\u3002"},
+        {"jks.storetype.warning", "%1$s \u5BC6\u94A5\u5E93\u4F7F\u7528\u4E13\u7528\u683C\u5F0F\u3002\u5EFA\u8BAE\u4F7F\u7528 \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\" \u8FC1\u79FB\u5230\u884C\u4E1A\u6807\u51C6\u683C\u5F0F PKCS12\u3002"},
+        {"migrate.keystore.warning", "\u5DF2\u5C06 \"%1$s\" \u8FC1\u79FB\u5230 %4$s\u3002\u5C06 %2$s \u5BC6\u94A5\u5E93\u4F5C\u4E3A \"%3$s\" \u8FDB\u884C\u4E86\u5907\u4EFD\u3002"},
+        {"backup.keystore.warning", "\u5DF2\u5C06\u539F\u59CB\u5BC6\u94A5\u5E93 \"%1$s\" \u5907\u4EFD\u4E3A \"%3$s\"..."},
+        {"importing.keystore.status", "\u6B63\u5728\u5C06\u5BC6\u94A5\u5E93 %1$s \u5BFC\u5165\u5230 %2$s..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_TW.java b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_TW.java
index c73206ec33..9e101fb44d 100644
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_TW.java
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_TW.java
@@ -391,9 +391,9 @@ public class Resources_zh_TW extends java.util.ListResourceBundle {
                 "\u6C92\u6709\u4F86\u81EA SSL \u4F3A\u670D\u5668\u7684\u6191\u8B49"},
 
         {".The.integrity.of.the.information.stored.in.your.keystore.",
-            "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u8CC7\u8A0A  *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C    *\n* \u60A8\u5FC5\u9808\u63D0\u4F9B\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u3002  *"},
+            "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC\u91D1\u9470\u5132\u5B58\u5EAB\u4E2D\u8CC7\u8A0A  *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C\u60A8  *\n* \u5FC5\u9808\u63D0\u4F9B\u60A8\u7684\u91D1\u9470\u5132\u5B58\u5EAB\u5BC6\u78BC\u3002    *"},
         {".The.integrity.of.the.information.stored.in.the.srckeystore.",
-            "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC srckeystore \u4E2D\u8CC7\u8A0A *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C\u60A8    *\n* \u5FC5\u9808\u63D0\u4F9B srckeystore \u5BC6\u78BC\u3002       *"},
+            "* \u5C1A\u672A\u9A57\u8B49\u5132\u5B58\u65BC srckeystore \u4E2D\u8CC7\u8A0A *\n* \u7684\u5B8C\u6574\u6027\uFF01\u82E5\u8981\u9A57\u8B49\u5176\u5B8C\u6574\u6027\uFF0C\u60A8\u5FC5  *\n* \u9808\u63D0\u4F9B srckeystore \u5BC6\u78BC\u3002         *"},
 
         {"Certificate.reply.does.not.contain.public.key.for.alias.",
                 "\u6191\u8B49\u56DE\u8986\u4E26\u672A\u5305\u542B <{0}> \u7684\u516C\u958B\u91D1\u9470"},
@@ -447,19 +447,23 @@ public class Resources_zh_TW extends java.util.ListResourceBundle {
         {"the.tsa.certificate", "TSA \u6191\u8B49"},
         {"the.input", "\u8F38\u5165"},
         {"reply", "\u56DE\u8986"},
-        {"one.in.many", "%s #%d / %d"},
+        {"one.in.many", "%1$s #%2$d / %3$d"},
         {"alias.in.cacerts", "cacerts \u4E2D\u7684\u767C\u884C\u4EBA <%s>"},
         {"alias.in.keystore", "\u767C\u884C\u4EBA <%s>"},
         {"with.weak", "%s (\u4F4E\u5F37\u5EA6)"},
-        {"key.bit", "%d \u4F4D\u5143\u7684 %s \u91D1\u9470"},
-        {"key.bit.weak", "%d \u4F4D\u5143\u7684 %s \u91D1\u9470 (\u4F4E\u5F37\u5EA6)"},
+        {"key.bit", "%1$d \u4F4D\u5143\u7684 %2$s \u91D1\u9470"},
+        {"key.bit.weak", "%1$d \u4F4D\u5143\u7684 %2$s \u91D1\u9470 (\u4F4E\u5F37\u5EA6)"},
         {".PATTERN.printX509Cert.with.weak",
                 "\u64C1\u6709\u8005: {0}\n\u767C\u884C\u4EBA: {1}\n\u5E8F\u865F: {2}\n\u6709\u6548\u671F\u81EA: {3} \u5230: {4}\n\u6191\u8B49\u6307\u7D0B:\n\t SHA1: {5}\n\t SHA256: {6}\n\u7C3D\u7AE0\u6F14\u7B97\u6CD5\u540D\u7A31: {7}\n\u4E3B\u9AD4\u516C\u958B\u91D1\u9470\u6F14\u7B97\u6CD5: {8}\n\u7248\u672C: {9}"},
         {"PKCS.10.with.weak",
-                "PKCS #10 \u6191\u8B49\u8981\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u9AD4: %s\n\u683C\u5F0F: %s\n\u516C\u7528\u91D1\u9470: %s\n\u7C3D\u7AE0\u6F14\u7B97\u6CD5: %s\n"},
+                "PKCS #10 \u6191\u8B49\u8981\u6C42 (\u7248\u672C 1.0)\n\u4E3B\u9AD4: %1$s\n\u683C\u5F0F: %2$s\n\u516C\u7528\u91D1\u9470: %3$s\n\u7C3D\u7AE0\u6F14\u7B97\u6CD5: %4$s\n"},
         {"verified.by.s.in.s.weak", "\u7531 %2$s \u4E2D\u7684 %1$s \u4EE5 %3$s \u9A57\u8B49"},
-        {"whose.sigalg.risk", "%s \u4F7F\u7528\u7684 %s \u7C3D\u7AE0\u6F14\u7B97\u6CD5\u5B58\u5728\u5B89\u5168\u98A8\u96AA\u3002"},
-        {"whose.key.risk", "%s \u4F7F\u7528\u7684 %s \u5B58\u5728\u5B89\u5168\u98A8\u96AA\u3002"},
+        {"whose.sigalg.risk", "%1$s \u4F7F\u7528\u7684 %2$s \u7C3D\u7AE0\u6F14\u7B97\u6CD5\u5B58\u5728\u5B89\u5168\u98A8\u96AA\u3002"},
+        {"whose.key.risk", "%1$s \u4F7F\u7528\u7684 %2$s \u5B58\u5728\u5B89\u5168\u98A8\u96AA\u3002"},
+        {"jks.storetype.warning", "%1$s \u91D1\u9470\u5132\u5B58\u5EAB\u4F7F\u7528\u5C08\u6709\u683C\u5F0F\u3002\u5EFA\u8B70\u60A8\u4F7F\u7528 \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\" \u79FB\u8F49\u6210\u70BA\u4F7F\u7528 PKCS12 (\u696D\u754C\u6A19\u6E96\u683C\u5F0F)\u3002"},
+        {"migrate.keystore.warning", "\u5DF2\u5C07 \"%1$s\" \u79FB\u8F49\u6210\u70BA %4$s\u3002%2$s \u91D1\u9470\u5132\u5B58\u5EAB\u5DF2\u5099\u4EFD\u70BA \"%3$s\"\u3002"},
+        {"backup.keystore.warning", "\u539F\u59CB\u7684\u91D1\u9470\u5132\u5B58\u5EAB \"%1$s\" \u5DF2\u5099\u4EFD\u70BA \"%3$s\"..."},
+        {"importing.keystore.status", "\u6B63\u5728\u5C07\u91D1\u9470\u5132\u5B58\u5EAB %1$s \u532F\u5165 %2$s..."},
     };
 
 
diff --git a/jdk/src/java.base/share/classes/sun/security/util/AlgorithmDecomposer.java b/jdk/src/java.base/share/classes/sun/security/util/AlgorithmDecomposer.java
index 1774cabb8f..4e1e6241dc 100644
--- a/jdk/src/java.base/share/classes/sun/security/util/AlgorithmDecomposer.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/AlgorithmDecomposer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@ package sun.security.util;
 
 import java.util.HashSet;
 import java.util.Set;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.regex.Pattern;
 
 /**
@@ -134,6 +136,23 @@ public class AlgorithmDecomposer {
         return elements;
     }
 
+    /**
+     * Get aliases of the specified algorithm.
+     *
+     * May support more algorithms in the future.
+     */
+    public static Collection getAliases(String algorithm) {
+        String[] aliases;
+        if (algorithm.equalsIgnoreCase("DH") ||
+                algorithm.equalsIgnoreCase("DiffieHellman")) {
+            aliases = new String[] {"DH", "DiffieHellman"};
+        } else {
+            aliases = new String[] {algorithm};
+        }
+
+        return Arrays.asList(aliases);
+    }
+
     private static void hasLoop(Set elements, String find, String replace) {
         if (elements.contains(find)) {
             if (!elements.contains(replace)) {
diff --git a/jdk/src/java.base/share/classes/sun/security/util/DerValue.java b/jdk/src/java.base/share/classes/sun/security/util/DerValue.java
index 4f48cdce7b..a08ce522dd 100644
--- a/jdk/src/java.base/share/classes/sun/security/util/DerValue.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerValue.java
@@ -490,20 +490,27 @@ public class DerValue {
      * @return the octet string held in this DER value
      */
     public byte[] getOctetString() throws IOException {
-        byte[] bytes;
 
         if (tag != tag_OctetString && !isConstructed(tag_OctetString)) {
             throw new IOException(
                 "DerValue.getOctetString, not an Octet String: " + tag);
         }
-        bytes = new byte[length];
-        // Note: do not tempt to call buffer.read(bytes) at all. There's a
+        // Note: do not attempt to call buffer.read(bytes) at all. There's a
         // known bug that it returns -1 instead of 0.
         if (length == 0) {
-            return bytes;
+            return new byte[0];
         }
-        if (buffer.read(bytes) != length)
+
+        // Only allocate the array if there are enough bytes available.
+        // This only works for ByteArrayInputStream.
+        // The assignment below ensures that buffer has the required type.
+        ByteArrayInputStream arrayInput = buffer;
+        if (arrayInput.available() < length) {
             throw new IOException("short read on DerValue buffer");
+        }
+        byte[] bytes = new byte[length];
+        arrayInput.read(bytes);
+
         if (isConstructed()) {
             DerInputStream in = new DerInputStream(bytes, 0, bytes.length,
                 buffer.allowBER);
diff --git a/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
index b763f7a35e..dc6a46c3ed 100644
--- a/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@@ -45,6 +45,7 @@ import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
+import java.util.Collection;
 import java.util.StringTokenizer;
 import java.util.TimeZone;
 import java.util.regex.Pattern;
@@ -106,7 +107,15 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
     @Override
     public final boolean permits(Set primitives,
             String algorithm, AlgorithmParameters parameters) {
-        return checkAlgorithm(disabledAlgorithms, algorithm, decomposer);
+        if (!checkAlgorithm(disabledAlgorithms, algorithm, decomposer)) {
+            return false;
+        }
+
+        if (parameters != null) {
+            return algorithmConstraints.permits(algorithm, parameters);
+        }
+
+        return true;
     }
 
     /*
@@ -242,7 +251,12 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
                 List constraintList =
                         constraintsMap.getOrDefault(algorithm,
                                 new ArrayList<>(1));
-                constraintsMap.putIfAbsent(algorithm, constraintList);
+
+                // Consider the impact of algorithm aliases.
+                for (String alias : AlgorithmDecomposer.getAliases(algorithm)) {
+                    constraintsMap.putIfAbsent(alias, constraintList);
+                }
+
                 if (space <= 0) {
                     constraintList.add(new DisabledConstraint(algorithm));
                     continue;
@@ -351,6 +365,27 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
             return true;
         }
 
+        // Check if constraints permit this AlgorithmParameters.
+        public boolean permits(String algorithm, AlgorithmParameters aps) {
+            List list = getConstraints(algorithm);
+            if (list == null) {
+                return true;
+            }
+
+            for (Constraint constraint : list) {
+                if (!constraint.permits(aps)) {
+                    if (debug != null) {
+                        debug.println("keySizeConstraint: failed algorithm " +
+                                "parameters constraint check " + aps);
+                    }
+
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
         // Check if constraints permit this cert.
         public void permits(String algorithm, ConstraintsParameters cp)
                 throws CertPathValidatorException {
@@ -444,6 +479,18 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
             return true;
         }
 
+        /**
+         * Check if the algorithm constraint permits a given cryptographic
+         * parameters.
+         *
+         * @param parameters the cryptographic parameters
+         * @return 'true' if the cryptographic parameters is allowed,
+         *         'false' ortherwise.
+         */
+        public boolean permits(AlgorithmParameters parameters) {
+            return true;
+        }
+
         /**
          * Check if an algorithm constraint is permitted with a given
          * ConstraintsParameters.
@@ -528,6 +575,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
          * call next() for any following constraints. If it does not, exit
          * as this constraint(s) does not restrict the operation.
          */
+        @Override
         public void permits(ConstraintsParameters cp)
                 throws CertPathValidatorException {
             if (debug != null) {
@@ -551,100 +599,101 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
      * This class handles the denyAfter constraint.  The date is in the UTC/GMT
      * timezone.
      */
-     private static class DenyAfterConstraint extends Constraint {
-         private Date denyAfterDate;
-         private static final SimpleDateFormat dateFormat =
-                 new SimpleDateFormat("EEE, MMM d HH:mm:ss z yyyy");
+    private static class DenyAfterConstraint extends Constraint {
+        private Date denyAfterDate;
+        private static final SimpleDateFormat dateFormat =
+                new SimpleDateFormat("EEE, MMM d HH:mm:ss z yyyy");
 
-         DenyAfterConstraint(String algo, int year, int month, int day) {
-             Calendar c;
+        DenyAfterConstraint(String algo, int year, int month, int day) {
+            Calendar c;
 
-             algorithm = algo;
+            algorithm = algo;
 
-             if (debug != null) {
-                 debug.println("DenyAfterConstraint read in as:  year " +
-                         year + ", month = " + month + ", day = " + day);
-             }
+            if (debug != null) {
+                debug.println("DenyAfterConstraint read in as:  year " +
+                        year + ", month = " + month + ", day = " + day);
+            }
 
-             c = new Calendar.Builder().setTimeZone(TimeZone.getTimeZone("GMT"))
-                     .setDate(year, month - 1, day).build();
+            c = new Calendar.Builder().setTimeZone(TimeZone.getTimeZone("GMT"))
+                    .setDate(year, month - 1, day).build();
 
-             if (year > c.getActualMaximum(Calendar.YEAR) ||
-                     year < c.getActualMinimum(Calendar.YEAR)) {
-                 throw new IllegalArgumentException(
-                         "Invalid year given in constraint: " + year);
-             }
-             if ((month - 1) > c.getActualMaximum(Calendar.MONTH) ||
-                     (month - 1) < c.getActualMinimum(Calendar.MONTH)) {
-                 throw new IllegalArgumentException(
-                         "Invalid month given in constraint: " + month);
-             }
-             if (day > c.getActualMaximum(Calendar.DAY_OF_MONTH) ||
-                     day < c.getActualMinimum(Calendar.DAY_OF_MONTH)) {
-                 throw new IllegalArgumentException(
-                         "Invalid Day of Month given in constraint: " + day);
-             }
+            if (year > c.getActualMaximum(Calendar.YEAR) ||
+                    year < c.getActualMinimum(Calendar.YEAR)) {
+                throw new IllegalArgumentException(
+                        "Invalid year given in constraint: " + year);
+            }
+            if ((month - 1) > c.getActualMaximum(Calendar.MONTH) ||
+                    (month - 1) < c.getActualMinimum(Calendar.MONTH)) {
+                throw new IllegalArgumentException(
+                        "Invalid month given in constraint: " + month);
+            }
+            if (day > c.getActualMaximum(Calendar.DAY_OF_MONTH) ||
+                    day < c.getActualMinimum(Calendar.DAY_OF_MONTH)) {
+                throw new IllegalArgumentException(
+                        "Invalid Day of Month given in constraint: " + day);
+            }
 
-             denyAfterDate = c.getTime();
-             if (debug != null) {
-                 debug.println("DenyAfterConstraint date set to: " +
-                         dateFormat.format(denyAfterDate));
-             }
-         }
+            denyAfterDate = c.getTime();
+            if (debug != null) {
+                debug.println("DenyAfterConstraint date set to: " +
+                        dateFormat.format(denyAfterDate));
+            }
+        }
 
-         /*
-          * Checking that the provided date is not beyond the constraint date.
-          * The provided date can be the PKIXParameter date if given,
-          * otherwise it is the current date.
-          *
-          * If the constraint disallows, call next() for any following
-          * constraints. Throw an exception if this is the last constraint.
-          */
-         @Override
-         public void permits(ConstraintsParameters cp)
-                 throws CertPathValidatorException {
-             Date currentDate;
-             String errmsg;
+        /*
+         * Checking that the provided date is not beyond the constraint date.
+         * The provided date can be the PKIXParameter date if given,
+         * otherwise it is the current date.
+         *
+         * If the constraint disallows, call next() for any following
+         * constraints. Throw an exception if this is the last constraint.
+         */
+        @Override
+        public void permits(ConstraintsParameters cp)
+                throws CertPathValidatorException {
+            Date currentDate;
+            String errmsg;
 
-             if (cp.getJARTimestamp() != null) {
-                 currentDate = cp.getJARTimestamp().getTimestamp();
-                 errmsg = "JAR Timestamp date: ";
-             } else if (cp.getPKIXParamDate() != null) {
-                 currentDate = cp.getPKIXParamDate();
-                 errmsg = "PKIXParameter date: ";
-             } else {
-                 currentDate = new Date();
-                 errmsg = "Current date: ";
-             }
+            if (cp.getJARTimestamp() != null) {
+                currentDate = cp.getJARTimestamp().getTimestamp();
+                errmsg = "JAR Timestamp date: ";
+            } else if (cp.getPKIXParamDate() != null) {
+                currentDate = cp.getPKIXParamDate();
+                errmsg = "PKIXParameter date: ";
+            } else {
+                currentDate = new Date();
+                errmsg = "Current date: ";
+            }
 
-             if (!denyAfterDate.after(currentDate)) {
-                 if (next(cp)) {
-                     return;
-                 }
-                 throw new CertPathValidatorException(
-                         "denyAfter constraint check failed: " + algorithm +
-                         " used with Constraint date: " +
-                         dateFormat.format(denyAfterDate) + "; " + errmsg +
-                         dateFormat.format(currentDate) + extendedMsg(cp),
-                         null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
-             }
-         }
+            if (!denyAfterDate.after(currentDate)) {
+                if (next(cp)) {
+                    return;
+                }
+                throw new CertPathValidatorException(
+                        "denyAfter constraint check failed: " + algorithm +
+                        " used with Constraint date: " +
+                        dateFormat.format(denyAfterDate) + "; " + errmsg +
+                        dateFormat.format(currentDate) + extendedMsg(cp),
+                        null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
+            }
+        }
 
-         /*
-          * Return result if the constraint's date is beyond the current date
-          * in UTC timezone.
-          */
-         public boolean permits(Key key) {
-             if (next(key)) {
-                 return true;
-             }
-             if (debug != null) {
-                 debug.println("DenyAfterConstraints.permits(): " + algorithm);
-             }
+        /*
+         * Return result if the constraint's date is beyond the current date
+         * in UTC timezone.
+         */
+        @Override
+        public boolean permits(Key key) {
+            if (next(key)) {
+                return true;
+            }
+            if (debug != null) {
+                debug.println("DenyAfterConstraints.permits(): " + algorithm);
+            }
 
-             return denyAfterDate.after(new Date());
-         }
-     }
+            return denyAfterDate.after(new Date());
+        }
+    }
 
     /*
      * The usage constraint is for the "usage" keyword.  It checks against the
@@ -658,6 +707,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
             this.usages = usages;
         }
 
+        @Override
         public void permits(ConstraintsParameters cp)
                 throws CertPathValidatorException {
             for (String usage : usages) {
@@ -746,6 +796,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
          * constraint  Any permitted constraint will exit the linked list
          * to allow the operation.
          */
+        @Override
         public void permits(ConstraintsParameters cp)
                 throws CertPathValidatorException {
             Key key = null;
@@ -770,6 +821,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
 
         // Check if key constraint disable the specified key
         // Uses old style permit()
+        @Override
         public boolean permits(Key key) {
             // If we recursively find a constraint that permits us to use
             // this key, return true and skip any other constraint checks.
@@ -783,6 +835,30 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
             return permitsImpl(key);
         }
 
+        @Override
+        public boolean permits(AlgorithmParameters parameters) {
+            String paramAlg = parameters.getAlgorithm();
+            if (!algorithm.equalsIgnoreCase(parameters.getAlgorithm())) {
+                // Consider the impact of the algorithm aliases.
+                Collection aliases =
+                        AlgorithmDecomposer.getAliases(algorithm);
+                if (!aliases.contains(paramAlg)) {
+                    return true;
+                }
+            }
+
+            int keySize = KeyUtil.getKeySize(parameters);
+            if (keySize == 0) {
+                return false;
+            } else if (keySize > 0) {
+                return !((keySize < minSize) || (keySize > maxSize) ||
+                    (prohibitedSize == keySize));
+            }   // Otherwise, the key size is not accessible or determined.
+                // Conservatively, please don't disable such keys.
+
+            return true;
+        }
+
         private boolean permitsImpl(Key key) {
             // Verify this constraint is for this public key algorithm
             if (algorithm.compareToIgnoreCase(key.getAlgorithm()) != 0) {
@@ -810,6 +886,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
             algorithm = algo;
         }
 
+        @Override
         public void permits(ConstraintsParameters cp)
                 throws CertPathValidatorException {
             throw new CertPathValidatorException(
@@ -818,6 +895,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
                     null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
         }
 
+        @Override
         public boolean permits(Key key) {
             return false;
         }
diff --git a/jdk/src/java.base/share/classes/sun/security/util/IOUtils.java b/jdk/src/java.base/share/classes/sun/security/util/IOUtils.java
index 6918a501ea..1fb2badf52 100644
--- a/jdk/src/java.base/share/classes/sun/security/util/IOUtils.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/IOUtils.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,7 +37,7 @@ import java.util.Arrays;
 public class IOUtils {
 
     /**
-     * Read up to length of bytes from in
+     * Read up to {@code length} of bytes from {@code in}
      * until EOF is detected.
      * @param is input stream, must not be null
      * @param length number of bytes to read, -1 or Integer.MAX_VALUE means
@@ -77,4 +77,22 @@ public class IOUtils {
         }
         return output;
     }
+
+    /**
+     * Read {@code length} of bytes from {@code in}. An exception is
+     * thrown if there are not enough bytes in the stream.
+     *
+     * @param is input stream, must not be null
+     * @param length number of bytes to read, must not be negative
+     * @return bytes read
+     * @throws IOException if any IO error or a premature EOF is detected, or
+     *      if {@code length} is negative since this length is usually also
+     *      read from {@code is}.
+     */
+    public static byte[] readNBytes(InputStream is, int length) throws IOException {
+        if (length < 0) {
+            throw new IOException("length cannot be negative: " + length);
+        }
+        return readFully(is, length, true);
+    }
 }
diff --git a/jdk/src/java.base/share/classes/sun/security/util/KeyUtil.java b/jdk/src/java.base/share/classes/sun/security/util/KeyUtil.java
index 906d59cdb9..e477b9f8db 100644
--- a/jdk/src/java.base/share/classes/sun/security/util/KeyUtil.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/KeyUtil.java
@@ -25,6 +25,7 @@
 
 package sun.security.util;
 
+import java.security.AlgorithmParameters;
 import java.security.Key;
 import java.security.PrivilegedAction;
 import java.security.AccessController;
@@ -35,6 +36,8 @@ import java.security.interfaces.DSAKey;
 import java.security.interfaces.DSAParams;
 import java.security.SecureRandom;
 import java.security.spec.KeySpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
 import javax.crypto.SecretKey;
 import javax.crypto.interfaces.DHKey;
 import javax.crypto.interfaces.DHPublicKey;
@@ -99,6 +102,61 @@ public final class KeyUtil {
         return size;
     }
 
+    /**
+     * Returns the key size of the given cryptographic parameters in bits.
+     *
+     * @param parameters the cryptographic parameters, cannot be null
+     * @return the key size of the given cryptographic parameters in bits,
+     *       or -1 if the key size is not accessible
+     */
+    public static final int getKeySize(AlgorithmParameters parameters) {
+
+        String algorithm = parameters.getAlgorithm();
+        switch (algorithm) {
+            case "EC":
+                try {
+                    ECKeySizeParameterSpec ps = parameters.getParameterSpec(
+                            ECKeySizeParameterSpec.class);
+                    if (ps != null) {
+                        return ps.getKeySize();
+                    }
+                } catch (InvalidParameterSpecException ipse) {
+                    // ignore
+                }
+
+                try {
+                    ECParameterSpec ps = parameters.getParameterSpec(
+                            ECParameterSpec.class);
+                    if (ps != null) {
+                        return ps.getOrder().bitLength();
+                    }
+                } catch (InvalidParameterSpecException ipse) {
+                    // ignore
+                }
+
+                // Note: the ECGenParameterSpec case should be covered by the
+                // ECParameterSpec case above.
+                // See ECUtil.getECParameterSpec(Provider, String).
+
+                break;
+            case "DiffieHellman":
+                try {
+                    DHParameterSpec ps = parameters.getParameterSpec(
+                            DHParameterSpec.class);
+                    if (ps != null) {
+                        return ps.getP().bitLength();
+                    }
+                } catch (InvalidParameterSpecException ipse) {
+                    // ignore
+                }
+                break;
+
+            // May support more AlgorithmParameters algorithms in the future.
+        }
+
+        return -1;
+    }
+
     /**
      * Returns whether the key is valid or not.
      * 
    
diff --git a/jdk/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java b/jdk/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
index 12aabe6f07..514b993849 100644
--- a/jdk/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,11 @@ class ObjectIdentifier implements Serializable
         is.defaultReadObject();
 
         if (encoding == null) {  // from an old version
-            init((int[])components, componentLen);
+            int[] comp = (int[])components;
+            if (componentLen > comp.length) {
+                componentLen = comp.length;
+            }
+            init(comp, componentLen);
         }
     }
 
diff --git a/jdk/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java b/jdk/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java
new file mode 100644
index 0000000000..2631558c9e
--- /dev/null
+++ b/jdk/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.util.regex.PatternSyntaxException;
+import java.security.InvalidParameterException;
+import sun.security.action.GetPropertyAction;
+
+/**
+ * Various constants such as version number, default key length, used by
+ * the JDK security/crypto providers.
+ */
+public final class SecurityProviderConstants {
+    private static final Debug debug =
+        Debug.getInstance("jca", "ProviderConfig");
+
+    // Cannot create one of these
+    private SecurityProviderConstants () {
+    }
+
+    public static final int getDefDSASubprimeSize(int primeSize) {
+        if (primeSize <= 1024) {
+            return 160;
+        } else if (primeSize == 2048) {
+            return 224;
+        } else if (primeSize == 3072) {
+            return 256;
+        } else {
+            throw new InvalidParameterException("Invalid DSA Prime Size: " +
+                primeSize);
+        }
+    }
+
+    public static final int DEF_DSA_KEY_SIZE;
+    public static final int DEF_RSA_KEY_SIZE;
+    public static final int DEF_DH_KEY_SIZE;
+    public static final int DEF_EC_KEY_SIZE;
+
+    private static final String KEY_LENGTH_PROP =
+        "jdk.security.defaultKeySize";
+    static {
+        String keyLengthStr = GetPropertyAction.privilegedGetProperty
+            (KEY_LENGTH_PROP);
+        int dsaKeySize = 2048;
+        int rsaKeySize = 2048;
+        int dhKeySize = 2048;
+        int ecKeySize = 256;
+
+        if (keyLengthStr != null) {
+            try {
+                String[] pairs = keyLengthStr.split(",");
+                for (String p : pairs) {
+                    String[] algoAndValue = p.split(":");
+                    if (algoAndValue.length != 2) {
+                        // invalid pair, skip to next pair
+                        if (debug != null) {
+                            debug.println("Ignoring invalid pair in " +
+                                KEY_LENGTH_PROP + " property: " + p);
+                        }
+                        continue;
+                    }
+                    String algoName = algoAndValue[0].trim().toUpperCase();
+                    int value = -1;
+                    try {
+                        value = Integer.parseInt(algoAndValue[1].trim());
+                    } catch (NumberFormatException nfe) {
+                        // invalid value, skip to next pair
+                        if (debug != null) {
+                            debug.println("Ignoring invalid value in " +
+                                KEY_LENGTH_PROP + " property: " + p);
+                        }
+                        continue;
+                    }
+                    if (algoName.equals("DSA")) {
+                        dsaKeySize = value;
+                    } else if (algoName.equals("RSA")) {
+                        rsaKeySize = value;
+                    } else if (algoName.equals("DH")) {
+                        dhKeySize = value;
+                    } else if (algoName.equals("EC")) {
+                        ecKeySize = value;
+                    } else {
+                        if (debug != null) {
+                            debug.println("Ignoring unsupported algo in " +
+                                KEY_LENGTH_PROP + " property: " + p);
+                        }
+                        continue;
+                    }
+                    if (debug != null) {
+                        debug.println("Overriding default " + algoName +
+                            " keysize with value from " +
+                            KEY_LENGTH_PROP + " property: " + value);
+                    }
+                }
+            } catch (PatternSyntaxException pse) {
+                // if property syntax is not followed correctly
+                if (debug != null) {
+                    debug.println("Unexpected exception while parsing " +
+                        KEY_LENGTH_PROP + " property: " + pse);
+                }
+            }
+        }
+        DEF_DSA_KEY_SIZE = dsaKeySize;
+        DEF_RSA_KEY_SIZE = rsaKeySize;
+        DEF_DH_KEY_SIZE = dhKeySize;
+        DEF_EC_KEY_SIZE = ecKeySize;
+    }
+}
diff --git a/jdk/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java
index eafe3eefe7..88f787e070 100644
--- a/jdk/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@ import java.util.*;
 
 import javax.security.auth.x500.X500Principal;
 
+import sun.net.util.IPAddressUtil;
 import sun.security.util.*;
 import sun.security.pkcs.PKCS9Attribute;
 
@@ -440,6 +441,7 @@ implements CertAttrSet, Cloneable {
         X500Principal subjectPrincipal = cert.getSubjectX500Principal();
         X500Name subject = X500Name.asX500Name(subjectPrincipal);
 
+        // Check subject as an X500Name
         if (subject.isEmpty() == false) {
             if (verify(subject) == false) {
                 return false;
@@ -465,12 +467,51 @@ implements CertAttrSet, Cloneable {
                         "certificate: " + ce.getMessage());
         }
 
-        // If there are no subjectAlternativeNames, perform the special-case
-        // check where if the subjectName contains any EMAILADDRESS
-        // attributes, they must be checked against RFC822 constraints.
-        // If that passes, we're fine.
         if (altNames == null) {
-            return verifyRFC822SpecialCase(subject);
+            altNames = new GeneralNames();
+
+            // RFC 5280 4.2.1.10:
+            // When constraints are imposed on the rfc822Name name form,
+            // but the certificate does not include a subject alternative name,
+            // the rfc822Name constraint MUST be applied to the attribute of
+            // type emailAddress in the subject distinguished name.
+            for (AVA ava : subject.allAvas()) {
+                ObjectIdentifier attrOID = ava.getObjectIdentifier();
+                if (attrOID.equals(PKCS9Attribute.EMAIL_ADDRESS_OID)) {
+                    String attrValue = ava.getValueString();
+                    if (attrValue != null) {
+                        try {
+                            altNames.add(new GeneralName(
+                                    new RFC822Name(attrValue)));
+                        } catch (IOException ioe) {
+                            continue;
+                        }
+                    }
+                }
+            }
+        }
+
+        // If there is no IPAddressName or DNSName in subjectAlternativeNames,
+        // see if the last CN inside subjectName can be used instead.
+        DerValue derValue = subject.findMostSpecificAttribute
+                (X500Name.commonName_oid);
+        String cn = derValue == null ? null : derValue.getAsString();
+
+        if (cn != null) {
+            try {
+                if (IPAddressUtil.isIPv4LiteralAddress(cn) ||
+                        IPAddressUtil.isIPv6LiteralAddress(cn)) {
+                    if (!hasNameType(altNames, GeneralNameInterface.NAME_IP)) {
+                        altNames.add(new GeneralName(new IPAddressName(cn)));
+                    }
+                } else {
+                    if (!hasNameType(altNames, GeneralNameInterface.NAME_DNS)) {
+                        altNames.add(new GeneralName(new DNSName(cn)));
+                    }
+                }
+            } catch (IOException ioe) {
+                // OK, cn is neither IP nor DNS
+            }
         }
 
         // verify each subjectAltName
@@ -485,6 +526,15 @@ implements CertAttrSet, Cloneable {
         return true;
     }
 
+    private static boolean hasNameType(GeneralNames names, int type) {
+        for (GeneralName name : names.names()) {
+            if (name.getType() == type) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     /**
      * check whether a name conforms to these NameConstraints.
      * This involves verifying that the name is consistent with the
@@ -566,37 +616,6 @@ implements CertAttrSet, Cloneable {
         return true;
     }
 
-    /**
-     * Perform the RFC 822 special case check. We have a certificate
-     * that does not contain any subject alternative names. Check that
-     * any EMAILADDRESS attributes in its subject name conform to these
-     * NameConstraints.
-     *
-     * @param subject the certificate's subject name
-     * @return true if certificate verifies successfully
-     * @throws IOException on error
-     */
-    public boolean verifyRFC822SpecialCase(X500Name subject) throws IOException {
-        for (AVA ava : subject.allAvas()) {
-            ObjectIdentifier attrOID = ava.getObjectIdentifier();
-            if (attrOID.equals(PKCS9Attribute.EMAIL_ADDRESS_OID)) {
-                String attrValue = ava.getValueString();
-                if (attrValue != null) {
-                    RFC822Name emailName;
-                    try {
-                        emailName = new RFC822Name(attrValue);
-                    } catch (IOException ioe) {
-                        continue;
-                    }
-                    if (!verify(emailName)) {
-                        return(false);
-                    }
-                }
-             }
-        }
-        return true;
-    }
-
     /**
      * Clone all objects that may be modified during certificate validation.
      */
diff --git a/jdk/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java b/jdk/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
index e9459d95fb..0636a44576 100644
--- a/jdk/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
+++ b/jdk/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -349,7 +349,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -374,7 +374,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -777,7 +777,6 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/java.base/share/conf/security/java.security b/jdk/src/java.base/share/conf/security/java.security
index 5ddf619881..a572781d50 100644
--- a/jdk/src/java.base/share/conf/security/java.security
+++ b/jdk/src/java.base/share/conf/security/java.security
@@ -676,8 +676,9 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224
+    EC keySize < 224, DES40_CBC, RC4_40
 
+#
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
 #
@@ -736,12 +737,11 @@ jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
 #
 jdk.tls.legacyAlgorithms= \
         K_NULL, C_NULL, M_NULL, \
-        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
-        DH_RSA_EXPORT, RSA_EXPORT, \
         DH_anon, ECDH_anon, \
         RC4_128, RC4_40, DES_CBC, DES40_CBC, \
         3DES_EDE_CBC
 
+#
 # The pre-defined default finite field Diffie-Hellman ephemeral (DHE)
 # parameters for Transport Layer Security (SSL/TLS/DTLS) processing.
 #
@@ -799,54 +799,38 @@ jdk.tls.legacyAlgorithms= \
 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 #       FFFFFFFF FFFFFFFF, 2}
 
+#
 # Cryptographic Jurisdiction Policy defaults
 #
-# Due to the import control restrictions of some countries, the default
-# JCE policy files allow for strong but "limited" cryptographic key
-# lengths to be used.  If your country's cryptographic regulations allow,
-# the "unlimited" strength policy files can be used instead, which contain
-# no restrictions on cryptographic strengths.
+# Import and export control rules on cryptographic software vary from
+# country to country.  By default, Java provides two different sets of
+# cryptographic policy files[1]:
 #
-# If your country has restrictions that don't fit either "limited" or
-# "unlimited", an appropriate set of policy files should be created and
-# configured before using this distribution.  The jurisdiction policy file
-# configuration must reflect the cryptographic restrictions appropriate
-# for your country.
+#     unlimited:  These policy files contain no restrictions on cryptographic
+#                 strengths or algorithms
+#
+#     limited:    These policy files contain more restricted cryptographic
+#                 strengths
+#
+# The default setting is determined by the value of the “crypto.policy”
+# Security property below. If your country or usage requires the
+# traditional restrictive policy, the “limited” Java cryptographic
+# policy is still available and may be appropriate for your environment.
+#
+# If you have restrictions that do not fit either use case mentioned
+# above, Java provides the capability to customize these policy files.
+# The “crypto.policy” security property points to a subdirectory
+# within /conf/security/policy/ which can be customized.
+# Please see the /conf/security/policy/README.txt file or consult
+# the Java Security Guide/JCA documentation for more information.
 #
 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
 # TO DETERMINE THE EXACT REQUIREMENTS.
 #
-# The policy files are flat text files organized into subdirectories of
-# /conf/security/policy.  Each directory contains a complete
-# set of policy files.
-#
-# The "crypto.policy" Security property controls the directory selection,
-# and thus the effective cryptographic policy.
-#
-# The default set of directories is:
-#
-#     limited | unlimited
-#
-# however other directories can be created and configured.
-#
-# Within a directory, the effective policy is the combined minimum
-# permissions of the grant statements in the file(s) with the filename
-# pattern "default_*.policy".  At least one grant is required.  For
-# example:
-#
-#     limited   =  Export (all) + Import (limited)  =  Limited
-#     unlimited =  Export (all) + Import (all)      =  Unlimited
-#
-# The effective exemption policy is the combined minimum permissions
-# of the grant statements in the file(s) with the filename pattern
-# "exempt_*.policy".  Exemption grants are optional.
-#
-#     limited   =  grants exemption permissions, by which the
-#                  effective policy can be circumvented.
-#                  e.g.  KeyRecovery/Escrow/Weakening.
-#
-# Please see the JCA documentation for additional information on these
-# files and formats.
+# [1] Please note that the JCE for Java SE, including the JCE framework,
+# cryptographic policy files, and standard JCE providers provided with
+# the Java SE, have been reviewed and approved for export as mass market
+# encryption item by the US Bureau of Industry and Security.
 #
 # Note: This property is currently used by the JDK Reference implementation.
 # It is not guaranteed to be examined and used by other implementations.
@@ -975,3 +959,24 @@ jdk.xml.dsig.secureValidationPolicy=\
 #    java.rmi.dgc.VMID;\
 #    java.rmi.dgc.Lease;\
 #    maxdepth=5;maxarray=10000
+
+# CORBA ORBIorTypeCheckRegistryFilter
+# Type check enhancement for ORB::string_to_object processing
+#
+# An IOR type check filter, if configured, is used by an ORB during
+# an ORB::string_to_object invocation to check the veracity of the type encoded
+# in the ior string. 
+#
+# The filter pattern consists of a semi-colon separated list of class names.
+# The configured list contains the binary class names of the IDL interface types 
+# corresponding to the IDL stub class to be instantiated.
+# As such, a filter specifies a list of IDL stub classes that will be
+# allowed by an ORB when an ORB::string_to_object is invoked.
+# It is used to specify a white list configuration of acceptable
+# IDL stub types which may be contained in a stringified IOR
+# parameter passed as input to an ORB::string_to_object method.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+#com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name
diff --git a/jdk/src/java.base/share/conf/security/policy/README.txt b/jdk/src/java.base/share/conf/security/policy/README.txt
index 3e0e2294a8..e9138e79a4 100644
--- a/jdk/src/java.base/share/conf/security/policy/README.txt
+++ b/jdk/src/java.base/share/conf/security/policy/README.txt
@@ -5,30 +5,50 @@
                                README
 ------------------------------------------------------------------------
 
+Import and export control rules on cryptographic software vary from
+country to country.  The Java Cryptography Extension (JCE) architecture
+allows flexible cryptographic key strength to be configured via the
+jurisdiction policy files which are referenced by the “crypto.policy”
+security property in the /conf/security/java.security file.
 
-The JCE architecture allows flexible cryptographic strength to be
-configured via the jurisdiction policy files contained within these
-directories.
+By default, Java provides two different sets of cryptographic policy
+files:
 
-The default JCE policy files bundled in this Java Runtime Environment
-allow for "unlimited" cryptographic strengths.  For convenience,
-this build also contains the historic "limited" strength policy files
-which contain restrictions on cryptographic strengths, but they must be
-specifically activated by updating the "crypto.policy" Security property
-(e.g. /conf/security/java.security) to point to the appropriate
-directory.
+    unlimited:  These policy files contain no restrictions on cryptographic
+                strengths or algorithms
 
-Each subdirectory contains a complete policy configuration, and additional
-subdirectories can be added/removed to reflect local regulations.
+    limited:    These policy files contain more restricted cryptographic
+                strengths
 
-JCE for Java SE has been through the U.S. export review process.  The JCE
-framework, along with the various JCE providers that come standard with it
-(SunJCE, SunEC, SunPKCS11, SunMSCAPI, etc), is exportable from the
-United States.
+These files reside in /conf/security/policy in the “unlimited”
+or “limited” subdirectories respectively.
 
-You are advised to consult your export/import control counsel or attorney
-to determine the exact requirements of your location, and what policy
-settings should be used.
+Each subdirectory contains a complete policy configuration,
+and subdirectories can be added/edited/removed to reflect your
+import or export control product requirements.
 
-Please see The Java(TM) Cryptography Architecture (JCA) Reference
-Guide and the java.security file for more information.
+Within a subdirectory, the effective policy is the combined minimum
+permissions of the grant statements in the file(s) matching the filename
+pattern "default_*.policy".  At least one grant is required.  For example:
+
+    limited   =  Export (all) + Import (limited)  =  Limited
+    unlimited =  Export (all) + Import (all)      =  Unlimited
+
+The effective exemption policy is the combined minimum permissions
+of the grant statements in the file(s) matching the filename pattern
+"exempt_*.policy".  Exemption grants are optional.  For example:
+
+    limited   =  grants exemption permissions, by which the
+                 effective policy can be circumvented.
+                 e.g.  KeyRecovery/KeyEscrow/KeyWeakening.
+
+Please see the Java Cryptography Architecture (JCA) documentation for
+additional information on these files and formats.
+
+YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
+TO DETERMINE THE EXACT REQUIREMENTS.
+
+Please note that the JCE for Java SE, including the JCE framework,
+cryptographic policy files, and standard JCE providers provided with
+the Java SE, have been reviewed and approved for export as mass market
+encryption item by the US Bureau of Industry and Security.
diff --git a/jdk/src/java.base/share/lib/security/default.policy b/jdk/src/java.base/share/lib/security/default.policy
index 94c2f153a9..51c40228e5 100644
--- a/jdk/src/java.base/share/lib/security/default.policy
+++ b/jdk/src/java.base/share/lib/security/default.policy
@@ -124,6 +124,7 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
     permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
     permission java.util.PropertyPermission "os.name", "read";
     permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
     permission java.security.SecurityPermission "putProviderProperty.*";
     permission java.security.SecurityPermission "clearProviderProperties.*";
     permission java.security.SecurityPermission "removeProviderProperty.*";
diff --git a/jdk/src/java.base/share/native/libjimage/imageFile.cpp b/jdk/src/java.base/share/native/libjimage/imageFile.cpp
index 6572498c4d..c56b3732a7 100644
--- a/jdk/src/java.base/share/native/libjimage/imageFile.cpp
+++ b/jdk/src/java.base/share/native/libjimage/imageFile.cpp
@@ -205,12 +205,19 @@ const char* ImageModuleData::package_to_module(const char* package_name) {
 // Manage a table of open image files.  This table allows multiple access points
 // to share an open image.
 ImageFileReaderTable::ImageFileReaderTable() : _count(0), _max(_growth) {
-    _table = new ImageFileReader*[_max];
+    _table = static_cast(calloc(_max, sizeof(ImageFileReader*)));
     assert(_table != NULL && "allocation failed");
 }
 
 ImageFileReaderTable::~ImageFileReaderTable() {
-    delete[] _table;
+    for (u4 i = 0; i < _count; i++) {
+        ImageFileReader* image = _table[i];
+
+        if (image != NULL) {
+            delete image;
+        }
+    }
+    free(_table);
 }
 
 // Add a new image entry to the table.
diff --git a/jdk/src/java.base/share/native/libjimage/imageFile.hpp b/jdk/src/java.base/share/native/libjimage/imageFile.hpp
index c32d2fed8c..699f2fffe7 100644
--- a/jdk/src/java.base/share/native/libjimage/imageFile.hpp
+++ b/jdk/src/java.base/share/native/libjimage/imageFile.hpp
@@ -402,6 +402,7 @@ public:
 // 'opened' by reference point and decremented when 'closed'.    Use of zero
 // leads the ImageFileReader to be actually closed and discarded.
 class ImageFileReader {
+friend class ImageFileReaderTable;
 private:
     // Manage a number of image files such that an image can be shared across
     // multiple uses (ex. loader.)
diff --git a/jdk/src/java.desktop/share/classes/java/awt/color/ICC_ColorSpace.java b/jdk/src/java.desktop/share/classes/java/awt/color/ICC_ColorSpace.java
index cf6f640f1e..5b0e8a55f8 100644
--- a/jdk/src/java.desktop/share/classes/java/awt/color/ICC_ColorSpace.java
+++ b/jdk/src/java.desktop/share/classes/java/awt/color/ICC_ColorSpace.java
@@ -127,6 +127,18 @@ public class ICC_ColorSpace extends ColorSpace {
         setMinMax();
     }
 
+    /**
+     * Validate an ICC_ColorSpace read from an object input stream
+     */
+    private void readObject(java.io.ObjectInputStream s)
+        throws ClassNotFoundException, java.io.IOException {
+
+        s.defaultReadObject();
+        if (thisProfile == null) {
+            thisProfile = ICC_Profile.getInstance(ColorSpace.CS_sRGB);
+        }
+    }
+
     /**
     * Returns the ICC_Profile for this ICC_ColorSpace.
     * @return the ICC_Profile for this ICC_ColorSpace.
diff --git a/jdk/src/java.desktop/share/classes/java/awt/geom/Path2D.java b/jdk/src/java.desktop/share/classes/java/awt/geom/Path2D.java
index 0c946b5c0a..903e35117b 100644
--- a/jdk/src/java.desktop/share/classes/java/awt/geom/Path2D.java
+++ b/jdk/src/java.desktop/share/classes/java/awt/geom/Path2D.java
@@ -25,13 +25,14 @@
 
 package java.awt.geom;
 
-import java.awt.Shape;
 import java.awt.Rectangle;
-import sun.awt.geom.Curve;
+import java.awt.Shape;
 import java.io.Serializable;
 import java.io.StreamCorruptedException;
 import java.util.Arrays;
 
+import sun.awt.geom.Curve;
+
 /**
  * The {@code Path2D} class provides a simple, yet flexible
  * shape which represents an arbitrary geometric path.
@@ -2594,9 +2595,12 @@ public abstract class Path2D implements Shape, Cloneable {
             throw new java.io.InvalidObjectException(iae.getMessage());
         }
 
-        pointTypes = new byte[(nT < 0) ? INIT_SIZE : nT];
-        if (nC < 0) {
-            nC = INIT_SIZE * 2;
+        // Accept the size from the stream only if it is less than INIT_SIZE
+        // otherwise the size will be based on the real data in the stream
+        pointTypes = new byte[(nT < 0 || nT > INIT_SIZE) ? INIT_SIZE : nT];
+        final int initX2 = INIT_SIZE * 2;
+        if (nC < 0 || nC > initX2) {
+            nC = initX2;
         }
         if (storedbl) {
             ((Path2D.Double) this).doubleCoords = new double[nC];
diff --git a/jdk/src/java.desktop/share/classes/javax/swing/text/DefaultEditorKit.java b/jdk/src/java.desktop/share/classes/javax/swing/text/DefaultEditorKit.java
index 355b76c0d1..c66f7c28ce 100644
--- a/jdk/src/java.desktop/share/classes/javax/swing/text/DefaultEditorKit.java
+++ b/jdk/src/java.desktop/share/classes/javax/swing/text/DefaultEditorKit.java
@@ -110,7 +110,7 @@ public class DefaultEditorKit extends EditorKit {
      * @return the command list
      */
     public Action[] getActions() {
-        return defaultActions;
+        return defaultActions.clone();
     }
 
     /**
diff --git a/jdk/src/java.desktop/share/classes/javax/swing/text/html/CSS.java b/jdk/src/java.desktop/share/classes/javax/swing/text/html/CSS.java
index 1acce37568..9123086132 100644
--- a/jdk/src/java.desktop/share/classes/javax/swing/text/html/CSS.java
+++ b/jdk/src/java.desktop/share/classes/javax/swing/text/html/CSS.java
@@ -26,21 +26,27 @@ package javax.swing.text.html;
 
 import java.awt.Color;
 import java.awt.Font;
-import java.awt.GraphicsEnvironment;
-import java.awt.Toolkit;
 import java.awt.HeadlessException;
 import java.awt.Image;
-import java.io.*;
-import java.lang.reflect.Method;
-import java.net.URL;
+import java.awt.Toolkit;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.Serializable;
 import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
-import java.util.Locale;
+
 import javax.swing.ImageIcon;
 import javax.swing.SizeRequirements;
-import javax.swing.text.*;
+import javax.swing.text.AttributeSet;
+import javax.swing.text.Element;
+import javax.swing.text.MutableAttributeSet;
+import javax.swing.text.SimpleAttributeSet;
+import javax.swing.text.StyleConstants;
+import javax.swing.text.StyleContext;
+import javax.swing.text.View;
 
 /**
  * Defines a set of
@@ -3568,7 +3574,7 @@ public class CSS implements Serializable {
 
         // Reconstruct the hashtable.
         int numValues = s.readInt();
-        valueConvertor = new Hashtable<>(Math.max(1, numValues));
+        valueConvertor = new Hashtable<>();
         while (numValues-- > 0) {
             Object key = s.readObject();
             Object value = s.readObject();
diff --git a/jdk/src/java.desktop/share/classes/sun/applet/resources/MsgAppletViewer_es.java b/jdk/src/java.desktop/share/classes/sun/applet/resources/MsgAppletViewer_es.java
index 330a98986e..5825af8602 100644
--- a/jdk/src/java.desktop/share/classes/sun/applet/resources/MsgAppletViewer_es.java
+++ b/jdk/src/java.desktop/share/classes/sun/applet/resources/MsgAppletViewer_es.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -73,7 +73,7 @@ public class MsgAppletViewer_es extends ListResourceBundle {
             {"appletviewer.parse.warning.embed.requiresheight", "Advertencia: la etiqueta  requiere el atributo height."},
             {"appletviewer.parse.warning.embed.requireswidth", "Advertencia: la etiqueta  requiere el atributo width."},
             {"appletviewer.parse.warning.appnotLongersupported", "Advertencia: la etiqueta  ya no est\u00E1 soportada, utilice  en su lugar:"},
-            {"appletviewer.deprecated", "Advertencia: la API de applet y AppletViewer est\u00E1n anticuados."},
+            {"appletviewer.deprecated", "Advertencia: la API de applet y AppletViewer est\u00E1n en desuso."},
             {"appletviewer.usage", "Sintaxis: appletviewer  url(s)\n\ndonde  incluye:\n  -encoding     Especificar la codificaci\u00F3n de caracteres utilizada por los archivos HTML\n  -J        Transferir argumento al int\u00E9rprete de Java\n\nLa opci\u00F3n -J es no est\u00E1ndar y est\u00E1 sujeta a cambios sin previo aviso."},
             {"appletviewer.main.err.unsupportedopt", "Opci\u00F3n no soportada: {0}"},
             {"appletviewer.main.err.unrecognizedarg", "Argumento no reconocido: {0}"},
diff --git a/jdk/src/java.desktop/share/classes/sun/awt/resources/awt_de.properties b/jdk/src/java.desktop/share/classes/sun/awt/resources/awt_de.properties
index 0d4d3f7f79..83e9b667e9 100644
--- a/jdk/src/java.desktop/share/classes/sun/awt/resources/awt_de.properties
+++ b/jdk/src/java.desktop/share/classes/sun/awt/resources/awt_de.properties
@@ -44,7 +44,7 @@ AWT.separater=NumPad ,
 AWT.subtract=NumPad -
 AWT.decimal=NumPad .
 AWT.divide=NumPad /
-AWT.delete=L\u00F6schen
+AWT.delete=Entf
 AWT.numLock=Num
 AWT.scrollLock=Rollen
 AWT.f1=F1
diff --git a/jdk/src/java.desktop/share/classes/sun/awt/resources/awt_ko.properties b/jdk/src/java.desktop/share/classes/sun/awt/resources/awt_ko.properties
index d1448cefe0..932b9b8d85 100644
--- a/jdk/src/java.desktop/share/classes/sun/awt/resources/awt_ko.properties
+++ b/jdk/src/java.desktop/share/classes/sun/awt/resources/awt_ko.properties
@@ -14,7 +14,7 @@ AWT.altGraph=Alt Graph
 AWT.enter=Enter
 AWT.backSpace=Backspace
 AWT.tab=Tab
-AWT.cancel=Cancel
+AWT.cancel=\uCDE8\uC18C
 AWT.clear=Clear
 AWT.pause=Pause
 AWT.capsLock=Caps Lock
diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/LookupTables.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/LookupTables.cpp
index d51d0d7728..22848a1b5b 100644
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/LookupTables.cpp
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/LookupTables.cpp
@@ -52,9 +52,9 @@ U_NAMESPACE_BEGIN
 const LookupSegment *BinarySearchLookupTable::lookupSegment(const LETableReference &base, const LookupSegment *segments, LEGlyphID glyph, LEErrorCode &success) const
 {
 
-    le_int16  unity = SWAPW(unitSize);
-    le_int16  probe = SWAPW(searchRange);
-    le_int16  extra = SWAPW(rangeShift);
+    le_uint16  unity = SWAPW(unitSize);
+    le_uint16  probe = SWAPW(searchRange);
+    le_uint16  extra = SWAPW(rangeShift);
     TTGlyphID ttGlyph = (TTGlyphID) LE_GET_GLYPH(glyph);
     LEReferenceTo entry(base, success, segments);
     LEReferenceTo trial(entry, success, extra);
@@ -84,9 +84,9 @@ const LookupSegment *BinarySearchLookupTable::lookupSegment(const LETableReferen
 
 const LookupSingle *BinarySearchLookupTable::lookupSingle(const LETableReference &base, const LookupSingle *entries, LEGlyphID glyph, LEErrorCode &success) const
 {
-    le_int16  unity = SWAPW(unitSize);
-    le_int16  probe = SWAPW(searchRange);
-    le_int16  extra = SWAPW(rangeShift);
+    le_uint16  unity = SWAPW(unitSize);
+    le_uint16  probe = SWAPW(searchRange);
+    le_uint16  extra = SWAPW(rangeShift);
     TTGlyphID ttGlyph = (TTGlyphID) LE_GET_GLYPH(glyph);
     LEReferenceTo entry(base, success, entries);
     LEReferenceTo trial(entry, success, extra);
diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/LookupTables.h b/jdk/src/java.desktop/share/native/libfontmanager/layout/LookupTables.h
index f15c7decac..8e1e50bee4 100644
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/LookupTables.h
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/LookupTables.h
@@ -74,11 +74,11 @@ struct LookupSingle
 
 struct BinarySearchLookupTable : LookupTable
 {
-    le_int16 unitSize;
-    le_int16 nUnits;
-    le_int16 searchRange;
-    le_int16 entrySelector;
-    le_int16 rangeShift;
+    le_uint16 unitSize;
+    le_uint16 nUnits;
+    le_uint16 searchRange;
+    le_uint16 entrySelector;
+    le_uint16 rangeShift;
 
     const LookupSegment *lookupSegment(const LETableReference &base, const LookupSegment *segments, LEGlyphID glyph, LEErrorCode &success) const;
 
diff --git a/jdk/src/java.desktop/share/native/liblcms/LCMS.c b/jdk/src/java.desktop/share/native/liblcms/LCMS.c
index 97dc17593e..17c49ad826 100644
--- a/jdk/src/java.desktop/share/native/liblcms/LCMS.c
+++ b/jdk/src/java.desktop/share/native/liblcms/LCMS.c
@@ -644,7 +644,12 @@ JNIEXPORT jobject JNICALL Java_sun_java2d_cmm_lcms_LCMS_getProfileID
 {
     jclass clsLcmsProfile;
     jobject cmmProfile;
-    jfieldID fid = (*env)->GetFieldID (env,
+    jfieldID fid;
+
+    if (pf == NULL) {
+        return NULL;
+    }
+    fid = (*env)->GetFieldID (env,
         (*env)->GetObjectClass(env, pf),
         "cmmProfile", "Lsun/java2d/cmm/Profile;");
     if (fid == NULL) {
diff --git a/jdk/src/java.desktop/share/native/liblcms/cmscgats.c b/jdk/src/java.desktop/share/native/liblcms/cmscgats.c
index 9e033168f8..c4f4fb5d31 100644
--- a/jdk/src/java.desktop/share/native/liblcms/cmscgats.c
+++ b/jdk/src/java.desktop/share/native/liblcms/cmscgats.c
@@ -900,7 +900,7 @@ void InSymbol(cmsIT8* it8)
             k = 0;
             NextCh(it8);
 
-            while (k < MAXSTR && it8->ch != sng) {
+            while (k < (MAXSTR-1) && it8->ch != sng) {
 
                 if (it8->ch == '\n'|| it8->ch == '\r') k = MAXSTR+1;
                 else {
@@ -2053,14 +2053,18 @@ cmsBool HeaderSection(cmsIT8* it8)
 static
 void ReadType(cmsIT8* it8, char* SheetTypePtr)
 {
+    cmsInt32Number cnt = 0;
+
     // First line is a very special case.
 
     while (isseparator(it8->ch))
             NextCh(it8);
 
-    while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != -1) {
+    while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != 0) {
 
         *SheetTypePtr++= (char) it8 ->ch;
+        if (cnt++ < MAXSTR)
+            *SheetTypePtr++= (char) it8 ->ch;
         NextCh(it8);
     }
 
@@ -2253,7 +2257,7 @@ void CookPointers(cmsIT8* it8)
 // that should be something like some printable characters plus a \n
 // returns 0 if this is not like a CGATS, or an integer otherwise. This integer is the number of words in first line?
 static
-int IsMyBlock(cmsUInt8Number* Buffer, int n)
+int IsMyBlock(const cmsUInt8Number* Buffer, int n)
 {
     int words = 1, space = 0, quot = 0;
     int i;
@@ -2317,7 +2321,7 @@ cmsBool IsMyFile(const char* FileName)
 // ---------------------------------------------------------- Exported routines
 
 
-cmsHANDLE  CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len)
+cmsHANDLE  CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len)
 {
     cmsHANDLE hIT8;
     cmsIT8*  it8;
@@ -2326,7 +2330,7 @@ cmsHANDLE  CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt3
     _cmsAssert(Ptr != NULL);
     _cmsAssert(len != 0);
 
-    type = IsMyBlock((cmsUInt8Number*)Ptr, len);
+    type = IsMyBlock((const cmsUInt8Number*)Ptr, len);
     if (type == 0) return NULL;
 
     hIT8 = cmsIT8Alloc(ContextID);
diff --git a/jdk/src/java.desktop/share/native/liblcms/cmsnamed.c b/jdk/src/java.desktop/share/native/liblcms/cmsnamed.c
index 870936fddf..d1edeb4ce1 100644
--- a/jdk/src/java.desktop/share/native/liblcms/cmsnamed.c
+++ b/jdk/src/java.desktop/share/native/liblcms/cmsnamed.c
@@ -546,7 +546,11 @@ cmsBool  GrowNamedColorList(cmsNAMEDCOLORLIST* v)
         size = v ->Allocated * 2;
 
     // Keep a maximum color lists can grow, 100K entries seems reasonable
-    if (size > 1024*100) return FALSE;
+    if (size > 1024 * 100) {
+        _cmsFree(v->ContextID, (void*) v->List);
+        v->List = NULL;
+        return FALSE;
+    }
 
     NewPtr = (_cmsNAMEDCOLOR*) _cmsRealloc(v ->ContextID, v ->List, size * sizeof(_cmsNAMEDCOLOR));
     if (NewPtr == NULL)
@@ -568,8 +572,11 @@ cmsNAMEDCOLORLIST* CMSEXPORT cmsAllocNamedColorList(cmsContext ContextID, cmsUIn
     v ->nColors   = 0;
     v ->ContextID  = ContextID;
 
-    while (v -> Allocated < n){
-        if (!GrowNamedColorList(v)) return NULL;
+    while (v -> Allocated < n) {
+        if (!GrowNamedColorList(v)) {
+            _cmsFree(ContextID, (void*) v);
+            return NULL;
+        }
     }
 
     strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix)-1);
diff --git a/jdk/src/java.desktop/share/native/liblcms/cmsopt.c b/jdk/src/java.desktop/share/native/liblcms/cmsopt.c
index d40993b083..a3ff2fc10e 100644
--- a/jdk/src/java.desktop/share/native/liblcms/cmsopt.c
+++ b/jdk/src/java.desktop/share/native/liblcms/cmsopt.c
@@ -1483,6 +1483,7 @@ cmsBool OptimizeByJoiningCurves(cmsPipeline** Lut, cmsUInt32Number Intent, cmsUI
 
         // LUT optimizes to nothing. Set the identity LUT
         cmsStageFree(ObtainedCurves);
+        ObtainedCurves = NULL;
 
         if (!cmsPipelineInsertStage(Dest, cmsAT_BEGIN, cmsStageAllocIdentity(Dest ->ContextID, Src ->InputChannels)))
             goto Error;
diff --git a/jdk/src/java.desktop/share/native/liblcms/cmstypes.c b/jdk/src/java.desktop/share/native/liblcms/cmstypes.c
index 3f8999f23f..ebf81c83b3 100644
--- a/jdk/src/java.desktop/share/native/liblcms/cmstypes.c
+++ b/jdk/src/java.desktop/share/native/liblcms/cmstypes.c
@@ -1489,6 +1489,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
 
         // Check for overflow
         if (Offset < (SizeOfHeader + 8)) goto Error;
+        if (((Offset + Len) < Len) || ((Offset + Len) > SizeOfTag + 8)) goto Error;
 
         // True begin of the string
         BeginOfThisString = Offset - SizeOfHeader - 8;
@@ -4460,18 +4461,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
     NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans);
     if (NewLUT == NULL) return NULL;
 
-    if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL;
-
-    if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) {
-        if (NewLUT != NULL) cmsPipelineFree(NewLUT);
-        *nItems = 0;
-        return NULL;
-    }
+    if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error;
+    if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error;
 
     // Success
     *nItems = 1;
     return NewLUT;
 
+    // Error
+Error:
+    if (NewLUT != NULL) cmsPipelineFree(NewLUT);
+    *nItems = 0;
+    return NULL;
+
     cmsUNUSED_PARAMETER(SizeOfTag);
 }
 
diff --git a/jdk/src/java.desktop/share/native/liblcms/lcms2.h b/jdk/src/java.desktop/share/native/liblcms/lcms2.h
index 9f148e54d1..cbca89421a 100644
--- a/jdk/src/java.desktop/share/native/liblcms/lcms2.h
+++ b/jdk/src/java.desktop/share/native/liblcms/lcms2.h
@@ -1836,7 +1836,7 @@ CMSAPI cmsInt32Number   CMSEXPORT cmsIT8SetTable(cmsHANDLE hIT8, cmsUInt32Number
 
 // Persistence
 CMSAPI cmsHANDLE        CMSEXPORT cmsIT8LoadFromFile(cmsContext ContextID, const char* cFileName);
-CMSAPI cmsHANDLE        CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len);
+CMSAPI cmsHANDLE        CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len);
 // CMSAPI cmsHANDLE        CMSEXPORT cmsIT8LoadFromIOhandler(cmsContext ContextID, cmsIOHANDLER* io);
 
 CMSAPI cmsBool          CMSEXPORT cmsIT8SaveToFile(cmsHANDLE hIT8, const char* cFileName);
diff --git a/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk2_interface.c b/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk2_interface.c
index 66fba97d19..800af14d67 100644
--- a/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk2_interface.c
+++ b/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk2_interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -761,46 +761,41 @@ GtkApi* gtk2_load(JNIEnv *env, const char* lib_name)
     }
 
     /*
-     * Strip the AT-SPI GTK_MODULEs if present
+     * Strip the AT-SPI GTK_MODULES if present
      */
     gtk_modules_env = getenv ("GTK_MODULES");
+    if ((gtk_modules_env && strstr(gtk_modules_env, "atk-bridge")) ||
+        (gtk_modules_env && strstr(gtk_modules_env, "gail"))) {
+        /* careful, strtok modifies its args */
+        gchar *tmp_env = strdup(gtk_modules_env);
+        if (tmp_env) {
+            /* the new env will be smaller than the old one */
+            gchar *s, *new_env = SAFE_SIZE_STRUCT_ALLOC(malloc,
+                    sizeof(ENV_PREFIX), 1, strlen (gtk_modules_env));
 
-    if (gtk_modules_env && strstr (gtk_modules_env, "atk-bridge") ||
-        gtk_modules_env && strstr (gtk_modules_env, "gail"))
-    {
-        /* the new env will be smaller than the old one */
-        gchar *s, *new_env = SAFE_SIZE_STRUCT_ALLOC(malloc,
-                sizeof(ENV_PREFIX), 1, strlen (gtk_modules_env));
+            if (new_env) {
+                strcpy(new_env, ENV_PREFIX);
 
-        if (new_env != NULL )
-        {
-            /* careful, strtok modifies its args */
-            gchar *tmp_env = strdup (gtk_modules_env);
-            strcpy(new_env, ENV_PREFIX);
-
-            /* strip out 'atk-bridge' and 'gail' */
-            size_t PREFIX_LENGTH = strlen(ENV_PREFIX);
-            while (s = strtok(tmp_env, ":"))
-            {
-                if ((!strstr (s, "atk-bridge")) && (!strstr (s, "gail")))
-                {
-                    if (strlen (new_env) > PREFIX_LENGTH) {
-                        new_env = strcat (new_env, ":");
+                /* strip out 'atk-bridge' and 'gail' */
+                size_t PREFIX_LENGTH = strlen(ENV_PREFIX);
+                gchar *tmp_ptr = NULL;
+                for (s = strtok_r(tmp_env, ":", &tmp_ptr); s;
+                     s = strtok_r(NULL, ":", &tmp_ptr)) {
+                    if ((!strstr(s, "atk-bridge")) && (!strstr(s, "gail"))) {
+                        if (strlen(new_env) > PREFIX_LENGTH) {
+                            new_env = strcat(new_env, ":");
+                        }
+                        new_env = strcat(new_env, s);
                     }
-                    new_env = strcat(new_env, s);
                 }
-                if (tmp_env)
-                {
-                    free (tmp_env);
-                    tmp_env = NULL; /* next call to strtok arg1==NULL */
+                if (putenv(new_env) != 0) {
+                    /* no free() on success, putenv() doesn't copy string */
+                    free(new_env);
                 }
             }
-            putenv (new_env);
-            free (new_env);
-            free (tmp_env);
+            free(tmp_env);
         }
     }
-
     /*
      * GTK should be initialized with gtk_init_check() before use.
      *
diff --git a/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c b/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c
index c3c0021a9c..af4cf9ebaf 100644
--- a/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c
+++ b/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -580,42 +580,39 @@ GtkApi* gtk3_load(JNIEnv *env, const char* lib_name)
     }
 
     /*
-     * Strip the AT-SPI GTK_MODULEs if present
+     * Strip the AT-SPI GTK_MODULES if present
      */
     gtk_modules_env = getenv ("GTK_MODULES");
-    if (gtk_modules_env && strstr (gtk_modules_env, "atk-bridge") ||
-        gtk_modules_env && strstr (gtk_modules_env, "gail"))
-    {
-        /* the new env will be smaller than the old one */
-        gchar *s, *new_env = SAFE_SIZE_STRUCT_ALLOC(malloc,
-                sizeof(ENV_PREFIX), 1, strlen (gtk_modules_env));
+    if ((gtk_modules_env && strstr(gtk_modules_env, "atk-bridge")) ||
+        (gtk_modules_env && strstr(gtk_modules_env, "gail"))) {
+        /* careful, strtok modifies its args */
+        gchar *tmp_env = strdup(gtk_modules_env);
+        if (tmp_env) {
+            /* the new env will be smaller than the old one */
+            gchar *s, *new_env = SAFE_SIZE_STRUCT_ALLOC(malloc,
+                    sizeof(ENV_PREFIX), 1, strlen (gtk_modules_env));
 
-        if (new_env != NULL )
-        {
-            /* careful, strtok modifies its args */
-            gchar *tmp_env = strdup (gtk_modules_env);
-            strcpy(new_env, ENV_PREFIX);
+            if (new_env) {
+                strcpy(new_env, ENV_PREFIX);
 
-            /* strip out 'atk-bridge' and 'gail' */
-            size_t PREFIX_LENGTH = strlen(ENV_PREFIX);
-            while (s = strtok(tmp_env, ":"))
-            {
-                if ((!strstr (s, "atk-bridge")) && (!strstr (s, "gail")))
-                {
-                    if (strlen (new_env) > PREFIX_LENGTH) {
-                        new_env = strcat (new_env, ":");
+                /* strip out 'atk-bridge' and 'gail' */
+                size_t PREFIX_LENGTH = strlen(ENV_PREFIX);
+                gchar *tmp_ptr = NULL;
+                for (s = strtok_r(tmp_env, ":", &tmp_ptr); s;
+                     s = strtok_r(NULL, ":", &tmp_ptr)) {
+                    if ((!strstr(s, "atk-bridge")) && (!strstr(s, "gail"))) {
+                        if (strlen(new_env) > PREFIX_LENGTH) {
+                            new_env = strcat(new_env, ":");
+                        }
+                        new_env = strcat(new_env, s);
                     }
-                    new_env = strcat(new_env, s);
                 }
-                if (tmp_env)
-                {
-                    free (tmp_env);
-                    tmp_env = NULL; /* next call to strtok arg1==NULL */
+                if (putenv(new_env) != 0) {
+                    /* no free() on success, putenv() doesn't copy string */
+                    free(new_env);
                 }
             }
-            putenv (new_env);
-            free (new_env);
-            free (tmp_env);
+            free(tmp_env);
         }
     }
     /*
diff --git a/jdk/src/java.desktop/windows/native/libawt/java2d/d3d/D3DGraphicsDevice.cpp b/jdk/src/java.desktop/windows/native/libawt/java2d/d3d/D3DGraphicsDevice.cpp
index b20bd9c278..2e7e5c33ff 100644
--- a/jdk/src/java.desktop/windows/native/libawt/java2d/d3d/D3DGraphicsDevice.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/java2d/d3d/D3DGraphicsDevice.cpp
@@ -98,7 +98,7 @@ JNIEXPORT jstring JNICALL Java_sun_java2d_d3d_D3DGraphicsDevice_getDeviceIdNativ
 
     jstring ret = JNU_NewStringPlatform(env, pAdapterId);
 
-    delete pAdapterId;
+    delete[] pAdapterId;
 
     return ret;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/CmdIDList.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/CmdIDList.cpp
index a71ede3d38..138f3e9807 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/CmdIDList.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/CmdIDList.cpp
@@ -61,29 +61,36 @@ INLINE void AwtCmdIDList::BuildFreeList(UINT first_index)
     m_first_free = first_index; // head of the free list
 }
 
+
+jboolean AwtCmdIDList::isFreeIDAvailable() {
+    CriticalSection::Lock l(m_lock);
+
+    if (m_first_free == -1) {   // out of free ids
+        if (m_capacity == ARRAY_MAXIMUM_SIZE) {
+            return JNI_FALSE;
+        }
+    }
+    return JNI_TRUE;
+}
+
 // Assign an id to the object.  Recycle the first free entry from the
 // head of the free list or allocate more memory for a new free list.
 UINT AwtCmdIDList::Add(AwtObject* obj)
 {
     CriticalSection::Lock l(m_lock);
+    if (!isFreeIDAvailable()) {
+        throw std::bad_alloc(); // fatal error
+    }
 
     if (m_first_free == -1) {   // out of free ids
-        if (m_capacity == ARRAY_MAXIMUM_SIZE) {
-            // Really bad - out of ids.  Since we hardly can have *so*
-            // many items simultaneously in existence, we have an id
-            // leak somewhere.
-            DASSERT(FALSE);
-            return 0;
-        }
-        else {                  // snarf a bigger arena
-            UINT old_capacity = m_capacity; // will be the first free entry
-            m_capacity += ARRAY_SIZE_INCREMENT;
-            if (m_capacity > ARRAY_MAXIMUM_SIZE)
-                m_capacity = ARRAY_MAXIMUM_SIZE;
-            m_array = (CmdIDEntry *)SAFE_SIZE_ARRAY_REALLOC(safe_Realloc, m_array,
-                                        m_capacity, sizeof(CmdIDEntry*));
-            BuildFreeList(old_capacity);
-        }
+        // snarf a bigger arena
+        UINT old_capacity = m_capacity; // will be the first free entry
+        m_capacity += ARRAY_SIZE_INCREMENT;
+        if (m_capacity > ARRAY_MAXIMUM_SIZE)
+            m_capacity = ARRAY_MAXIMUM_SIZE;
+        m_array = (CmdIDEntry *)SAFE_SIZE_ARRAY_REALLOC(safe_Realloc, m_array,
+                                    m_capacity, sizeof(CmdIDEntry*));
+        BuildFreeList(old_capacity);
     }
 
     DASSERT(m_first_free != -1);
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/CmdIDList.h b/jdk/src/java.desktop/windows/native/libawt/windows/CmdIDList.h
index 3677b6dcf0..15b032e625 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/CmdIDList.h
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/CmdIDList.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,7 @@ public:
     UINT Add(AwtObject* obj);
     AwtObject* Lookup(UINT id);
     void Remove(UINT id);
+    jboolean isFreeIDAvailable();
 
     CriticalSection    m_lock;
 
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/WPrinterJob.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/WPrinterJob.cpp
index 5a73e1f1c4..6413816fcd 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/WPrinterJob.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/WPrinterJob.cpp
@@ -508,14 +508,14 @@ jobjectArray getAllDCNames(JNIEnv *env, jobject peer, jstring printer,
           names = env->NewObjectArray(cReturned, cls, NULL);
       }
       if (names == NULL || cls == NULL) {
-          delete buf;
+          delete[] buf;
           return names;
       }
 
       for (int i = 0; i < cReturned; i++) {
           utf_str = JNU_NewStringPlatform(env, buf+(buf_len*i));
             if (utf_str == NULL) {
-                delete buf;
+                delete[] buf;
                 return names;
             }
             env->SetObjectArrayElement(names, i, utf_str);
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt.h b/jdk/src/java.desktop/windows/native/libawt/windows/awt.h
index 0a84f65e0a..90c9fe329b 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt.h
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt.h
@@ -57,15 +57,6 @@ typedef AwtObject* PDATA;
     }                                                                     \
 }
 
-#define JNI_CHECK_PEER_GOTO(peer, where) {                                \
-    JNI_CHECK_NULL_GOTO(peer, "peer", where);                             \
-    pData = JNI_GET_PDATA(peer);                                          \
-    if (pData == NULL) {                                                  \
-        THROW_NULL_PDATA_IF_NOT_DESTROYED(peer);                          \
-        goto where;                                                       \
-    }                                                                     \
-}
-
 #define JNI_CHECK_NULL_RETURN(obj, msg) {                                 \
     if (obj == NULL) {                                                    \
         env->ExceptionClear();                                            \
@@ -74,15 +65,6 @@ typedef AwtObject* PDATA;
     }                                                                     \
 }
 
-#define JNI_CHECK_PEER_RETURN(peer) {                                     \
-    JNI_CHECK_NULL_RETURN(peer, "peer");                                  \
-    pData = JNI_GET_PDATA(peer);                                          \
-    if (pData == NULL) {                                                  \
-        THROW_NULL_PDATA_IF_NOT_DESTROYED(peer);                          \
-        return;                                                           \
-    }                                                                     \
-}
-
 #define JNI_CHECK_PEER_CREATION_RETURN(peer) {                            \
     if (peer == NULL ) {                                                  \
         return;                                                           \
@@ -109,6 +91,33 @@ typedef AwtObject* PDATA;
     }                                                                     \
 }
 
+/**
+ * This macros must be used under SyncCall or on the Toolkit thread.
+ */
+#define JNI_CHECK_PEER_GOTO(peer, where) {                                \
+    JNI_CHECK_NULL_GOTO(peer, "peer", where);                             \
+    pData = JNI_GET_PDATA(peer);                                          \
+    if (pData == NULL) {                                                  \
+        THROW_NULL_PDATA_IF_NOT_DESTROYED(peer);                          \
+        goto where;                                                       \
+    }                                                                     \
+}
+
+/**
+ * This macros must be used under SyncCall or on the Toolkit thread.
+ */
+#define JNI_CHECK_PEER_RETURN(peer) {                                     \
+    JNI_CHECK_NULL_RETURN(peer, "peer");                                  \
+    pData = JNI_GET_PDATA(peer);                                          \
+    if (pData == NULL) {                                                  \
+        THROW_NULL_PDATA_IF_NOT_DESTROYED(peer);                          \
+        return;                                                           \
+    }                                                                     \
+}
+
+/**
+ * This macros must be used under SyncCall or on the Toolkit thread.
+ */
 #define JNI_CHECK_PEER_RETURN_NULL(peer) {                                \
     JNI_CHECK_NULL_RETURN_NULL(peer, "peer");                             \
     pData = JNI_GET_PDATA(peer);                                          \
@@ -118,6 +127,9 @@ typedef AwtObject* PDATA;
     }                                                                     \
 }
 
+/**
+ * This macros must be used under SyncCall or on the Toolkit thread.
+ */
 #define JNI_CHECK_PEER_RETURN_VAL(peer, val) {                            \
     JNI_CHECK_NULL_RETURN_VAL(peer, "peer", val);                         \
     pData = JNI_GET_PDATA(peer);                                          \
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Button.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Button.cpp
index e76582bf36..1a7a89fdef 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Button.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Button.cpp
@@ -65,6 +65,7 @@ LPCTSTR AwtButton::GetClassName() {
 /* Create a new AwtButton object and window. */
 AwtButton* AwtButton::Create(jobject self, jobject parent)
 {
+    DASSERT(AwtToolkit::IsMainThread());
     JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
 
     /* the result */
@@ -88,7 +89,6 @@ AwtButton* AwtButton::Create(jobject self, jobject parent)
 
         JNI_CHECK_PEER_GOTO(parent, done);
         awtParent = (AwtCanvas*)pData;
-        JNI_CHECK_NULL_GOTO(awtParent, "awtParent", done);
 
         target = env->GetObjectField(self, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "target", done);
@@ -375,9 +375,6 @@ Java_sun_awt_windows_WButtonPeer_setLabel(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(self);
-
     SetLabelStruct *sls = new SetLabelStruct;
     sls->button = env->NewGlobalRef(self);
     sls->label = (label != NULL) ? (jstring)env->NewGlobalRef(label) : NULL;
@@ -399,14 +396,9 @@ Java_sun_awt_windows_WButtonPeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
-
     AwtToolkit::CreateComponent(
         self, parent, (AwtToolkit::ComponentFactory)AwtButton::Create);
 
-    JNI_CHECK_PEER_CREATION_RETURN(self);
-
     CATCH_BAD_ALLOC;
 }
 
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Canvas.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Canvas.cpp
index fba055cb49..a152b8ebbd 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Canvas.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Canvas.cpp
@@ -59,6 +59,7 @@ LPCTSTR AwtCanvas::GetClassName() {
  */
 AwtCanvas* AwtCanvas::Create(jobject self, jobject hParent)
 {
+    DASSERT(AwtToolkit::IsMainThread());
     TRY;
     JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
 
@@ -74,12 +75,11 @@ AwtCanvas* AwtCanvas::Create(jobject self, jobject hParent)
             return NULL;
         }
 
+        PDATA pData;
         AwtComponent* parent;
 
-        JNI_CHECK_NULL_GOTO(hParent, "null hParent", done);
-
-        parent = (AwtComponent*)JNI_GET_PDATA(hParent);
-        JNI_CHECK_NULL_GOTO(parent, "null parent", done);
+        JNI_CHECK_PEER_GOTO(hParent, done);
+        parent = (AwtCanvas*)pData;
 
         target = env->GetObjectField(self, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "null target", done);
@@ -236,12 +236,9 @@ Java_sun_awt_windows_WCanvasPeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtCanvas::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Checkbox.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Checkbox.cpp
index 8e18d79eaa..d77ebb74a3 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Checkbox.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Checkbox.cpp
@@ -70,6 +70,7 @@ LPCTSTR AwtCheckbox::GetClassName() {
 
 AwtCheckbox* AwtCheckbox::Create(jobject peer, jobject parent)
 {
+    DASSERT(AwtToolkit::IsMainThread());
     JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
 
     jstring label = NULL;
@@ -81,11 +82,10 @@ AwtCheckbox* AwtCheckbox::Create(jobject peer, jobject parent)
             return NULL;
         }
 
+        PDATA pData;
         AwtComponent* awtParent;
-        JNI_CHECK_NULL_GOTO(parent, "null parent", done);
-
-        awtParent = (AwtComponent*)JNI_GET_PDATA(parent);
-        JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done);
+        JNI_CHECK_PEER_GOTO(parent, done);
+        awtParent = (AwtCanvas*)pData;
 
         target = env->GetObjectField(peer, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "null target", done);
@@ -669,11 +669,10 @@ Java_sun_awt_windows_WCheckboxPeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtCheckbox::Create);
+    PDATA pData;
     JNI_CHECK_PEER_CREATION_RETURN(self);
 
 #ifdef DEBUG
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Choice.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Choice.cpp
index 8376f0abc2..bfdf76f272 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Choice.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Choice.cpp
@@ -104,7 +104,7 @@ void AwtChoice::Dispose() {
 }
 
 AwtChoice* AwtChoice::Create(jobject peer, jobject parent) {
-
+    DASSERT(AwtToolkit::IsMainThread());
     JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
 
     jobject target = NULL;
@@ -115,12 +115,10 @@ AwtChoice* AwtChoice::Create(jobject peer, jobject parent) {
         if (env->EnsureLocalCapacity(1) < 0) {
             return NULL;
         }
+        PDATA pData;
         AwtCanvas* awtParent;
-
-        JNI_CHECK_NULL_GOTO(parent, "null parent", done);
-
-        awtParent = (AwtCanvas*)JNI_GET_PDATA(parent);
-        JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done);
+        JNI_CHECK_PEER_GOTO(parent, done);
+        awtParent = (AwtCanvas*)pData;
 
         target = env->GetObjectField(peer, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "null target", done);
@@ -830,12 +828,9 @@ Java_sun_awt_windows_WChoicePeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtChoice::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Component.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Component.cpp
index cf89de4046..f2db09fd34 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Component.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Component.cpp
@@ -151,6 +151,11 @@ struct SetFocusStruct {
     jobject component;
     jboolean doSetFocus;
 };
+// Struct for _SetParent function
+struct SetParentStruct {
+    jobject component;
+    jobject parentComp;
+};
 /************************************************************************/
 
 //////////////////////////////////////////////////////////////////////////
@@ -265,9 +270,6 @@ AwtComponent::~AwtComponent()
 {
     DASSERT(AwtToolkit::IsMainThread());
 
-    /* Disconnect all links. */
-    UnlinkObjects();
-
     /*
      * All the messages for this component are processed, native
      * resources are freed, and Java object is not connected to
@@ -279,6 +281,8 @@ AwtComponent::~AwtComponent()
 
 void AwtComponent::Dispose()
 {
+    DASSERT(AwtToolkit::IsMainThread());
+
     // NOTE: in case the component/toplevel was focused, Java should
     // have already taken care of proper transferring it or clearing.
 
@@ -297,8 +301,10 @@ void AwtComponent::Dispose()
     /* Release global ref to input method */
     SetInputMethod(NULL, TRUE);
 
-    if (m_childList != NULL)
+    if (m_childList != NULL) {
         delete m_childList;
+        m_childList = NULL;
+    }
 
     DestroyDropTarget();
     ReleaseDragCapture(0);
@@ -321,6 +327,9 @@ void AwtComponent::Dispose()
         m_brushBackground = NULL;
     }
 
+    /* Disconnect all links. */
+    UnlinkObjects();
+
     if (m_bPauseDestroy) {
         // AwtComponent::WmNcDestroy could be released now
         m_bPauseDestroy = FALSE;
@@ -6222,21 +6231,36 @@ ret:
     return result;
 }
 
-void AwtComponent::SetParent(void * param) {
+void AwtComponent::_SetParent(void * param)
+{
     if (AwtToolkit::IsMainThread()) {
-        AwtComponent** comps = (AwtComponent**)param;
-        if ((comps[0] != NULL) && (comps[1] != NULL)) {
-            HWND selfWnd = comps[0]->GetHWnd();
-            HWND parentWnd = comps[1]->GetHWnd();
-            if (::IsWindow(selfWnd) && ::IsWindow(parentWnd)) {
-                // Shouldn't trigger native focus change
-                // (only the proxy may be the native focus owner).
-                ::SetParent(selfWnd, parentWnd);
-            }
+        JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
+        SetParentStruct *data = (SetParentStruct*) param;
+        jobject self = data->component;
+        jobject parent = data->parentComp;
+
+        AwtComponent *awtComponent = NULL;
+        AwtComponent *awtParent = NULL;
+
+        PDATA pData;
+        JNI_CHECK_PEER_GOTO(self, ret);
+        awtComponent = (AwtComponent *)pData;
+        JNI_CHECK_PEER_GOTO(parent, ret);
+        awtParent = (AwtComponent *)pData;
+
+        HWND selfWnd = awtComponent->GetHWnd();
+        HWND parentWnd = awtParent->GetHWnd();
+        if (::IsWindow(selfWnd) && ::IsWindow(parentWnd)) {
+            // Shouldn't trigger native focus change
+            // (only the proxy may be the native focus owner).
+            ::SetParent(selfWnd, parentWnd);
         }
-        delete[] comps;
+ret:
+        env->DeleteGlobalRef(self);
+        env->DeleteGlobalRef(parent);
+        delete data;
     } else {
-        AwtToolkit::GetInstance().InvokeFunction(AwtComponent::SetParent, param);
+        AwtToolkit::GetInstance().InvokeFunction(AwtComponent::_SetParent, param);
     }
 }
 
@@ -7063,15 +7087,12 @@ JNIEXPORT void JNICALL
 Java_sun_awt_windows_WComponentPeer_pSetParent(JNIEnv* env, jobject self, jobject parent) {
     TRY;
 
-    typedef AwtComponent* PComponent;
-    AwtComponent** comps = new PComponent[2];
-    AwtComponent* comp = (AwtComponent*)JNI_GET_PDATA(self);
-    AwtComponent* parentComp = (AwtComponent*)JNI_GET_PDATA(parent);
-    comps[0] = comp;
-    comps[1] = parentComp;
+    SetParentStruct * data = new SetParentStruct;
+    data->component = env->NewGlobalRef(self);
+    data->parentComp = env->NewGlobalRef(parent);
 
-    AwtToolkit::GetInstance().SyncCall(AwtComponent::SetParent, comps);
-    // comps is deleted in SetParent
+    AwtToolkit::GetInstance().SyncCall(AwtComponent::_SetParent, data);
+    // global refs and data are deleted in SetParent
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Component.h b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Component.h
index d91df640d2..697c9d5044 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Component.h
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Component.h
@@ -668,6 +668,7 @@ public:
     static void _RemoveNativeDropTarget(void *param);
     static jintArray _CreatePrintedPixels(void *param);
     static jboolean _NativeHandlesWheelScrolling(void *param);
+    static void _SetParent(void * param);
     static void _SetRectangularShape(void *param);
     static void _SetZOrder(void *param);
 
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Dialog.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Dialog.cpp
index e3413714b6..47b80a4ea0 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Dialog.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Dialog.cpp
@@ -111,12 +111,13 @@ AwtDialog* AwtDialog::Create(jobject peer, jobject parent)
         PDATA pData;
         AwtWindow* awtParent = NULL;
         HWND hwndParent = NULL;
+
         target = env->GetObjectField(peer, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "null target", done);
 
         if (parent != NULL) {
             JNI_CHECK_PEER_GOTO(parent, done);
-            awtParent = (AwtWindow *)(JNI_GET_PDATA(parent));
+            awtParent = (AwtWindow *)pData;
             hwndParent = awtParent->GetHWnd();
         } else {
             // There is no way to prevent a parentless dialog from showing on
@@ -775,11 +776,9 @@ Java_sun_awt_windows_WDialogPeer_createAwtDialog(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtDialog::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_FileDialog.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_FileDialog.cpp
index 7b2d703bb6..f5ce9015d0 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_FileDialog.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_FileDialog.cpp
@@ -691,7 +691,7 @@ Java_sun_awt_windows_WFileDialogPeer_getLocationOnScreen(JNIEnv *env,
     jobject peerRef = env->NewGlobalRef(peer);
     jobject resultRef = (jobject)AwtToolkit::GetInstance().SyncCall(
         (void*(*)(void*))AwtFileDialog::_GetLocationOnScreen, (void *)peerRef);
-    env->DeleteLocalRef(peerRef);
+    env->DeleteGlobalRef(peerRef);
 
     if (resultRef != NULL)
     {
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Font.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Font.cpp
index b7e63628c2..dc64430b19 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Font.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Font.cpp
@@ -878,11 +878,16 @@ Java_sun_awt_windows_WFontMetrics_charsWidth(JNIEnv *env, jobject self,
 
     if (str == NULL) {
         JNU_ThrowNullPointerException(env, "str argument");
-        return NULL;
+        return 0;
     }
-    if ((len < 0) || (off < 0) || (len + off > (env->GetArrayLength(str)))) {
+    if ((len < 0) || (off < 0) || (len + off < 0) ||
+        (len + off > (env->GetArrayLength(str)))) {
         JNU_ThrowArrayIndexOutOfBoundsException(env, "off/len argument");
-        return NULL;
+        return 0;
+    }
+
+    if (off == env->GetArrayLength(str)) {
+        return 0;
     }
 
     jchar *strp = new jchar[len];
@@ -914,12 +919,18 @@ Java_sun_awt_windows_WFontMetrics_bytesWidth(JNIEnv *env, jobject self,
 
     if (str == NULL) {
         JNU_ThrowNullPointerException(env, "bytes argument");
-        return NULL;
+        return 0;
     }
-    if ((len < 0) || (off < 0) || (len + off > (env->GetArrayLength(str)))) {
+    if ((len < 0) || (off < 0) || (len + off < 0) ||
+        (len + off > (env->GetArrayLength(str)))) {
         JNU_ThrowArrayIndexOutOfBoundsException(env, "off or len argument");
-        return NULL;
+        return 0;
     }
+
+    if (off == env->GetArrayLength(str)) {
+        return 0;
+    }
+
     char *pStrBody = NULL;
     jint result = 0;
     try {
@@ -927,12 +938,12 @@ Java_sun_awt_windows_WFontMetrics_bytesWidth(JNIEnv *env, jobject self,
                                                          AwtFont::widthsID);
         if (array == NULL) {
             JNU_ThrowNullPointerException(env, "Can't access widths array.");
-            return NULL;
+            return 0;
         }
         pStrBody = (char *)env->GetPrimitiveArrayCritical(str, 0);
         if (pStrBody == NULL) {
             JNU_ThrowNullPointerException(env, "Can't access str bytes.");
-            return NULL;
+            return 0;
         }
         char *pStr = pStrBody + off;
 
@@ -942,7 +953,7 @@ Java_sun_awt_windows_WFontMetrics_bytesWidth(JNIEnv *env, jobject self,
             if (widths == NULL) {
                 env->ReleasePrimitiveArrayCritical(str, pStrBody, 0);
                 JNU_ThrowNullPointerException(env, "Can't access widths.");
-                return NULL;
+                return 0;
             }
             for (; len; len--) {
                 result += widths[*pStr++];
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Frame.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Frame.cpp
index 9bc6366d17..788ece4735 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Frame.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Frame.cpp
@@ -1580,12 +1580,12 @@ void AwtFrame::_NotifyModalBlocked(void *param)
 
     PDATA pData;
 
-    pData = JNI_GET_PDATA(peer);
+    JNI_CHECK_PEER_GOTO(peer, ret);
     AwtFrame *f = (AwtFrame *)pData;
 
     // dialog here may be NULL, for example, if the blocker is a native dialog
     // however, we need to install/unistall modal hooks anyway
-    pData = JNI_GET_PDATA(blockerPeer);
+    JNI_CHECK_PEER_GOTO(blockerPeer, ret);
     AwtDialog *d = (AwtDialog *)pData;
 
     if ((f != NULL) && ::IsWindow(f->GetHWnd()))
@@ -1637,7 +1637,7 @@ void AwtFrame::_NotifyModalBlocked(void *param)
             }
         }
     }
-
+ret:
     env->DeleteGlobalRef(self);
     env->DeleteGlobalRef(peer);
     env->DeleteGlobalRef(blockerPeer);
@@ -1809,8 +1809,6 @@ Java_sun_awt_windows_WFramePeer_createAwtFrame(JNIEnv *env, jobject self,
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtFrame::Create);
-    PDATA pData;
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
@@ -1924,8 +1922,6 @@ Java_sun_awt_windows_WEmbeddedFramePeer_create(JNIEnv *env, jobject self,
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtFrame::Create);
-    PDATA pData;
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Label.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Label.cpp
index 722151cd86..4f43e0e3d0 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Label.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Label.cpp
@@ -80,7 +80,7 @@ AwtLabel* AwtLabel::Create(jobject labelPeer, jobject parent)
 
         JNI_CHECK_PEER_GOTO(parent, done);
         awtParent = (AwtCanvas*)pData;
-        JNI_CHECK_NULL_GOTO(awtParent, "awtParent", done);
+
         target  = env->GetObjectField(labelPeer, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "target", done);
 
@@ -392,12 +392,9 @@ Java_sun_awt_windows_WLabelPeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtLabel::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_List.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_List.cpp
index 4c32a47299..071ab2a0de 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_List.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_List.cpp
@@ -89,10 +89,9 @@ AwtList* AwtList::Create(jobject peer, jobject parent)
 
         PDATA pData;
         AwtCanvas* awtParent;
-        JNI_CHECK_PEER_GOTO(parent, done);
 
+        JNI_CHECK_PEER_GOTO(parent, done);
         awtParent = (AwtCanvas*)pData;
-        JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done);
 
         /* target is Hjava_awt_List * */
         target = env->GetObjectField(peer, AwtObject::targetID);
@@ -928,9 +927,6 @@ Java_sun_awt_windows_WListPeer_deselect(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(self);
-
     SelectElementStruct *ses = new SelectElementStruct;
     ses->list = env->NewGlobalRef(self);
     ses->index = pos;
@@ -994,11 +990,8 @@ Java_sun_awt_windows_WListPeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)AwtList::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_MenuItem.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_MenuItem.cpp
index f00d5ba31c..095db63eb3 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_MenuItem.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_MenuItem.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -217,6 +217,10 @@ AwtMenuItem* AwtMenuItem::Create(jobject peer, jobject menuPeer)
         if (env->EnsureLocalCapacity(1) < 0) {
             return NULL;
         }
+        if (!AwtToolkit::GetInstance().isFreeIDAvailable()) {
+            return NULL;
+        }
+
         JNI_CHECK_NULL_RETURN_NULL(menuPeer, "peer");
 
         /* target is a java.awt.MenuItem  */
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Palette.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Palette.cpp
index 51b51a0e36..aba339fa46 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Palette.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Palette.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -148,7 +148,7 @@ int AwtPalette::FetchPaletteEntries(HDC hDC, PALETTEENTRY* pPalEntries)
         pEntry->peFlags = PC_EXPLICIT;
     }
     hPal = ::CreatePalette(pLogPal);
-    delete pLogPal;
+    delete[] pLogPal;
     if ( hPal == 0 ) {
         return 0;
     }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Robot.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Robot.cpp
index 12432ebf14..4db3de5ad8 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Robot.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Robot.cpp
@@ -285,7 +285,7 @@ void AwtRobot::GetRGBPixels(jint x, jint y, jint width, jint height, jintArray p
 
     // copy pixels into Java array
     env->SetIntArrayRegion(pixelArray, 0, numPixels, (jint *)pixelData);
-    delete pinfo;
+    delete[] pinfo;
 
     // free all the GDI objects we made
     ::SelectObject(hdcMem, hOldBitmap);
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_ScrollPane.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_ScrollPane.cpp
index 04f463e642..7e351e134b 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_ScrollPane.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_ScrollPane.cpp
@@ -96,10 +96,9 @@ AwtScrollPane* AwtScrollPane::Create(jobject self, jobject parent)
 
         PDATA pData;
         AwtComponent* awtParent;
-        JNI_CHECK_PEER_GOTO(parent, done);
 
+        JNI_CHECK_PEER_GOTO(parent, done);
         awtParent = (AwtComponent*)pData;
-        JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done);
 
         target = env->GetObjectField(self, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "null target", done);
@@ -679,11 +678,10 @@ Java_sun_awt_windows_WScrollPanePeer_create(JNIEnv *env, jobject self,
 
     DTRACE_PRINTLN2("%x: WScrollPanePeer.create(%x)", self, parent);
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtScrollPane::Create);
+    PDATA pData;
     JNI_CHECK_PEER_CREATION_RETURN(self);
     ((AwtScrollPane*)pData)->VerifyState();
 
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.cpp
index 1e58f2ceb8..502b9a0d23 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.cpp
@@ -38,7 +38,11 @@ struct SetValuesStruct {
     jint value;
     jint visible;
     jint min, max;
-
+};
+// struct for _SetLineIncrement()/_SetPageIncrement() methods
+struct SetIncrementStruct {
+    jobject scrollbar;
+    jint increment;
 };
 /************************************************************************
  * AwtScrollbar fields
@@ -108,10 +112,9 @@ AwtScrollbar::Create(jobject peer, jobject parent)
 
         PDATA pData;
         AwtCanvas* awtParent;
-        JNI_CHECK_PEER_GOTO(parent, done);
 
+        JNI_CHECK_PEER_GOTO(parent, done);
         awtParent = (AwtCanvas*)pData;
-        JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done);
 
         target = env->GetObjectField(peer, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "null target", done);
@@ -471,6 +474,52 @@ ret:
     delete svs;
 }
 
+void AwtScrollbar::_SetLineIncrement(void *param)
+{
+    JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
+
+    SetIncrementStruct *sis = (SetIncrementStruct *)param;
+    jobject self = sis->scrollbar;
+    jint increment = sis->increment;
+
+    AwtScrollbar *sb = NULL;
+
+    PDATA pData;
+    JNI_CHECK_PEER_GOTO(self, ret);
+    sb = (AwtScrollbar *)pData;
+    if (::IsWindow(sb->GetHWnd()))
+    {
+        sb->SetLineIncrement(increment);
+    }
+ret:
+    env->DeleteGlobalRef(self);
+
+    delete sis;
+}
+
+void AwtScrollbar::_SetPageIncrement(void *param)
+{
+    JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
+
+    SetIncrementStruct *sis = (SetIncrementStruct *)param;
+    jobject self = sis->scrollbar;
+    jint increment = sis->increment;
+
+    AwtScrollbar *sb = NULL;
+
+    PDATA pData;
+    JNI_CHECK_PEER_GOTO(self, ret);
+    sb = (AwtScrollbar *)pData;
+    if (::IsWindow(sb->GetHWnd()))
+    {
+        sb->SetPageIncrement(increment);
+    }
+ret:
+    env->DeleteGlobalRef(self);
+
+    delete sis;
+}
+
 /************************************************************************
  * Scrollbar native methods
  */
@@ -546,10 +595,12 @@ Java_sun_awt_windows_WScrollbarPeer_setLineIncrement(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(self);
-    AwtScrollbar* c = (AwtScrollbar*)pData;
-    c->SetLineIncrement(increment);
+    SetIncrementStruct *sis = new SetIncrementStruct;
+    sis->scrollbar = env->NewGlobalRef(self);
+    sis->increment = increment;
+
+    AwtToolkit::GetInstance().SyncCall(AwtScrollbar::_SetLineIncrement, sis);
+    // global ref and svs are deleted in _SetValues
 
     CATCH_BAD_ALLOC;
 }
@@ -565,10 +616,12 @@ Java_sun_awt_windows_WScrollbarPeer_setPageIncrement(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(self);
-    AwtScrollbar* c = (AwtScrollbar*)pData;
-    c->SetPageIncrement(increment);
+    SetIncrementStruct *sis = new SetIncrementStruct;
+    sis->scrollbar = env->NewGlobalRef(self);
+    sis->increment = increment;
+
+    AwtToolkit::GetInstance().SyncCall(AwtScrollbar::_SetPageIncrement, sis);
+    // global ref and svs are deleted in _SetValues
 
     CATCH_BAD_ALLOC;
 }
@@ -584,12 +637,9 @@ Java_sun_awt_windows_WScrollbarPeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtScrollbar::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.h b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.h
index 2a6b03a671..9369cab0e5 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.h
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.h
@@ -77,6 +77,8 @@ public:
 
     INLINE virtual BOOL IsScrollbar() { return TRUE; }
 
+    static void _SetLineIncrement(void *param);
+    static void _SetPageIncrement(void *param);
     // invoked on Toolkit thread
     static void _SetValues(void *param);
 
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextArea.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextArea.cpp
index cd40b1f237..6dc21c5add 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextArea.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextArea.cpp
@@ -505,12 +505,9 @@ Java_sun_awt_windows_WTextAreaPeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtTextArea::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextComponent.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextComponent.cpp
index de60f0ed70..38272959d7 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextComponent.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextComponent.cpp
@@ -95,10 +95,9 @@ AwtTextComponent* AwtTextComponent::Create(jobject peer, jobject parent, BOOL is
 
         PDATA pData;
         AwtCanvas* awtParent;
-        JNI_CHECK_PEER_GOTO(parent, done);
 
+        JNI_CHECK_PEER_GOTO(parent, done);
         awtParent = (AwtCanvas*)pData;
-        JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done);
 
         target = env->GetObjectField(peer, AwtObject::targetID);
         JNI_CHECK_NULL_GOTO(target, "null target", done);
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextField.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextField.cpp
index 01c73f068e..5518ab9114 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextField.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_TextField.cpp
@@ -260,12 +260,9 @@ Java_sun_awt_windows_WTextFieldPeer_create(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtTextField::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.cpp
index 4a0ac907f6..25d9de8f9a 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1663,6 +1663,11 @@ void AwtToolkit::SyncCall(void (*ftn)(void)) {
     }
 }
 
+jboolean AwtToolkit::isFreeIDAvailable()
+{
+    return m_cmdIDs->isFreeIDAvailable();
+}
+
 UINT AwtToolkit::CreateCmdID(AwtObject* object)
 {
     return m_cmdIDs->Add(object);
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.h b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.h
index 05da58b1c5..a99fe963c0 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.h
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -320,6 +320,8 @@ public:
     BOOL PreProcessMouseMsg(class AwtComponent* p, MSG& msg);
     BOOL PreProcessKeyMsg(class AwtComponent* p, MSG& msg);
 
+    /* Checks that an free ID exists. */
+    jboolean isFreeIDAvailable();
     /* Create an ID which maps to an AwtObject pointer, such as a menu. */
     UINT CreateCmdID(AwtObject* object);
 
diff --git a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Window.cpp b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Window.cpp
index 56f2bfdd0e..b1cb6ad2ce 100644
--- a/jdk/src/java.desktop/windows/native/libawt/windows/awt_Window.cpp
+++ b/jdk/src/java.desktop/windows/native/libawt/windows/awt_Window.cpp
@@ -3400,12 +3400,9 @@ Java_sun_awt_windows_WWindowPeer_createAwtWindow(JNIEnv *env, jobject self,
 {
     TRY;
 
-    PDATA pData;
-//    JNI_CHECK_PEER_RETURN(parent);
     AwtToolkit::CreateComponent(self, parent,
                                 (AwtToolkit::ComponentFactory)
                                 AwtWindow::Create);
-    JNI_CHECK_PEER_CREATION_RETURN(self);
 
     CATCH_BAD_ALLOC;
 }
diff --git a/jdk/src/java.management.rmi/share/classes/com/sun/jmx/remote/internal/rmi/RMIExporter.java b/jdk/src/java.management.rmi/share/classes/com/sun/jmx/remote/internal/rmi/RMIExporter.java
index cd292850a2..333c8f4a73 100644
--- a/jdk/src/java.management.rmi/share/classes/com/sun/jmx/remote/internal/rmi/RMIExporter.java
+++ b/jdk/src/java.management.rmi/share/classes/com/sun/jmx/remote/internal/rmi/RMIExporter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
 
 package com.sun.jmx.remote.internal.rmi;
 
+import java.io.ObjectInputFilter;
 import java.rmi.NoSuchObjectException;
 import java.rmi.Remote;
 import java.rmi.RemoteException;
@@ -51,7 +52,8 @@ public interface RMIExporter {
     public Remote exportObject(Remote obj,
                                int port,
                                RMIClientSocketFactory csf,
-                               RMIServerSocketFactory ssf)
+                               RMIServerSocketFactory ssf,
+                               ObjectInputFilter filter)
             throws RemoteException;
 
     public boolean unexportObject(Remote obj, boolean force)
diff --git a/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java b/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
index 8bcbe1919a..c4af7756af 100644
--- a/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
+++ b/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
@@ -26,6 +26,7 @@
 package javax.management.remote.rmi;
 
 import java.io.IOException;
+import java.io.ObjectInputFilter;
 import java.rmi.NoSuchObjectException;
 import java.rmi.Remote;
 import java.rmi.RemoteException;
@@ -39,15 +40,13 @@ import javax.security.auth.Subject;
 
 import com.sun.jmx.remote.internal.rmi.RMIExporter;
 import com.sun.jmx.remote.util.EnvHelp;
-import java.io.ObjectStreamClass;
-import java.lang.reflect.Method;
-import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 import sun.reflect.misc.ReflectUtil;
-import sun.rmi.server.DeserializationChecker;
 import sun.rmi.server.UnicastServerRef;
 import sun.rmi.server.UnicastServerRef2;
+import sun.rmi.transport.LiveRef;
 
 /**
  * 
    An {@link RMIServer} object that is exported through JRMP and that
@@ -60,8 +59,6 @@ import sun.rmi.server.UnicastServerRef2;
  */
 public class RMIJRMPServerImpl extends RMIServerImpl {
 
-    private final ExportedWrapper exportedWrapper;
-
     /**
      * 
    Creates a new {@link RMIServer} object that will be exported
      * on the given port using the given socket factories.
    
@@ -102,31 +99,42 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
 
         String[] credentialsTypes
                 = (String[]) this.env.get(RMIConnectorServer.CREDENTIAL_TYPES);
-        List types = null;
-        if (credentialsTypes != null) {
-            types = new ArrayList<>();
-            for (String type : credentialsTypes) {
-                if (type == null) {
-                    throw new IllegalArgumentException("A credential type is null.");
-                }
-                ReflectUtil.checkPackageAccess(type);
-                types.add(type);
-            }
+
+        String credentialsFilter
+                = (String) this.env.get(EnvHelp.CREDENTIALS_FILTER_PATTERN);
+
+        // It is impossible for both attributes to be specified
+        if(credentialsTypes != null && credentialsFilter != null) {
+            throw new IllegalArgumentException("Cannot specify both \""
+                    + RMIConnectorServer.CREDENTIAL_TYPES + "\" and \""
+                    + EnvHelp.CREDENTIALS_FILTER_PATTERN + "\"");
+        } else if(credentialsFilter != null){
+            cFilter = ObjectInputFilter.Config.createFilter(credentialsFilter);
+            allowedTypes = null;
         }
-        exportedWrapper = types != null ?
-                new ExportedWrapper(this, types) :
-                null;
+        else if (credentialsTypes != null) {
+            allowedTypes = Arrays.stream(credentialsTypes).filter(
+                    s -> s!= null).collect(Collectors.toSet());
+            allowedTypes.stream().forEach(ReflectUtil::checkPackageAccess);
+            cFilter = this::newClientCheckInput;
+        } else {
+            allowedTypes = null;
+            cFilter = null;
+        }
+
+        String userJmxFilter =
+                (String) this.env.get(EnvHelp.SERIAL_FILTER_PATTERN);
+        if(userJmxFilter != null && !userJmxFilter.isEmpty())
+            jmxRmiFilter = ObjectInputFilter.Config.createFilter(userJmxFilter);
+        else
+            jmxRmiFilter = null;
     }
 
     protected void export() throws IOException {
-        if (exportedWrapper != null) {
-            export(exportedWrapper);
-        } else {
-            export(this);
-        }
+        export(this, cFilter);
     }
 
-    private void export(Remote obj) throws RemoteException {
+    private void export(Remote obj, ObjectInputFilter typeFilter) throws RemoteException {
         final RMIExporter exporter =
             (RMIExporter) env.get(RMIExporter.EXPORTER_ATTRIBUTE);
         final boolean daemon = EnvHelp.isServerDaemon(env);
@@ -137,16 +145,14 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
                     " cannot be used to specify an exporter!");
         }
 
-        if (daemon) {
-            if (csf == null && ssf == null) {
-                new UnicastServerRef(port).exportObject(obj, null, true);
-            } else {
-                new UnicastServerRef2(port, csf, ssf).exportObject(obj, null, true);
-            }
-        } else if (exporter != null) {
-            exporter.exportObject(obj, port, csf, ssf);
+        if (exporter != null) {
+            exporter.exportObject(obj, port, csf, ssf, typeFilter);
         } else {
-            UnicastRemoteObject.exportObject(obj, port, csf, ssf);
+            if (csf == null && ssf == null) {
+                new UnicastServerRef(new LiveRef(port), typeFilter).exportObject(obj, null, daemon);
+            } else {
+                new UnicastServerRef2(port, csf, ssf, typeFilter).exportObject(obj, null, daemon);
+            }
         }
     }
 
@@ -173,11 +179,7 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
      *            RMIJRMPServerImpl has not been exported yet.
      */
     public Remote toStub() throws IOException {
-        if (exportedWrapper != null) {
-            return RemoteObject.toStub(exportedWrapper);
-        } else {
-            return RemoteObject.toStub(this);
-        }
+        return RemoteObject.toStub(this);
     }
 
     /**
@@ -207,7 +209,7 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
         RMIConnection client =
             new RMIConnectionImpl(this, connectionId, getDefaultClassLoader(),
                                   subject, env);
-        export(client);
+        export(client, jmxRmiFilter);
         return client;
     }
 
@@ -224,56 +226,39 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
      * server failed.
      */
     protected void closeServer() throws IOException {
-        if (exportedWrapper != null) {
-            unexport(exportedWrapper, true);
-        } else {
-            unexport(this, true);
+        unexport(this, true);
+    }
+
+    /**
+     * Check that a type in the remote invocation of {@link RMIServerImpl#newClient}
+     * is one of the {@code allowedTypes}.
+     *
+     * @param clazz       the class; may be null
+     * @param size        the size for arrays, otherwise is 0
+     * @param nObjectRefs the current number of object references
+     * @param depth       the current depth
+     * @param streamBytes the current number of bytes consumed
+     * @return {@code ObjectInputFilter.Status.ALLOWED} if the class is allowed,
+     *          otherwise {@code ObjectInputFilter.Status.REJECTED}
+     */
+    ObjectInputFilter.Status newClientCheckInput(ObjectInputFilter.FilterInfo filterInfo) {
+        ObjectInputFilter.Status status = ObjectInputFilter.Status.UNDECIDED;
+        if (allowedTypes != null && filterInfo.serialClass() != null) {
+            // If enabled, check type
+            String type = filterInfo.serialClass().getName();
+            if (allowedTypes.contains(type))
+                status = ObjectInputFilter.Status.ALLOWED;
+            else
+                status = ObjectInputFilter.Status.REJECTED;
         }
+        return status;
     }
 
     private final int port;
     private final RMIClientSocketFactory csf;
     private final RMIServerSocketFactory ssf;
     private final Map env;
-
-    private static class ExportedWrapper implements RMIServer, DeserializationChecker {
-        private final RMIServer impl;
-        private final List allowedTypes;
-
-        private ExportedWrapper(RMIServer impl, List credentialsTypes) {
-            this.impl = impl;
-            allowedTypes = credentialsTypes;
-        }
-
-        @Override
-        public String getVersion() throws RemoteException {
-            return impl.getVersion();
-        }
-
-        @Override
-        public RMIConnection newClient(Object credentials) throws IOException {
-            return impl.newClient(credentials);
-        }
-
-        @Override
-        public void check(Method method, ObjectStreamClass descriptor,
-                int paramIndex, int callID) {
-            String type = descriptor.getName();
-            if (!allowedTypes.contains(type)) {
-                throw new ClassCastException("Unsupported type: " + type);
-            }
-        }
-
-        @Override
-        public void checkProxyClass(Method method, String[] ifaces,
-                int paramIndex, int callID) {
-            if (ifaces != null && ifaces.length > 0) {
-                for (String iface : ifaces) {
-                    if (!allowedTypes.contains(iface)) {
-                        throw new ClassCastException("Unsupported type: " + iface);
-                    }
-                }
-            }
-        }
-    }
+    private final Set allowedTypes;
+    private final ObjectInputFilter jmxRmiFilter;
+    private final ObjectInputFilter cFilter;
 }
diff --git a/jdk/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java b/jdk/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java
index 47ab569579..c8ead8e396 100644
--- a/jdk/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java
+++ b/jdk/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java
@@ -53,6 +53,61 @@ import javax.management.remote.JMXConnectorServer;
 
 public class EnvHelp {
 
+   /**
+    * Name of the attribute that specifies an
+    * {@link ObjectInputFilter} pattern string to filter classes acceptable
+    * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+    * remote method call.
+    * 
    
+    * The filter pattern must be in same format as used in
+    * {@link java.io.ObjectInputFilter.Config.createFilter}
+    * 
    
+    * This list of classes allowed by filter should correspond to the
+    * transitive closure of the credentials class (or classes) used by the
+    * installed {@linkplain JMXAuthenticator} associated with the
+    * {@linkplain RMIServer} implementation.
+    * If the attribute is not set then any class is deemed acceptable.
+    * @see ObjectInputFilter
+    */
+    public static final String CREDENTIALS_FILTER_PATTERN =
+        "jmx.remote.rmi.server.credentials.filter.pattern";
+
+    /**
+     * This attribute defines a pattern from which to create a
+     * {@link java.io.ObjectInputFilter} that will be used when deserializing
+     * objects sent to the {@code JMXConnectorServer} by any client.
+     * 
    
+     * The filter will be called for any class found in the serialized
+     * stream sent to server by client, including all JMX defined classes
+     * (such as {@link javax.management.ObjectName}), all method parameters,
+     * and, if present in the stream, all classes transitively referred by
+     * the serial form of any deserialized object.
+     * The pattern must be in same format as used in
+     * {@link java.io.ObjectInputFilter.Config.createFilter}.
+     * It may define a white list of permitted classes, a black list of
+     * rejected classes, a maximum depth for the deserialized objects,
+     * etc.
+     * 
    
+     * To be functional, the filter should allow at least all the
+     * concrete types in the transitive closure of all objects that
+     * might get serialized when serializing all JMX classes referred
+     * as parameters in the {@link
+     * javax.management.remote.rmi.RMIConnection} interface,
+     * plus all classes that a {@link javax.management.remote.rmi.RMIConnectorClient}
+     * might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject
+     * marshalled objects} in order to interoperate with the MBeans registered
+     * in the {@code MBeanServer}. That would potentially include all the
+     * concrete {@linkplain javax.management.openmbean  JMX OpenTypes} and the
+     * classes they use in their serial form.
+     * 
    
+     * Care must be taken when defining such a filter, as defining
+     * a white list too restrictive or a too wide a black list may
+     * prevent legitimate clients from interoperating with the
+     * {@code JMXConnectorServer}.
+     */
+    public static final String SERIAL_FILTER_PATTERN =
+       "jmx.remote.rmi.server.serial.filter.pattern";
+
     /**
      * Name of the attribute that specifies a default class loader
      * object.
diff --git a/jdk/src/java.naming/share/classes/javax/naming/directory/BasicAttributes.java b/jdk/src/java.naming/share/classes/javax/naming/directory/BasicAttributes.java
index 0b8178c91c..5ff5dc26e0 100644
--- a/jdk/src/java.naming/share/classes/javax/naming/directory/BasicAttributes.java
+++ b/jdk/src/java.naming/share/classes/javax/naming/directory/BasicAttributes.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -302,8 +302,8 @@ public class BasicAttributes implements Attributes {
         s.defaultReadObject();  // read in the ignoreCase flag
         int n = s.readInt();    // number of attributes
         attrs = (n >= 1)
-            ? new Hashtable(n * 2)
-            : new Hashtable(2); // can't have initial size of 0 (grrr...)
+                ? new Hashtable<>(1 + (int) (Math.min(768, n) / .75f))
+                : new Hashtable<>(2); // can't have initial size of 0 (grrr...)
         while (--n >= 0) {
             put((Attribute)s.readObject());
         }
diff --git a/jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java b/jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
index 00b6a68121..ee36e1f874 100644
--- a/jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
+++ b/jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -136,6 +136,11 @@ public final class LDAPCertStore extends CertStoreSpi {
                         + params.getClass().getName() + " passed");
         }
 
+        SecurityManager security = System.getSecurityManager();
+        if (security != null) {
+            security.checkConnect(serverName, port);
+        }
+
         Key k = new Key(serverName, port);
         LDAPCertStoreImpl lci = certStoreCache.get(k);
         if (lci == null) {
diff --git a/jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java b/jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java
index 8813ff6e33..5b7e821269 100644
--- a/jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java
+++ b/jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java
@@ -26,9 +26,11 @@
 package sun.security.provider.certpath.ldap;
 
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
+import java.net.URI;
 import java.util.*;
+import javax.naming.CompositeName;
 import javax.naming.Context;
+import javax.naming.InvalidNameException;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.NameNotFoundException;
@@ -44,6 +46,7 @@ import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;
 import javax.security.auth.x500.X500Principal;
 
+import com.sun.jndi.ldap.LdapReferralException;
 import sun.security.util.HexDumpEncoder;
 import sun.security.provider.certpath.X509CertificatePair;
 import sun.security.util.Cache;
@@ -181,13 +184,9 @@ final class LDAPCertStoreImpl {
         try {
             ctx = new InitialLdapContext(env, null);
             /*
-             * By default, follow referrals unless application has
-             * overridden property in an application resource file.
+             * Always deal with referrals here.
              */
-            Hashtable currentEnv = ctx.getEnvironment();
-            if (currentEnv.get(Context.REFERRAL) == null) {
-                ctx.addToEnvironment(Context.REFERRAL, "follow-scheme");
-            }
+            ctx.addToEnvironment(Context.REFERRAL, "throw");
         } catch (NamingException e) {
             if (debug != null) {
                 debug.println("LDAPCertStore.engineInit about to throw "
@@ -223,11 +222,25 @@ final class LDAPCertStoreImpl {
         private Map valueMap;
         private final List requestedAttributes;
 
-        LDAPRequest(String name) {
-            this.name = name;
+        LDAPRequest(String name) throws CertStoreException {
+            this.name = checkName(name);
             requestedAttributes = new ArrayList<>(5);
         }
 
+        private String checkName(String name) throws CertStoreException {
+            if (name == null) {
+                throw new CertStoreException("Name absent");
+            }
+            try {
+                if (new CompositeName(name).size() > 1) {
+                    throw new CertStoreException("Invalid name: " + name);
+                }
+            } catch (InvalidNameException ine) {
+                throw new CertStoreException("Invalid name: " + name, ine);
+            }
+            return name;
+        }
+
         String getName() {
             return name;
         }
@@ -242,7 +255,6 @@ final class LDAPCertStoreImpl {
         /**
          * Gets one or more binary values from an attribute.
          *
-         * @param name          the location holding the attribute
          * @param attrId                the attribute identifier
          * @return                      an array of binary values (byte arrays)
          * @throws NamingException      if a naming exception occurs
@@ -300,6 +312,39 @@ final class LDAPCertStoreImpl {
 
             try {
                 attrs = ctx.getAttributes(name, attrIds);
+            } catch (LdapReferralException lre) {
+                // LdapCtx has a hopCount field to avoid infinite loop
+                while (true) {
+                    try {
+                        String newName = (String) lre.getReferralInfo();
+                        URI newUri = new URI(newName);
+                        if (!newUri.getScheme().equalsIgnoreCase("ldap")) {
+                            throw new IllegalArgumentException("Not LDAP");
+                        }
+                        String newDn = newUri.getPath();
+                        if (newDn != null && newDn.charAt(0) == '/') {
+                            newDn = newDn.substring(1);
+                        }
+                        checkName(newDn);
+                    } catch (Exception e) {
+                        throw new NamingException("Cannot follow referral to "
+                                + lre.getReferralInfo());
+                    }
+                    LdapContext refCtx =
+                            (LdapContext)lre.getReferralContext();
+
+                    // repeat the original operation at the new context
+                    try {
+                        attrs = refCtx.getAttributes(name, attrIds);
+                        break;
+                    } catch (LdapReferralException re) {
+                        lre = re;
+                        continue;
+                    } finally {
+                        // Make sure we close referral context
+                        refCtx.close();
+                    }
+                }
             } catch (CommunicationException ce) {
                 communicationError = true;
                 throw ce;
@@ -513,7 +558,7 @@ final class LDAPCertStoreImpl {
      * X509CertSelector), a CertStoreException is
      * thrown.
      *
-     * @param selector a X509CertSelector used to select which
+     * @param xsel a X509CertSelector used to select which
      *  Certificates should be returned.
      * @return a Collection of X509Certificates that
      *         match the specified selector
@@ -684,7 +729,7 @@ final class LDAPCertStoreImpl {
      * (or the selector is not an X509CRLSelector), a
      * CertStoreException is thrown.
      *
-     * @param selector A X509CRLSelector used to select which
+     * @param xsel A X509CRLSelector used to select which
      *  CRLs should be returned. Specify null
      *  to return all CRLs.
      * @return A Collection of X509CRLs that
diff --git a/jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java b/jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java
index af012faeb7..9fe3f0b06a 100644
--- a/jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java
@@ -177,7 +177,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
             }
         } else {
             LiveRef lref = new LiveRef(id, port, csf, ssf);
-            setup(new UnicastServerRef2(lref, RegistryImpl::registryFilter));
+            setup(new UnicastServerRef2(lref, serialFilter));
         }
     }
 
diff --git a/jdk/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java b/jdk/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java
index 2944e5d0f1..d04e9292fd 100644
--- a/jdk/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java
@@ -35,8 +35,6 @@ import java.security.AccessControlException;
 import java.security.Permission;
 import java.rmi.server.RMIClassLoader;
 import java.security.PrivilegedAction;
-import jdk.internal.misc.ObjectStreamClassValidator;
-import jdk.internal.misc.SharedSecrets;
 
 /**
  * MarshalInputStream is an extension of ObjectInputStream.  When resolving
@@ -54,11 +52,6 @@ import jdk.internal.misc.SharedSecrets;
  * @author      Peter Jones
  */
 public class MarshalInputStream extends ObjectInputStream {
-    interface StreamChecker extends ObjectStreamClassValidator {
-        void checkProxyInterfaceNames(String[] ifaces);
-    }
-
-    private volatile StreamChecker streamChecker = null;
 
     /**
      * Value of "java.rmi.server.useCodebaseOnly" property,
@@ -245,11 +238,6 @@ public class MarshalInputStream extends ObjectInputStream {
     protected Class resolveProxyClass(String[] interfaces)
         throws IOException, ClassNotFoundException
     {
-        StreamChecker checker = streamChecker;
-        if (checker != null) {
-            checker.checkProxyInterfaceNames(interfaces);
-        }
-
         /*
          * Always read annotation written by MarshalOutputStream.
          */
@@ -330,28 +318,4 @@ public class MarshalInputStream extends ObjectInputStream {
     void useCodebaseOnly() {
         useCodebaseOnly = true;
     }
-
-    synchronized void setStreamChecker(StreamChecker checker) {
-        streamChecker = checker;
-        SharedSecrets.getJavaObjectInputStreamAccess().setValidator(this, checker);
-    }
-    @Override
-    protected ObjectStreamClass readClassDescriptor() throws IOException,
-            ClassNotFoundException {
-        ObjectStreamClass descriptor = super.readClassDescriptor();
-
-        validateDesc(descriptor);
-
-        return descriptor;
-    }
-
-    private void validateDesc(ObjectStreamClass descriptor) {
-        StreamChecker checker;
-        synchronized (this) {
-            checker = streamChecker;
-        }
-        if (checker != null) {
-            checker.validateDescriptor(descriptor);
-        }
-    }
 }
diff --git a/jdk/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java b/jdk/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java
index f0a4e0f4e0..9dbaed70c5 100644
--- a/jdk/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java
@@ -30,7 +30,6 @@ import java.io.ObjectInput;
 import java.io.ObjectInputFilter;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutput;
-import java.io.ObjectStreamClass;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.rmi.AccessException;
@@ -330,11 +329,16 @@ public class UnicastServerRef extends UnicastRef
             logCall(obj, method);
 
             // unmarshal parameters
-            Object[] params = null;
+            Class[] types = method.getParameterTypes();
+            Object[] params = new Object[types.length];
 
             try {
                 unmarshalCustomCallData(in);
-                params = unmarshalParameters(obj, method, marshalStream);
+                // Unmarshal the parameters
+                for (int i = 0; i < types.length; i++) {
+                    params[i] = unmarshalValue(types[i], in);
+                }
+
             } catch (AccessException aex) {
                 // For compatibility, AccessException is not wrapped in UnmarshalException
                 // disable saving any refs in the inputStream for GC
@@ -600,84 +604,4 @@ public class UnicastServerRef extends UnicastRef
         }
     }
 
-    /**
-     * Unmarshal parameters for the given method of the given instance over
-     * the given marshalinputstream. Perform any necessary checks.
-     */
-    private Object[] unmarshalParameters(Object obj, Method method, MarshalInputStream in)
-    throws IOException, ClassNotFoundException {
-        return (obj instanceof DeserializationChecker) ?
-            unmarshalParametersChecked((DeserializationChecker)obj, method, in) :
-            unmarshalParametersUnchecked(method, in);
-    }
-
-    /**
-     * Unmarshal parameters for the given method of the given instance over
-     * the given marshalinputstream. Do not perform any additional checks.
-     */
-    private Object[] unmarshalParametersUnchecked(Method method, ObjectInput in)
-    throws IOException, ClassNotFoundException {
-        Class[] types = method.getParameterTypes();
-        Object[] params = new Object[types.length];
-        for (int i = 0; i < types.length; i++) {
-            params[i] = unmarshalValue(types[i], in);
-        }
-        return params;
-    }
-
-    /**
-     * Unmarshal parameters for the given method of the given instance over
-     * the given marshalinputstream. Do perform all additional checks.
-     */
-    private Object[] unmarshalParametersChecked(
-        DeserializationChecker checker,
-        Method method, MarshalInputStream in)
-    throws IOException, ClassNotFoundException {
-        int callID = methodCallIDCount.getAndIncrement();
-        MyChecker myChecker = new MyChecker(checker, method, callID);
-        in.setStreamChecker(myChecker);
-        try {
-            Class[] types = method.getParameterTypes();
-            Object[] values = new Object[types.length];
-            for (int i = 0; i < types.length; i++) {
-                myChecker.setIndex(i);
-                values[i] = unmarshalValue(types[i], in);
-            }
-            myChecker.end(callID);
-            return values;
-        } finally {
-            in.setStreamChecker(null);
-        }
-    }
-
-    private static class MyChecker implements MarshalInputStream.StreamChecker {
-        private final DeserializationChecker descriptorCheck;
-        private final Method method;
-        private final int callID;
-        private int parameterIndex;
-
-        MyChecker(DeserializationChecker descriptorCheck, Method method, int callID) {
-            this.descriptorCheck = descriptorCheck;
-            this.method = method;
-            this.callID = callID;
-        }
-
-        @Override
-        public void validateDescriptor(ObjectStreamClass descriptor) {
-            descriptorCheck.check(method, descriptor, parameterIndex, callID);
-        }
-
-        @Override
-        public void checkProxyInterfaceNames(String[] ifaces) {
-            descriptorCheck.checkProxyClass(method, ifaces, parameterIndex, callID);
-        }
-
-        void setIndex(int parameterIndex) {
-            this.parameterIndex = parameterIndex;
-        }
-
-        void end(int callId) {
-            descriptorCheck.end(callId);
-        }
-    }
 }
diff --git a/jdk/src/java.rmi/share/classes/sun/rmi/transport/Target.java b/jdk/src/java.rmi/share/classes/sun/rmi/transport/Target.java
index 82c849e269..e9150ed62a 100644
--- a/jdk/src/java.rmi/share/classes/sun/rmi/transport/Target.java
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/transport/Target.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@ import java.rmi.server.ObjID;
 import java.rmi.server.Unreferenced;
 import java.security.AccessControlContext;
 import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.*;
 import sun.rmi.runtime.Log;
 import sun.rmi.runtime.NewThreadAction;
@@ -322,27 +323,15 @@ public final class Target {
             Remote obj = getImpl();
             if (obj instanceof Unreferenced) {
                 final Unreferenced unrefObj = (Unreferenced) obj;
-                final Thread t =
-                    java.security.AccessController.doPrivileged(
-                        new NewThreadAction(new Runnable() {
-                            public void run() {
-                                unrefObj.unreferenced();
-                            }
-                        }, "Unreferenced-" + nextThreadNum++, false, true));
-                // REMIND: access to nextThreadNum not synchronized; you care?
-                /*
-                 * We must manually set the context class loader appropriately
-                 * for threads that may invoke user code (see bugid 4171278).
-                 */
-                java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedAction() {
-                        public Void run() {
-                        t.setContextClassLoader(ccl);
-                        return null;
-                    }
-                });
-
-                t.start();
+                AccessController.doPrivileged(
+                    new NewThreadAction(() -> {
+                        Thread.currentThread().setContextClassLoader(ccl);
+                        AccessController.doPrivileged((PrivilegedAction) () -> {
+                            unrefObj.unreferenced();
+                            return null;
+                        }, acc);
+                    }, "Unreferenced-" + nextThreadNum++, false, true)).start();
+                    // REMIND: access to nextThreadNum not synchronized; you care?
             }
 
             unpinImpl();
diff --git a/jdk/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java b/jdk/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
index 43003bfb81..202af32656 100644
--- a/jdk/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
+++ b/jdk/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@ import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import sun.net.www.protocol.http.HttpCallerInfo;
+import sun.security.jgss.LoginConfigImpl;
 
 /**
  * @since 1.6
@@ -61,19 +62,28 @@ public class NegotiateCallbackHandler implements CallbackHandler {
     private void getAnswer() {
         if (!answered) {
             answered = true;
-            PasswordAuthentication passAuth =
-                    Authenticator.requestPasswordAuthentication(
-                    hci.authenticator,
-                    hci.host, hci.addr, hci.port, hci.protocol,
-                    hci.prompt, hci.scheme, hci.url, hci.authType);
-            /**
-             * To be compatible with existing callback handler implementations,
-             * when the underlying Authenticator is canceled, username and
-             * password are assigned null. No exception is thrown.
-             */
-            if (passAuth != null) {
-                username = passAuth.getUserName();
-                password = passAuth.getPassword();
+            Authenticator auth;
+            if (hci.authenticator != null) {
+                auth = hci.authenticator;
+            } else {
+                auth = LoginConfigImpl.HTTP_USE_GLOBAL_CREDS ?
+                        Authenticator.getDefault() : null;
+            }
+
+            if (auth != null) {
+                PasswordAuthentication passAuth =
+                        auth.requestPasswordAuthenticationInstance(
+                                hci.host, hci.addr, hci.port, hci.protocol,
+                                hci.prompt, hci.scheme, hci.url, hci.authType);
+                /**
+                 * To be compatible with existing callback handler implementations,
+                 * when the underlying Authenticator is canceled, username and
+                 * password are assigned null. No exception is thrown.
+                 */
+                if (passAuth != null) {
+                    username = passAuth.getUserName();
+                    password = passAuth.getPassword();
+                }
             }
         }
     }
diff --git a/jdk/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java b/jdk/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java
index abcacf024a..646a8c633c 100644
--- a/jdk/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -270,24 +270,17 @@ public class GSSUtil {
      */
     public static boolean useSubjectCredsOnly(GSSCaller caller) {
 
-        // HTTP/SPNEGO doesn't use the standard JAAS framework. Instead, it
-        // uses the java.net.Authenticator style, therefore always return
-        // false here.
+        String propValue = GetPropertyAction.privilegedGetProperty(
+                "javax.security.auth.useSubjectCredsOnly");
+
+        // Invalid values should be ignored and the default assumed.
         if (caller instanceof HttpCaller) {
-            return false;
+            // Default for HTTP/SPNEGO is false.
+            return "true".equalsIgnoreCase(propValue);
+        } else {
+            // Default for JGSS is true.
+            return !("false".equalsIgnoreCase(propValue));
         }
-        /*
-         * Don't use GetBooleanAction because the default value in the JRE
-         * (when this is unset) has to treated as true.
-         */
-        String propValue = AccessController.doPrivileged(
-                new GetPropertyAction("javax.security.auth.useSubjectCredsOnly",
-                "true"));
-        /*
-         * This property has to be explicitly set to "false". Invalid
-         * values should be ignored and the default "true" assumed.
-         */
-        return (!propValue.equalsIgnoreCase("false"));
     }
 
     /**
diff --git a/jdk/src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java b/jdk/src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java
index 26181f7b72..eab531d8db 100644
--- a/jdk/src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.util.HashMap;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
 import org.ietf.jgss.Oid;
+import sun.security.action.GetPropertyAction;
 
 /**
  * A Configuration implementation especially designed for JGSS.
@@ -44,6 +45,16 @@ public class LoginConfigImpl extends Configuration {
     private static final sun.security.util.Debug debug =
         sun.security.util.Debug.getInstance("gssloginconfig", "\t[GSS LoginConfigImpl]");
 
+    public static final boolean HTTP_USE_GLOBAL_CREDS;
+
+    static {
+        String prop = GetPropertyAction
+                .privilegedGetProperty("http.use.global.creds");
+        //HTTP_USE_GLOBAL_CREDS = "true".equalsIgnoreCase(prop); // default false
+        HTTP_USE_GLOBAL_CREDS = !"false".equalsIgnoreCase(prop); // default true
+    }
+
+
     /**
      * A new instance of LoginConfigImpl must be created for each login request
      * since it's only used by a single (caller, mech) pair
@@ -178,7 +189,11 @@ public class LoginConfigImpl extends Configuration {
                 options.put("principal", "*");
                 options.put("isInitiator", "false");
             } else {
-                options.put("useTicketCache", "true");
+                if (caller instanceof HttpCaller && !HTTP_USE_GLOBAL_CREDS) {
+                    options.put("useTicketCache", "false");
+                } else {
+                    options.put("useTicketCache", "true");
+                }
                 options.put("doNotPrompt", "false");
             }
             return new AppConfigurationEntry[] {
diff --git a/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsRep.java b/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsRep.java
index bf7a562eb4..b03276fd09 100644
--- a/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsRep.java
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsRep.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -160,7 +160,7 @@ class KrbAsRep extends KrbKdcRep {
         creds = new Credentials(
                                 rep.ticket,
                                 req.reqBody.cname,
-                                rep.ticket.sname,
+                                enc_part.sname,
                                 enc_part.key,
                                 enc_part.flags,
                                 enc_part.authtime,
diff --git a/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsRep.java b/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsRep.java
index 6fc6cebaa7..4f5c2d6ed9 100644
--- a/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsRep.java
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsRep.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,7 +88,7 @@ public class KrbTgsRep extends KrbKdcRep {
 
         this.creds = new Credentials(rep.ticket,
                                 rep.cname,
-                                rep.ticket.sname,
+                                enc_part.sname,
                                 enc_part.key,
                                 enc_part.flags,
                                 enc_part.authtime,
diff --git a/jdk/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c b/jdk/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
index b5abb9c086..4e1f8445b9 100644
--- a/jdk/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
+++ b/jdk/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -830,7 +830,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_initContext(JNIEnv *env,
 {
   OM_uint32 minor, major;
   gss_cred_id_t credHdl ;
-  gss_ctx_id_t contextHdl;
+  gss_ctx_id_t contextHdl, contextHdlSave;
   gss_name_t targetName;
   gss_OID mech;
   OM_uint32 flags, aFlags;
@@ -847,7 +847,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_initContext(JNIEnv *env,
   TRACE0("[GSSLibStub_initContext]");
 
   credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
-  contextHdl = (gss_ctx_id_t) jlong_to_ptr(
+  contextHdl = contextHdlSave = (gss_ctx_id_t) jlong_to_ptr(
     (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
   targetName = (gss_name_t) jlong_to_ptr(pName);
   mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
@@ -882,10 +882,17 @@ Java_sun_security_jgss_wrapper_GSSLibStub_initContext(JNIEnv *env,
   TRACE2("[GSSLibStub_initContext] after: pContext=%ld, outToken len=%ld",
             (long)contextHdl, (long)outToken.length);
 
+  // update context handle with the latest value if changed
+  // this is to work with both MIT and Solaris. Former deletes half-built
+  // context if error occurs
+  if (contextHdl != contextHdlSave) {
+    (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
+                         ptr_to_jlong(contextHdl));
+    TRACE1("[GSSLibStub_initContext] set pContext=%ld", (long)contextHdl);
+  }
+
   if (GSS_ERROR(major) == GSS_S_COMPLETE) {
     /* update member values if needed */
-    (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
-                        ptr_to_jlong(contextHdl));
     (*env)->SetIntField(env, jcontextSpi, FID_NativeGSSContext_flags, aFlags);
     TRACE1("[GSSLibStub_initContext] set flags=0x%x", aFlags);
 
@@ -939,7 +946,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
 {
   OM_uint32 minor, major;
   OM_uint32 minor2, major2;
-  gss_ctx_id_t contextHdl;
+  gss_ctx_id_t contextHdl, contextHdlSave;
   gss_cred_id_t credHdl;
   gss_buffer_desc inToken;
   gss_channel_bindings_t cb;
@@ -959,7 +966,7 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
 
   TRACE0("[GSSLibStub_acceptContext]");
 
-  contextHdl = (gss_ctx_id_t)jlong_to_ptr(
+  contextHdl = contextHdlSave = (gss_ctx_id_t)jlong_to_ptr(
     (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
   credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
   initGSSBuffer(env, jinToken, &inToken);
@@ -996,19 +1003,22 @@ Java_sun_security_jgss_wrapper_GSSLibStub_acceptContext(JNIEnv *env,
   TRACE3("[GSSLibStub_acceptContext] after: pCred=%ld, pContext=%ld, pDelegCred=%ld",
         (long)credHdl, (long)contextHdl, (long) delCred);
 
+  // update context handle with the latest value if changed
+  // this is to work with both MIT and Solaris. Former deletes half-built
+  // context if error occurs
+  if (contextHdl != contextHdlSave) {
+    (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
+                         ptr_to_jlong(contextHdl));
+    TRACE1("[GSSLibStub_acceptContext] set pContext=%ld", (long)contextHdl);
+  }
+
   if (GSS_ERROR(major) == GSS_S_COMPLETE) {
     /* update member values if needed */
-    (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
-                        ptr_to_jlong(contextHdl));
-    TRACE1("[GSSLibStub_acceptContext] set pContext=%ld",
-            (long)contextHdl);
-
     // WORKAROUND for a Heimdal bug
     if (delCred == GSS_C_NO_CREDENTIAL) {
         aFlags &= 0xfffffffe;
     }
     (*env)->SetIntField(env, jcontextSpi, FID_NativeGSSContext_flags, aFlags);
-
     TRACE1("[GSSLibStub_acceptContext] set flags=0x%x", aFlags);
 
     if (setTarget) {
diff --git a/jdk/src/java.smartcardio/share/classes/sun/security/smartcardio/CardImpl.java b/jdk/src/java.smartcardio/share/classes/sun/security/smartcardio/CardImpl.java
index d7e8f49fa8..019ea781a3 100644
--- a/jdk/src/java.smartcardio/share/classes/sun/security/smartcardio/CardImpl.java
+++ b/jdk/src/java.smartcardio/share/classes/sun/security/smartcardio/CardImpl.java
@@ -270,7 +270,7 @@ final class CardImpl extends Card {
     }
 
     public String toString() {
-        return "PC/SC card in " + terminal.getName()
+        return "PC/SC card in " + terminal.name
             + ", protocol " + getProtocol() + ", state " + state;
     }
 
@@ -278,6 +278,7 @@ final class CardImpl extends Card {
     protected void finalize() throws Throwable {
         try {
             if (state == State.OK) {
+                state = State.DISCONNECTED;
                 SCardDisconnect(cardId, SCARD_LEAVE_CARD);
             }
         } finally {
diff --git a/jdk/src/java.sql.rowset/share/classes/com/sun/rowset/RowSetResourceBundle_sv.properties b/jdk/src/java.sql.rowset/share/classes/com/sun/rowset/RowSetResourceBundle_sv.properties
index 0cf8d5dfed..96bed5c6e2 100644
--- a/jdk/src/java.sql.rowset/share/classes/com/sun/rowset/RowSetResourceBundle_sv.properties
+++ b/jdk/src/java.sql.rowset/share/classes/com/sun/rowset/RowSetResourceBundle_sv.properties
@@ -159,8 +159,8 @@ xmlrch.errinsdel = Ett fel intr\u00E4ffade vid konstruktion av insdel-rad: {0}
 xmlrch.errupdate = Ett fel intr\u00E4ffade vid konstruktion av uppdateringsrad: {0}
 xmlrch.errupdrow = Ett fel intr\u00E4ffade vid uppdatering av rad: {0}
 xmlrch.chars = tecken:
-xmlrch.badvalue = Felaktigt v\u00E4rde; egenskapen kan inte ha ett tomt v\u00E4rde
-xmlrch.badvalue1 = Felaktigt v\u00E4rde; metadatan kan inte ha ett tomt v\u00E4rde
+xmlrch.badvalue = Felaktigt v\u00E4rde; egenskapen f\u00E5r inte ha v\u00E4rdet null
+xmlrch.badvalue1 = Felaktigt v\u00E4rde; metadata f\u00E5r inte ha v\u00E4rdet null
 xmlrch.warning =  ** Varning! {0}, rad: {1}, URI: {2}
 
 #RIOptimisticProvider Exceptions
diff --git a/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java b/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java
index 3e35ff23ce..2ae655ae60 100644
--- a/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java
+++ b/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -69,6 +69,17 @@ final class P11KeyAgreement extends KeyAgreementSpi {
     // KeyAgreement from SunJCE as fallback for > 2 party agreement
     private KeyAgreement multiPartyAgreement;
 
+    private static class AllowKDF {
+
+        private static final boolean VALUE = getValue();
+
+        private static boolean getValue() {
+            return AccessController.doPrivileged(
+                (PrivilegedAction)
+                () -> Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF"));
+        }
+    }
+
     P11KeyAgreement(Token token, String algorithm, long mechanism) {
         super();
         this.token = token;
@@ -260,6 +271,7 @@ final class P11KeyAgreement extends KeyAgreementSpi {
         if (algorithm == null) {
             throw new NoSuchAlgorithmException("Algorithm must not be null");
         }
+
         if (algorithm.equals("TlsPremasterSecret")) {
             // For now, only perform native derivation for TlsPremasterSecret
             // as that is required for FIPS compliance.
@@ -268,6 +280,14 @@ final class P11KeyAgreement extends KeyAgreementSpi {
             // (bug not yet filed).
             return nativeGenerateSecret(algorithm);
         }
+
+        if (!algorithm.equalsIgnoreCase("TlsPremasterSecret") &&
+            !AllowKDF.VALUE) {
+
+            throw new NoSuchAlgorithmException("Unsupported secret key "
+                                               + "algorithm: " + algorithm);
+        }
+
         byte[] secret = engineGenerateSecret();
         // Maintain compatibility for SunJCE:
         // verify secret length is sensible for algorithm / truncate
diff --git a/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java b/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
index 3aa2e69103..e3f867248b 100644
--- a/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
+++ b/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,11 +33,13 @@ import java.security.spec.*;
 import javax.crypto.spec.DHParameterSpec;
 
 import sun.security.provider.ParameterCache;
+import static sun.security.util.SecurityProviderConstants.*;
 
 import static sun.security.pkcs11.TemplateManager.*;
 import sun.security.pkcs11.wrapper.*;
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
+
 import sun.security.rsa.RSAKeyFactory;
 
 /**
@@ -98,7 +100,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
         // override lower limit to disallow unsecure keys being generated
         // override upper limit to deter DOS attack
         if (algorithm.equals("EC")) {
-            keySize = 256;
+            keySize = DEF_EC_KEY_SIZE;
             if ((minKeyLen == -1) || (minKeyLen < 112)) {
                 minKeyLen = 112;
             }
@@ -107,13 +109,11 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
             }
         } else {
             if (algorithm.equals("DSA")) {
-                // keep default keysize at 1024 since larger keysizes may be
-                // incompatible with SHA1withDSA and SHA-2 Signature algs
-                // may not be supported by native pkcs11 implementations
-                keySize = 1024;
+                keySize = DEF_DSA_KEY_SIZE;
+            } else if (algorithm.equals("RSA")) {
+                keySize = DEF_RSA_KEY_SIZE;
             } else {
-                // RSA and DH
-                keySize = 2048;
+                keySize = DEF_DH_KEY_SIZE;
             }
             if ((minKeyLen == -1) || (minKeyLen < 512)) {
                 minKeyLen = 512;
diff --git a/jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java b/jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java
index 2df53fb60e..c96806ab8c 100644
--- a/jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java
+++ b/jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,7 @@ import sun.security.ec.ECPublicKeyImpl;
 import sun.security.jca.JCAUtil;
 import sun.security.util.ECParameters;
 import sun.security.util.ECUtil;
+import static sun.security.util.SecurityProviderConstants.DEF_EC_KEY_SIZE;
 
 /**
  * EC keypair generator.
@@ -48,7 +49,6 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
 
     private static final int KEY_SIZE_MIN = 112; // min bits (see ecc_impl.h)
     private static final int KEY_SIZE_MAX = 571; // max bits (see ecc_impl.h)
-    private static final int KEY_SIZE_DEFAULT = 256;
 
     // used to seed the keypair generator
     private SecureRandom random;
@@ -64,7 +64,7 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
      */
     public ECKeyPairGenerator() {
         // initialize to default in case the app does not call initialize()
-        initialize(KEY_SIZE_DEFAULT, null);
+        initialize(DEF_EC_KEY_SIZE, null);
     }
 
     // initialize the generator. See JCA doc
diff --git a/jdk/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java b/jdk/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
index f28e5cb513..d4f509058f 100644
--- a/jdk/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
+++ b/jdk/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@ import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.RSAKeyGenParameterSpec;
 
 import sun.security.rsa.RSAKeyFactory;
+import static sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE;
 
 /**
  * RSA keypair generator.
@@ -45,14 +46,13 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
     // Supported by Microsoft Base, Strong and Enhanced Cryptographic Providers
     static final int KEY_SIZE_MIN = 512; // disallow MSCAPI min. of 384
     static final int KEY_SIZE_MAX = 16384;
-    private static final int KEY_SIZE_DEFAULT = 2048;
 
     // size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX
     private int keySize;
 
     public RSAKeyPairGenerator() {
         // initialize to default in case the app does not call initialize()
-        initialize(KEY_SIZE_DEFAULT, null);
+        initialize(DEF_RSA_KEY_SIZE, null);
     }
 
     // initialize the generator. See JCA doc
@@ -76,7 +76,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
 
         int tmpSize;
         if (params == null) {
-            tmpSize = KEY_SIZE_DEFAULT;
+            tmpSize = DEF_RSA_KEY_SIZE;
         } else if (params instanceof RSAKeyGenParameterSpec) {
 
             if (((RSAKeyGenParameterSpec) params).getPublicExponent() != null) {
diff --git a/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java b/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java
index 26e0553ebb..e62499e288 100644
--- a/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java
+++ b/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java
@@ -264,7 +264,7 @@ public class Resources extends java.util.ListResourceBundle {
         {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.",
                 "The %1$s algorithm specified for the %2$s option is considered a security risk."},
         {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.",
-                "The %s signing key has a keysize of %d which is considered a security risk."},
+                "The %1$s signing key has a keysize of %2$d which is considered a security risk."},
         {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.reason.1",
                  "This jar contains entries whose certificate chain is not validated. Reason: %s"},
         {"no.timestamp.signing",
diff --git a/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_ja.java b/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_ja.java
index 6eece7d960..431ae1e426 100644
--- a/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_ja.java
+++ b/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_ja.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -260,7 +260,7 @@ public class Resources_ja extends java.util.ListResourceBundle {
         {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.",
                 "%1$s\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0(%2$s\u30AA\u30D7\u30B7\u30E7\u30F3\u306B\u6307\u5B9A)\u306F\u3001\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30FB\u30EA\u30B9\u30AF\u3068\u307F\u306A\u3055\u308C\u307E\u3059\u3002"},
         {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.",
-                "%s\u7F72\u540D\u9375\u306B\u306F\u3001\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30FB\u30EA\u30B9\u30AF\u3068\u307F\u306A\u3055\u308C\u308B%d\u306E\u9375\u30B5\u30A4\u30BA\u304C\u3042\u308A\u307E\u3059\u3002"},
+                "%1$s\u7F72\u540D\u9375\u306B\u306F\u3001\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30FB\u30EA\u30B9\u30AF\u3068\u307F\u306A\u3055\u308C\u308B%2$d\u306E\u9375\u30B5\u30A4\u30BA\u304C\u3042\u308A\u307E\u3059\u3002"},
         {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.reason.1",
                  "\u3053\u306Ejar\u306B\u306F\u3001\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u7406\u7531: %s"},
         {"no.timestamp.signing",
diff --git a/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java b/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
index f6d4329da3..5673e65cbf 100644
--- a/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
+++ b/jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -260,7 +260,7 @@ public class Resources_zh_CN extends java.util.ListResourceBundle {
         {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.",
                 "\u4E3A %2$s \u9009\u9879\u6307\u5B9A\u7684 %1$s \u7B97\u6CD5\u88AB\u89C6\u4E3A\u5B58\u5728\u5B89\u5168\u98CE\u9669\u3002"},
         {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.",
-                "%s \u7B7E\u540D\u5BC6\u94A5\u7684\u5BC6\u94A5\u5927\u5C0F\u4E3A %d, \u8FD9\u88AB\u89C6\u4E3A\u5B58\u5728\u5B89\u5168\u98CE\u9669\u3002"},
+                "%1$s \u7B7E\u540D\u5BC6\u94A5\u7684\u5BC6\u94A5\u5927\u5C0F\u4E3A %2$d, \u8FD9\u88AB\u89C6\u4E3A\u5B58\u5728\u5B89\u5168\u98CE\u9669\u3002"},
         {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.reason.1",
                  "\u6B64 jar \u5305\u542B\u5176\u8BC1\u4E66\u94FE\u672A\u7ECF\u8FC7\u9A8C\u8BC1\u7684\u6761\u76EE\u3002\u539F\u56E0: %s"},
         {"no.timestamp.signing",
diff --git a/jdk/src/jdk.jartool/share/classes/sun/tools/jar/resources/jar_es.properties b/jdk/src/jdk.jartool/share/classes/sun/tools/jar/resources/jar_es.properties
index 2cc206e83e..79854be6d8 100644
--- a/jdk/src/jdk.jartool/share/classes/sun/tools/jar/resources/jar_es.properties
+++ b/jdk/src/jdk.jartool/share/classes/sun/tools/jar/resources/jar_es.properties
@@ -34,7 +34,7 @@ error.bad.cflag=El indicador 'c' necesita la especificaci\u00F3n de archivos de
 error.bad.uflag=El indicador 'u' necesita la especificaci\u00F3n de archivos de manifiesto, de entrada o indicador 'e'.
 error.bad.eflag=El indicador 'e' y el manifiesto con el atributo 'Main-Class' no pueden especificarse \na la vez.
 error.bad.dflag=La opci\u00F3n '-d, --describe-module'  no requiere especificar archivos de entrada
-error.bad.reason=Motivo err\u00F3neo: {0}, debe ser anticuado, anticuado para eliminaci\u00F3n o incubando
+error.bad.reason=Motivo err\u00F3neo: {0}, debe ser en desuso, en desuso para eliminaci\u00F3n o incubando
 error.nosuch.fileordir={0} : no existe tal archivo o directorio
 error.write.file=Error al escribir un archivo jar existente
 error.create.dir={0} : no se ha podido crear el directorio
@@ -115,7 +115,7 @@ main.help.opt.create.update.module-version=\      --module-version=VERSION    Ve
 main.help.opt.create.update.hash-modules=\      --hash-modules=PATTERN Calcular y registrar los hash de m\u00F3dulos\n                             que coinciden con el patr\u00F3n proporcionado y que dependen\n                             directa o indirectamente de la creaci\u00F3n de un archivo jar modular\n                             o de la actualizaci\u00F3n de un archivo jar no modular
 main.help.opt.create.update.module-path=\  -p, --module-path          Ubicaci\u00F3n de la dependencia de m\u00F3dulo para generar\n                             el hash
 main.help.opt.create.update.do-not-resolve-by-default=\      --do-not-resolve-by-default  Excluir del conjunto de m\u00F3dulos ra\u00EDz por defecto
-main.help.opt.create.update.warn-if-resolved=\      --warn-if-resolved     Indicaci\u00F3n para que una herramienta emita una advertencia si el m\u00F3dulo\n                             se ha resuelto. Anticuado, anticuado para eliminaci\u00F3n\n                             o incubando
+main.help.opt.create.update.warn-if-resolved=\      --warn-if-resolved     Indicaci\u00F3n para que una herramienta emita una advertencia si el m\u00F3dulo\n                             se ha resuelto. En desuso, en desuso para eliminaci\u00F3n\n                             o incubando
 main.help.opt.create.update.index=\ Modificadores de operaci\u00F3n v\u00E1lidos solo en el modo de creaci\u00F3n, actualizaci\u00F3n y generaci\u00F3n de \u00EDndice:\n
 main.help.opt.create.update.index.no-compress=\  -0, --no-compress          Solo almacenar; no usar compresi\u00F3n ZIP
 main.help.opt.other=\ Otras opciones:\n
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
index ba54268802..67ae3596ff 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
index 100ac3356e..36326e49f8 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
index 8407be0b03..d5475e3461 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
index 6653a6241d..c1334d06b2 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
index 0f70da38c9..6661bfdc83 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
index 1f6a3585da..665ea8bb6a 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
index 3a03cda7ec..ea890dd6eb 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
index 7a13b7e87e..ced9600226 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
index 6c6e647d3b..f0a99da162 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -778,7 +778,6 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
index fa62d62ba0..bb6ac9fcf5 100644
--- a/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
+++ b/jdk/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -350,7 +350,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
             {"Africa/Johannesburg", SAST},
             {"Africa/Juba", EAT},
             {"Africa/Kampala", EAT},
-            {"Africa/Khartoum", EAT},
+            {"Africa/Khartoum", CAT},
             {"Africa/Kigali", CAT},
             {"Africa/Kinshasa", WAT},
             {"Africa/Lagos", WAT},
@@ -375,7 +375,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
             {"Africa/Timbuktu", GMT},
             {"Africa/Tripoli", EET},
             {"Africa/Tunis", CET},
-            {"Africa/Windhoek", WAT},
+            {"Africa/Windhoek", CAT},
             {"America/Adak", HST},
             {"America/Anguilla", AST},
             {"America/Antigua", AST},
@@ -780,7 +780,6 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
             {"Brazil/West", AMT},
             {"Canada/Atlantic", AST},
             {"Canada/Central", CST},
-            {"Canada/East-Saskatchewan", CST},
             {"Canada/Eastern", EST},
             {"Canada/Mountain", MST},
             {"Canada/Newfoundland", NST},
diff --git a/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java b/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
index 322b180eab..d161593401 100644
--- a/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
+++ b/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,7 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.Serializable;
+import java.io.ObjectInputFilter;
 import java.lang.management.ManagementFactory;
 import java.net.InetAddress;
 import java.net.MalformedURLException;
@@ -45,14 +45,12 @@ import java.rmi.RemoteException;
 import java.rmi.registry.Registry;
 import java.rmi.server.RMIClientSocketFactory;
 import java.rmi.server.RMIServerSocketFactory;
-import java.rmi.server.RMISocketFactory;
 import java.rmi.server.RemoteObject;
 import java.rmi.server.UnicastRemoteObject;
 import java.security.KeyStore;
 import java.security.Principal;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
@@ -84,6 +82,7 @@ import jdk.internal.agent.FileSystem;
 import sun.rmi.server.UnicastRef;
 import sun.rmi.server.UnicastServerRef;
 import sun.rmi.server.UnicastServerRef2;
+import sun.rmi.transport.LiveRef;
 
 /**
  * This class initializes and starts the RMIConnectorServer for JSR 163
@@ -142,6 +141,8 @@ public final class ConnectorBootstrap {
                 "com.sun.management.jmxremote.ssl.need.client.auth";
         public static final String SSL_CONFIG_FILE_NAME =
                 "com.sun.management.jmxremote.ssl.config.file";
+        public static final String SERIAL_FILTER_PATTERN =
+                "com.sun.management.jmxremote.serial.filter.pattern";
     }
 
     /**
@@ -182,7 +183,8 @@ public final class ConnectorBootstrap {
         public Remote exportObject(Remote obj,
                 int port,
                 RMIClientSocketFactory csf,
-                RMIServerSocketFactory ssf)
+                RMIServerSocketFactory ssf,
+                ObjectInputFilter filter)
                 throws RemoteException {
 
             synchronized (this) {
@@ -193,9 +195,9 @@ public final class ConnectorBootstrap {
 
             final UnicastServerRef ref;
             if (csf == null && ssf == null) {
-                ref = new UnicastServerRef(port);
+                ref = new UnicastServerRef(new LiveRef(port), filter);
             } else {
-                ref = new UnicastServerRef2(port, csf, ssf);
+                ref = new UnicastServerRef2(port, csf, ssf, filter);
             }
             return ref.exportObject(obj, null, true);
         }
@@ -435,6 +437,7 @@ public final class ConnectorBootstrap {
 
         final String bindAddress =
                 props.getProperty(PropertyNames.HOST);
+        final String jmxRmiFilter = props.getProperty(PropertyNames.SERIAL_FILTER_PATTERN);
 
         if (logger.isLoggable(Level.DEBUG)) {
             logger.log(Level.DEBUG, "startRemoteConnectorServer",
@@ -471,7 +474,7 @@ public final class ConnectorBootstrap {
                     sslConfigFileName, enabledCipherSuitesList,
                     enabledProtocolsList, sslNeedClientAuth,
                     useAuthentication, loginConfigName,
-                    passwordFileName, accessFileName, bindAddress);
+                    passwordFileName, accessFileName, bindAddress, jmxRmiFilter);
             cs = data.jmxConnectorServer;
             url = data.jmxRemoteURL;
             config("startRemoteConnectorServer",
@@ -511,9 +514,8 @@ public final class ConnectorBootstrap {
         // This RMI server should not keep the VM alive
         Map env = new HashMap<>();
         env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter());
-        env.put(RMIConnectorServer.CREDENTIAL_TYPES, new String[]{
-            String[].class.getName(), String.class.getName()
-        });
+        env.put("jmx.remote.rmi.server.credentials.filter.pattern",
+                String.class.getName() + ";!*");
 
         // The local connector server need only be available via the
         // loopback connection.
@@ -539,6 +541,10 @@ public final class ConnectorBootstrap {
             if (props ==  null) {
                 props = new Properties();
             }
+            String jmxRmiFilter = props.getProperty(PropertyNames.SERIAL_FILTER_PATTERN);
+            if (jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) {
+                env.put("jmx.remote.rmi.server.serial.filter.pattern", jmxRmiFilter);
+            }
             String useLocalOnlyStr = props.getProperty(
                     PropertyNames.USE_LOCAL_ONLY, DefaultValues.USE_LOCAL_ONLY);
             boolean useLocalOnly = Boolean.valueOf(useLocalOnlyStr).booleanValue();
@@ -729,7 +735,8 @@ public final class ConnectorBootstrap {
             String loginConfigName,
             String passwordFileName,
             String accessFileName,
-            String bindAddress)
+            String bindAddress,
+            String jmxRmiFilter)
             throws IOException, MalformedURLException {
 
         /* Make sure we use non-guessable RMI object IDs.  Otherwise
@@ -744,9 +751,12 @@ public final class ConnectorBootstrap {
         PermanentExporter exporter = new PermanentExporter();
 
         env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
-        env.put(RMIConnectorServer.CREDENTIAL_TYPES, new String[]{
-            String[].class.getName(), String.class.getName()
-        });
+        env.put("jmx.remote.rmi.server.credentials.filter.pattern",
+                String.class.getName() + ";!*");
+
+        if(jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) {
+            env.put("jmx.remote.rmi.server.serial.filter.pattern", jmxRmiFilter);
+        }
 
         boolean useSocketFactory = bindAddress != null && !useSsl;
 
diff --git a/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/SingleEntryRegistry.java b/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/SingleEntryRegistry.java
index c29df19c1a..098f2a51a7 100644
--- a/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/SingleEntryRegistry.java
+++ b/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/SingleEntryRegistry.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@ import sun.rmi.registry.RegistryImpl;
 public class SingleEntryRegistry extends RegistryImpl {
     SingleEntryRegistry(int port, String name, Remote object)
             throws RemoteException {
-        super(port);
+        super(port, null, null, SingleEntryRegistry::singleRegistryFilter);
         this.name = name;
         this.object = object;
     }
diff --git a/jdk/src/jdk.management.agent/share/conf/management.properties b/jdk/src/jdk.management.agent/share/conf/management.properties
index 02401d78be..3bf88daf63 100644
--- a/jdk/src/jdk.management.agent/share/conf/management.properties
+++ b/jdk/src/jdk.management.agent/share/conf/management.properties
@@ -329,3 +329,42 @@
 #      The format of the value for that property is any string accepted
 #      by java.net.InetAddress.getByName(String).
 #
+
+# ################ Filter for ObjectInputStream #############################
+# com.sun.management.jmxremote.serial.filter.pattern=
+#   A filter, if configured, is used by java.io.ObjectInputStream during
+#   deserialization of parameters sent to the JMX default agent to validate the 
+#   contents of the stream.
+#   A filter is configured as a sequence of patterns, each pattern is either
+#   matched against the name of a class in the stream or defines a limit.
+#   Patterns are separated by ";" (semicolon).
+#   Whitespace is significant and is considered part of the pattern.
+#
+#   If a pattern includes a "=", it sets a limit.
+#   If a limit appears more than once the last value is used.
+#   Limits are checked before classes regardless of the order in the sequence of patterns.
+#   If any of the limits are exceeded, the filter status is REJECTED.
+#
+#       maxdepth=value - the maximum depth of a graph
+#       maxrefs=value  - the maximum number of internal references
+#       maxbytes=value - the maximum number of bytes in the input stream
+#       maxarray=value - the maximum array length allowed
+#
+#   Other patterns, from left to right, match the class or package name as
+#   returned from Class.getName.
+#   If the class is an array type, the class or package to be matched is the element type.
+#   Arrays of any number of dimensions are treated the same as the element type.
+#   For example, a pattern of "!example.Foo", rejects creation of any instance or
+#   array of example.Foo.
+#
+#   If the pattern starts with "!", the status is REJECTED if the remaining pattern
+#       is matched; otherwise the status is ALLOWED if the pattern matches.
+#   If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
+#       if the module name matches the module name of the class then
+#       the remaining pattern is matched with the class name.
+#   If there is no "/", the module name is not compared.
+#   If the pattern ends with ".**" it matches any class in the package and all subpackages.
+#   If the pattern ends with ".*" it matches any class in the package.
+#   If the pattern ends with "*", it matches any class with the pattern as a prefix.
+#   If the pattern is equal to the class name, it matches.
+#   Otherwise, the status is UNDECIDED.
diff --git a/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DNSDatagramSocketFactory.java b/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DNSDatagramSocketFactory.java
new file mode 100644
index 0000000000..04b983f692
--- /dev/null
+++ b/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DNSDatagramSocketFactory.java
@@ -0,0 +1,246 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package com.sun.jndi.dns;
+
+import java.io.IOException;
+import java.net.DatagramSocket;
+import java.net.ProtocolFamily;
+import java.net.SocketException;
+import java.net.InetSocketAddress;
+import java.nio.channels.DatagramChannel;
+import java.util.Objects;
+import java.util.Random;
+
+class DNSDatagramSocketFactory {
+    static final int DEVIATION = 3;
+    static final int THRESHOLD = 6;
+    static final int BIT_DEVIATION = 2;
+    static final int HISTORY = 32;
+    static final int MAX_RANDOM_TRIES = 5;
+    /**
+     * The dynamic allocation port range (aka ephemeral ports), as configured
+     * on the system. Use nested class for lazy evaluation.
+     */
+    static final class EphemeralPortRange {
+        private EphemeralPortRange() {}
+        static final int LOWER = sun.net.PortConfig.getLower();
+        static final int UPPER = sun.net.PortConfig.getUpper();
+        static final int RANGE = UPPER - LOWER + 1;
+    }
+
+    // Records a subset of max {@code capacity} previously used ports
+    static final class PortHistory {
+        final int capacity;
+        final int[] ports;
+        final Random random;
+        int index;
+        PortHistory(int capacity, Random random) {
+            this.random = random;
+            this.capacity = capacity;
+            this.ports = new int[capacity];
+        }
+        // returns true if the history contains the specified port.
+        public boolean contains(int port) {
+            int p = 0;
+            for (int i=0; i thresholdCount;
+        if (thresholdCrossed) {
+            // Underlying stack does not support random UDP port out of the box.
+            // Use our own algorithm to allocate a random UDP port
+            s = openRandom();
+            if (s != null) return s;
+
+            // couldn't allocate a random port: reset all counters and fall
+            // through.
+            unsuitablePortCount = 0; suitablePortCount = 0; lastseen = 0;
+        }
+
+        // Allocate an ephemeral port (port 0)
+        s = openDefault();
+        lastport = s.getLocalPort();
+        if (lastseen == 0) {
+            history.offer(lastport);
+            return s;
+        }
+
+        thresholdCrossed = suitablePortCount > thresholdCount;
+        boolean farEnough = Integer.bitCount(lastseen ^ lastport) > BIT_DEVIATION
+                            && Math.abs(lastport - lastseen) > deviation;
+        boolean recycled = history.contains(lastport);
+        boolean suitable = (thresholdCrossed || farEnough && !recycled);
+        if (suitable && !recycled) history.add(lastport);
+
+        if (suitable) {
+            if (!thresholdCrossed) {
+                suitablePortCount++;
+            } else if (!farEnough || recycled) {
+                unsuitablePortCount = 1;
+                suitablePortCount = thresholdCount/2;
+            }
+            // Either the underlying stack supports random UDP port allocation,
+            // or the new port is sufficiently distant from last port to make
+            // it look like it is. Let's use it.
+            return s;
+        }
+
+        // Undecided... the new port was too close. Let's allocate a random
+        // port using our own algorithm
+        assert !thresholdCrossed;
+        DatagramSocket ss = openRandom();
+        if (ss == null) return s;
+        unsuitablePortCount++;
+        s.close();
+        return ss;
+    }
+
+    private DatagramSocket openDefault() throws SocketException {
+        if (family != null) {
+            try {
+                DatagramChannel c = DatagramChannel.open(family);
+                try {
+                    DatagramSocket s = c.socket();
+                    s.bind(null);
+                    return s;
+                } catch (Throwable x) {
+                    c.close();
+                    throw x;
+                }
+            } catch (SocketException x) {
+                throw x;
+            } catch (IOException x) {
+                SocketException e = new SocketException(x.getMessage());
+                e.initCause(x);
+                throw e;
+            }
+        }
+        return new DatagramSocket();
+    }
+
+    synchronized boolean isUsingNativePortRandomization() {
+        return  unsuitablePortCount <= thresholdCount
+                && suitablePortCount > thresholdCount;
+    }
+
+    synchronized boolean isUsingJavaPortRandomization() {
+        return unsuitablePortCount > thresholdCount ;
+    }
+
+    synchronized boolean isUndecided() {
+        return !isUsingJavaPortRandomization()
+                && !isUsingNativePortRandomization();
+    }
+
+    private DatagramSocket openRandom() {
+        int maxtries = MAX_RANDOM_TRIES;
+        while (maxtries-- > 0) {
+            int port = EphemeralPortRange.LOWER
+                    + random.nextInt(EphemeralPortRange.RANGE);
+            try {
+                if (family != null) {
+                    DatagramChannel c = DatagramChannel.open(family);
+                    try {
+                        DatagramSocket s = c.socket();
+                        s.bind(new InetSocketAddress(port));
+                        return s;
+                    } catch (Throwable x) {
+                        c.close();
+                        throw x;
+                    }
+                }
+                return new DatagramSocket(port);
+            } catch (IOException x) {
+                // try again until maxtries == 0;
+            }
+        }
+        return null;
+    }
+
+}
diff --git a/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsClient.java b/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsClient.java
index 90ed8ef965..a4259fade2 100644
--- a/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsClient.java
+++ b/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsClient.java
@@ -85,7 +85,9 @@ public class DnsClient {
     private int timeout;                // initial timeout on UDP queries in ms
     private int retries;                // number of UDP retries
 
-    private DatagramSocket udpSocket;
+    private final Object udpSocketLock = new Object();
+    private static final DNSDatagramSocketFactory factory =
+            new DNSDatagramSocketFactory(random);
 
     // Requests sent
     private Map reqs;
@@ -105,14 +107,6 @@ public class DnsClient {
             throws NamingException {
         this.timeout = timeout;
         this.retries = retries;
-        try {
-            udpSocket = new DatagramSocket();
-        } catch (java.net.SocketException e) {
-            NamingException ne = new ConfigurationException();
-            ne.setRootCause(e);
-            throw ne;
-        }
-
         this.servers = new InetAddress[servers.length];
         serverPorts = new int[servers.length];
 
@@ -142,6 +136,16 @@ public class DnsClient {
         resps = Collections.synchronizedMap(new HashMap());
     }
 
+    DatagramSocket getDatagramSocket() throws NamingException {
+        try {
+            return factory.open();
+        } catch (java.net.SocketException e) {
+            NamingException ne = new ConfigurationException();
+            ne.setRootCause(e);
+            throw ne;
+        }
+    }
+
     @SuppressWarnings("deprecation")
     protected void finalize() {
         close();
@@ -151,7 +155,6 @@ public class DnsClient {
     private Object queuesLock = new Object();
 
     public void close() {
-        udpSocket.close();
         synchronized (queuesLock) {
             reqs.clear();
             resps.clear();
@@ -393,43 +396,45 @@ public class DnsClient {
 
         int minTimeout = 50; // msec after which there are no retries.
 
-        synchronized (udpSocket) {
-            DatagramPacket opkt = new DatagramPacket(
-                    pkt.getData(), pkt.length(), server, port);
-            DatagramPacket ipkt = new DatagramPacket(new byte[8000], 8000);
-            // Packets may only be sent to or received from this server address
-            udpSocket.connect(server, port);
-            int pktTimeout = (timeout * (1 << retry));
-            try {
-                udpSocket.send(opkt);
+        synchronized (udpSocketLock) {
+            try (DatagramSocket udpSocket = getDatagramSocket()) {
+                DatagramPacket opkt = new DatagramPacket(
+                        pkt.getData(), pkt.length(), server, port);
+                DatagramPacket ipkt = new DatagramPacket(new byte[8000], 8000);
+                // Packets may only be sent to or received from this server address
+                udpSocket.connect(server, port);
+                int pktTimeout = (timeout * (1 << retry));
+                try {
+                    udpSocket.send(opkt);
 
-                // timeout remaining after successive 'receive()'
-                int timeoutLeft = pktTimeout;
-                int cnt = 0;
-                do {
-                    if (debug) {
-                       cnt++;
-                        dprint("Trying RECEIVE(" +
-                                cnt + ") retry(" + (retry + 1) +
-                                ") for:" + xid  + "    sock-timeout:" +
-                                timeoutLeft + " ms.");
-                    }
-                    udpSocket.setSoTimeout(timeoutLeft);
-                    long start = System.currentTimeMillis();
-                    udpSocket.receive(ipkt);
-                    long end = System.currentTimeMillis();
+                    // timeout remaining after successive 'receive()'
+                    int timeoutLeft = pktTimeout;
+                    int cnt = 0;
+                    do {
+                        if (debug) {
+                           cnt++;
+                            dprint("Trying RECEIVE(" +
+                                    cnt + ") retry(" + (retry + 1) +
+                                    ") for:" + xid  + "    sock-timeout:" +
+                                    timeoutLeft + " ms.");
+                        }
+                        udpSocket.setSoTimeout(timeoutLeft);
+                        long start = System.currentTimeMillis();
+                        udpSocket.receive(ipkt);
+                        long end = System.currentTimeMillis();
 
-                    byte[] data = ipkt.getData();
-                    if (isMatchResponse(data, xid)) {
-                        return data;
-                    }
-                    timeoutLeft = pktTimeout - ((int) (end - start));
-                } while (timeoutLeft > minTimeout);
+                        byte[] data = ipkt.getData();
+                        if (isMatchResponse(data, xid)) {
+                            return data;
+                        }
+                        timeoutLeft = pktTimeout - ((int) (end - start));
+                    } while (timeoutLeft > minTimeout);
 
-            } finally {
-                udpSocket.disconnect();
+                } finally {
+                    udpSocket.disconnect();
+                }
+                return null; // no matching packet received within the timeout
             }
-            return null; // no matching packet received within the timeout
         }
     }
 
diff --git a/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/ResourceRecord.java b/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/ResourceRecord.java
index d155696bfc..2d219073f3 100644
--- a/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/ResourceRecord.java
+++ b/jdk/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/ResourceRecord.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -355,8 +355,19 @@ public class ResourceRecord {
                     pos += typeAndLen;
                 } else if ((typeAndLen & 0xC0) == 0xC0) { // name compression
                     ++level;
-                    endPos = pos + 2;
+                    // cater for the case where the name pointed to is itself
+                    // compressed: we don't want endPos to be reset by the second
+                    // compression level.
+                    int ppos = pos;
+                    if (endPos == -1) endPos = pos + 2;
                     pos = getUShort(pos) & 0x3FFF;
+                    if (debug) {
+                        dprint("decode: name compression at " + ppos
+                                + " -> " + pos + " endPos=" + endPos);
+                        assert endPos > 0;
+                        assert pos < ppos;
+                        assert pos >= Header.HEADER_SIZE;
+                    }
                 } else
                     throw new IOException("Invalid label type: " + typeAndLen);
             }
@@ -405,6 +416,11 @@ public class ResourceRecord {
             }
         }
         // Unknown RR type/class
+        if (debug) {
+            dprint("Unknown RR type for RR data: " + rrtype + " rdlen=" + rdlen
+                   + ", pos=" + pos +", msglen=" + msg.length + ", remaining="
+                   + (msg.length-pos));
+        }
         byte[] rd = new byte[rdlen];
         System.arraycopy(msg, pos, rd, 0, rdlen);
         return rd;
@@ -613,4 +629,15 @@ public class ResourceRecord {
 
         return sb.toString();
     }
+
+    //-------------------------------------------------------------------------
+
+    private static final boolean debug = false;
+
+    private static void dprint(String mess) {
+        if (debug) {
+            System.err.println("DNS: " + mess);
+        }
+    }
+
 }
diff --git a/jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java b/jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java
index 29fb8d4e09..636d96f40c 100644
--- a/jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java
+++ b/jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java
@@ -737,7 +737,8 @@ public class LdapLoginModule implements LoginModule {
 
         if (authFirst || authOnly) {
 
-            String id = replaceUsernameToken(identityMatcher, authcIdentity);
+            String id =
+                replaceUsernameToken(identityMatcher, authcIdentity, username);
 
             // Prepare to bind using user's username and password
             ldapEnvironment.put(Context.SECURITY_CREDENTIALS, password);
@@ -864,8 +865,13 @@ public class LdapLoginModule implements LoginModule {
         }
 
         try {
-            NamingEnumeration results = ctx.search("",
-                replaceUsernameToken(filterMatcher, userFilter), constraints);
+            // Sanitize username and substitute into LDAP filter
+            String canonicalUserFilter =
+                replaceUsernameToken(filterMatcher, userFilter,
+                    escapeUsernameChars());
+
+            NamingEnumeration results =
+                ctx.search("", canonicalUserFilter, constraints);
 
             // Extract the distinguished name of the user's entry
             // (Use the first entry if more than one is returned)
@@ -912,13 +918,62 @@ public class LdapLoginModule implements LoginModule {
         }
     }
 
+    /**
+     * Modify the supplied username to encode characters that must be escaped
+     * according to RFC 4515: LDAP: String Representation of Search Filters.
+     *
+     * The following characters are encoded as a backslash "\" (ASCII 0x5c)
+     * followed by the two hexadecimal digits representing the value of the
+     * escaped character:
+     *     '*' (ASCII 0x2a)
+     *     '(' (ASCII 0x28)
+     *     ')' (ASCII 0x29)
+     *     '\' (ASCII 0x5c)
+     *     '\0'(ASCII 0x00)
+     *
+     * @return the modified username with its characters escaped as needed
+     */
+    private String escapeUsernameChars() {
+        int len = username.length();
+        StringBuilder escapedUsername = new StringBuilder(len + 16);
+
+        for (int i = 0; i < len; i++) {
+            char c = username.charAt(i);
+            switch (c) {
+            case '*':
+                escapedUsername.append("\\\\2A");
+                break;
+            case '(':
+                escapedUsername.append("\\\\28");
+                break;
+            case ')':
+                escapedUsername.append("\\\\29");
+                break;
+            case '\\':
+                escapedUsername.append("\\\\5C");
+                break;
+            case '\0':
+                escapedUsername.append("\\\\00");
+                break;
+            default:
+                escapedUsername.append(c);
+            }
+        }
+
+        return escapedUsername.toString();
+    }
+
+
     /**
      * Replace the username token
      *
+     * @param matcher the replacement pattern
      * @param string the target string
+     * @param username the supplied username
      * @return the modified string
      */
-    private String replaceUsernameToken(Matcher matcher, String string) {
+    private String replaceUsernameToken(Matcher matcher, String string,
+        String username) {
         return matcher != null ? matcher.replaceAll(username) : string;
     }
 
diff --git a/jdk/src/jdk.unsupported/share/classes/sun/reflect/ReflectionFactory.java b/jdk/src/jdk.unsupported/share/classes/sun/reflect/ReflectionFactory.java
index 6ac09603a1..a260cfae28 100644
--- a/jdk/src/jdk.unsupported/share/classes/sun/reflect/ReflectionFactory.java
+++ b/jdk/src/jdk.unsupported/share/classes/sun/reflect/ReflectionFactory.java
@@ -29,9 +29,14 @@ import java.io.OptionalDataException;
 import java.lang.invoke.MethodHandle;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.Permission;
+import java.security.ProtectionDomain;
 import java.security.PrivilegedAction;
+import jdk.internal.misc.SharedSecrets;
+import jdk.internal.misc.JavaSecurityAccess;
 
 /**
  * ReflectionFactory supports custom serialization.
@@ -139,6 +144,66 @@ public class ReflectionFactory {
         return delegate.readObjectForSerialization(cl);
     }
 
+    /**
+     * Invokes the supplied constructor, adding the provided protection domains
+     * to the invocation stack before invoking {@code Constructor::newInstance}.
+     * If no {@linkplain System#getSecurityManager() security manager} is present,
+     * or no domains are provided, then this method simply calls
+     * {@code cons.newInstance()}. Otherwise, it invokes the provided constructor
+     * with privileges at the intersection of the current context and the provided
+     * protection domains.
+     *
+     * @param cons A constructor obtained from {@code
+     *        newConstructorForSerialization} or {@code
+     *        newConstructorForExternalization}.
+     * @param domains An array of protection domains that limit the privileges
+     *        with which the constructor is invoked. Can be {@code null}
+     *        or empty, in which case privileges are only limited by the
+     *        {@linkplain AccessController#getContext() current context}.
+     *
+     * @return A new object built from the provided constructor.
+     *
+     * @throws NullPointerException if {@code cons} is {@code null}.
+     * @throws InstantiationException if thrown by {@code cons.newInstance()}.
+     * @throws InvocationTargetException if thrown by {@code cons.newInstance()}.
+     * @throws IllegalAccessException if thrown by {@code cons.newInstance()}.
+     */
+    public final Object newInstanceForSerialization(Constructor cons,
+                                                    ProtectionDomain[] domains)
+        throws InstantiationException, InvocationTargetException, IllegalAccessException
+    {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null || domains == null || domains.length == 0) {
+            return cons.newInstance();
+        } else {
+            JavaSecurityAccess jsa = SharedSecrets.getJavaSecurityAccess();
+            PrivilegedAction pea = () -> {
+                try {
+                    return cons.newInstance();
+                } catch (InstantiationException
+                         | InvocationTargetException
+                         | IllegalAccessException x) {
+                    throw new UndeclaredThrowableException(x);
+                }
+            }; // Can't use PrivilegedExceptionAction with jsa
+            try {
+                return jsa.doIntersectionPrivilege(pea,
+                           AccessController.getContext(),
+                           new AccessControlContext(domains));
+            } catch (UndeclaredThrowableException x) {
+                Throwable cause = x.getCause();
+                 if (cause instanceof InstantiationException)
+                    throw (InstantiationException) cause;
+                if (cause instanceof InvocationTargetException)
+                    throw (InvocationTargetException) cause;
+                if (cause instanceof IllegalAccessException)
+                    throw (IllegalAccessException) cause;
+                // not supposed to happen
+                throw x;
+            }
+        }
+    }
+
     /**
      * Returns a direct MethodHandle for the {@code readObjectNoData} method on
      * a Serializable class.
@@ -224,4 +289,3 @@ public class ReflectionFactory {
         }
     }
 }
-
diff --git a/jdk/test/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java b/jdk/test/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
index 48248e6703..d77dc6b0da 100644
--- a/jdk/test/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
+++ b/jdk/test/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
  * @summary Verify that DHKeyAgreement can generate secret key
  * objects for AES algorithm
  * @author Valerie Peng
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHGenSecretKey
  */
 import java.security.*;
 import java.security.interfaces.*;
diff --git a/jdk/test/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java b/jdk/test/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
index 9c506f761c..be1e4c9803 100644
--- a/jdk/test/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
+++ b/jdk/test/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
  * @bug 7146728
  * @summary DHKeyAgreement2
  * @author Jan Luehe
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHKeyAgreement2
  */
 
 import java.io.*;
diff --git a/jdk/test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java b/jdk/test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java
index f0067da543..910104b98c 100644
--- a/jdk/test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java
+++ b/jdk/test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,7 @@
  * @bug 8048819
  * @summary This test stressful verifies the assertion of "The secret keys generated
  * by all involved parties should be the same." for javax.crypto.KeyAgreement
- * @run main SameDHKeyStressTest
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true SameDHKeyStressTest
  */
 import java.security.AlgorithmParameterGenerator;
 import java.security.InvalidAlgorithmParameterException;
diff --git a/jdk/test/java/io/Serializable/serialFilter/SerialFilterTest.java b/jdk/test/java/io/Serializable/serialFilter/SerialFilterTest.java
index 5ce44eba56..362df99767 100644
--- a/jdk/test/java/io/Serializable/serialFilter/SerialFilterTest.java
+++ b/jdk/test/java/io/Serializable/serialFilter/SerialFilterTest.java
@@ -36,9 +36,11 @@ import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Proxy;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.List;
+import java.util.Map;
 import java.util.concurrent.atomic.LongAdder;
 
 import javax.net.ssl.SSLEngineResult;
@@ -165,6 +167,11 @@ public class SerialFilterTest implements Serializable {
                 interfaces, (p, m, args) -> p);
 
         Runnable runnable = (Runnable & Serializable) SerialFilterTest::noop;
+
+        List> classList = new ArrayList<>();
+        classList.add(HashSet.class);
+        classList.addAll(Collections.nCopies(21, Map.Entry[].class));
+
         Object[][] objects = {
                 { null, 0, -1, 0, 0, 0,
                         Arrays.asList()},        // no callback, no values
@@ -184,8 +191,7 @@ public class SerialFilterTest implements Serializable {
                                 objArray.getClass(),
                                 SerialFilterTest.class,
                                 java.lang.invoke.SerializedLambda.class)},
-                { deepHashSet(10), 48, -1, 50, 11, 619,
-                        Arrays.asList(HashSet.class)},
+                { deepHashSet(10), 69, 4, 50, 11, 619, classList },
                 { proxy.getClass(), 3, -1, 2, 2, 112,
                         Arrays.asList(Runnable.class,
                                 java.lang.reflect.Proxy.class,
diff --git a/jdk/test/java/security/Signature/Offsets.java b/jdk/test/java/security/Signature/Offsets.java
index 9e71690ea4..1db510dd6c 100644
--- a/jdk/test/java/security/Signature/Offsets.java
+++ b/jdk/test/java/security/Signature/Offsets.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,7 +34,7 @@ import jdk.testlibrary.RandomFactory;
 
 /*
  * @test
- * @bug 8050374
+ * @bug 8050374 8181048
  * @key randomness
  * @summary This test validates signature verification
  *          Signature.verify(byte[], int, int). The test uses RandomFactory to
@@ -105,18 +105,25 @@ public class Offsets {
         Signature signature = Signature.getInstance(algorithm, provider);
 
         String keyAlgo;
+        int keySize = 2048;
         if (algorithm.contains("RSA")) {
             keyAlgo = "RSA";
         } else if (algorithm.contains("ECDSA")) {
             keyAlgo = "EC";
+            keySize = 256;
         } else if (algorithm.contains("DSA")) {
             keyAlgo = "DSA";
+            if (algorithm.startsWith("SHAwith") ||
+                    algorithm.startsWith("SHA1with")) {
+                keySize = 1024;
+            }
         } else {
             throw new RuntimeException("Test doesn't support this signature "
                     + "algorithm: " + algorithm);
         }
 
         KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+        kpg.initialize(keySize);
         KeyPair kp = kpg.generateKeyPair();
         PublicKey pubkey = kp.getPublic();
         PrivateKey privkey = kp.getPrivate();
diff --git a/jdk/test/java/security/SignedObject/Chain.java b/jdk/test/java/security/SignedObject/Chain.java
index 65e1ebbd7f..3c9bad3dd1 100644
--- a/jdk/test/java/security/SignedObject/Chain.java
+++ b/jdk/test/java/security/SignedObject/Chain.java
@@ -32,7 +32,7 @@ import java.util.Arrays;
 
 /*
  * @test
- * @bug 8050374
+ * @bug 8050374 8181048
  * @summary Verify a chain of signed objects
  */
 public class Chain {
@@ -97,22 +97,28 @@ public class Chain {
         final Provider provider;
         final KeyAlg keyAlg;
         final SigAlg sigAlg;
+        final int keySize;
 
-        Test(SigAlg sigAlg, KeyAlg keyAlg, Provider privider) {
-            this.provider = privider;
+        Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider) {
+            this(sigAlg, keyAlg, provider, -1);
+        }
+
+        Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider, int keySize) {
+            this.provider = provider;
             this.keyAlg = keyAlg;
             this.sigAlg = sigAlg;
+            this.keySize = keySize;
         }
     }
 
     private static final Test[] tests = {
-        new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default),
+        new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024),
         new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default),
         new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default),
         new Test(SigAlg.SHA1withRSA, KeyAlg.RSA, Provider.Default),
-        new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun),
-        new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun),
-        new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun),
+        new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun, 1024),
+        new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun, 2048),
+        new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun, 2048),
     };
 
     private static final String str = "to-be-signed";
@@ -148,6 +154,9 @@ public class Chain {
                 kpg = KeyPairGenerator.getInstance(test.keyAlg.name);
             }
             for (int j=0; j < N; j++) {
+                if (test.keySize != -1) {
+                    kpg.initialize(test.keySize);
+                }
                 KeyPair kp = kpg.genKeyPair();
                 KeyPair anotherKp = kpg.genKeyPair();
                 privKeys[j] = kp.getPrivate();
diff --git a/jdk/test/java/time/tck/java/time/zone/TCKZoneRules.java b/jdk/test/java/time/tck/java/time/zone/TCKZoneRules.java
index 19f8239c23..8c36b38fe3 100644
--- a/jdk/test/java/time/tck/java/time/zone/TCKZoneRules.java
+++ b/jdk/test/java/time/tck/java/time/zone/TCKZoneRules.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -941,21 +941,21 @@ public class TCKZoneRules {
     }
 
     public void test_Apia_jumpForwardOverInternationalDateLine_P12_to_M12() {
-        // transition occurred at 1879-07-04T00:00+12:33:04
+        // transition occurred at 1892-07-04T00:00+12:33:04
         ZoneRules test = pacificApia();
-        Instant instantBefore = LocalDate.of(1879, 7, 2).atStartOfDay(ZoneOffset.UTC).toInstant();
+        Instant instantBefore = LocalDate.of(1892, 7, 2).atStartOfDay(ZoneOffset.UTC).toInstant();
         ZoneOffsetTransition trans = test.nextTransition(instantBefore);
-        assertEquals(trans.getDateTimeBefore(), LocalDateTime.of(1879, 7, 5, 0, 0));
-        assertEquals(trans.getDateTimeAfter(), LocalDateTime.of(1879, 7, 4, 0, 0));
+        assertEquals(trans.getDateTimeBefore(), LocalDateTime.of(1892, 7, 5, 0, 0));
+        assertEquals(trans.getDateTimeAfter(), LocalDateTime.of(1892, 7, 4, 0, 0));
         assertEquals(trans.isGap(), false);
         assertEquals(trans.isOverlap(), true);
         assertEquals(trans.isValidOffset(ZoneOffset.ofHoursMinutesSeconds(+12, 33, 4)), true);
         assertEquals(trans.isValidOffset(ZoneOffset.ofHoursMinutesSeconds(-11, -26, -56)), true);
         assertEquals(trans.getDuration(), Duration.ofHours(-24));
-        assertEquals(trans.getInstant(), LocalDateTime.of(1879, 7, 4, 0, 0).toInstant(ZoneOffset.ofHoursMinutesSeconds(-11, -26, -56)));
+        assertEquals(trans.getInstant(), LocalDateTime.of(1892, 7, 4, 0, 0).toInstant(ZoneOffset.ofHoursMinutesSeconds(-11, -26, -56)));
 
-        ZonedDateTime zdt = ZonedDateTime.of(1879, 7, 4, 23, 0, 0, 0, ZoneId.of("Pacific/Apia"));
-        assertEquals(zdt.plusHours(2).toLocalDateTime(), LocalDateTime.of(1879, 7, 4, 1, 0, 0));
+        ZonedDateTime zdt = ZonedDateTime.of(1892, 7, 4, 23, 0, 0, 0, ZoneId.of("Pacific/Apia"));
+        assertEquals(zdt.plusHours(2).toLocalDateTime(), LocalDateTime.of(1892, 7, 4, 1, 0, 0));
     }
 
     //-------------------------------------------------------------------------
diff --git a/jdk/test/java/time/test/java/time/format/ZoneName.java b/jdk/test/java/time/test/java/time/format/ZoneName.java
index 1fbb913acd..591626d198 100644
--- a/jdk/test/java/time/test/java/time/format/ZoneName.java
+++ b/jdk/test/java/time/test/java/time/format/ZoneName.java
@@ -104,7 +104,7 @@ class ZoneName {
         "Pacific/Chuuk", "Truk", "Pacific/Truk",
         "Africa/Gaborone", "Africa_Central", "Africa/Maputo",
         "Africa/Tunis", "Europe_Central", "Europe/Paris",
-        "Africa/Khartoum", "Africa_Eastern", "Africa/Nairobi",
+        "Africa/Khartoum", "Africa_Central", "Africa/Maputo",
         "Europe/Isle_of_Man", "GMT", "Atlantic/Reykjavik",
         "Europe/Skopje", "Europe_Central", "Europe/Paris",
         "America/Merida", "America_Central", "America/Chicago",
@@ -221,7 +221,7 @@ class ZoneName {
         "Africa/Algiers", "Europe_Central", "Europe/Paris",
         "America/Miquelon", "Pierre_Miquelon", "America/Miquelon",
         "Asia/Tokyo", "Japan", "Asia/Tokyo",
-        "Africa/Windhoek", "Africa_Western", "Africa/Lagos",
+        "Africa/Windhoek", "Africa_Central", "Africa/Maputo",
         "Africa/Bujumbura", "Africa_Central", "Africa/Maputo",
         "America/Guatemala", "America_Central", "America/Chicago",
         "Africa/Dakar", "GMT", "Atlantic/Reykjavik",
@@ -662,7 +662,6 @@ class ZoneName {
         "America/Rosario", "America/Argentina/Cordoba",
         "Jamaica", "America/Jamaica",
         "Asia/Katmandu", "Asia/Kathmandu",
-        "Canada/East-Saskatchewan", "America/Regina",
         "ROK", "Asia/Seoul",
         "Asia/Macao", "Asia/Macau",
         "Australia/South", "Australia/Adelaide",
diff --git a/jdk/test/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java b/jdk/test/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java
new file mode 100644
index 0000000000..4216545214
--- /dev/null
+++ b/jdk/test/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java
@@ -0,0 +1,333 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 8159377
+ * @library /lib/testlibrary
+ * @summary Tests ObjectFilter on default agent
+ * @author Harsha Wardhana B
+ * @modules java.management
+ * @build jdk.testlibrary.* DefaultAgentFilterTest
+ * @run main/othervm/timeout=600 -XX:+UsePerfData DefaultAgentFilterTest
+ */
+import java.io.EOFException;
+import java.io.File;
+import java.io.IOException;
+import java.io.InvalidClassException;
+import java.io.Serializable;
+import java.lang.reflect.InvocationTargetException;
+import java.net.BindException;
+import java.rmi.UnmarshalException;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicBoolean;
+import javax.management.MBeanServerConnection;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnector;
+import javax.management.remote.JMXConnectorFactory;
+import javax.management.remote.JMXServiceURL;
+
+import jdk.testlibrary.ProcessTools;
+import jdk.testlibrary.Utils;
+
+public class DefaultAgentFilterTest {
+
+    public static class MyTestObject implements Serializable {
+
+        String a;
+        int id;
+    }
+
+    public interface TestMBean {
+
+        public void op1(HashSet params);
+
+        public void op2(String s, HashSet params);
+
+        public void op3(MyTestObject obj, String s, HashMap param);
+    }
+
+    public static class Test implements TestMBean {
+
+        @Override
+        public void op1(HashSet params) {
+            System.out.println("Invoked op1");
+        }
+
+        @Override
+        public void op2(String s, HashSet params) {
+            System.out.println("Invoked op2");
+        }
+
+        @Override
+        public void op3(MyTestObject obj, String s, HashMap param) {
+            System.out.println("Invoked op3");
+        }
+    }
+
+    private static class TestAppRun implements AutoCloseable {
+
+        private Process p;
+        private final ProcessBuilder pb;
+        private final String name;
+        private final AtomicBoolean started = new AtomicBoolean(false);
+        private volatile long pid = -1;
+
+        public TestAppRun(ProcessBuilder pb, String name) {
+            this.pb = pb;
+            this.name = name;
+        }
+
+        public synchronized void start() throws Exception {
+            if (started.compareAndSet(false, true)) {
+                try {
+                    AtomicBoolean error = new AtomicBoolean(false);
+                    AtomicBoolean bindError = new AtomicBoolean(false);
+                    p = ProcessTools.startProcess(
+                            TEST_APP_NAME + "{" + name + "}",
+                            pb,
+                            (line) -> {
+                                if (line.toLowerCase().contains("exception")
+                                || line.toLowerCase().contains("error")) {
+                                    error.set(true);
+                                }
+                                bindError.set(line.toLowerCase().contains("bindexception"));
+                                return true;
+                            });
+                    if (bindError.get()) {
+                        throw new BindException("Process could not be started");
+                    } else if (error.get()) {
+                        throw new RuntimeException();
+                    }
+                    pid = p.pid();
+                } catch (Exception ex) {
+                    if (p != null) {
+                        p.destroy();
+                        p.waitFor();
+                    }
+                    throw ex;
+                }
+            }
+        }
+
+        public long getPid() {
+            return pid;
+        }
+
+        public synchronized void stop()
+                throws IOException, InterruptedException {
+            if (started.compareAndSet(true, false)) {
+                p.getOutputStream().write(0);
+                p.getOutputStream().flush();
+                int ec = p.waitFor();
+                if (ec != 0) {
+                    StringBuilder msg = new StringBuilder();
+                    msg.append("Test application '").append(name);
+                    msg.append("' failed with exit code: ");
+                    msg.append(ec);
+                    System.err.println(msg);
+                }
+            }
+        }
+
+        @Override
+        public void close() throws Exception {
+            stop();
+        }
+    }
+
+    private static final String TEST_APP_NAME = "TestApp";
+
+    private static void testDefaultAgent(String propertyFile) throws Exception {
+        int port = Utils.getFreePort();
+        String propFile = System.getProperty("test.src") + File.separator + propertyFile;
+        List pbArgs = new ArrayList<>(Arrays.asList(
+                "-cp",
+                System.getProperty("test.class.path"),
+                "-XX:+UsePerfData"
+        ));
+        String[] args = new String[]{
+            "-Dcom.sun.management.jmxremote.port=" + port,
+            "-Dcom.sun.management.jmxremote.authenticate=false",
+            "-Dcom.sun.management.jmxremote.ssl=false",
+            "-Dcom.sun.management.config.file=" + propFile
+        };
+        pbArgs.addAll(Arrays.asList(args));
+        pbArgs.add(TEST_APP_NAME);
+
+        ProcessBuilder pb = ProcessTools.createJavaProcessBuilder(
+                pbArgs.toArray(new String[pbArgs.size()])
+        );
+
+        try (TestAppRun s = new TestAppRun(pb, DefaultAgentFilterTest.class.getSimpleName())) {
+            s.start();
+            JMXServiceURL url = testConnect(port);
+            testMBeanOperations(url);
+        }
+    }
+
+    private static JMXServiceURL testConnect(int port) throws Exception {
+        EOFException lastException = null;
+        JMXServiceURL url = null;
+        // factor adjusted timeout (5 seconds) for the RMI to become available
+        long timeout = System.currentTimeMillis() + Utils.adjustTimeout(5000);
+        do {
+            lastException = null;
+            try {
+                Registry registry = LocateRegistry.getRegistry(port);
+                String[] relist = registry.list();
+                for (int i = 0; i < relist.length; ++i) {
+                    System.out.println("Got registry: " + relist[i]);
+                }
+                String jmxUrlStr = String.format(
+                        "service:jmx:rmi:///jndi/rmi://localhost:%d/jmxrmi",
+                        port);
+                url = new JMXServiceURL(jmxUrlStr);
+
+                try (JMXConnector c = JMXConnectorFactory.connect(url, null)) {
+                    MBeanServerConnection conn = c.getMBeanServerConnection();
+                    ObjectName name = new ObjectName("jtreg:type=Test");
+                    conn.createMBean(Test.class.getName(), name);
+                }
+            } catch (Exception ex) {
+                if (ex instanceof EOFException) {
+                    lastException = (EOFException) ex;
+                    System.out.println("Error establishing RMI connection. Retrying in 500ms.");
+                    Thread.sleep(500);
+                } else {
+                    throw ex;
+                }
+            }
+        } while (lastException != null && System.currentTimeMillis() < timeout);
+        if (lastException != null) {
+            throw lastException;
+        }
+        return url;
+    }
+
+    public static void main(String[] args) throws Exception {
+        System.out.println("---" + DefaultAgentFilterTest.class.getName() + "-main: starting ...");
+
+        boolean retry = false;
+        do {
+            try {
+                // blacklist String
+                testDefaultAgent("mgmt1.properties");
+                System.out.println("----\tTest FAILED !!");
+                throw new RuntimeException("---" + DefaultAgentFilterTest.class.getName() + " - No exception reported");
+            } catch (Exception ex) {
+                if (ex instanceof InvocationTargetException) {
+                    if (ex.getCause() instanceof BindException
+                            || ex.getCause() instanceof java.rmi.ConnectException) {
+                        System.out.println("Failed to allocate ports. Retrying ...");
+                        retry = true;
+                    }
+                } else if (ex instanceof InvalidClassException) {
+                    System.out.println("----\tTest PASSED !!");
+                } else if (ex instanceof UnmarshalException
+                        && ((UnmarshalException) ex).getCause() instanceof InvalidClassException) {
+                    System.out.println("----\tTest PASSED !!");
+                } else {
+                    System.out.println(ex);
+                    System.out.println("----\tTest FAILED !!");
+                    throw ex;
+                }
+            }
+        } while (retry);
+        retry = false;
+        do {
+            try {
+                // blacklist non-existent class
+                testDefaultAgent("mgmt2.properties");
+                System.out.println("----\tTest PASSED !!");
+            } catch (Exception ex) {
+                if (ex instanceof InvocationTargetException) {
+                    if (ex.getCause() instanceof BindException
+                            || ex.getCause() instanceof java.rmi.ConnectException) {
+                        System.out.println("Failed to allocate ports. Retrying ...");
+                        retry = true;
+                    }
+                } else {
+                    System.out.println(ex);
+                    System.out.println("----\tTest FAILED !!");
+                    throw ex;
+                }
+            }
+        } while (retry);
+
+        System.out.println("---" + DefaultAgentFilterTest.class.getName() + "-main: finished ...");
+    }
+
+    private static void testMBeanOperations(JMXServiceURL serverUrl) throws Exception {
+        Map clientEnv = new HashMap<>(1);
+        ObjectName name = new ObjectName("jtreg:type=Test");
+        try (JMXConnector client = JMXConnectorFactory.connect(serverUrl, clientEnv)) {
+            MBeanServerConnection conn = client.getMBeanServerConnection();
+
+            HashSet set = new HashSet<>();
+            set.add("test1");
+            set.add("test2");
+
+            String a = "A";
+
+            Object[] params1 = {set};
+            String[] sig1 = {HashSet.class.getName()};
+            conn.invoke(name, "op1", params1, sig1);
+
+            Object[] params2 = {a, set};
+            String[] sig2 = {String.class.getName(), HashSet.class.getName()};
+            conn.invoke(name, "op2", params2, sig2);
+
+            HashMap map = new HashMap<>();
+            map.put("a", "A");
+            map.put("b", "B");
+
+            Object[] params3 = {new MyTestObject(), a, map};
+            String[] sig3 = {MyTestObject.class.getName(), String.class.getName(),
+                HashMap.class.getName()};
+            conn.invoke(name, "op3", params3, sig3);
+        }
+    }
+}
+
+class TestApp {
+
+    private static void doSomething() throws IOException {
+        int r = System.in.read();
+        System.out.println("read: " + r);
+    }
+
+    public static void main(String args[]) throws Exception {
+        System.out.println("main enter");
+        System.out.flush();
+        doSomething();
+        System.out.println("main exit");
+    }
+}
diff --git a/jdk/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java b/jdk/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java
new file mode 100644
index 0000000000..51ff463624
--- /dev/null
+++ b/jdk/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 8159377
+ * @summary Tests ObjectInputFilter on RMIServer.newClient
+ * @author Harsha Wardhana B
+ * @modules java.management
+ * @run clean NewRMIClientFilterTest
+ * @run build NewRMIClientFilterTest
+ * @run main NewRMIClientFilterTest
+ */
+import java.io.InvalidClassException;
+import java.io.Serializable;
+import java.lang.management.ManagementFactory;
+import java.util.HashMap;
+import java.util.Map;
+import javax.management.remote.JMXConnector;
+import javax.management.remote.JMXConnectorFactory;
+import javax.management.remote.JMXConnectorServer;
+import javax.management.remote.JMXConnectorServerFactory;
+import javax.management.remote.JMXServiceURL;
+import javax.management.remote.rmi.RMIConnectorServer;
+
+public class NewRMIClientFilterTest {
+
+   /**
+    * Name of the attribute that specifies an
+    * {@link ObjectInputFilter} pattern string to filter classes acceptable
+    * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+    * remote method call.
+    */
+    static final String CREDENTIALS_FILTER_PATTERN =
+        "jmx.remote.rmi.server.credentials.filter.pattern";
+
+    public static void main(String[] args) throws Exception {
+        System.out.println("---NewRMIClientFilterTest-main: starting ...");
+        String filter1 = java.lang.String.class.getName() + ";!*";
+        String filter2 = java.lang.String.class.getName() + ";" + MyCredentials.class.getName() + ";!*";
+
+        JMXServiceURL url = new JMXServiceURL("rmi", null, 0);
+        JMXServiceURL serverUrl = null;
+        Map env = new HashMap<>(1);
+        JMXConnectorServer server = null;
+
+        System.out.println("\n---NewRMIClientFilterTest-main: testing types = null");
+        server = newServer(url, null);
+        serverUrl = server.getAddress();
+        doTest(serverUrl, null);
+        doTest(serverUrl, new String[]{"toto", "titi"});
+        doTest(serverUrl, new Object[]{new MyCredentials(), "toto"});
+        server.stop();
+
+        System.out.println("\n---NewRMIClientFilterTest-main: testing types = String[]");
+        env.put(CREDENTIALS_FILTER_PATTERN, filter1);
+        server = newServer(url, env);
+        serverUrl = server.getAddress();
+        doTest(serverUrl, null);
+        doTest(serverUrl, new String[]{"toto", "titi"});
+        try {
+            doTest(serverUrl, new MyCredentials());
+            throw new Error("Bad client is not refused!");
+        } catch (Exception e) {
+            isInvalidClassEx(e);
+        } finally {
+            server.stop();
+        }
+
+        System.out.println("\n---NewRMIClientFilterTest-main: testing user specific types = String, MyCredentials");
+        env.put(CREDENTIALS_FILTER_PATTERN, filter2);
+        server = newServer(url, env);
+        serverUrl = server.getAddress();
+        doTest(serverUrl, null);
+        doTest(serverUrl, new String[]{"toto", "titi"});
+        doTest(serverUrl, new MyCredentials[]{new MyCredentials(), (MyCredentials) null});
+        try {
+            doTest(serverUrl, new Object[]{"toto", new byte[3]});
+            throw new Error("Bad client is not refused!");
+        } catch (Exception e) {
+            isInvalidClassEx(e);
+        } finally {
+            server.stop();
+        }
+
+        System.out.println("---NewRMIClientFilterTest-main PASSED!!!");
+    }
+
+    private static void doTest(JMXServiceURL serverAddr, Object credentials) throws Exception {
+        System.out.println("---NewRMIClientFilterTest-test:\n\tserver address: "
+                + serverAddr + "\n\tcredentials: " + credentials);
+
+        Map env = new HashMap<>(1);
+        env.put("jmx.remote.credentials", credentials);
+        JMXConnector client = null;
+        try {
+            client = JMXConnectorFactory.connect(serverAddr, env);
+            client.getMBeanServerConnection().getDefaultDomain();
+        } finally {
+            try {
+                client.close();
+            } catch (Exception e) {
+            }
+        }
+        System.out.println("---NewRMIClientFilterTest-test: PASSED!");
+    }
+
+    private static JMXConnectorServer newServer(JMXServiceURL url, Map env)
+            throws Exception {
+        JMXConnectorServer server = JMXConnectorServerFactory.newJMXConnectorServer(
+                url,
+                env,
+                ManagementFactory.getPlatformMBeanServer());
+
+        server.start();
+        return server;
+    }
+
+    private static class MyCredentials implements Serializable {
+    }
+
+    private static void isInvalidClassEx(Exception e) {
+        Throwable cause = e;
+        while (cause != null) {
+            if (cause instanceof InvalidClassException) {
+                System.out.println("---NewRMIClientFilterTest-InvalidClassException expected: " + cause);
+                return;
+            }
+            cause = cause.getCause();
+        }
+        e.printStackTrace();
+        throw new RuntimeException("Did not get expected InvalidClassException!");
+    }
+}
diff --git a/jdk/test/javax/management/remote/mandatory/connection/mgmt1.properties b/jdk/test/javax/management/remote/mandatory/connection/mgmt1.properties
new file mode 100644
index 0000000000..17f81fa2ec
--- /dev/null
+++ b/jdk/test/javax/management/remote/mandatory/connection/mgmt1.properties
@@ -0,0 +1,38 @@
+# ################ Filter for ObjectInputStream #############################
+com.sun.management.jmxremote.serial.filter.pattern=!DefaultAgentFilterTest$MyTestObject
+#   A filter, if configured, is used by java.io.ObjectInputStream during
+#   deserialization of parameters sent to the JMX default agent to validate the 
+#   contents of the stream.
+#   A filter is configured as a sequence of patterns, each pattern is either
+#   matched against the name of a class in the stream or defines a limit.
+#   Patterns are separated by ";" (semicolon).
+#   Whitespace is significant and is considered part of the pattern.
+#
+#   If a pattern includes a "=", it sets a limit.
+#   If a limit appears more than once the last value is used.
+#   Limits are checked before classes regardless of the order in the sequence of patterns.
+#   If any of the limits are exceeded, the filter status is REJECTED.
+#
+#       maxdepth=value - the maximum depth of a graph
+#       maxrefs=value  - the maximum number of internal references
+#       maxbytes=value - the maximum number of bytes in the input stream
+#       maxarray=value - the maximum array length allowed
+#
+#   Other patterns, from left to right, match the class or package name as
+#   returned from Class.getName.
+#   If the class is an array type, the class or package to be matched is the element type.
+#   Arrays of any number of dimensions are treated the same as the element type.
+#   For example, a pattern of "!example.Foo", rejects creation of any instance or
+#   array of example.Foo.
+#
+#   If the pattern starts with "!", the status is REJECTED if the remaining pattern
+#       is matched; otherwise the status is ALLOWED if the pattern matches.
+#   If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
+#       if the module name matches the module name of the class then
+#       the remaining pattern is matched with the class name.
+#   If there is no "/", the module name is not compared.
+#   If the pattern ends with ".**" it matches any class in the package and all subpackages.
+#   If the pattern ends with ".*" it matches any class in the package.
+#   If the pattern ends with "*", it matches any class with the pattern as a prefix.
+#   If the pattern is equal to the class name, it matches.
+#   Otherwise, the status is UNDECIDED.
\ No newline at end of file
diff --git a/jdk/test/javax/management/remote/mandatory/connection/mgmt2.properties b/jdk/test/javax/management/remote/mandatory/connection/mgmt2.properties
new file mode 100644
index 0000000000..d29d746d92
--- /dev/null
+++ b/jdk/test/javax/management/remote/mandatory/connection/mgmt2.properties
@@ -0,0 +1,38 @@
+# ################ Filter for ObjectInputStream #############################
+com.sun.management.jmxremote.serial.filter.pattern=!DefaultAgentFilterTest$ThisTypeIsNotUsed
+#   A filter, if configured, is used by java.io.ObjectInputStream during
+#   deserialization of parameters sent to the JMX default agent to validate the 
+#   contents of the stream.
+#   A filter is configured as a sequence of patterns, each pattern is either
+#   matched against the name of a class in the stream or defines a limit.
+#   Patterns are separated by ";" (semicolon).
+#   Whitespace is significant and is considered part of the pattern.
+#
+#   If a pattern includes a "=", it sets a limit.
+#   If a limit appears more than once the last value is used.
+#   Limits are checked before classes regardless of the order in the sequence of patterns.
+#   If any of the limits are exceeded, the filter status is REJECTED.
+#
+#       maxdepth=value - the maximum depth of a graph
+#       maxrefs=value  - the maximum number of internal references
+#       maxbytes=value - the maximum number of bytes in the input stream
+#       maxarray=value - the maximum array length allowed
+#
+#   Other patterns, from left to right, match the class or package name as
+#   returned from Class.getName.
+#   If the class is an array type, the class or package to be matched is the element type.
+#   Arrays of any number of dimensions are treated the same as the element type.
+#   For example, a pattern of "!example.Foo", rejects creation of any instance or
+#   array of example.Foo.
+#
+#   If the pattern starts with "!", the status is REJECTED if the remaining pattern
+#       is matched; otherwise the status is ALLOWED if the pattern matches.
+#   If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
+#       if the module name matches the module name of the class then
+#       the remaining pattern is matched with the class name.
+#   If there is no "/", the module name is not compared.
+#   If the pattern ends with ".**" it matches any class in the package and all subpackages.
+#   If the pattern ends with ".*" it matches any class in the package.
+#   If the pattern ends with "*", it matches any class with the pattern as a prefix.
+#   If the pattern is equal to the class name, it matches.
+#   Otherwise, the status is UNDECIDED.
\ No newline at end of file
diff --git a/jdk/test/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java b/jdk/test/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java
index 3b010e38a1..5d79b06fd3 100644
--- a/jdk/test/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java
+++ b/jdk/test/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,6 +47,7 @@ import javax.management.remote.JMXConnectorServer;
 import javax.management.remote.JMXConnectorServerFactory;
 import javax.management.remote.JMXServiceURL;
 import com.sun.jmx.remote.internal.rmi.RMIExporter;
+import java.io.ObjectInputFilter;
 
 public class RMIExporterTest {
 
@@ -60,7 +61,8 @@ public class RMIExporterTest {
         public Remote exportObject(Remote obj,
                                    int port,
                                    RMIClientSocketFactory csf,
-                                   RMIServerSocketFactory ssf)
+                                   RMIServerSocketFactory ssf,
+                                   ObjectInputFilter unused)
             throws RemoteException {
             System.out.println("CustomRMIExporter::exportObject():: " +
                                "Remote = " + obj);
diff --git a/jdk/test/javax/management/remote/nonLocalAccess/NonLocalJMXRemoteTest.java b/jdk/test/javax/management/remote/nonLocalAccess/NonLocalJMXRemoteTest.java
index d05aff18f5..959445d410 100644
--- a/jdk/test/javax/management/remote/nonLocalAccess/NonLocalJMXRemoteTest.java
+++ b/jdk/test/javax/management/remote/nonLocalAccess/NonLocalJMXRemoteTest.java
@@ -43,14 +43,37 @@ import java.util.Set;
  * This tests the SingleEntryRegistry implemented by JMX.
  * This test is a manual test and uses JMX running on a *different* host.
  * JMX can be enabled in any Java runtime; for example:
- * login or ssh to the different host and invoke rmiregistry with arguments below.
+ *
+ * Note: Use remote host with latest JDK update release for invoking rmiregistry.
+ *
+ * Note: Test should be ran twice once using arg1 and once using arg2.
+ *
+ * login or ssh to the remote host and invoke rmiregistry with arg1.
  * It will not show any output.
- * {@code $JDK_HOME/bin/rmiregistry \
+ * Execute the test, after test completes execution, stop the server.
+ *
+ * repeat above step using arg2 and execute the test.
+ *
+ *
+ * arg1: {@code $JDK_HOME/bin/rmiregistry \
  *         -J-Dcom.sun.management.jmxremote.port=8888 \
  *         -J-Dcom.sun.management.jmxremote.local.only=false \
  *         -J-Dcom.sun.management.jmxremote.ssl=false \
  *         -J-Dcom.sun.management.jmxremote.authenticate=false
  * }
+ *
+ *
+ * replace "jmx-registry-host" with the hostname or IP address of the remote host
+ * for property "-J-Dcom.sun.management.jmxremote.host" below.
+ *
+ * arg2: {@code $JDK_HOME/bin/rmiregistry \
+ *         -J-Dcom.sun.management.jmxremote.port=8888 \
+ *         -J-Dcom.sun.management.jmxremote.local.only=false \
+ *         -J-Dcom.sun.management.jmxremote.ssl=false \
+ *         -J-Dcom.sun.management.jmxremote.authenticate=false \
+ *         -J-Dcom.sun.management.jmxremote.host="jmx-registry-host"
+ * }
+ *
  * On the first host modify the @run command above to replace "jmx-registry-host"
  * with the hostname or IP address of the different host and run the test with jtreg.
  */
@@ -123,6 +146,7 @@ public class NonLocalJMXRemoteTest {
             if (asIndex < 0 ||
                     disallowIndex < 0 ||
                     nonLocalHostIndex < 0 ) {
+                System.out.println("Exception message is " + msg);
                 throw new RuntimeException("exception message is malformed", t);
             }
             System.out.printf("Found expected AccessException: %s%n%n", t);
diff --git a/jdk/test/sun/security/krb5/auto/KDC.java b/jdk/test/sun/security/krb5/auto/KDC.java
index e47c3e9e5c..c9059ab237 100644
--- a/jdk/test/sun/security/krb5/auto/KDC.java
+++ b/jdk/test/sun/security/krb5/auto/KDC.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -828,7 +828,9 @@ public class KDC {
                 throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
             }
             Ticket t = new Ticket(
-                    service,
+                    System.getProperty("test.kdc.diff.sname") != null ?
+                        new PrincipalName("xx" + service.toString()) :
+                        service,
                     new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
             );
             EncTGSRepPart enc_part = new EncTGSRepPart(
diff --git a/jdk/test/sun/security/krb5/auto/TicketSName.java b/jdk/test/sun/security/krb5/auto/TicketSName.java
new file mode 100644
index 0000000000..458d478af1
--- /dev/null
+++ b/jdk/test/sun/security/krb5/auto/TicketSName.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8178794
+ * @summary krb5 client should ignore sname in incoming tickets
+ * @compile -XDignore.symbol.file TicketSName.java
+ * @run main/othervm -Dtest.kdc.diff.sname TicketSName
+ */
+
+import sun.security.jgss.GSSUtil;
+import javax.security.auth.kerberos.KerberosTicket;
+
+public class TicketSName {
+
+    public static void main(String[] args) throws Exception {
+
+        new OneKDC(null).writeJAASConf();
+
+        Context c, s;
+        c = Context.fromJAAS("client");
+        s = Context.fromJAAS("server");
+
+        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
+        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+
+        Context.handshake(c, s);
+
+        String expected = OneKDC.SERVER + "@" + OneKDC.REALM;
+        if (!c.s().getPrivateCredentials(KerberosTicket.class)
+                .stream()
+                .anyMatch(t -> t.getServer().toString().equals(expected))) {
+            c.status();
+            throw new Exception("no " + expected);
+        }
+    }
+}
diff --git a/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java b/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java
index 9dba311bf3..9681860d60 100644
--- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java
+++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java
@@ -28,8 +28,8 @@
  * @author Andreas Sterbenz
  * @library ..
  * @modules jdk.crypto.cryptoki
- * @run main/othervm TestDH
- * @run main/othervm TestDH sm
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true TestDH
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true TestDH sm
  */
 
 import java.security.KeyPair;
diff --git a/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java b/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java
index 10af679486..cf39a5bab5 100644
--- a/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java
+++ b/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
  /*
  * @test
- * @bug 7044060 8055351
+ * @bug 7044060 8055351 8181048
  * @summary verify that DSA parameter generation works
  * @run main/timeout=600 TestAlgParameterGenerator
  */
@@ -81,7 +81,6 @@ public class TestAlgParameterGenerator {
         AlgorithmParameters param = apg.generateParameters();
         stop = System.currentTimeMillis();
         System.out.println("Time: " + (stop - start) + " ms.");
-        checkParamStrength(param, 1024);
 
         // make sure the old model works
         int[] strengths = {512, 768, 1024};
diff --git a/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java b/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java
index bfd47b23ad..105c50015d 100644
--- a/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java
+++ b/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 4800108 8072452
+ * @bug 4800108 8072452 8181048
  * @summary verify that precomputed DSA parameters are always used (512, 768,
  *          1024, 2048, 3072 bit)
  * @run main/othervm/timeout=15 TestKeyPairGenerator
@@ -59,15 +59,12 @@ public class TestKeyPairGenerator {
         // on JDKs that do not have the fix
         kpg = KeyPairGenerator.getInstance("DSA", "SUN");
         kp = kpg.generateKeyPair();
-        checkKeyLength(kp, 1024);
 
         kpg = KeyPairGenerator.getInstance("DSA", "SUN");
         kp = kpg.generateKeyPair();
-        checkKeyLength(kp, 1024);
 
         // some other basic tests
         kp = kpg.generateKeyPair();
-        checkKeyLength(kp, 1024);
 
         kpg.initialize(1024);
         kp = kpg.generateKeyPair();
diff --git a/jdk/test/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java b/jdk/test/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java
new file mode 100644
index 0000000000..5b4f902aff
--- /dev/null
+++ b/jdk/test/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8181048
+ * @summary verify that when the returned DSA KeyPairGenerator is
+ * an instance of java.security.interfaces.DSAKeyPairGenerator,
+ * the behavior is compliant with the javadoc spec.
+ * @run main/othervm -Djdk.security.legacyDSAKeyPairGenerator=tRUe TestLegacyDSAKeyPairGenerator
+ */
+
+import java.security.*;
+import java.security.interfaces.*;
+
+public class TestLegacyDSAKeyPairGenerator {
+
+    private static void checkKeyLength(KeyPair kp, int len) throws Exception {
+        DSAPublicKey key = (DSAPublicKey)kp.getPublic();
+        int n = key.getParams().getP().bitLength();
+        System.out.println("Key length: " + n);
+        if (len != n) {
+            throw new Exception("Wrong key length");
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", "SUN");
+        // check the returned object implements the legacy interface
+        if (!(kpg instanceof DSAKeyPairGenerator)) {
+            throw new Exception("Should be an instance of DSAKeyPairGenerator");
+        }
+        System.out.println("Returned an instance of DSAKeyPairGenerator");
+        // check the default key size is 1024 when initiaize(..) is not called
+        KeyPair kp1 = kpg.generateKeyPair();
+        checkKeyLength(kp1, 1024);
+        KeyPair kp2 = kpg.generateKeyPair();
+        checkKeyLength(kp2, 1024);
+        System.out.println("Used 1024 default key size");
+
+        // check kp1 and kp2 uses the same DSA parameters p, q, g
+        DSAParams param1 = ((DSAPublicKey)kp1.getPublic()).getParams();
+        DSAParams param2 = ((DSAPublicKey)kp2.getPublic()).getParams();
+        if ((param1.getP().compareTo(param2.getP()) != 0) ||
+            (param1.getQ().compareTo(param2.getQ()) != 0) ||
+            (param1.getG().compareTo(param2.getG()) != 0)) {
+            throw new RuntimeException("Key params mismatch");
+        }
+        System.out.println("Used same default params");
+
+        // check that the documented exception is thrown if no cached parameters
+        int sizeNotInCache = (1024 - 64);
+        try {
+            ((DSAKeyPairGenerator)kpg).initialize(sizeNotInCache, false, null);
+            throw new RuntimeException("Expected IPE not thrown");
+        } catch (InvalidParameterException ipe) {
+            System.out.println("Throwed expected IPE");
+        }
+        ((DSAKeyPairGenerator)kpg).initialize(sizeNotInCache, true, null);
+        KeyPair kp = kpg.generateKeyPair();
+        checkKeyLength(kp, sizeNotInCache);
+        System.out.println("Generated requested key size");
+    }
+}
diff --git a/jdk/test/sun/security/ssl/CertPathRestrictions/TLSRestrictions.java b/jdk/test/sun/security/ssl/CertPathRestrictions/TLSRestrictions.java
index 2a6ffb2d13..ecb060cc7d 100644
--- a/jdk/test/sun/security/ssl/CertPathRestrictions/TLSRestrictions.java
+++ b/jdk/test/sun/security/ssl/CertPathRestrictions/TLSRestrictions.java
@@ -48,6 +48,7 @@ import jdk.test.lib.process.ProcessTools;
 
 /*
  * @test
+ * @bug 8165367
  * @summary Verify the restrictions for certificate path on JSSE with custom trust store.
  * @library /test/lib
  * @compile JSSEClient.java
diff --git a/jdk/test/sun/security/ssl/ClientHandshaker/RSAExport.java b/jdk/test/sun/security/ssl/ClientHandshaker/RSAExport.java
index 48d01f8ccb..54ebadd9f5 100644
--- a/jdk/test/sun/security/ssl/ClientHandshaker/RSAExport.java
+++ b/jdk/test/sun/security/ssl/ClientHandshaker/RSAExport.java
@@ -419,6 +419,7 @@ public class RSAExport {
         // reset the security property to make sure that the algorithms
         // and keys used in this test are not disabled.
         Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+        Security.setProperty("jdk.tls.disabledAlgorithms", "MD2");
 
         if (debug)
             System.setProperty("javax.net.debug", "all");
diff --git a/jdk/test/sun/security/ssl/DHKeyExchange/DHEKeySizing.java b/jdk/test/sun/security/ssl/DHKeyExchange/DHEKeySizing.java
index 3b449315e1..c00337789f 100644
--- a/jdk/test/sun/security/ssl/DHKeyExchange/DHEKeySizing.java
+++ b/jdk/test/sun/security/ssl/DHKeyExchange/DHEKeySizing.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,33 +31,44 @@
  * @bug 6956398
  * @summary make ephemeral DH key match the length of the certificate key
  * @run main/othervm
+ *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1639 267
+ * @run main/othervm -Djsse.enableFFDHE=false
  *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=matched
  *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=legacy
  *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=1024
  *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
  *
- * @run main/othervm
+ * @run main/othervm -Djsse.enableFFDHE=false
  *      DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 229 75
  *
- * @run main/othervm
+ * @run main/othervm -Djsse.enableFFDHE=false
  *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1383 139
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=legacy
  *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1319 107
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=matched
  *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1639 267
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=1024
  *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1383 139
  *
- * @run main/othervm
+ * @run main/othervm -Djsse.enableFFDHE=false
  *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 357 139
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=legacy
  *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 293 107
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=matched
  *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 357 139
- * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
+ * @run main/othervm -Djsse.enableFFDHE=false
+ *      -Djdk.tls.ephemeralDHKeySize=1024
  *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 357 139
  */
 
diff --git a/jdk/test/sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java b/jdk/test/sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java
new file mode 100644
index 0000000000..209db9d746
--- /dev/null
+++ b/jdk/test/sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8140436
+ * @modules jdk.crypto.ec
+ * @library /javax/net/ssl/templates
+ * @summary Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
+ * @run main/othervm UseStrongDHSizes 2048
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe2048 UseStrongDHSizes 2048
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe3072 UseStrongDHSizes 2048
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe4096 UseStrongDHSizes 2048
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe6144 UseStrongDHSizes 2048
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe8192 UseStrongDHSizes 2048
+ * @run main/othervm UseStrongDHSizes 3072
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe3072 UseStrongDHSizes 3072
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe4096 UseStrongDHSizes 3072
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe6144 UseStrongDHSizes 3072
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe8192 UseStrongDHSizes 3072
+ * @run main/othervm UseStrongDHSizes 4096
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe4096 UseStrongDHSizes 4096
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe6144 UseStrongDHSizes 4096
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe8192 UseStrongDHSizes 4096
+ * @run main/othervm UseStrongDHSizes 6144
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe6144 UseStrongDHSizes 6144
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe8192 UseStrongDHSizes 6144
+ * @run main/othervm UseStrongDHSizes 8192
+ * @run main/othervm -Djdk.tls.namedGroups=ffdhe8192 UseStrongDHSizes 8192
+ */
+
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.Security;
+import javax.net.ssl.SSLSocket;
+
+public class UseStrongDHSizes extends SSLSocketTemplate {
+    /*
+     * Run the test case.
+     */
+    public static void main(String[] args) throws Exception {
+        // reset the security property to make sure that the algorithms
+        // and keys used in this test are not disabled unexpectedly.
+        String constraint = "DH keySize < " + Integer.valueOf(args[0]);
+        Security.setProperty("jdk.tls.disabledAlgorithms", constraint);
+        Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+
+        (new UseStrongDHSizes()).run();
+    }
+
+    @Override
+    protected void runServerApplication(SSLSocket socket) throws Exception {
+        String ciphers[] = {
+                "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+                "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+                "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+                "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"};
+
+        socket.setEnabledCipherSuites(ciphers);
+        socket.setWantClientAuth(true);
+
+        InputStream sslIS = socket.getInputStream();
+        OutputStream sslOS = socket.getOutputStream();
+
+        sslIS.read();
+        sslOS.write(85);
+        sslOS.flush();
+    }
+
+    @Override
+    protected void runClientApplication(SSLSocket socket) throws Exception {
+        String ciphers[] = {
+                "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+                "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+                "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+                "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"};
+        socket.setEnabledCipherSuites(ciphers);
+        socket.setUseClientMode(true);
+
+        InputStream sslIS = socket.getInputStream();
+        OutputStream sslOS = socket.getOutputStream();
+
+        sslOS.write(280);
+        sslOS.flush();
+        sslIS.read();
+    }
+}
diff --git a/jdk/test/sun/security/tools/keytool/WeakAlg.java b/jdk/test/sun/security/tools/keytool/WeakAlg.java
index bb7ae77737..1f725096b8 100644
--- a/jdk/test/sun/security/tools/keytool/WeakAlg.java
+++ b/jdk/test/sun/security/tools/keytool/WeakAlg.java
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8171319 8177569
+ * @bug 8171319 8177569 8182879
  * @summary keytool should print out warnings when reading or generating
   *         cert/cert req using weak algorithms
  * @library /test/lib
@@ -33,6 +33,7 @@
  * @run main/othervm/timeout=600 -Duser.language=en -Duser.country=US WeakAlg
  */
 
+import jdk.test.lib.Asserts;
 import jdk.test.lib.SecurityTools;
 import jdk.test.lib.process.OutputAnalyzer;
 import sun.security.tools.KeyStoreUtil;
@@ -40,6 +41,7 @@ import sun.security.util.DisabledAlgorithmConstraints;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.PrintStream;
@@ -134,25 +136,164 @@ public class WeakAlg {
         kt("-delete -alias b");
         kt("-printcrl -file b.crl")
                 .shouldContain("WARNING: not verified");
+
+        jksTypeCheck();
+
+        checkInplaceImportKeyStore();
+    }
+
+    static void jksTypeCheck() throws Exception {
+
+        // No warning for cacerts, all certs
+        kt0("-cacerts -list -storepass changeit")
+                .shouldNotContain("Warning:");
+
+        rm("ks");
+        rm("ks2");
+
+        kt("-genkeypair -alias a -dname CN=A")
+                .shouldNotContain("Warning:");
+        kt("-list")
+                .shouldNotContain("Warning:");
+        kt("-list -storetype jks") // no warning if PKCS12 used as JKS
+                .shouldNotContain("Warning:");
+        kt("-exportcert -alias a -file a.crt")
+                .shouldNotContain("Warning:");
+
+        // warn if migrating to JKS
+        importkeystore("ks", "ks2", "-deststoretype jks")
+                .shouldContain("JKS keystore uses a proprietary format");
+
+        rm("ks");
+        rm("ks2");
+        rm("ks3");
+
+        // no warning if all certs
+        kt("-importcert -alias b -file a.crt -storetype jks -noprompt")
+                .shouldNotContain("Warning:");
+        kt("-genkeypair -alias a -dname CN=A")
+                .shouldContain("JKS keystore uses a proprietary format");
+        kt("-list")
+                .shouldContain("JKS keystore uses a proprietary format");
+        kt("-list -storetype pkcs12") // warn if JKS used as PKCS12
+                .shouldContain("JKS keystore uses a proprietary format");
+        kt("-exportcert -alias a -file a.crt")
+                .shouldContain("JKS keystore uses a proprietary format");
+        kt("-printcert -file a.crt") // no warning if keystore not touched
+                .shouldNotContain("Warning:");
+        kt("-certreq -alias a -file a.req")
+                .shouldContain("JKS keystore uses a proprietary format");
+        kt("-printcertreq -file a.req") // no warning if keystore not touched
+                .shouldNotContain("Warning:");
+
+        // No warning if migrating from JKS
+        importkeystore("ks", "ks2", "")
+                .shouldNotContain("Warning:");
+
+        importkeystore("ks", "ks3", "-deststoretype pkcs12")
+                .shouldNotContain("Warning:");
+
+        rm("ks");
+
+        kt("-genkeypair -alias a -dname CN=A -storetype jceks")
+                .shouldContain("JCEKS keystore uses a proprietary format");
+        kt("-list")
+                .shouldContain("JCEKS keystore uses a proprietary format");
+        kt("-importcert -alias b -file a.crt -noprompt")
+                .shouldContain("JCEKS keystore uses a proprietary format");
+        kt("-exportcert -alias a -file a.crt")
+                .shouldContain("JCEKS keystore uses a proprietary format");
+        kt("-printcert -file a.crt")
+                .shouldNotContain("Warning:");
+        kt("-certreq -alias a -file a.req")
+                .shouldContain("JCEKS keystore uses a proprietary format");
+        kt("-printcertreq -file a.req")
+                .shouldNotContain("Warning:");
+        kt("-genseckey -alias c -keyalg AES -keysize 128")
+                .shouldContain("JCEKS keystore uses a proprietary format");
     }
 
     static void checkImportKeyStore() throws Exception {
 
-        saveStore();
+        rm("ks2");
+        rm("ks3");
 
-        rm("ks");
-        kt("-importkeystore -srckeystore ks2 -srcstorepass changeit")
+        importkeystore("ks", "ks2", "")
                 .shouldContain("3 entries successfully imported")
                 .shouldContain("Warning")
                 .shouldMatch(".*512-bit RSA key.*risk")
                 .shouldMatch(".*MD5withRSA.*risk");
 
-        rm("ks");
-        kt("-importkeystore -srckeystore ks2 -srcstorepass changeit -srcalias a")
+        importkeystore("ks", "ks3", "-srcalias a")
                 .shouldContain("Warning")
                 .shouldMatch(".*MD5withRSA.*risk");
+    }
 
-        reStore();
+    static void checkInplaceImportKeyStore() throws Exception {
+
+        rm("ks");
+        genkeypair("a", "");
+
+        // Same type backup
+        importkeystore("ks", "ks", "")
+                .shouldContain("Warning:")
+                .shouldMatch("original.*ks.old");
+
+        importkeystore("ks", "ks", "")
+                .shouldContain("Warning:")
+                .shouldMatch("original.*ks.old2");
+
+        importkeystore("ks", "ks", "-srcstoretype jks") // it knows real type
+                .shouldContain("Warning:")
+                .shouldMatch("original.*ks.old3");
+
+        String cPath = new File("ks").getCanonicalPath();
+
+        importkeystore("ks", cPath, "")
+                .shouldContain("Warning:")
+                .shouldMatch("original.*ks.old4");
+
+        // Migration
+        importkeystore("ks", "ks", "-deststoretype jks")
+                .shouldContain("Warning:")
+                .shouldContain("JKS keystore uses a proprietary format")
+                .shouldMatch("Migrated.*JKS.*PKCS12.*ks.old5");
+
+        Asserts.assertEQ(
+                KeyStore.getInstance(
+                        new File("ks"), "changeit".toCharArray()).getType(),
+                "JKS");
+
+        importkeystore("ks", "ks", "-srcstoretype PKCS12")
+                .shouldContain("Warning:")
+                .shouldNotContain("proprietary format")
+                .shouldMatch("Migrated.*PKCS12.*JKS.*ks.old6");
+
+        Asserts.assertEQ(
+                KeyStore.getInstance(
+                        new File("ks"), "changeit".toCharArray()).getType(),
+                "PKCS12");
+
+        Asserts.assertEQ(
+                KeyStore.getInstance(
+                        new File("ks.old6"), "changeit".toCharArray()).getType(),
+                "JKS");
+
+        // One password prompt is enough for migration
+        kt0("-importkeystore -srckeystore ks -destkeystore ks", "changeit")
+                .shouldMatch("original.*ks.old7");
+
+        // But three if importing to a different keystore
+        rm("ks2");
+        kt0("-importkeystore -srckeystore ks -destkeystore ks2",
+                    "changeit")
+                .shouldContain("Keystore password is too short");
+
+        kt0("-importkeystore -srckeystore ks -destkeystore ks2",
+                "changeit", "changeit", "changeit")
+                .shouldContain("Importing keystore ks to ks2...")
+                .shouldNotContain("original")
+                .shouldNotContain("Migrated");
     }
 
     static void checkImport() throws Exception {
@@ -518,17 +659,22 @@ public class WeakAlg {
         }
     }
 
-    // Fast keytool execution by directly calling its main() method
     static OutputAnalyzer kt(String cmd, String... input) {
+        return kt0("-keystore ks -storepass changeit " +
+                "-keypass changeit " + cmd, input);
+    }
+
+    // Fast keytool execution by directly calling its main() method
+    static OutputAnalyzer kt0(String cmd, String... input) {
         PrintStream out = System.out;
         PrintStream err = System.err;
         InputStream ins = System.in;
         ByteArrayOutputStream bout = new ByteArrayOutputStream();
         ByteArrayOutputStream berr = new ByteArrayOutputStream();
         boolean succeed = true;
+        String sout;
+        String serr;
         try {
-            cmd = "-keystore ks -storepass changeit " +
-                    "-keypass changeit " + cmd;
             System.out.println("---------------------------------------------");
             System.out.println("$ keytool " + cmd);
             System.out.println();
@@ -552,19 +698,26 @@ public class WeakAlg {
             System.setOut(out);
             System.setErr(err);
             System.setIn(ins);
+            sout = new String(bout.toByteArray());
+            serr = new String(berr.toByteArray());
+            System.out.println("STDOUT:\n" + sout + "\nSTDERR:\n" + serr);
         }
-        String sout = new String(bout.toByteArray());
-        String serr = new String(berr.toByteArray());
-        System.out.println("STDOUT:\n" + sout + "\nSTDERR:\n" + serr);
         if (!succeed) {
             throw new RuntimeException();
         }
         return new OutputAnalyzer(sout, serr);
     }
 
+    static OutputAnalyzer importkeystore(String src, String dest,
+                                         String options) {
+        return kt0("-importkeystore "
+                + "-srckeystore " + src + " -destkeystore " + dest
+                + " -srcstorepass changeit -deststorepass changeit " + options);
+    }
+
     static OutputAnalyzer genkeypair(String alias, String options) {
         return kt("-genkeypair -alias " + alias + " -dname CN=" + alias
-                + " -keyalg RSA -storetype JKS " + options);
+                + " -keyalg RSA -storetype PKCS12 " + options);
     }
 
     static OutputAnalyzer certreq(String alias, String options) {
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/VERSION b/jdk/test/sun/util/calendar/zi/tzdata/VERSION
index eb5b4595f3..6642908310 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/VERSION
+++ b/jdk/test/sun/util/calendar/zi/tzdata/VERSION
@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2017b
+tzdata2017c
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/africa b/jdk/test/sun/util/calendar/zi/tzdata/africa
index d3de96d143..10d4dfaabb 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/africa
+++ b/jdk/test/sun/util/calendar/zi/tzdata/africa
@@ -49,7 +49,7 @@
 #
 # For data circa 1899, a common source is:
 # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94.
-# http://www.jstor.org/stable/1774359
+# https://www.jstor.org/stable/1774359
 #
 # A reliable and entertaining source about time zones is
 # Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997).
@@ -241,7 +241,7 @@ Rule	Egypt	2006	only	-	Sep	21	24:00	0	-
 # saving time in Egypt will end in the night of 2007-09-06 to 2007-09-07.
 # From Jesper Nørgaard Welen (2007-08-15): [The following agree:]
 # http://www.nentjes.info/Bill/bill5.htm
-# http://www.timeanddate.com/worldclock/city.html?n=53
+# https://www.timeanddate.com/worldclock/city.html?n=53
 # From Steffen Thorsen (2007-09-04): The official information...:
 # http://www.sis.gov.eg/En/EgyptOnline/Miscellaneous/000002/0207000000000000001580.htm
 Rule	Egypt	2007	only	-	Sep	Thu>=1	24:00	0	-
@@ -279,8 +279,8 @@ Rule	Egypt	2007	only	-	Sep	Thu>=1	24:00	0	-
 # timeanddate[2] and another site I've found[3] also support that.
 #
 # [1] https://bugzilla.redhat.com/show_bug.cgi?id=492263
-# [2] http://www.timeanddate.com/worldclock/clockchange.html?n=53
-# [3] http://wwp.greenwichmeantime.com/time-zone/africa/egypt/
+# [2] https://www.timeanddate.com/worldclock/clockchange.html?n=53
+# [3] https://wwp.greenwichmeantime.com/time-zone/africa/egypt/
 
 # From Arthur David Olson (2009-04-20):
 # In 2009 (and for the next several years), Ramadan ends before the fourth
@@ -290,10 +290,10 @@ Rule	Egypt	2007	only	-	Sep	Thu>=1	24:00	0	-
 # From Steffen Thorsen (2009-08-11):
 # We have been able to confirm the August change with the Egyptian Cabinet
 # Information and Decision Support Center:
-# http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html
+# https://www.timeanddate.com/news/time/egypt-dst-ends-2009.html
 #
 # The Middle East News Agency
-# http://www.mena.org.eg/index.aspx
+# https://www.mena.org.eg/index.aspx
 # also reports "Egypt starts winter time on August 21"
 # today in article numbered "71, 11/08/2009 12:25 GMT."
 # Only the title above is available without a subscription to their service,
@@ -343,7 +343,7 @@ Rule	Egypt	2007	only	-	Sep	Thu>=1	24:00	0	-
 # Thursday of April....  Clocks will still be turned back for Ramadan, but
 # dates not yet announced....
 # http://almogaz.com/news/weird-news/2015/04/05/1947105 ...
-# http://www.timeanddate.com/news/time/egypt-starts-dst-2015.html
+# https://www.timeanddate.com/news/time/egypt-starts-dst-2015.html
 
 # From Ahmed Nazmy (2015-04-20):
 # Egypt's ministers cabinet just announced ... that it will cancel DST at
@@ -470,11 +470,11 @@ Zone	Africa/Monrovia	-0:43:08 -	LMT	1882
 
 # From Even Scharning (2012-11-10):
 # Libya set their time one hour back at 02:00 on Saturday November 10.
-# http://www.libyaherald.com/2012/11/04/clocks-to-go-back-an-hour-on-saturday/
+# https://www.libyaherald.com/2012/11/04/clocks-to-go-back-an-hour-on-saturday/
 # Here is an official source [in Arabic]: http://ls.ly/fb6Yc
 #
 # Steffen Thorsen forwarded a translation (2012-11-10) in
-# http://mm.icann.org/pipermail/tz/2012-November/018451.html
+# https://mm.icann.org/pipermail/tz/2012-November/018451.html
 #
 # From Tim Parenti (2012-11-11):
 # Treat the 2012-11-10 change as a zone change from UTC+2 to UTC+1.
@@ -485,7 +485,7 @@ Zone	Africa/Monrovia	-0:43:08 -	LMT	1882
 # From Even Scharning (2013-10-25):
 # The scheduled end of DST in Libya on Friday, October 25, 2013 was
 # cancelled yesterday....
-# http://www.libyaherald.com/2013/10/24/correction-no-time-change-tomorrow/
+# https://www.libyaherald.com/2013/10/24/correction-no-time-change-tomorrow/
 #
 # From Paul Eggert (2013-10-25):
 # For now, assume they're reverting to the pre-2012 rules of permanent UT +02.
@@ -538,7 +538,7 @@ Zone	Africa/Tripoli	0:52:44 -	LMT	1920
 # basis....
 # It seems that Mauritius observed daylight saving time from 1982-10-10 to
 # 1983-03-20 as well, but that was not successful....
-# http://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html
+# https://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html
 
 # From Alex Krivenyshev (2008-06-25):
 # http://economicdevelopment.gov.mu/portal/site/Mainhomepage/menuitem.a42b24128104d9845dabddd154508a0c/?content_id=0a7cee8b5d69a110VgnVCM1000000a04a8c0RCRD
@@ -606,7 +606,7 @@ Zone	Africa/Tripoli	0:52:44 -	LMT	1920
 # http://lexpress.mu/Story/3398~Beebeejaun---Les-objectifs-d-%C3%A9conomie-d-%C3%A9nergie-de-l-heure-d-%C3%A9t%C3%A9-ont-%C3%A9t%C3%A9-atteints-
 #
 # Our wrap-up:
-# http://www.timeanddate.com/news/time/mauritius-dst-will-not-repeat.html
+# https://www.timeanddate.com/news/time/mauritius-dst-will-not-repeat.html
 
 # From Arthur David Olson (2009-07-11):
 # The "mauritius-dst-will-not-repeat" wrapup includes this:
@@ -638,7 +638,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 # be one hour ahead of GMT between 1 June and 27 September, according to
 # Communication Minister and Government Spokesman, Khalid Naciri...."
 #
-# http://www.worldtimezone.net/dst_news/dst_news_morocco01.html
+# http://www.worldtimezone.com/dst_news/dst_news_morocco01.html
 # http://en.afrik.com/news11892.html
 
 # From Alex Krivenyshev (2008-05-09):
@@ -651,7 +651,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 
 # From Patrice Scattolin (2008-05-09):
 # According to this article:
-# http://www.avmaroc.com/actualite/heure-dete-comment-a127896.html
+# https://www.avmaroc.com/actualite/heure-dete-comment-a127896.html
 # (and republished here: )
 # the changes occur at midnight:
 #
@@ -673,7 +673,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 # posted in English).
 #
 # The following Google query will generate many relevant hits:
-# http://www.google.com/search?hl=en&q=Conseil+de+gouvernement+maroc+heure+avance&btnG=Search
+# https://www.google.com/search?hl=en&q=Conseil+de+gouvernement+maroc+heure+avance&btnG=Search
 
 # From Steffen Thorsen (2008-08-27):
 # Morocco will change the clocks back on the midnight between August 31
@@ -684,7 +684,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 # http://www.menara.ma/fr/Actualites/Maroc/Societe/ci.retour_a_l_heure_gmt_a_partir_du_dimanche_31_aout_a_minuit_officiel_.default
 #
 # We have some further details posted here:
-# http://www.timeanddate.com/news/time/morocco-ends-dst-early-2008.html
+# https://www.timeanddate.com/news/time/morocco-ends-dst-early-2008.html
 
 # From Steffen Thorsen (2009-03-17):
 # Morocco will observe DST from 2009-06-01 00:00 to 2009-08-21 00:00 according
@@ -694,7 +694,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 # (French)
 #
 # Our summary:
-# http://www.timeanddate.com/news/time/morocco-starts-dst-2009.html
+# https://www.timeanddate.com/news/time/morocco-starts-dst-2009.html
 
 # From Alexander Krivenyshev (2009-03-17):
 # Here is a link to official document from Royaume du Maroc Premier Ministre,
@@ -717,7 +717,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 # http://www.lavieeco.com/actualites/4099-le-maroc-passera-a-l-heure-d-ete-gmt1-le-2-mai.html
 # (French)
 # Our page:
-# http://www.timeanddate.com/news/time/morocco-starts-dst-2010.html
+# https://www.timeanddate.com/news/time/morocco-starts-dst-2010.html
 
 # From Dan Abitol (2011-03-30):
 # ...Rules for Africa/Casablanca are the following (24h format)
@@ -734,7 +734,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 # They said that the decision was already taken.
 #
 # More articles in the press
-# http://www.yabiladi.com/articles/details/5058/secret-l-heure-d-ete-maroc-leve.html
+# https://www.yabiladi.com/articles/details/5058/secret-l-heure-d-ete-maroc-leve.html
 # http://www.lematin.ma/Actualite/Express/Article.asp?id=148923
 # http://www.lavieeco.com/actualite/Le-Maroc-passe-sur-GMT%2B1-a-partir-de-dim
 
@@ -826,7 +826,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 # 1433 (18 April 2012) and the decision of the Head of Government of
 # 16 N. 3-29-15 Chaaban 1435 (4 June 2015).
 # Source (french):
-# http://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/
+# https://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/
 #
 # From Milamber (2015-06-09):
 # http://www.mmsp.gov.ma/fr/actualites.aspx?id=863
@@ -835,7 +835,7 @@ Zone Indian/Mauritius	3:50:00 -	LMT	1907 # Port Louis
 # [The gov.ma announcement] would (probably) make the switch on 2015-07-19 go
 # from 03:00 to 04:00 rather than from 02:00 to 03:00, as in the patch....
 # I think the patch is correct and the quoted text is wrong; the text in
-#  agrees
+#  agrees
 # with the patch.
 
 # From Paul Eggert (2015-06-08):
@@ -960,9 +960,17 @@ Link Africa/Maputo Africa/Kigali	# Rwanda
 Link Africa/Maputo Africa/Lubumbashi	# E Dem. Rep. of Congo
 Link Africa/Maputo Africa/Lusaka	# Zambia
 
+
 # Namibia
-# The 1994-04-03 transition is from Shanks & Pottenger.
-# Shanks & Pottenger report no DST after 1998-04; go with IATA.
+
+# From Arthur David Olson (2017-08-09):
+# The text of the "Namibia Time Act, 1994" is available online at
+# www.lac.org.na/laws/1994/811.pdf
+# and includes this nugget:
+# Notwithstanding the provisions of subsection (2) of section 1, the
+# first winter period after the commencement of this Act shall
+# commence at OOhOO on Monday 21 March 1994 and shall end at 02h00 on
+# Sunday 4 September 1994.
 
 # From Petronella Sibeene (2007-03-30):
 # http://allafrica.com/stories/200703300178.html
@@ -978,19 +986,30 @@ Link Africa/Maputo Africa/Lusaka	# Zambia
 # observes Botswana time, we have no details about historical practice.
 # In the meantime people there can use Africa/Gaborone.
 # See: Immanuel S. The Namibian. 2017-02-23.
-# http://www.namibian.com.na/51480/read/Time-change-divides-lawmakers
+# https://www.namibian.com.na/51480/read/Time-change-divides-lawmakers
+
+# From Steffen Thorsen (2017-08-09):
+# Namibia is going to change their time zone to what is now their DST:
+# https://www.newera.com.na/2017/02/23/namibias-winter-time-might-be-repealed/
+# This video is from the government decision:
+# https://www.nbc.na/news/na-passes-namibia-time-bill-repealing-1994-namibia-time-act.8665
+# We have made the assumption so far that they will change their time zone at
+# the same time they would normally start DST, the first Sunday in September:
+# https://www.timeanddate.com/news/time/namibia-new-time-zone.html
 
 # RULE	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
-Rule	Namibia	1994	max	-	Sep	Sun>=1	2:00	1:00	S
-Rule	Namibia	1995	max	-	Apr	Sun>=1	2:00	0	-
+Rule	Namibia	1994	only	-	Mar	21	0:00	0	-
+Rule	Namibia	1994	2016	-	Sep	Sun>=1	2:00	1:00	S
+Rule	Namibia	1995	2017	-	Apr	Sun>=1	2:00	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Africa/Windhoek	1:08:24 -	LMT	1892 Feb 8
 			1:30	-	+0130	1903 Mar
 			2:00	-	SAST	1942 Sep 20  2:00
 			2:00	1:00	SAST	1943 Mar 21  2:00
 			2:00	-	SAST	1990 Mar 21 # independence
-			2:00	-	CAT	1994 Apr  3
-			1:00	Namibia	WA%sT
+			2:00	-	CAT	1994 Mar 21  0:00
+			1:00	Namibia	WA%sT	2017 Sep  3  2:00
+			2:00	-	CAT
 
 # Niger
 # See Africa/Lagos.
@@ -1077,14 +1096,24 @@ Link Africa/Johannesburg Africa/Mbabane    # Swaziland
 # no information
 
 # Sudan
-#
+
 # From 
 # Sudan News Agency (2000-01-13),
 # also reported by Michaël De Beukelaer-Dossche via Steffen Thorsen:
 # Clocks will be moved ahead for 60 minutes all over the Sudan as of noon
 # Saturday....  This was announced Thursday by Caretaker State Minister for
 # Manpower Abdul-Rahman Nur-Eddin.
+
+# From Ahmed Atyya, National Telecommunications Corp. (NTC), Sudan (2017-10-17):
+# ... the Republic of Sudan is going to change the time zone from (GMT+3:00)
+# to (GMT+ 2:00) starting from Wednesday 1 November 2017.
 #
+# From Paul Eggert (2017-10-18):
+# A scanned copy (in Arabic) of Cabinet Resolution No. 352 for the
+# year 2017 can be found as an attachment in email today from Yahia
+# Abdalla of NTC, archived at:
+# https://mm.icann.org/pipermail/tz/2017-October/025333.html
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Sudan	1970	only	-	May	 1	0:00	1:00	S
 Rule	Sudan	1970	1985	-	Oct	15	0:00	0	-
@@ -1093,10 +1122,14 @@ Rule	Sudan	1972	1985	-	Apr	lastSun	0:00	1:00	S
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Africa/Khartoum	2:10:08 -	LMT	1931
 			2:00	Sudan	CA%sT	2000 Jan 15 12:00
-			3:00	-	EAT
+			3:00	-	EAT	2017 Nov  1
+			2:00	-	CAT
 
 # South Sudan
-Link Africa/Khartoum Africa/Juba
+# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+Zone	Africa/Juba	2:06:28 -	LMT	1931
+			2:00	Sudan	CA%sT	2000 Jan 15 12:00
+			3:00	-	EAT
 
 # Swaziland
 # See Africa/Johannesburg.
@@ -1134,11 +1167,11 @@ Link Africa/Khartoum Africa/Juba
 # According to several news sources, Tunisia will not observe DST this year.
 # (Arabic)
 # http://www.elbashayer.com/?page=viewn&nid=42546
-# http://www.babnet.net/kiwidetail-15295.asp
+# https://www.babnet.net/kiwidetail-15295.asp
 #
 # We have also confirmed this with the US embassy in Tunisia.
 # We have a wrap-up about this on the following page:
-# http://www.timeanddate.com/news/time/tunisia-cancels-dst-2009.html
+# https://www.timeanddate.com/news/time/tunisia-cancels-dst-2009.html
 
 # From Alexander Krivenyshev (2009-03-17):
 # Here is a link to Tunis Afrique Presse News Agency
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/antarctica b/jdk/test/sun/util/calendar/zi/tzdata/antarctica
index c88c0b4107..c78ef7ed50 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/antarctica
+++ b/jdk/test/sun/util/calendar/zi/tzdata/antarctica
@@ -49,7 +49,7 @@
 # Heard Island, McDonald Islands (uninhabited)
 #	previously sealers and scientific personnel wintered
 #	Margaret Turner reports
-#	http://web.archive.org/web/20021204222245/http://www.dstc.qut.edu.au/DST/marg/daylight.html
+#	https://web.archive.org/web/20021204222245/http://www.dstc.qut.edu.au/DST/marg/daylight.html
 #	(1999-09-30) that they're UT +05, with no DST;
 #	presumably this is when they have visitors.
 #
@@ -70,7 +70,7 @@
 # http://www.aad.gov.au/default.asp?casid=37079
 #
 # We have more background information here:
-# http://www.timeanddate.com/news/time/antarctica-new-times.html
+# https://www.timeanddate.com/news/time/antarctica-new-times.html
 
 # From Steffen Thorsen (2010-03-10):
 # We got these changes from the Australian Antarctic Division: ...
@@ -85,7 +85,7 @@
 # - Mawson station stays on UTC+5.
 #
 # Background:
-# http://www.timeanddate.com/news/time/antartica-time-changes-2010.html
+# https://www.timeanddate.com/news/time/antartica-time-changes-2010.html
 
 # From Steffen Thorsen (2016-10-28):
 # Australian Antarctica Division informed us that Casey changed time
@@ -168,7 +168,7 @@ Zone Indian/Kerguelen	0	-	-00	1950 # Port-aux-Français
 #
 # year-round base in the main continent
 # Dumont d'Urville, Île des Pétrels, -6640+14001, since 1956-11
-#  (2005-12-05)
+#  (2005-12-05)
 #
 # Another base at Port-Martin, 50km east, began operation in 1947.
 # It was destroyed by fire on 1952-01-14.
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/asia b/jdk/test/sun/util/calendar/zi/tzdata/asia
index 306a2aa8bc..71f5d0cfc8 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/asia
+++ b/jdk/test/sun/util/calendar/zi/tzdata/asia
@@ -49,7 +49,7 @@
 #
 # For data circa 1899, a common source is:
 # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94.
-# http://www.jstor.org/stable/1774359
+# https://www.jstor.org/stable/1774359
 #
 # For Russian data circa 1919, a source is:
 # Byalokoz EL. New Counting of Time in Russia since July 1, 1919.
@@ -98,8 +98,8 @@ Rule E-EurAsia	1996	max	-	Oct	lastSun	 0:00	0	-
 Rule RussiaAsia	1981	1984	-	Apr	1	 0:00	1:00	S
 Rule RussiaAsia	1981	1983	-	Oct	1	 0:00	0	-
 Rule RussiaAsia	1984	1995	-	Sep	lastSun	 2:00s	0	-
-Rule RussiaAsia	1985	2011	-	Mar	lastSun	 2:00s	1:00	S
-Rule RussiaAsia	1996	2011	-	Oct	lastSun	 2:00s	0	-
+Rule RussiaAsia	1985	2010	-	Mar	lastSun	 2:00s	1:00	S
+Rule RussiaAsia	1996	2010	-	Oct	lastSun	 2:00s	0	-
 
 # Afghanistan
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
@@ -132,13 +132,17 @@ Zone	Asia/Kabul	4:36:48 -	LMT	1890
 # or
 # (brief)
 # http://www.worldtimezone.com/dst_news/dst_news_armenia03.html
+# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+Rule Armenia	2011	only	-	Mar	lastSun	 2:00s	1:00	S
+Rule Armenia	2011	only	-	Oct	lastSun	 2:00s	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Yerevan	2:58:00 -	LMT	1924 May  2
 			3:00	-	+03	1957 Mar
 			4:00 RussiaAsia +04/+05	1991 Mar 31  2:00s
 			3:00 RussiaAsia	+03/+04	1995 Sep 24  2:00s
 			4:00	-	+04	1997
-			4:00 RussiaAsia	+04/+05
+			4:00 RussiaAsia	+04/+05	2011
+			4:00	Armenia	+04/+05
 
 # Azerbaijan
 
@@ -150,7 +154,7 @@ Zone	Asia/Yerevan	2:58:00 -	LMT	1924 May  2
 # From Steffen Thorsen (2016-03-17):
 # ... the Azerbaijani Cabinet of Ministers has cancelled switching to
 # daylight saving time....
-# http://www.azernews.az/azerbaijan/94137.html
+# https://www.azernews.az/azerbaijan/94137.html
 # http://vestnikkavkaza.net/news/Azerbaijani-Cabinet-of-Ministers-cancels-daylight-saving-time.html
 # http://en.apa.az/xeber_azerbaijan_abolishes_daylight_savings_ti_240862.html
 
@@ -191,11 +195,11 @@ Zone	Asia/Baku	3:19:24 -	LMT	1924 May  2
 # the 19th and 20th, and they have not set the end date yet.
 #
 # Some sources:
-# http://in.reuters.com/article/southAsiaNews/idINIndia-40017620090601
+# https://in.reuters.com/article/southAsiaNews/idINIndia-40017620090601
 # http://bdnews24.com/details.php?id=85889&cid=2
 #
 # Our wrap-up:
-# http://www.timeanddate.com/news/time/bangladesh-daylight-saving-2009.html
+# https://www.timeanddate.com/news/time/bangladesh-daylight-saving-2009.html
 
 # From A. N. M. Kamrus Saadat (2009-06-15):
 # Finally we've got the official mail regarding DST start time where DST start
@@ -281,9 +285,15 @@ Zone	Asia/Brunei	7:39:40 -	LMT	1926 Mar # Bandar Seri Begawan
 
 # Milne says 6:24:40 was the meridian of the time ball observatory at Rangoon.
 
+# From Paul Eggert (2017-04-20):
+# Page 27 of Reed & Low (cited for Asia/Kolkata) says "Rangoon local time is
+# used upon the railways and telegraphs of Burma, and is 6h. 24m. 47s. ahead
+# of Greenwich."  This refers to the period before Burma's transition to +0630,
+# a transition for which Shanks is the only source.
+
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
-Zone	Asia/Yangon	6:24:40 -	LMT	1880        # or Rangoon
-			6:24:40	-	RMT	1920        # Rangoon Mean Time?
+Zone	Asia/Yangon	6:24:47 -	LMT	1880        # or Rangoon
+			6:24:47	-	RMT	1920        # Rangoon local time
 			6:30	-	+0630	1942 May
 			9:00	-	+09	1945 May  3
 			6:30	-	+0630
@@ -340,7 +350,7 @@ Rule	PRC	1987	1991	-	Apr	Sun>=10	0:00	1:00	D
 #
 # From Jesper Nørgaard Welen (2006-07-14):
 # I have investigated the timezones around 1970 on the
-# http://www.astro.com/atlas site [with provinces and county
+# https://www.astro.com/atlas site [with provinces and county
 # boundaries summarized below]....  A few other exceptions were two
 # counties on the Sichuan side of the Xizang-Sichuan border,
 # counties Dege and Baiyu which lies on the Sichuan side and are
@@ -492,7 +502,7 @@ Rule	PRC	1987	1991	-	Apr	Sun>=10	0:00	1:00	D
 
 # From David Cochrane (2014-03-26):
 # Just a confirmation that Ürümqi time was implemented in Ürümqi on 1 Feb 1986:
-# http://content.time.com/time/magazine/article/0,9171,960684,00.html
+# https://content.time.com/time/magazine/article/0,9171,960684,00.html
 
 # From Luther Ma (2014-04-22):
 # I have interviewed numerous people of various nationalities and from
@@ -649,7 +659,7 @@ Zone	Asia/Hong_Kong	7:36:42 -	LMT	1904 Oct 30
 # (both in Okinawa) adopt the Western Standard Time which is based on
 # 120E. The adoption began from Jan 1, 1896. The original text can be
 # found on Wikisource:
-# http://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時)
+# https://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時)
 # ... This could be the first adoption of time zone in Taiwan, because
 # during the Qing Dynasty, it seems that there was no time zone
 # declared officially.
@@ -662,7 +672,7 @@ Zone	Asia/Hong_Kong	7:36:42 -	LMT	1904 Oct 30
 # territory, including later occupations, adopt Japan Central Time
 # (UTC+9). The adoption began on Oct 1, 1937. The original text can
 # be found on Wikisource:
-# http://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件
+# https://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件
 #
 # That is, the time zone of Taipei switched to UTC+9 on Oct 1, 1937.
 
@@ -798,6 +808,12 @@ Zone	Asia/Macau	7:34:20 -	LMT	1912 Jan  1
 # Looks like the time zone split in Cyprus went through last night.
 # http://cyprus-mail.com/2016/10/30/cyprus-new-division-two-time-zones-now-reality/
 
+# From Paul Eggert (2017-10-18):
+# Northern Cyprus will reinstate winter time on October 29, thus
+# staying in sync with the rest of Cyprus.  See: Anastasiou A.
+# Cyprus to remain united in time.  Cyprus Mail 2017-10-17.
+# https://cyprus-mail.com/2017/10/17/cyprus-remain-united-time/
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Cyprus	1975	only	-	Apr	13	0:00	1:00	S
 Rule	Cyprus	1975	only	-	Oct	12	0:00	0	-
@@ -815,7 +831,8 @@ Zone	Asia/Nicosia	2:13:28 -	LMT	1921 Nov 14
 Zone	Asia/Famagusta	2:15:48	-	LMT	1921 Nov 14
 			2:00	Cyprus	EE%sT	1998 Sep
 			2:00	EUAsia	EE%sT	2016 Sep  8
-			3:00	-	+03
+			3:00	-	+03	2017 Oct 29 1:00u
+			2:00	EUAsia	EE%sT
 
 # Classically, Cyprus belongs to Asia; e.g. see Herodotus, Histories, I.72.
 # However, for various reasons many users expect to find it under Europe.
@@ -875,7 +892,7 @@ Zone	Asia/Tbilisi	2:59:11 -	LMT	1880
 
 # From João Carrascalão, brother of the former governor of East Timor, in
 # East Timor may be late for its millennium
-#  (1999-12-26/31):
+#  (1999-12-26/31):
 # Portugal tried to change the time forward in 1974 because the sun
 # rises too early but the suggestion raised a lot of problems with the
 # Timorese and I still don't think it would work today because it
@@ -903,21 +920,62 @@ Zone	Asia/Dili	8:22:20 -	LMT	1912 Jan  1
 # India
 
 # From Ian P. Beacock, in "A brief history of (modern) time", The Atlantic
-# http://www.theatlantic.com/technology/archive/2015/12/the-creation-of-modern-time/421419/
+# https://www.theatlantic.com/technology/archive/2015/12/the-creation-of-modern-time/421419/
 # (2015-12-22):
 # In January 1906, several thousand cotton-mill workers rioted on the
 # outskirts of Bombay....  They were protesting the proposed abolition of
 # local time in favor of Indian Standard Time....  Journalists called this
 # dispute the "Battle of the Clocks."  It lasted nearly half a century.
 
+# From Paul Eggert (2017-04-20):
+# Good luck trying to nail down old timekeeping records in India.
+# "... in the nineteenth century ... Madras Observatory took its magnetic
+# measurements on Göttingen time, its meteorological measurements on Madras
+# (local) time, dropped its time ball on Greenwich (ocean navigator's) time,
+# and distributed civil (local time)." -- Bartky IR. Selling the true time:
+# 19th-century timekeeping in america. Stanford U Press (2000), 247 note 19.
+# "A more potent cause of resistance to the general adoption of the present
+# standard time lies in the fact that it is Madras time.  The citizen of
+# Bombay, proud of being 'primus in Indis' and of Calcutta, equally proud of
+# his city being the Capital of India, and - for a part of the year - the Seat
+# of the Supreme Government, alike look down on Madras, and refuse to change
+# the time they are using, for that of what they regard as a benighted
+# Presidency; while Madras, having for long given the standard time to the
+# rest of India, would resist the adoption of any other Indian standard in its
+# place." -- Oldham RD. On Time in India: a suggestion for its improvement.
+# Proceedings of the Asiatic Society of Bengal (April 1899), 49-55.
+#
+# "In 1870 ... Madras time - 'now used by the telegraph and regulated from the
+# only government observatory' - was suggested as a standard railway time,
+# first to be adopted on the Great Indian Peninsular Railway (GIPR)....
+# Calcutta, Bombay, and Karachi, were to be allowed to continue with their
+# local time for civil purposes." - Prasad R. Tracks of Change: Railways and
+# Everyday Life in Colonial India. Cambridge University Press (2016), 145.
+#
+# Reed S, Low F. The Indian Year Book 1936-37. Bennett, Coleman, pp 27-8.
+# https://archive.org/details/in.ernet.dli.2015.282212
+# This lists +052110 as Madras local time used in railways, and says that on
+# 1906-01-01 railways and telegraphs in India switched to +0530.  Some
+# municipalities retained their former time, and the time in Calcutta
+# continued to depend on whether you were at the railway station or at
+# government offices.  Government time was at +055320 (according to Shanks) or
+# at +0554 (according to the Indian Year Book).  Railway time is more
+# appropriate for our purposes, as it was better documented, it is what we do
+# elsewhere (e.g., Europe/London before 1880), and after 1906 it was
+# consistent in the region now identified by Asia/Kolkata.  So, use railway
+# time for 1870-1941.  Shanks is our only (and dubious) source for the
+# 1941-1945 data.
+
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
-Zone	Asia/Kolkata	5:53:28 -	LMT	1880        # Kolkata
-			5:53:20	-	HMT	1941 Oct    # Howrah Mean Time?
-			6:30	-	+0630	1942 May 15
+Zone	Asia/Kolkata	5:53:28 -	LMT	1854 Jun 28 # Kolkata
+			5:53:20	-	HMT	1870	    # Howrah Mean Time?
+			5:21:10	-	MMT	1906 Jan  1 # Madras local time
+			5:30	-	IST	1941 Oct
+			5:30	1:00	+0630	1942 May 15
 			5:30	-	IST	1942 Sep
 			5:30	1:00	+0630	1945 Oct 15
 			5:30	-	IST
-# The following are like Asia/Kolkata:
+# Since 1970 the following are like Asia/Kolkata:
 #	Andaman Is
 #	Lakshadweep (Laccadive, Minicoy and Amindivi Is)
 #	Nicobar Is
@@ -1059,7 +1117,7 @@ Zone Asia/Jayapura	9:22:48 -	LMT	1932 Nov
 # From Reuters (2007-09-16), with a heads-up from Jesper Nørgaard Welen:
 # ... the Guardian Council ... approved a law on Sunday to re-introduce
 # daylight saving time ...
-# http://uk.reuters.com/article/oilRpt/idUKBLA65048420070916
+# https://uk.reuters.com/article/oilRpt/idUKBLA65048420070916
 #
 # From Roozbeh Pournader (2007-11-05):
 # This is quoted from Official Gazette of the Islamic Republic of
@@ -1158,7 +1216,7 @@ Zone	Asia/Tehran	3:25:44	-	LMT	1916
 # http://www.aswataliraq.info/look/article.tpl?id=2047&IdLanguage=17&IdPublication=4&NrArticle=71743&NrIssue=1&NrSection=10
 #
 # We have published a short article in English about the change:
-# http://www.timeanddate.com/news/time/iraq-dumps-daylight-saving.html
+# https://www.timeanddate.com/news/time/iraq-dumps-daylight-saving.html
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Iraq	1982	only	-	May	1	0:00	1:00	D
@@ -1466,12 +1524,12 @@ Rule	Japan	1950	1951	-	May	Sun>=1	2:00	1:00	D
 # From Yu-Cheng Chuang (2013-07-12):
 # ...the Meiji Emperor announced Ordinance No. 167 of Meiji Year 28 "The clause
 # about standard time" ... The adoption began from Jan 1, 1896.
-# http://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時)
+# https://ja.wikisource.org/wiki/標準時ニ關スル件_(公布時)
 #
 # ...the Showa Emperor announced Ordinance No. 529 of Showa Year 12 ... which
 # means the whole Japan territory, including later occupations, adopt Japan
 # Central Time (UTC+9). The adoption began on Oct 1, 1937.
-# http://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件
+# https://ja.wikisource.org/wiki/明治二十八年勅令第百六十七號標準時ニ關スル件中改正ノ件
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Tokyo	9:18:59	-	LMT	1887 Dec 31 15:00u
@@ -1533,7 +1591,7 @@ Zone	Asia/Tokyo	9:18:59	-	LMT	1887 Dec 31 15:00u
 # Official, in Arabic:
 # http://www.petra.gov.jo/public_news/Nws_NewsDetails.aspx?Menu_ID=&Site_Id=2&lang=1&NewsID=133230&CatID=14
 # ... Our background/permalink about it
-# http://www.timeanddate.com/news/time/jordan-reverses-dst-decision.html
+# https://www.timeanddate.com/news/time/jordan-reverses-dst-decision.html
 # ...
 # http://www.petra.gov.jo/Public_News/Nws_NewsDetails.aspx?lang=2&site_id=1&NewsID=133313&Type=P
 # ... says midnight for the coming one and 1:00 for the ones in the future
@@ -1891,9 +1949,9 @@ Zone	Asia/Bishkek	4:58:24 -	LMT	1924 May  2
 # between 1987 and 1988 ...
 
 # From Sanghyuk Jung (2014-10-29):
-# http://mm.icann.org/pipermail/tz/2014-October/021830.html
+# https://mm.icann.org/pipermail/tz/2014-October/021830.html
 # According to the Korean Wikipedia
-# http://ko.wikipedia.org/wiki/한국_표준시
+# https://ko.wikipedia.org/wiki/한국_표준시
 # [oldid=12896437 2014-09-04 08:03 UTC]
 # DST in Republic of Korea was as follows....  And I checked old
 # newspapers in Korean, all articles correspond with data in Wikipedia.
@@ -2115,7 +2173,7 @@ Zone	Indian/Maldives	4:54:00 -	LMT	1880 # Male
 # +08:00 instead. Different sources appear to disagree with the tz
 # database on this, e.g.:
 #
-# http://www.timeanddate.com/worldclock/city.html?n=1026
+# https://www.timeanddate.com/worldclock/city.html?n=1026
 # http://www.worldtimeserver.com/current_time_in_MN.aspx
 #
 # both say GMT+08:00.
@@ -2245,7 +2303,7 @@ Zone	Asia/Kathmandu	5:41:16 -	LMT	1920
 # help reduce load shedding by approving the closure of commercial centres at
 # 9pm and moving clocks forward by one hour for the next three months. ...."
 #
-# http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html
+# http://www.worldtimezone.com/dst_news/dst_news_pakistan01.html
 # http://www.dailytimes.com.pk/default.asp?page=2008%5C05%5C15%5Cstory_15-5-2008_pg1_4
 
 # From Arthur David Olson (2008-05-19):
@@ -2311,7 +2369,7 @@ Zone	Asia/Kathmandu	5:41:16 -	LMT	1920
 #
 # We have confirmed this year's end date with both with the Ministry of
 # Water and Power and the Pakistan Electric Power Company:
-# http://www.timeanddate.com/news/time/pakistan-ends-dst09.html
+# https://www.timeanddate.com/news/time/pakistan-ends-dst09.html
 
 # From Christoph Göhre (2009-10-01):
 # [T]he German Consulate General in Karachi reported me today that Pakistan
@@ -2493,7 +2551,7 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 #
 # We are not sure if Gaza will do the same, last year they had a different
 # end date, we will keep this page updated:
-# http://www.timeanddate.com/news/time/westbank-gaza-dst-2009.html
+# https://www.timeanddate.com/news/time/westbank-gaza-dst-2009.html
 
 # From Alexander Krivenyshev (2009-09-02):
 # Seems that Gaza Strip will go back to Winter Time same date as West Bank.
@@ -2531,7 +2589,7 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 # the clocks were set back one hour at 2010-08-11 00:00:00 local time in
 # Gaza and the West Bank.
 # Some more background info:
-# http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html
+# https://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html
 
 # From Steffen Thorsen (2011-08-26):
 # Gaza and the West Bank did go back to standard time in the beginning of
@@ -2541,7 +2599,7 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 #
 # http://www.maannews.net/eng/ViewDetails.aspx?ID=416217
 # Additional info:
-# http://www.timeanddate.com/news/time/palestine-dst-2011.html
+# https://www.timeanddate.com/news/time/palestine-dst-2011.html
 
 # From Alexander Krivenyshev (2011-08-27):
 # According to the article in The Jerusalem Post:
@@ -2551,7 +2609,7 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 # The Hamas government said on Saturday that it won't observe summertime after
 # the Muslim feast of Id al-Fitr, which begins on Tuesday..."
 # ...
-# http://www.jpost.com/MiddleEast/Article.aspx?id=235650
+# https://www.jpost.com/MiddleEast/Article.aspx?id=235650
 # http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html
 # The rules for Egypt are stolen from the 'africa' file.
 
@@ -2572,7 +2630,7 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 # http://safa.ps/details/news/74352/%D8%A8%D8%AF%D8%A1-%D8%A7%D9%84%D8%AA%D9%88%D9%82%D9%8A%D8%AA-%D8%A7%D9%84%D8%B5%D9%8A%D9%81%D9%8A-%D8%A8%D8%A7%D9%84%D8%B6%D9%81%D8%A9-%D9%88%D8%BA%D8%B2%D8%A9-%D9%84%D9%8A%D9%84%D8%A9-%D8%A7%D9%84%D8%AC%D9%85%D8%B9%D8%A9.html
 #
 # Our brief summary:
-# http://www.timeanddate.com/news/time/gaza-west-bank-dst-2012.html
+# https://www.timeanddate.com/news/time/gaza-west-bank-dst-2012.html
 
 # From Steffen Thorsen (2013-03-26):
 # The following news sources tells that Palestine will "start daylight saving
@@ -2592,11 +2650,11 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 
 # From Steffen Thorsen (2015-03-03):
 # Sources such as http://www.alquds.com/news/article/view/id/548257
-# and http://www.raya.ps/ar/news/890705.html say Palestine areas will
+# and https://www.raya.ps/ar/news/890705.html say Palestine areas will
 # start DST on 2015-03-28 00:00 which is one day later than expected.
 #
 # From Paul Eggert (2015-03-03):
-# http://www.timeanddate.com/time/change/west-bank/ramallah?year=2014
+# https://www.timeanddate.com/time/change/west-bank/ramallah?year=2014
 # says that the fall 2014 transition was Oct 23 at 24:00.
 
 # From Hannah Kreitem (2016-03-09):
@@ -2620,8 +2678,8 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 #
 # From Paul Eggert (2016-10-19):
 # It's also consistent with predictions in the following URLs today:
-# http://www.timeanddate.com/time/change/gaza-strip/gaza
-# http://www.timeanddate.com/time/change/west-bank/hebron
+# https://www.timeanddate.com/time/change/gaza-strip/gaza
+# https://www.timeanddate.com/time/change/west-bank/hebron
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule EgyptAsia	1957	only	-	May	10	0:00	1:00	S
@@ -2684,7 +2742,7 @@ Zone	Asia/Hebron	2:20:23	-	LMT	1900 Oct
 # Philippines, issued a proclamation announcing that 1844-12-30 was to
 # be immediately followed by 1845-01-01; see R.H. van Gent's
 # History of the International Date Line
-# http://www.staff.science.uu.nl/~gent0113/idl/idl_philippines.htm
+# https://www.staff.science.uu.nl/~gent0113/idl/idl_philippines.htm
 # The rest of the data entries are from Shanks & Pottenger.
 
 # From Jesper Nørgaard Welen (2006-04-26):
@@ -2948,7 +3006,7 @@ Rule	Syria	2007	only	-	Nov	 Fri>=1	0:00	0	-
 # We have not found any sources saying anything about when DST ends this year.
 #
 # Our summary
-# http://www.timeanddate.com/news/time/syria-dst-starts-march-27-2009.html
+# https://www.timeanddate.com/news/time/syria-dst-starts-march-27-2009.html
 
 # From Steffen Thorsen (2009-10-27):
 # The Syrian Arab News Network on 2009-09-29 reported that Syria will
@@ -2975,7 +3033,7 @@ Rule	Syria	2007	only	-	Nov	 Fri>=1	0:00	0	-
 # http://www.sana.sy/ara/2/2012/03/26/408215.htm
 #
 # Our brief summary:
-# http://www.timeanddate.com/news/time/syria-dst-2012.html
+# https://www.timeanddate.com/news/time/syria-dst-2012.html
 
 # From Arthur David Olson (2012-03-27):
 # Assume last Friday in March going forward XXX.
@@ -3058,7 +3116,7 @@ Zone	Asia/Tashkent	4:37:11 -	LMT	1924 May  2
 # is quoted verbatim in:
 # http://www.thoigian.com.vn/?mPage=P80D01
 # is translated by Brian Inglis in:
-# http://mm.icann.org/pipermail/tz/2014-October/021654.html
+# https://mm.icann.org/pipermail/tz/2014-October/021654.html
 # and is the basis for the information below.
 #
 # The 1906 transition was effective July 1 and standardized Indochina to
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/australasia b/jdk/test/sun/util/calendar/zi/tzdata/australasia
index db7e7f7bcb..6726ef3381 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/australasia
+++ b/jdk/test/sun/util/calendar/zi/tzdata/australasia
@@ -316,7 +316,7 @@ Zone	Indian/Cocos	6:27:40	-	LMT	1900
 # http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=1096:3310-cabinet-approves-change-in-daylight-savings-dates&catid=49:cabinet-releases&Itemid=166
 #
 # A bit more background info here:
-# http://www.timeanddate.com/news/time/fiji-dst-ends-march-2010.html
+# https://www.timeanddate.com/news/time/fiji-dst-ends-march-2010.html
 
 # From Alexander Krivenyshev (2010-10-24):
 # According to Radio Fiji and Fiji Times online, Fiji will end DST 3
@@ -380,9 +380,12 @@ Zone	Indian/Cocos	6:27:40	-	LMT	1900
 # clocks go forward an hour at 2am to 3am....  Daylight Saving will
 # end at 3.00am on Sunday 15th January 2017."
 
-# From Paul Eggert (2016-10-03):
-# For now, guess DST from 02:00 the first Sunday in November to
-# 03:00 the third Sunday in January.  Although ad hoc, it matches
+# From Paul Eggert (2017-08-21):
+# Dominic Fok writes (2017-08-20) that DST ends 2018-01-14, citing
+# Extraordinary Government of Fiji Gazette Supplement No. 21 (2017-08-27),
+# [Legal Notice No. 41] of an order of the previous day by J Usamate.
+# For now, guess DST from 02:00 the first Sunday in November to 03:00
+# the first Sunday on or after January 14.  Although ad hoc, it matches
 # transitions since late 2014 and seems more likely to match future
 # practice than guessing no DST.
 
@@ -396,7 +399,7 @@ Rule	Fiji	2011	only	-	Mar	Sun>=1	3:00	0	-
 Rule	Fiji	2012	2013	-	Jan	Sun>=18	3:00	0	-
 Rule	Fiji	2014	only	-	Jan	Sun>=18	2:00	0	-
 Rule	Fiji	2014	max	-	Nov	Sun>=1	2:00	1:00	S
-Rule	Fiji	2015	max	-	Jan	Sun>=15	3:00	0	-
+Rule	Fiji	2015	max	-	Jan	Sun>=14	3:00	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Pacific/Fiji	11:55:44 -	LMT	1915 Oct 26 # Suva
 			12:00	Fiji	+12/+13
@@ -580,7 +583,7 @@ Zone Pacific/Port_Moresby 9:48:40 -	LMT	1880
 # The World War II entries below are instead based on Arawa-Kieta.
 # The Japanese occupied Kieta in July 1942,
 # according to the Pacific War Online Encyclopedia
-# http://pwencycl.kgbudge.com/B/o/Bougainville.htm
+# https://pwencycl.kgbudge.com/B/o/Bougainville.htm
 # and seem to have controlled it until their 1945-08-21 surrender.
 #
 # The Autonomous Region of Bougainville switched from UT +10 to +11
@@ -602,7 +605,7 @@ Zone Pacific/Pitcairn	-8:40:20 -	LMT	1901        # Adamstown
 			-8:00	-	-08
 
 # American Samoa
-Zone Pacific/Pago_Pago	 12:37:12 -	LMT	1879 Jul  5
+Zone Pacific/Pago_Pago	 12:37:12 -	LMT	1892 Jul  5
 			-11:22:48 -	LMT	1911
 			-11:00	-	SST	            # S=Samoa
 Link Pacific/Pago_Pago Pacific/Midway # in US minor outlying islands
@@ -618,7 +621,7 @@ Link Pacific/Pago_Pago Pacific/Midway # in US minor outlying islands
 # Sunday of April 2011."
 #
 # Background info:
-# http://www.timeanddate.com/news/time/samoa-dst-plan-2009.html
+# https://www.timeanddate.com/news/time/samoa-dst-plan-2009.html
 #
 # Samoa's Daylight Saving Time Act 2009 is available here, but does not
 # contain any dates:
@@ -682,7 +685,7 @@ Rule	WS	2011	only	-	Sep	lastSat	3:00	1	D
 Rule	WS	2012	max	-	Apr	Sun>=1	4:00	0	S
 Rule	WS	2012	max	-	Sep	lastSun	3:00	1	D
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
-Zone Pacific/Apia	 12:33:04 -	LMT	1879 Jul  5
+Zone Pacific/Apia	 12:33:04 -	LMT	1892 Jul  5
 			-11:26:56 -	LMT	1911
 			-11:30	-	-1130	1950
 			-11:00	WS	-11/-10	2011 Dec 29 24:00
@@ -709,7 +712,7 @@ Zone Pacific/Guadalcanal 10:39:48 -	LMT	1912 Oct # Honiara
 # From Paul Eggert (2012-07-25)
 # A Google Books snippet of Appendix to the Journals of the House of
 # Representatives of New Zealand, Session 1948,
-# , page 65, says Tokelau
+# , page 65, says Tokelau
 # was "11 hours slow on G.M.T."  Go with Thorsen and assume Shanks & Pottenger
 # are off by an hour starting in 1901.
 
@@ -724,8 +727,8 @@ Rule	Tonga	1999	only	-	Oct	 7	2:00s	1:00	S
 Rule	Tonga	2000	only	-	Mar	19	2:00s	0	-
 Rule	Tonga	2000	2001	-	Nov	Sun>=1	2:00	1:00	S
 Rule	Tonga	2001	2002	-	Jan	lastSun	2:00	0	-
-Rule	Tonga	2016	max	-	Nov	Sun>=1	2:00	1:00	S
-Rule	Tonga	2017	max	-	Jan	Sun>=15	3:00	0	-
+Rule	Tonga	2016	only	-	Nov	Sun>=1	2:00	1:00	S
+Rule	Tonga	2017	only	-	Jan	Sun>=15	3:00	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone Pacific/Tongatapu	12:19:20 -	LMT	1901
 			12:20	-	+1220	1941
@@ -779,7 +782,7 @@ Zone Pacific/Funafuti	11:56:52 -	LMT	1901
 # Operation Fishbowl shot (Tightrope, 1962-11-04).... [See] Herman Hoerlin,
 # "The United States High-Altitude Test Experience: A Review Emphasizing the
 # Impact on the Environment", Los Alamos LA-6405, Oct 1976.
-# http://www.fas.org/sgp/othergov/doe/lanl/docs1/00322994.pdf
+# https://www.fas.org/sgp/othergov/doe/lanl/docs1/00322994.pdf
 # See the table on page 4 where he lists GMT and local times for the tests; a
 # footnote for the JI tests reads that local time is "JI time = Hawaii Time
 # Minus One Hour".
@@ -845,7 +848,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 #
 # For data circa 1899, a common source is:
 # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94.
-# http://www.jstor.org/stable/1774359
+# https://www.jstor.org/stable/1774359
 #
 # A reliable and entertaining source about time zones is
 # Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997).
@@ -992,7 +995,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 #   AEST ACST AWST AEDT ACDT
 #
 #   Parliamentary Library (2008-11-10)
-#   http://www.aph.gov.au/binaries/library/pubs/rp/2008-09/09rp14.pdf
+#   https://www.aph.gov.au/binaries/library/pubs/rp/2008-09/09rp14.pdf
 #   EST CST WST preferred for standard time; AEST AEDT ACST ACDT also used
 #
 #   The Transport Safety Bureau has an extensive series of accident reports,
@@ -1028,13 +1031,13 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 #
 # NSW (including LHI and Broken Hill):
 # Standard Time Act 1987 (updated 1995-04-04)
-# http://www.austlii.edu.au/au/legis/nsw/consol_act/sta1987137/index.html
+# https://www.austlii.edu.au/au/legis/nsw/consol_act/sta1987137/index.html
 # ACT
 # Standard Time and Summer Time Act 1972
-# http://www.austlii.edu.au/au/legis/act/consol_act/stasta1972279/index.html
+# https://www.austlii.edu.au/au/legis/act/consol_act/stasta1972279/index.html
 # SA
 # Standard Time Act, 1898
-# http://www.austlii.edu.au/au/legis/sa/consol_act/sta1898137/index.html
+# https://www.austlii.edu.au/au/legis/sa/consol_act/sta1898137/index.html
 
 # From David Grosz (2005-06-13):
 # It was announced last week that Daylight Saving would be extended by
@@ -1329,7 +1332,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # http://abc.net.au/news/regionals/neweng/monthly/regeng-22jul1999-1.htm
 # (1999-07-22).  For now, we'll wait to see if this really happens.
 #
-# Victoria will following NSW.  See:
+# Victoria will follow NSW.  See:
 # Vic to extend daylight saving (1999-07-28)
 # http://abc.net.au/local/news/olympics/1999/07/item19990728112314_1.htm
 #
@@ -1432,7 +1435,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # the ACT for all 52 weeks of the year...
 #
 # We have a wrap-up here:
-# http://www.timeanddate.com/news/time/south-australia-extends-dst.html
+# https://www.timeanddate.com/news/time/south-australia-extends-dst.html
 ###############################################################################
 
 # New Zealand
@@ -1486,7 +1489,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # From Paul Eggert (2014-07-14):
 # Chatham Island time was formally standardized on 1957-01-01 by
 # New Zealand's Standard Time Amendment Act 1956 (1956-10-26).
-# http://www.austlii.edu.au/nz/legis/hist_act/staa19561956n100244.pdf
+# https://www.austlii.edu.au/nz/legis/hist_act/staa19561956n100244.pdf
 # According to Google Books snippet view, a speaker in the New Zealand
 # parliamentary debates in 1956 said "Clause 78 makes provision for standard
 # time in the Chatham Islands.  The time there is 45 minutes in advance of New
@@ -1601,7 +1604,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # the Norfolk Island Museum and the Australian Bureau of Meteorology's
 # Norfolk Island station, and found no record of Norfolk observing DST
 # other than in 1974/5.  See:
-# http://www.timeanddate.com/time/australia/norfolk-island.html
+# https://www.timeanddate.com/time/australia/norfolk-island.html
 
 # Pitcairn
 
@@ -1629,11 +1632,13 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 
 # (Western) Samoa and American Samoa
 
-# Howse writes (p 153, citing p 10 of the 1883-11-18 New York Herald)
-# that in 1879 the King of Samoa decided to change
+# Howse writes (p 153) that after the 1879 standardization on Antipodean
+# time by the British governor of Fiji, the King of Samoa decided to change
 # "the date in his kingdom from the Antipodean to the American system,
 # ordaining - by a masterpiece of diplomatic flattery - that
 # the Fourth of July should be celebrated twice in that year."
+# This happened in 1892, according to the Evening News (Sydney) of 1892-07-20.
+# https://www.staff.science.uu.nl/~gent0113/idl/idl.htm
 
 # Although Shanks & Pottenger says they both switched to UT -11:30
 # in 1911, and to -11 in 1950. many earlier sources give -11
@@ -1644,6 +1649,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # day in 2011.  Assume also that the Samoas follow the US and New
 # Zealand's "ST"/"DT" style of daylight-saving abbreviations.
 
+
 # Tonga
 
 # From Paul Eggert (1996-01-22):
@@ -1738,6 +1744,15 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # Assume Tonga will observe DST from the first Sunday in November at 02:00
 # through the third Sunday in January at 03:00, like Fiji, for now.
 
+# From David Wade (2017-10-18):
+# In August government was disolved by the King.  The current prime minister
+# continued in office in care taker mode.  It is easy to see that few
+# decisions will be made until elections 16th November.
+#
+# From Paul Eggert (2017-10-18):
+# For now, guess that DST is discontinued.  That's what the IATA is guessing.
+
+
 # Wake
 
 # From Vernice Anderson, Personal Secretary to Philip Jessup,
@@ -1750,7 +1765,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # making calculation of time in Washington difficult if not almost
 # impossible.
 #
-# http://www.trumanlibrary.org/wake/meeting.htm
+# https://www.trumanlibrary.org/oralhist/andrsonv.htm
 
 # From Paul Eggert (2003-03-23):
 # We have no other report of DST in Wake Island, so omit this info for now.
@@ -1778,7 +1793,7 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # an international standard, there are some places on the high seas where the
 # correct date is ambiguous.
 
-# From Wikipedia  (2005-08-31):
+# From Wikipedia  (2005-08-31):
 # Before 1920, all ships kept local apparent time on the high seas by setting
 # their clocks at night or at the morning sight so that, given the ship's
 # speed and direction, it would be 12 o'clock when the Sun crossed the ship's
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/backward b/jdk/test/sun/util/calendar/zi/tzdata/backward
index b4cf3be2d3..fca4ed1881 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/backward
+++ b/jdk/test/sun/util/calendar/zi/tzdata/backward
@@ -84,7 +84,9 @@ Link	America/Sao_Paulo	Brazil/East
 Link	America/Manaus		Brazil/West
 Link	America/Halifax		Canada/Atlantic
 Link	America/Winnipeg	Canada/Central
-Link	America/Regina		Canada/East-Saskatchewan
+# This line is commented out, as the name exceeded the 14-character limit
+# and was an unused misnomer.
+#Link	America/Regina		Canada/East-Saskatchewan
 Link	America/Toronto		Canada/Eastern
 Link	America/Edmonton	Canada/Mountain
 Link	America/St_Johns	Canada/Newfoundland
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/europe b/jdk/test/sun/util/calendar/zi/tzdata/europe
index 0d8a40e4f3..6359279d2f 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/europe
+++ b/jdk/test/sun/util/calendar/zi/tzdata/europe
@@ -60,14 +60,14 @@
 #	[PDF] (1914-03)
 #
 #	Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94
-#	.  He writes:
+#	.  He writes:
 #	"It is requested that corrections and additions to these tables
 #	may be sent to Mr. John Milne, Royal Geographical Society,
 #	Savile Row, London."  Nowadays please email them to tz@iana.org.
 #
 #	Byalokoz EL. New Counting of Time in Russia since July 1, 1919.
 #	This Russian-language source was consulted by Vladimir Karpinsky; see
-#	http://mm.icann.org/pipermail/tz/2014-August/021320.html
+#	https://mm.icann.org/pipermail/tz/2014-August/021320.html
 #	The full Russian citation is:
 #	Бялокоз, Евгений Людвигович. Новый счет времени в течении суток
 #	введенный декретом Совета народных комиссаров для всей России с 1-го
@@ -210,7 +210,7 @@
 # foundations of civilization throughout the world.
 #	-- "A Silent Toast to William Willett", Pictorial Weekly;
 #	republished in Finest Hour (Spring 2002) 1(114):26
-#	http://www.winstonchurchill.org/images/finesthour/Vol.01%20No.114.pdf
+#	https://www.winstonchurchill.org/publications/finest-hour/finest-hour-114/a-silent-toast-to-william-willett-by-winston-s-churchill
 
 # From Paul Eggert (2015-08-08):
 # The OED Supplement says that the English originally said "Daylight Saving"
@@ -248,8 +248,8 @@
 # official designation; the reply of the 21st was that there wasn't
 # but he couldn't think of anything better than the "Double British
 # Summer Time" that the BBC had been using informally.
-# http://www.polyomino.org.uk/british-time/bbc-19410418.png
-# http://www.polyomino.org.uk/british-time/ho-19410421.png
+# https://www.polyomino.org.uk/british-time/bbc-19410418.png
+# https://www.polyomino.org.uk/british-time/ho-19410421.png
 
 # From Sir Alexander Maxwell in the above-mentioned letter (1941-04-21):
 # [N]o official designation has as far as I know been adopted for the time
@@ -266,13 +266,13 @@
 # the history of summer time legislation in the United Kingdom.
 # Since 1998 Joseph S. Myers has been updating
 # and extending this list, which can be found in
-# http://www.polyomino.org.uk/british-time/
+# https://www.polyomino.org.uk/british-time/
 
 # From Joseph S. Myers (1998-01-06):
 #
 # The legal time in the UK outside of summer time is definitely GMT, not UTC;
 # see Lord Tanlaw's speech
-# http://www.publications.parliament.uk/pa/ld199798/ldhansrd/vo970611/text/70611-10.htm#70611-10_head0
+# https://www.publications.parliament.uk/pa/ld199798/ldhansrd/vo970611/text/70611-10.htm#70611-10_head0
 # (Lords Hansard 11 June 1997 columns 964 to 976).
 
 # From Paul Eggert (2006-03-22):
@@ -318,7 +318,7 @@
 # Irish 'public feeling (was) outraged by forcing of English time on us'."
 # -- Parsons M. Dublin lost its time zone - and 25 minutes - after 1916 Rising.
 # Irish Times 2014-10-27.
-# http://www.irishtimes.com/news/politics/dublin-lost-its-time-zone-and-25-minutes-after-1916-rising-1.1977411
+# https://www.irishtimes.com/news/politics/dublin-lost-its-time-zone-and-25-minutes-after-1916-rising-1.1977411
 
 # From Joseph S. Myers (2005-01-26):
 # Irish laws are available online at .
@@ -371,6 +371,12 @@
 # Justice (tel +353 1 678 9711) who confirmed to me that the correct name is
 # "Irish Summer Time", abbreviated to "IST".
 
+# Michael Deckers (2017-06-01) gave the following URLs for Ireland's
+# Summer Time Act, 1925 and Summer Time Orders, 1926 and 1947:
+# http://www.irishstatutebook.ie/eli/1925/act/8/enacted/en/print.html
+# http://www.irishstatutebook.ie/eli/1926/sro/919/made/en/print.html
+# http://www.irishstatutebook.ie/eli/1947/sro/71/made/en/print.html
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 # Summer Time Act, 1916
 Rule	GB-Eire	1916	only	-	May	21	2:00s	1:00	BST
@@ -495,14 +501,14 @@ Link	Europe/London	Europe/Isle_of_Man
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Europe/Dublin	-0:25:00 -	LMT	1880 Aug  2
-			-0:25:21 -	DMT	1916 May 21  2:00 # Dublin MT
+			-0:25:21 -	DMT	1916 May 21  2:00s # Dublin MT
 			-0:25:21 1:00	IST	1916 Oct  1  2:00s
 			 0:00	GB-Eire	%s	1921 Dec  6 # independence
-			 0:00	GB-Eire	GMT/IST	1940 Feb 25  2:00
-			 0:00	1:00	IST	1946 Oct  6  2:00
-			 0:00	-	GMT	1947 Mar 16  2:00
-			 0:00	1:00	IST	1947 Nov  2  2:00
-			 0:00	-	GMT	1948 Apr 18  2:00
+			 0:00	GB-Eire	GMT/IST	1940 Feb 25  2:00s
+			 0:00	1:00	IST	1946 Oct  6  2:00s
+			 0:00	-	GMT	1947 Mar 16  2:00s
+			 0:00	1:00	IST	1947 Nov  2  2:00s
+			 0:00	-	GMT	1948 Apr 18  2:00s
 			 0:00	GB-Eire	GMT/IST	1968 Oct 27
 			 1:00	-	IST	1971 Oct 31  2:00u
 			 0:00	GB-Eire	GMT/IST	1996
@@ -648,7 +654,7 @@ Rule	Russia	1996	2010	-	Oct	lastSun	 2:00s	0	-
 # Council of Ministers of the USSR from 1989-03-14 No. 227.
 #
 # I did not find full texts of these acts.  For the 1989 one we have
-# title at http://base.garant.ru/70754136/ :
+# title at https://base.garant.ru/70754136/ :
 # "About change in calculation of time on the territories of
 # Lithuanian SSR, Latvian SSR and Estonian SSR, Astrakhan,
 # Kaliningrad, Kirov, Kuybyshev, Ulyanovsk and Uralsk oblasts".
@@ -679,7 +685,7 @@ Rule	Russia	1996	2010	-	Oct	lastSun	 2:00s	0	-
 # http://bmockbe.ru/events/?ID=7583
 #
 # Medvedev signed a law on the calculation of the time (in russian):
-# http://www.regnum.ru/news/polit/1413906.html
+# https://www.regnum.ru/news/polit/1413906.html
 
 # From Arthur David Olson (2011-06-15):
 # Take "abolishing daylight saving time" to mean that time is now considered
@@ -806,7 +812,7 @@ Zone	Europe/Vienna	1:05:21 -	LMT	1893 Apr
 # Sources (Russian language):
 # http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html
 # http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/
-# http://news.tut.by/society/250578.html
+# https://news.tut.by/society/250578.html
 #
 # From Alexander Bokovoy (2014-10-09):
 # Belarussian government decided against changing to winter time....
@@ -1127,7 +1133,7 @@ Zone America/Thule	-4:35:08 -	LMT	1916 Jul 28 # Pituffik air base
 # for their standard and summer times. He says no, they use "suveaeg"
 # (summer time) and "talveaeg" (winter time).
 
-# From The Baltic Times  (1999-09-09)
+# From The Baltic Times  (1999-09-09)
 # via Steffen Thorsen:
 # This year will mark the last time Estonia shifts to summer time,
 # a council of the ruling coalition announced Sept. 6....
@@ -1179,7 +1185,7 @@ Zone	Europe/Tallinn	1:39:00	-	LMT	1880
 # This is documented in Heikki Oja: Aikakirja 2007, published by The Almanac
 # Office of University of Helsinki, ISBN 952-10-3221-9, available online (in
 # Finnish) at
-# http://almanakka.helsinki.fi/aikakirja/Aikakirja2007kokonaan.pdf
+# https://almanakka.helsinki.fi/aikakirja/Aikakirja2007kokonaan.pdf
 #
 # Page 105 (56 in PDF version) has a handy table of all past daylight savings
 # transitions. It is easy enough to interpret without Finnish skills.
@@ -1192,7 +1198,7 @@ Zone	Europe/Tallinn	1:39:00	-	LMT	1880
 
 # From Konstantin Hyppönen (2014-06-13):
 # [Heikki Oja's book Aikakirja 2013]
-# http://almanakka.helsinki.fi/images/aikakirja/Aikakirja2013kokonaan.pdf
+# https://almanakka.helsinki.fi/images/aikakirja/Aikakirja2013kokonaan.pdf
 # pages 104-105, including a scan from a newspaper published on Apr 2 1942
 # say that ... [o]n Apr 2 1942, 24 o'clock (which means Apr 3 1942,
 # 00:00), clocks were moved one hour forward. The newspaper
@@ -1322,7 +1328,7 @@ Zone	Europe/Paris	0:09:21 -	LMT	1891 Mar 15  0:01
 
 # From Jörg Schilling (2002-10-23):
 # In 1945, Berlin was switched to Moscow Summer time (GMT+4) by
-# http://www.dhm.de/lemo/html/biografien/BersarinNikolai/
+# https://www.dhm.de/lemo/html/biografien/BersarinNikolai/
 # General [Nikolai] Bersarin.
 
 # From Paul Eggert (2003-03-08):
@@ -1547,7 +1553,7 @@ Zone Atlantic/Reykjavik	-1:28	-	LMT	1908
 # From Paul Eggert (2016-10-27):
 # Go with INRiM for DST rules, except as corrected by Inglis for 1944
 # for the Kingdom of Italy.  This is consistent with Renzo Baldini.
-# Model Rome's occupation by using using C-Eur rules from 1943-09-10
+# Model Rome's occupation by using C-Eur rules from 1943-09-10
 # to 1944-06-04; although Rome was an open city during this period, it
 # was effectively controlled by Germany.
 #
@@ -1862,14 +1868,14 @@ Zone	Europe/Malta	0:58:04 -	LMT	1893 Nov  2  0:00s # Valletta
 # Following Moldova and neighboring Ukraine- Transnistria (Pridnestrovie)-
 # Tiraspol will go back to winter time on October 30, 2011.
 # News from Moldova (in russian):
-# http://ru.publika.md/link_317061.html
+# https://ru.publika.md/link_317061.html
 
 # From Roman Tudos (2015-07-02):
 # http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=355077
 # From Paul Eggert (2015-07-01):
 # The abovementioned official link to IGO1445-868/2014 states that
 # 2014-10-26's fallback transition occurred at 03:00 local time.  Also,
-# http://www.trm.md/en/social/la-30-martie-vom-trece-la-ora-de-vara
+# https://www.trm.md/en/social/la-30-martie-vom-trece-la-ora-de-vara
 # says the 2014-03-30 spring-forward transition was at 02:00 local time.
 # Guess that since 1997 Moldova has switched one hour before the EU.
 
@@ -1941,7 +1947,7 @@ Zone	Europe/Monaco	0:29:32 -	LMT	1891 Mar 15
 # Amsterdam mean time.
 
 # The data entries before 1945 are taken from
-# http://www.staff.science.uu.nl/~gent0113/wettijd/wettijd.htm
+# https://www.staff.science.uu.nl/~gent0113/wettijd/wettijd.htm
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Neth	1916	only	-	May	 1	0:00	1:00	NST	# Netherlands Summer Time
@@ -2022,7 +2028,7 @@ Zone	Europe/Oslo	0:43:00 -	LMT	1895 Jan  1
 # so it must have diverged from Oslo time during the war, as Oslo was
 # keeping Berlin time.
 #
-#  says that the meteorologists
+#  says that the meteorologists
 # burned down their station in 1940 and left the island, but returned in
 # 1941 with a small Norwegian garrison and continued operations despite
 # frequent air attacks from Germans.  In 1943 the Americans established a
@@ -2060,7 +2066,7 @@ Rule	Poland	1945	only	-	Apr	29	0:00	1:00	S
 Rule	Poland	1945	only	-	Nov	 1	0:00	0	-
 # For 1946 on the source is Kazimierz Borkowski,
 # Toruń Center for Astronomy, Dept. of Radio Astronomy, Nicolaus Copernicus U.,
-# http://www.astro.uni.torun.pl/~kb/Artykuly/U-PA/Czas2.htm#tth_tAb1
+# https://www.astro.uni.torun.pl/~kb/Artykuly/U-PA/Czas2.htm#tth_tAb1
 # Thanks to Przemysław Augustyniak (2005-05-28) for this reference.
 # He also gives these further references:
 # Mon Pol nr 13, poz 162 (1995) 
@@ -2094,7 +2100,7 @@ Zone	Europe/Warsaw	1:24:00 -	LMT	1880
 #
 # From Paul Eggert (2014-08-11), after a heads-up from Stephen Colebourne:
 # According to a Portuguese decree (1911-05-26)
-# http://dre.pt/pdf1sdip/1911/05/12500/23132313.pdf
+# https://dre.pt/application/dir/pdf1sdip/1911/05/12500/23132313.pdf
 # Lisbon was at -0:36:44.68, but switched to GMT on 1912-01-01 at 00:00.
 # Round the old offset to -0:36:45.  This agrees with Willett but disagrees
 # with Shanks, who says the transition occurred on 1911-05-24 at 00:00 for
@@ -2276,7 +2282,7 @@ Zone Europe/Bucharest	1:44:24 -	LMT	1891 Oct
 # 2011 No. 725" and contains no other dates or "effective date" information.
 #
 # Another source is
-# http://www.rg.ru/2011/09/06/chas-zona-dok.html
+# https://rg.ru/2011/09/06/chas-zona-dok.html
 # which, according to translate.google.com, begins "Resolution of the
 # Government of the Russian Federation on August 31, 2011 N 725" and also
 # contains "Date first official publication: September 6, 2011 Posted on:
@@ -2284,7 +2290,7 @@ Zone Europe/Bucharest	1:44:24 -	LMT	1891 Oct
 # does not contain any "effective date" information.
 #
 # Another source is
-# http://en.wikipedia.org/wiki/Oymyakonsky_District#cite_note-RuTime-7
+# https://en.wikipedia.org/wiki/Oymyakonsky_District#cite_note-RuTime-7
 # which, in note 8, contains "Resolution No. 725 of August 31, 2011...
 # Effective as of after 7 days following the day of the official publication"
 # but which does not contain any reference to September 6, 2011.
@@ -2320,7 +2326,7 @@ Zone Europe/Bucharest	1:44:24 -	LMT	1891 Oct
 # http://itar-tass.com/obschestvo/1333711
 # http://www.pravo.gov.ru:8080/page.aspx?111660
 # http://www.kremlin.ru/acts/46279
-# From October 26, 2014 the new Russian time zone map will looks like this:
+# From October 26, 2014 the new Russian time zone map will look like this:
 # http://www.worldtimezone.com/dst_news/dst_news_russia-map-2014-07.html
 
 # From Paul Eggert (2006-03-22):
@@ -2367,7 +2373,7 @@ Zone Europe/Bucharest	1:44:24 -	LMT	1891 Oct
 # with maintenance only and represent our best guesses as to which regions
 # are covered by each zone.  They are not meant to be taken as an authoritative
 # listing.  The region codes listed come from
-# http://en.wikipedia.org/w/?title=Federal_subjects_of_Russia&oldid=611810498
+# https://en.wikipedia.org/w/?title=Federal_subjects_of_Russia&oldid=611810498
 # and are used for convenience only; no guarantees are made regarding their
 # future stability.  ISO 3166-2:RU codes are also listed for first-level
 # divisions where available.
@@ -2532,7 +2538,7 @@ Zone Europe/Kaliningrad	 1:22:00 -	LMT	1893 Apr
 # http://www.kaliningradka.ru/site_pc/cherez/index.php?ELEMENT_ID=40091
 # says that Kaliningrad decided not to be an exception 2 days before the
 # 1991-03-31 switch and one person at
-# http://izhevsk.ru/forum_light_message/50/682597-m8369040.html
+# https://izhevsk.ru/forum_light_message/50/682597-m8369040.html
 # says he remembers that Samara opted out of the 1992-01-19 exception
 # 2 days before the switch.
 #
@@ -2604,7 +2610,7 @@ Zone Europe/Simferopol	 2:16:24 -	LMT	1880
 			 3:00	-	MSK	1997 Mar lastSun  1:00u
 # From Alexander Krivenyshev (2014-03-17):
 # time change at 2:00 (2am) on March 30, 2014
-# http://vz.ru/news/2014/3/17/677464.html
+# https://vz.ru/news/2014/3/17/677464.html
 # From Paul Eggert (2014-03-30):
 # Simferopol and Sevastopol reportedly changed their central town clocks
 # late the previous day, but this appears to have been ceremonial
@@ -2787,7 +2793,7 @@ Zone Asia/Omsk		 4:53:30 -	LMT	1919 Nov 14
 # suggests that Altai Republic transitioned to Moscow+3 on
 # 1995-05-28.
 #
-# http://regnum.ru/news/society/1957270.html
+# https://regnum.ru/news/society/1957270.html
 # has some historical data for Altai Krai:
 # before 1957: west part on UTC+6, east on UTC+7
 # after 1957: UTC+7
@@ -3161,8 +3167,8 @@ Zone Asia/Magadan	10:03:12 -	LMT	1924 May  2
 # districts, but have very similar populations.  In fact, Wikipedia currently
 # lists them both as having 3528 people, exactly 1668 males and 1860 females
 # each!  (Yikes!)
-# http://en.wikipedia.org/w/?title=Srednekolymsky_District&oldid=603435276
-# http://en.wikipedia.org/w/?title=Verkhnekolymsky_District&oldid=594378493
+# https://en.wikipedia.org/w/?title=Srednekolymsky_District&oldid=603435276
+# https://en.wikipedia.org/w/?title=Verkhnekolymsky_District&oldid=594378493
 # Assume this is a mistake, albeit an amusing one.
 #
 # Looking at censuses, the populations of the two municipalities seem to have
@@ -3483,7 +3489,7 @@ Zone Europe/Stockholm	1:12:12 -	LMT	1879 Jan  1
 #
 # From Alois Treindl (2013-09-11):
 # The Federal regulations say
-# http://www.admin.ch/opc/de/classified-compilation/20071096/index.html
+# https://www.admin.ch/opc/de/classified-compilation/20071096/index.html
 # ... the meridian for Bern mean time ... is 7 degrees 26' 22.50".
 # Expressed in time, it is 0h29m45.5s.
 
@@ -3560,9 +3566,9 @@ Zone	Europe/Zurich	0:34:08 -	LMT	1853 Jul 16 # See above comment.
 # According to the articles linked below, Turkey will change into summer
 # time zone (GMT+3) on March 28, 2011 at 3:00 a.m. instead of March 27.
 # This change is due to a nationwide exam on 27th.
-# http://www.worldbulletin.net/?aType=haber&ArticleID=70872
+# https://www.worldbulletin.net/?aType=haber&ArticleID=70872
 # Turkish:
-# http://www.hurriyet.com.tr/ekonomi/17230464.asp?gid=373
+# https://www.hurriyet.com.tr/yaz-saati-uygulamasi-bir-gun-ileri-alindi-17230464
 
 # From Faruk Pasin (2014-02-14):
 # The DST for Turkey has been changed for this year because of the
@@ -3698,7 +3704,7 @@ Link	Europe/Istanbul	Asia/Istanbul	# Istanbul is in both continents.
 # http://www.segodnya.ua/news/14290482.html
 #
 # Deputies cancelled the winter time (in Russian)
-# http://www.pravda.com.ua/rus/news/2011/09/20/6600616/
+# https://www.pravda.com.ua/rus/news/2011/09/20/6600616/
 #
 # From Philip Pizzey (2011-10-18):
 # Today my Ukrainian colleagues have informed me that the
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/leapseconds b/jdk/test/sun/util/calendar/zi/tzdata/leapseconds
index 3823c9abc4..9b4ec9ad47 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/leapseconds
+++ b/jdk/test/sun/util/calendar/zi/tzdata/leapseconds
@@ -26,19 +26,18 @@
 # This file is in the public domain.
 
 # This file is generated automatically from the data in the public-domain
-# leap-seconds.list file available from most NIST time servers.
-# If the URL  does not work,
-# you should be able to pick up leap-seconds.list from a secondary NIST server.
-# See  for a list of secondary servers.
+# leap-seconds.list file, which is copied from:
+# ftp://ftp.nist.gov/pub/time/leap-seconds.list
 # For more about leap-seconds.list, please see
 # The NTP Timescale and Leap Seconds
-# http://www.eecis.udel.edu/~mills/leap.html
+# https://www.eecis.udel.edu/~mills/leap.html
 
 # The International Earth Rotation and Reference Systems Service
 # periodically uses leap seconds to keep UTC to within 0.9 s of UT1
 # (which measures the true angular orientation of the earth in space); see
-# Terry J Quinn, The BIPM and the accurate measure of time,
-# Proc IEEE 79, 7 (July 1991), 894-905 .
+# Levine J. Coordinated Universal Time and the leap second.
+# URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995
+# http://ieeexplore.ieee.org/document/7909995/
 # There were no leap seconds before 1972, because the official mechanism
 # accounting for the discrepancy between atomic time and the earth's rotation
 # did not exist until the early 1970s.
@@ -81,5 +80,5 @@ Leap	2012	Jun	30	23:59:60	+	S
 Leap	2015	Jun	30	23:59:60	+	S
 Leap	2016	Dec	31	23:59:60	+	S
 
-#	Updated through IERS Bulletin C53
-#	File expires on:  28 December 2017
+#	Updated through IERS Bulletin C54
+#	File expires on:  28 June 2018
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/northamerica b/jdk/test/sun/util/calendar/zi/tzdata/northamerica
index d59d2705b9..99dcc938fa 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/northamerica
+++ b/jdk/test/sun/util/calendar/zi/tzdata/northamerica
@@ -128,10 +128,13 @@
 # Last night I heard part of a rebroadcast of a 1945 Arch Oboler radio drama.
 # In the introduction, Oboler spoke of "Eastern Peace Time."
 # An AltaVista search turned up:
-# http://rowayton.org/rhs/hstaug45.html
+# https://web.archive.org/web/20000926032210/http://rowayton.org/rhs/hstaug45.html
 # "When the time is announced over the radio now, it is 'Eastern Peace
 # Time' instead of the old familiar 'Eastern War Time.'  Peace is wonderful."
 # (August 1945) by way of confirmation.
+#
+# From Paul Eggert (2017-09-23):
+# This was the V-J Day issue of the Clamdigger, a Rowayton, CT newsletter.
 
 # From Joseph Gallant citing
 # George H. Douglas, _The Early Days of Radio Broadcasting_ (1987):
@@ -280,7 +283,7 @@ Zone	PST8PDT		 -8:00	US	P%sT
 # HST and HDT are standardized abbreviations for Hawaii-Aleutian
 # standard and daylight times.  See section 9.47 (p 234) of the
 # U.S. Government Printing Office Style Manual (2008)
-# http://www.gpo.gov/fdsys/pkg/GPO-STYLEMANUAL-2008/pdf/GPO-STYLEMANUAL-2008.pdf
+# https://www.gpo.gov/fdsys/pkg/GPO-STYLEMANUAL-2008/pdf/GPO-STYLEMANUAL-2008.pdf
 
 # From Arthur David Olson, 2005-08-09
 # The following was signed into law on 2005-08-08.
@@ -369,7 +372,7 @@ Zone America/New_York	-4:56:02 -	LMT	1883 Nov 18 12:03:58
 # western Tennessee, most of Texas, Wisconsin
 
 # From Larry M. Smith (2006-04-26) re Wisconsin:
-# http://www.legis.state.wi.us/statutes/Stat0175.pdf ...
+# https://docs.legis.wisconsin.gov/statutes/statutes/175.pdf
 # is currently enforced at the 01:00 time of change.  Because the local
 # "bar time" in the state corresponds to 02:00, a number of citations
 # are issued for the "sale of class 'B' alcohol after prohibited
@@ -378,7 +381,7 @@ Zone America/New_York	-4:56:02 -	LMT	1883 Nov 18 12:03:58
 # From Douglas R. Bomberg (2007-03-12):
 # Wisconsin has enacted (nearly eleventh-hour) legislation to get WI
 # Statue 175 closer in synch with the US Congress' intent....
-# http://www.legis.state.wi.us/2007/data/acts/07Act3.pdf
+# https://docs.legis.wisconsin.gov/2007/related/acts/3
 
 # From an email administrator of the City of Fort Pierre, SD (2015-12-21):
 # Fort Pierre is technically located in the Mountain time zone as is
@@ -425,7 +428,7 @@ Zone America/North_Dakota/New_Salem -6:45:39 - LMT	1883 Nov 18 12:14:21
 # ...it appears that Mercer County, North Dakota, changed from the
 # mountain time zone to the central time zone at the last transition from
 # daylight-saving to standard time (on Nov. 7, 2010):
-# http://www.gpo.gov/fdsys/pkg/FR-2010-09-29/html/2010-24376.htm
+# https://www.gpo.gov/fdsys/pkg/FR-2010-09-29/html/2010-24376.htm
 # http://www.bismarcktribune.com/news/local/article_1eb1b588-c758-11df-b472-001cc4c03286.html
 
 # From Andy Lipscomb (2011-01-24):
@@ -476,7 +479,7 @@ Zone America/Denver	-6:59:56 -	LMT	1883 Nov 18 12:00:04
 # legal time, and is not part of the data here.)  See:
 # Ross SA. An energy crisis from the past: Northern California in 1948.
 # Working Paper No. 8, Institute of Governmental Studies, UC Berkeley,
-# 1973-11.  http://escholarship.org/uc/item/8x22k30c
+# 1973-11.  https://escholarship.org/uc/item/8x22k30c
 #
 # In another measure to save electricity, DST was instituted from 1948-03-14
 # at 02:01 to 1949-01-16 at 02:00, with the governor having the option to move
@@ -497,8 +500,8 @@ Zone America/Denver	-6:59:56 -	LMT	1883 Nov 18 12:00:04
 # which established DST from April's last Sunday at 01:00 until September's
 # last Sunday at 02:00. This was amended by 1962's Proposition 6, which changed
 # the fall-back date to October's last Sunday. See:
-# http://repository.uchastings.edu/cgi/viewcontent.cgi?article=1501&context=ca_ballot_props
-# http://repository.uchastings.edu/cgi/viewcontent.cgi?article=1636&context=ca_ballot_props
+# https://repository.uchastings.edu/cgi/viewcontent.cgi?article=1501&context=ca_ballot_props
+# https://repository.uchastings.edu/cgi/viewcontent.cgi?article=1636&context=ca_ballot_props
 #
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
 Rule	CA	1948	only	-	Mar	14	2:01	1:00	D
@@ -515,20 +518,31 @@ Zone America/Los_Angeles -7:52:58 -	LMT	1883 Nov 18 12:07:02
 # Alaska
 # AK%sT is the modern abbreviation for -09 per USNO.
 #
-# From Paul Eggert (2001-05-30):
+# From Paul Eggert (2017-06-15):
 # Howse writes that Alaska switched from the Julian to the Gregorian calendar,
 # and from east-of-GMT to west-of-GMT days, when the US bought it from Russia.
-# This was on 1867-10-18, a Friday; the previous day was 1867-10-06 Julian,
-# also a Friday.  Include only the time zone part of this transition,
-# ignoring the switch from Julian to Gregorian, since we can't represent
-# the Julian calendar.
+# On Friday, 1867-10-18 (Gregorian), at precisely 15:30 local time, the
+# Russian forts and fleet at Sitka fired salutes to mark the ceremony of
+# formal transfer.  See the Sacramento Daily Union (1867-11-14), p 3, col 2.
+# https://cdnc.ucr.edu/cgi-bin/cdnc?a=d&d=SDU18671114.2.12.1
+# Sitka workers did not change their calendars until Sunday, 1867-10-20,
+# and so celebrated two Sundays that week.  See: Ahllund T (tr Hallamaa P).
+# From the memoirs of a Finnish workman. Alaska History. 2006 Fall;21(2):1-25.
+# http://alaskahistoricalsociety.org/wp-content/uploads/2016/12/Ahllund-2006-Memoirs-of-a-Finnish-Workman.pdf
+# Include only the time zone part of this transition, ignoring the switch
+# from Julian to Gregorian, since we can't represent the Julian calendar.
 #
-# As far as we know, none of the exact locations mentioned below were
+# As far as we know, of the locations mentioned below only Sitka was
 # permanently inhabited in 1867 by anyone using either calendar.
-# (Yakutat was colonized by the Russians in 1799, but the settlement
-# was destroyed in 1805 by a Yakutat-kon war party.)  However, there
-# were nearby inhabitants in some cases and for our purposes perhaps
-# it's best to simply use the official transition.
+# (Yakutat was colonized by the Russians in 1799, but the settlement was
+# destroyed in 1805 by a Yakutat-kon war party.)  Many of Alaska's inhabitants
+# were unaware of the US acquisition of Alaska, much less of any calendar or
+# time change.  However, the Russian-influenced part of Alaska did observe
+# Russian time, and it is more accurate to model this than to ignore it.
+# The database format requires an exact transition time; use the Russian
+# salute as a somewhat-arbitrary time for the formal transfer of control for
+# all of Alaska.  Sitka's UTC offset is -9:01:13; adjust its 15:30 to the
+# local times of other Alaskan locations so that they change simultaneously.
 
 # From Paul Eggert (2014-07-18):
 # One opinion of the early-1980s turmoil in Alaska over time zones and
@@ -581,10 +595,10 @@ Zone America/Los_Angeles -7:52:58 -	LMT	1883 Nov 18 12:07:02
 # It seems Metlakatla did go off PST on Sunday, November 1, changing
 # their time to AKST and are going to follow Alaska's DST, switching
 # between AKST and AKDT from now on....
-# http://www.krbd.org/2015/10/30/annette-island-times-they-are-a-changing/
+# https://www.krbd.org/2015/10/30/annette-island-times-they-are-a-changing/
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
-Zone America/Juneau	 15:02:19 -	LMT	1867 Oct 18
+Zone America/Juneau	 15:02:19 -	LMT	1867 Oct 19 15:33:32
 			 -8:57:41 -	LMT	1900 Aug 20 12:00
 			 -8:00	-	PST	1942
 			 -8:00	US	P%sT	1946
@@ -594,7 +608,7 @@ Zone America/Juneau	 15:02:19 -	LMT	1867 Oct 18
 			 -8:00	US	P%sT	1983 Oct 30  2:00
 			 -9:00	US	Y%sT	1983 Nov 30
 			 -9:00	US	AK%sT
-Zone America/Sitka	 14:58:47 -	LMT	1867 Oct 18
+Zone America/Sitka	 14:58:47 -	LMT	1867 Oct 19 15:30
 			 -9:01:13 -	LMT	1900 Aug 20 12:00
 			 -8:00	-	PST	1942
 			 -8:00	US	P%sT	1946
@@ -602,7 +616,7 @@ Zone America/Sitka	 14:58:47 -	LMT	1867 Oct 18
 			 -8:00	US	P%sT	1983 Oct 30  2:00
 			 -9:00	US	Y%sT	1983 Nov 30
 			 -9:00	US	AK%sT
-Zone America/Metlakatla	 15:13:42 -	LMT	1867 Oct 18
+Zone America/Metlakatla	 15:13:42 -	LMT	1867 Oct 19 15:44:55
 			 -8:46:18 -	LMT	1900 Aug 20 12:00
 			 -8:00	-	PST	1942
 			 -8:00	US	P%sT	1946
@@ -610,14 +624,14 @@ Zone America/Metlakatla	 15:13:42 -	LMT	1867 Oct 18
 			 -8:00	US	P%sT	1983 Oct 30  2:00
 			 -8:00	-	PST	2015 Nov  1  2:00
 			 -9:00	US	AK%sT
-Zone America/Yakutat	 14:41:05 -	LMT	1867 Oct 18
+Zone America/Yakutat	 14:41:05 -	LMT	1867 Oct 19 15:12:18
 			 -9:18:55 -	LMT	1900 Aug 20 12:00
 			 -9:00	-	YST	1942
 			 -9:00	US	Y%sT	1946
 			 -9:00	-	YST	1969
 			 -9:00	US	Y%sT	1983 Nov 30
 			 -9:00	US	AK%sT
-Zone America/Anchorage	 14:00:24 -	LMT	1867 Oct 18
+Zone America/Anchorage	 14:00:24 -	LMT	1867 Oct 19 14:31:37
 			 -9:59:36 -	LMT	1900 Aug 20 12:00
 			-10:00	-	AST	1942
 			-10:00	US	A%sT	1967 Apr
@@ -625,7 +639,7 @@ Zone America/Anchorage	 14:00:24 -	LMT	1867 Oct 18
 			-10:00	US	AH%sT	1983 Oct 30  2:00
 			 -9:00	US	Y%sT	1983 Nov 30
 			 -9:00	US	AK%sT
-Zone America/Nome	 12:58:21 -	LMT	1867 Oct 18
+Zone America/Nome	 12:58:22 -	LMT	1867 Oct 19 13:29:35
 			-11:01:38 -	LMT	1900 Aug 20 12:00
 			-11:00	-	NST	1942
 			-11:00	US	N%sT	1946
@@ -634,7 +648,7 @@ Zone America/Nome	 12:58:21 -	LMT	1867 Oct 18
 			-11:00	US	B%sT	1983 Oct 30  2:00
 			 -9:00	US	Y%sT	1983 Nov 30
 			 -9:00	US	AK%sT
-Zone America/Adak	 12:13:21 -	LMT	1867 Oct 18
+Zone America/Adak	 12:13:22 -	LMT	1867 Oct 19 12:44:35
 			-11:46:38 -	LMT	1900 Aug 20 12:00
 			-11:00	-	NST	1942
 			-11:00	US	N%sT	1946
@@ -670,7 +684,7 @@ Zone America/Adak	 12:13:21 -	LMT	1867 Oct 18
 # "Hawaiian Time" by Robert C. Schmitt and Doak C. Cox appears on pages 207-225
 # of volume 26 of The Hawaiian Journal of History (1992). As of 2010-12-09,
 # the article is available at
-# http://evols.library.manoa.hawaii.edu/bitstream/10524/239/2/JL26215.pdf
+# https://evols.library.manoa.hawaii.edu/bitstream/10524/239/2/JL26215.pdf
 # and indicates that standard time was adopted effective noon, January
 # 13, 1896 (page 218), that in "1933, the Legislature decreed daylight
 # saving for the period between the last Sunday of each April and the
@@ -769,7 +783,7 @@ Zone America/Boise	-7:44:49 -	LMT	1883 Nov 18 12:15:11
 # Indiana
 #
 # For a map of Indiana's time zone regions, see:
-# http://en.wikipedia.org/wiki/Time_in_Indiana
+# https://en.wikipedia.org/wiki/Time_in_Indiana
 #
 # From Paul Eggert (2007-08-17):
 # Since 1970, most of Indiana has been like America/Indiana/Indianapolis,
@@ -996,7 +1010,7 @@ Zone America/Kentucky/Louisville -5:43:02 -	LMT	1883 Nov 18 12:16:58
 # From Paul Eggert (2001-07-16):
 # The final rule was published in the
 # Federal Register 65, 160 (2000-08-17), pp 50154-50158.
-# http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2000_register&docid=fr17au00-22
+# https://www.gpo.gov/fdsys/pkg/FR-2000-08-17/html/00-20854.htm
 #
 Zone America/Kentucky/Monticello -5:39:24 - LMT	1883 Nov 18 12:20:36
 			-6:00	US	C%sT	1946
@@ -1022,7 +1036,7 @@ Zone America/Kentucky/Monticello -5:39:24 - LMT	1883 Nov 18 12:20:36
 # West Wendover, NV officially switched from Pacific to mountain time on
 # 1999-10-31.  See the
 # Federal Register 64, 203 (1999-10-21), pp 56705-56707.
-# http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=1999_register&docid=fr21oc99-15
+# https://www.gpo.gov/fdsys/pkg/FR-1999-10-21/html/99-27240.htm
 # However, the Federal Register says that West Wendover already operated
 # on mountain time, and the rule merely made this official;
 # hence a separate tz entry is not needed.
@@ -1052,12 +1066,23 @@ Zone America/Kentucky/Monticello -5:39:24 - LMT	1883 Nov 18 12:20:36
 # one hour in 1914."  This change is not in Shanks.  We have no more
 # info, so omit this for now.
 #
+# From Paul Eggert (2017-07-26):
+# Although Shanks says Detroit observed DST in 1967 from 06-14 00:01
+# until 10-29 00:01, I now see multiple reports that this is incorrect.
+# For example, according to a 50-year anniversary report about the 1967
+# Detroit riots and a major-league doubleheader on 1967-07-23, "By the time
+# the last fly ball of the doubleheader settled into the glove of leftfielder
+# Lenny Green, it was after 7 p.m.  Detroit did not observe daylight saving
+# time, so light was already starting to fail.  Twilight was made even deeper
+# by billowing columns of smoke that ascended in an unbroken wall north of the
+# ballpark."  See: Dow B. Detroit '67: As violence unfolded, Tigers played two
+# at home vs. Yankees. Detroit Free Press 2017-07-23.
+# https://www.freep.com/story/sports/mlb/tigers/2017/07/23/detroit-tigers-1967-riot-new-york-yankees/499951001/
+#
 # Most of Michigan observed DST from 1973 on, but was a bit late in 1975.
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
 Rule	Detroit	1948	only	-	Apr	lastSun	2:00	1:00	D
 Rule	Detroit	1948	only	-	Sep	lastSun	2:00	0	S
-Rule	Detroit	1967	only	-	Jun	14	2:00	1:00	D
-Rule	Detroit	1967	only	-	Oct	lastSun	2:00	0	S
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone America/Detroit	-5:32:11 -	LMT	1905
 			-6:00	-	CST	1915 May 15  2:00
@@ -1121,7 +1146,7 @@ Zone America/Menominee	-5:50:27 -	LMT	1885 Sep 18 12:00
 #	[PDF] (1914-03)
 #
 #	Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94
-#	.
+#	.
 #
 # See the 'europe' file for Greenland.
 
@@ -1167,19 +1192,19 @@ Zone America/Menominee	-5:50:27 -	LMT	1885 Sep 18 12:00
 # The British Columbia government announced yesterday that it will
 # adjust daylight savings next year to align with changes in the
 # U.S. and the rest of Canada....
-# http://www2.news.gov.bc.ca/news_releases_2005-2009/2006AG0014-000330.htm
+# https://archive.news.gov.bc.ca/releases/news_releases_2005-2009/2006AG0014-000330.htm
 # ...
 # Nova Scotia
 # Daylight saving time will be extended by four weeks starting in 2007....
-# http://www.gov.ns.ca/just/regulations/rg2/2006/ma1206.pdf
+# https://www.novascotia.ca/just/regulations/rg2/2006/ma1206.pdf
 #
 # [For New Brunswick] the new legislation dictates that the time change is to
 # be done at 02:00 instead of 00:01.
-# http://www.gnb.ca/0062/acts/BBA-2006/Chap-19.pdf
+# https://www.gnb.ca/0062/acts/BBA-2006/Chap-19.pdf
 # ...
 # Manitoba has traditionally changed the clock every fall at 03:00.
 # As of 2006, the transition is to take place one hour earlier at 02:00.
-# http://web2.gov.mb.ca/laws/statutes/ccsm/o030e.php
+# https://web2.gov.mb.ca/laws/statutes/ccsm/o030e.php
 # ...
 # [Alberta, Ontario, Quebec] will follow US rules.
 # http://www.qp.gov.ab.ca/documents/spring/CH03_06.CFM
@@ -1193,7 +1218,7 @@ Zone America/Menominee	-5:50:27 -	LMT	1885 Sep 18 12:00
 # http://www.hoa.gov.nl.ca/hoa/bills/Bill0634.htm
 # ...
 # Yukon
-# http://www.gov.yk.ca/legislation/regs/oic2006_127.pdf
+# https://www.gov.yk.ca/legislation/regs/oic2006_127.pdf
 # ...
 # N.W.T. will follow US rules.  Whoever maintains the government web site
 # does not seem to believe in bookmarks.  To see the news release, click the
@@ -1214,8 +1239,8 @@ Zone America/Menominee	-5:50:27 -	LMT	1885 Sep 18 12:00
 # time and daylight saving time arrangements in Canada circa 1998.
 #
 # National Research Council Canada maintains info about time zones and DST.
-# http://www.nrc-cnrc.gc.ca/eng/services/time/time_zones.html
-# http://www.nrc-cnrc.gc.ca/eng/services/time/faq/index.html#Q5
+# https://www.nrc-cnrc.gc.ca/eng/services/time/time_zones.html
+# https://www.nrc-cnrc.gc.ca/eng/services/time/faq/index.html#Q5
 # Its unofficial information is often taken from Matthews and Vincent.
 
 # From Paul Eggert (2006-06-27):
@@ -1252,11 +1277,13 @@ Rule	Canada	2007	max	-	Nov	Sun>=1	2:00	0	S
 
 # Newfoundland and Labrador
 
-# From Paul Eggert (2000-10-02):
-# Matthews and Vincent (1998) write that Labrador should use NST/NDT,
-# but the only part of Labrador that follows the rules is the
-# southeast corner, including Port Hope Simpson and Mary's Harbour,
-# but excluding, say, Black Tickle.
+# From Paul Eggert (2017-10-14):
+# Legally Labrador should observe Newfoundland time; see:
+# McLeod J. Labrador time - legal or not? St. John's Telegram, 2017-10-07
+# http://www.thetelegram.com/news/local/labrador-time--legal-or-not-154860/
+# Matthews and Vincent (1998) write that the only part of Labrador
+# that follows the rules is the southeast corner, including Port Hope
+# Simpson and Mary's Harbour, but excluding, say, Black Tickle.
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	StJohns	1917	only	-	Apr	 8	2:00	1:00	D
@@ -1456,7 +1483,7 @@ Zone America/Moncton	-4:19:08 -	LMT	1883 Dec  9
 # http://www.justice.gouv.qc.ca/english/publications/generale/temps-minganie-a.htm
 # that the coastal strip from just east of Natashquan to Blanc-Sablon
 # observes Atlantic standard time all year round.
-# http://www.assnat.qc.ca/Media/Process.aspx?MediaId=ANQ.Vigie.Bll.DocumentGenerique_8845en
+# https://www.assnat.qc.ca/Media/Process.aspx?MediaId=ANQ.Vigie.Bll.DocumentGenerique_8845en
 # says this common practice was codified into law as of 2007.
 # For lack of better info, guess this practice began around 1970, contra to
 # Shanks & Pottenger who have this region observing AST/ADT.
@@ -1488,6 +1515,11 @@ Zone America/Blanc-Sablon -3:48:28 -	LMT	1884
 # earlier in June).
 #
 # Kenora, Ontario, was to abandon DST on 1914-06-01 (-05-21).
+#
+# From Paul Eggert (2017-07-08):
+# For more on Orillia, see: Daubs K. Bold attempt at daylight saving
+# time became a comic failure in Orillia. Toronto Star 2017-07-08.
+# https://www.thestar.com/news/insight/2017/07/08/bold-attempt-at-daylight-saving-time-became-a-comic-failure-in-orillia.html
 
 # From Paul Eggert (1997-10-17):
 # Mark Brader writes that an article in the 1997-10-14 Toronto Star
@@ -1979,7 +2011,7 @@ Zone America/Creston	-7:46:04 -	LMT	1884
 #	* 1967. Paragraph 28(34)(g) of the Interpretation Act, S.C. 1967-68,
 #	c. 7 defines Yukon standard time as UTC-9....
 #	see Interpretation Act, R.S.C. 1985, c. I-21, s. 35(1).
-#	[http://canlii.ca/t/7vhg]
+#	[https://www.canlii.org/en/ca/laws/stat/rsc-1985-c-i-21/latest/rsc-1985-c-i-21.html]
 #	* C.O. 1973/214 switched Yukon to PST on 1973-10-28 00:00.
 #	* O.I.C. 1980/02 established DST.
 #	* O.I.C. 1987/056 changed DST to Apr firstSun 2:00 to Oct lastSun 2:00.
@@ -2044,7 +2076,7 @@ Zone America/Creston	-7:46:04 -	LMT	1884
 #     hours behind Greenwich Time.
 #
 # * Yukon Standard Time defined as Pacific Standard Time, YCO 1973/214
-#   http://www.canlii.org/en/yk/laws/regu/yco-1973-214/latest/yco-1973-214.html
+#   https://www.canlii.org/en/yk/laws/regu/yco-1973-214/latest/yco-1973-214.html
 #   C.O. 1973/214 INTERPRETATION ACT ...
 #
 #     1. Effective October 28, 1973 Commissioner's Order 1967/59 is hereby
@@ -2059,7 +2091,7 @@ Zone America/Creston	-7:46:04 -	LMT	1884
 #   http://? - no online source found
 #
 # * Yukon Daylight Saving Time, YOIC 1987/56
-#   http://www.canlii.org/en/yk/laws/regu/yoic-1987-56/latest/yoic-1987-56.html
+#   https://www.canlii.org/en/yk/laws/regu/yoic-1987-56/latest/yoic-1987-56.html
 #   O.I.C. 1987/056 INTERPRETATION ACT ...
 #
 #   In every year between
@@ -2071,7 +2103,7 @@ Zone America/Creston	-7:46:04 -	LMT	1884
 #   Dated ... 9th day of March, A.D., 1987.
 #
 # * Yukon Daylight Saving Time 2006, YOIC 2006/127
-#   http://www.canlii.org/en/yk/laws/regu/yoic-2006-127/latest/yoic-2006-127.html
+#   https://www.canlii.org/en/yk/laws/regu/yoic-2006-127/latest/yoic-2006-127.html
 #   O.I.C. 2006/127 INTERPRETATION ACT ...
 #
 #     1. In Yukon each year the time for general purposes shall be 7 hours
@@ -2085,7 +2117,7 @@ Zone America/Creston	-7:46:04 -	LMT	1884
 #     3. This order comes into force January 1, 2007.
 #
 # * Interpretation Act, RSY 2002, c 125
-# http://www.canlii.org/en/yk/laws/stat/rsy-2002-c-125/latest/rsy-2002-c-125.html
+# https://www.canlii.org/en/yk/laws/stat/rsy-2002-c-125/latest/rsy-2002-c-125.html
 
 # From Rives McDow (1999-09-04):
 # Nunavut ... moved ... to incorporate the whole territory into one time zone.
@@ -2128,7 +2160,7 @@ Zone America/Creston	-7:46:04 -	LMT	1884
 
 # From Michaela Rodrigue, writing in the
 # Nunatsiaq News (1999-11-19):
-# http://www.nunatsiaq.com/archives/nunavut991130/nvt91119_17.html
+# http://www.nunatsiaqonline.ca/archives/nunavut991130/nvt91119_17.html
 # Clyde River, Pangnirtung and Sanikiluaq now operate with two time zones,
 # central - or Nunavut time - for government offices, and eastern time
 # for municipal offices and schools....  Igloolik [was similar but then]
@@ -2146,7 +2178,7 @@ Zone America/Creston	-7:46:04 -	LMT	1884
 # Central Time and Southampton Island [in the Central zone] is not
 # required to use daylight savings.
 
-# From 
+# From 
 # Nunavut now has two time zones (2000-11-10):
 # The Nunavut government would allow its employees in Kugluktuk and
 # Cambridge Bay to operate on central time year-round, putting them
@@ -2477,7 +2509,7 @@ Zone America/Dawson	-9:17:40 -	LMT	1900 Aug 20
 # http://gaceta.diputados.gob.mx/Gaceta/61/2009/dic/V2-101209.html
 #
 # Our page:
-# http://www.timeanddate.com/news/time/north-mexico-dst-change.html
+# https://www.timeanddate.com/news/time/north-mexico-dst-change.html
 
 # From Arthur David Olson (2010-01-20):
 # The page
@@ -2896,7 +2928,7 @@ Zone America/Costa_Rica	-5:36:13 -	LMT	1890        # San José
 # http://www.nnc.cubaweb.cu/marzo-2008/cien-1-11-3-08.htm
 #
 # Some more background information is posted here:
-# http://www.timeanddate.com/news/time/cuba-starts-dst-march-16.html
+# https://www.timeanddate.com/news/time/cuba-starts-dst-march-16.html
 #
 # The article also says that Cuba has been observing DST since 1963,
 # while Shanks (and tzdata) has 1965 as the first date (except in the
@@ -2943,7 +2975,7 @@ Zone America/Costa_Rica	-5:36:13 -	LMT	1890        # San José
 # http://granma.co.cu/2011/03/08/nacional/artic01.html
 #
 # Our info:
-# http://www.timeanddate.com/news/time/cuba-starts-dst-2011.html
+# https://www.timeanddate.com/news/time/cuba-starts-dst-2011.html
 #
 # From Steffen Thorsen (2011-10-30)
 # Cuba will end DST two weeks later this year. Instead of going back
@@ -2953,7 +2985,7 @@ Zone America/Costa_Rica	-5:36:13 -	LMT	1890        # San José
 # http://www.radioangulo.cu/noticias/cuba/17105-cuba-restablecera-el-horario-del-meridiano-de-greenwich.html
 #
 # Our page:
-# http://www.timeanddate.com/news/time/cuba-time-changes-2011.html
+# https://www.timeanddate.com/news/time/cuba-time-changes-2011.html
 #
 # From Steffen Thorsen (2012-03-01)
 # According to Radio Reloj, Cuba will start DST on Midnight between March
@@ -2963,7 +2995,7 @@ Zone America/Costa_Rica	-5:36:13 -	LMT	1890        # San José
 # http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril
 #
 # Our info on it:
-# http://www.timeanddate.com/news/time/cuba-starts-dst-2012.html
+# https://www.timeanddate.com/news/time/cuba-starts-dst-2012.html
 
 # From Steffen Thorsen (2012-11-03):
 # Radio Reloj and many other sources report that Cuba is changing back
@@ -3158,8 +3190,8 @@ Zone America/Guatemala	-6:02:04 -	LMT	1918 Oct 5
 # From Steffen Thorsen (2016-03-12):
 # Jean Antoine, editor of www.haiti-reference.com informed us that Haiti
 # are not going on DST this year.  Several other resources confirm this: ...
-# http://www.radiotelevisioncaraibes.com/presse/heure_d_t_pas_de_changement_d_heure_pr_vu_pour_cet_ann_e.html
-# http://www.vantbefinfo.com/changement-dheure-pas-pour-haiti/
+# https://www.radiotelevisioncaraibes.com/presse/heure_d_t_pas_de_changement_d_heure_pr_vu_pour_cet_ann_e.html
+# https://www.vantbefinfo.com/changement-dheure-pas-pour-haiti/
 # http://news.anmwe.com/haiti-lheure-nationale-ne-sera-ni-avancee-ni-reculee-cette-annee/
 
 # From Steffen Thorsen (2017-03-12):
@@ -3358,7 +3390,7 @@ Zone America/Miquelon	-3:44:40 -	LMT	1911 May 15 # St Pierre
 # Turks and Caicos
 #
 # From Chris Dunn in
-# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415007
+# https://bugs.debian.org/415007
 # (2007-03-15): In the Turks & Caicos Islands (America/Grand_Turk) the
 # daylight saving dates for time changes have been adjusted to match
 # the recent U.S. change of dates.
@@ -3380,12 +3412,25 @@ Zone America/Miquelon	-3:44:40 -	LMT	1911 May 15 # St Pierre
 # "permanent daylight saving time" by one year....
 # http://tcweeklynews.com/time-change-to-go-ahead-this-november-p5437-127.htm
 #
+# From the Turks & Caicos Cabinet (2017-07-20), heads-up from Steffen Thorsen:
+# ... agreed to the reintroduction in TCI of Daylight Saving Time (DST)
+# during the summer months and Standard Time, also known as Local
+# Time, during the winter months with effect from April 2018 ...
+# https://www.gov.uk/government/news/turks-and-caicos-post-cabinet-meeting-statement--3
+#
+# From Paul Eggert (2017-08-26):
+# The date of effect of the spring 2018 change appears to be March 11,
+# which makes more sense.  See: Hamilton D. Time change back
+# by March 2018 for TCI. Magnetic Media. 2017-08-25.
+# http://magneticmediatv.com/2017/08/time-change-back-by-march-2018-for-tci/
+#
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone America/Grand_Turk	-4:44:32 -	LMT	1890
 			-5:07:11 -	KMT	1912 Feb # Kingston Mean Time
 			-5:00	-	EST	1979
 			-5:00	US	E%sT	2015 Nov Sun>=1 2:00
-			-4:00	-	AST
+			-4:00	-	AST	2018 Mar 11 3:00
+			-5:00	US	E%sT
 
 # British Virgin Is
 # Virgin Is
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/southamerica b/jdk/test/sun/util/calendar/zi/tzdata/southamerica
index 44dbd95756..d15e8344db 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/southamerica
+++ b/jdk/test/sun/util/calendar/zi/tzdata/southamerica
@@ -45,7 +45,7 @@
 #
 # For data circa 1899, a common source is:
 # Milne J. Civil time. Geogr J. 1899 Feb;13(2):173-94.
-# http://www.jstor.org/stable/1774359
+# https://www.jstor.org/stable/1774359
 #
 # These tables use numeric abbreviations like -03 and -0330 for
 # integer hour and minute UTC offsets.  Although earlier editions used
@@ -288,8 +288,8 @@ Rule	Arg	2008	only	-	Oct	Sun>=15	0:00	1:00	S
 #
 # Es inminente que en San Luis atrasen una hora los relojes
 # (It is imminent in San Luis clocks one hour delay)
-# http://www.lagaceta.com.ar/nota/253414/Economia/Es-inminente-que-en-San-Luis-atrasen-una-hora-los-relojes.html
-# http://www.worldtimezone.net/dst_news/dst_news_argentina02.html
+# https://www.lagaceta.com.ar/nota/253414/Economia/Es-inminente-que-en-San-Luis-atrasen-una-hora-los-relojes.html
+# http://www.worldtimezone.com/dst_news/dst_news_argentina02.html
 
 # From Jesper Nørgaard Welen (2008-01-18):
 # The page of the San Luis provincial government
@@ -408,7 +408,7 @@ Rule	Arg	2008	only	-	Oct	Sun>=15	0:00	1:00	S
 # Perhaps San Luis operates on the legal fiction that it is at -04
 # with perpetual summer time, but ordinary usage typically seems to
 # just say it's at -03; see, for example,
-# http://es.wikipedia.org/wiki/Hora_oficial_argentina
+# https://es.wikipedia.org/wiki/Hora_oficial_argentina
 # We've documented similar situations as being plain changes to
 # standard time, so let's do that here too.  This does not change UTC
 # offsets, only tm_isdst and the time zone abbreviations.  One minor
@@ -739,7 +739,7 @@ Zone	America/La_Paz	-4:32:36 -	LMT	1890
 # (Portuguese)
 #
 # We have a written a short article about it as well:
-# http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html
+# https://www.timeanddate.com/news/time/brazil-dst-2008-2009.html
 #
 # From Alexander Krivenyshev (2011-10-04):
 # State Bahia will return to Daylight savings time this year after 8 years off.
@@ -748,7 +748,7 @@ Zone	America/La_Paz	-4:32:36 -	LMT	1890
 
 # In Portuguese:
 # http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html
-# http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html
+# https://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html
 
 # From Guilherme Bernardes Rodrigues (2011-10-07):
 # There is news in the media, however there is still no decree about it.
@@ -774,16 +774,16 @@ Zone	America/La_Paz	-4:32:36 -	LMT	1890
 
 # From Rodrigo Severo (2012-10-16):
 # Tocantins state will have DST.
-# http://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html
+# https://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html
 
 # From Steffen Thorsen (2013-09-20):
 # Tocantins in Brazil is very likely not to observe DST from October....
 # http://conexaoto.com.br/2013/09/18/ministerio-confirma-que-tocantins-esta-fora-do-horario-de-verao-em-2013-mas-falta-publicacao-de-decreto
 # We will keep this article updated when this is confirmed:
-# http://www.timeanddate.com/news/time/brazil-starts-dst-2013.html
+# https://www.timeanddate.com/news/time/brazil-starts-dst-2013.html
 
 # From Steffen Thorsen (2013-10-17):
-# http://www.timeanddate.com/news/time/acre-amazonas-change-time-zone.html
+# https://www.timeanddate.com/news/time/acre-amazonas-change-time-zone.html
 # Senator Jorge Viana announced that Acre will change time zone on November 10.
 # He did not specify the time of the change, nor if western parts of Amazonas
 # will change as well.
@@ -1099,18 +1099,18 @@ Zone America/Rio_Branco	-4:31:12 -	LMT	1914
 # the following source, cited by Oscar van Vlijmen (2006-10-08):
 # [1] Chile Law
 # http://www.webexhibits.org/daylightsaving/chile.html
-# This contains a copy of a this official table:
+# This contains a copy of this official table:
 # Cambios en la hora oficial de Chile desde 1900 (retrieved 2008-03-30)
-# http://web.archive.org/web/20080330200901/http://www.horaoficial.cl/cambio.htm
+# https://web.archive.org/web/20080330200901/http://www.horaoficial.cl/cambio.htm
 # [1] needs several corrections, though.
 #
 # The first set of corrections is from:
 # [2] History of the Official Time of Chile
 # http://www.horaoficial.cl/ing/horaof_ing.html (retrieved 2012-03-06).  See:
-# http://web.archive.org/web/20120306042032/http://www.horaoficial.cl/ing/horaof_ing.html
+# https://web.archive.org/web/20120306042032/http://www.horaoficial.cl/ing/horaof_ing.html
 # This is an English translation of:
 # Historia de la hora oficial de Chile (retrieved 2012-10-24).  See:
-# http://web.archive.org/web/20121024234627/http://www.horaoficial.cl/horaof.htm
+# https://web.archive.org/web/20121024234627/http://www.horaoficial.cl/horaof.htm
 # A fancier Spanish version (requiring mouse-clicking) is at:
 # http://www.horaoficial.cl/historia_hora.html
 # Conflicts between [1] and [2] were resolved as follows:
@@ -1386,10 +1386,10 @@ Link	America/Curacao	America/Kralendijk	# Caribbean Netherlands
 # Milne says the Central and South American Telegraph Company used -5:24:15.
 #
 # From Alois Treindl (2016-12-15):
-# http://www.elcomercio.com/actualidad/hora-sixto-1993.html
+# https://www.elcomercio.com/actualidad/hora-sixto-1993.html
 # ... Whether the law applied also to Galápagos, I do not know.
 # From Paul Eggert (2016-12-15):
-# http://www.elcomercio.com/afull/modificacion-husohorario-ecuador-presidentes-decreto.html
+# https://www.elcomercio.com/afull/modificacion-husohorario-ecuador-presidentes-decreto.html
 # This says President Sixto Durán Ballén signed decree No. 285, which
 # established DST from 1992-11-28 to 1993-02-05; it does not give transition
 # times.  The people called it "hora de Sixto" ("Sixto hour").  The change did
@@ -1801,7 +1801,7 @@ Zone America/Montevideo	-3:44:44 -	LMT	1898 Jun 28
 # hours of presidential broadcasts, hours of lines,' quipped comedian
 # Jean Mary Curró ...". See: Cawthorne A, Kai D. Venezuela scraps
 # half-hour time difference set by Chavez. Reuters 2016-04-15 14:50 -0400
-# http://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE
+# https://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE
 #
 # From Matt Johnson (2016-04-20):
 # ... published in the official Gazette [2016-04-18], here:
diff --git a/jdk/test/sun/util/calendar/zi/tzdata/zone.tab b/jdk/test/sun/util/calendar/zi/tzdata/zone.tab
index 8d6247d21a..b1a7f07724 100644
--- a/jdk/test/sun/util/calendar/zi/tzdata/zone.tab
+++ b/jdk/test/sun/util/calendar/zi/tzdata/zone.tab
@@ -209,7 +209,7 @@ GB	+513030-0000731	Europe/London
 GD	+1203-06145	America/Grenada
 GE	+4143+04449	Asia/Tbilisi
 GF	+0456-05220	America/Cayenne
-GG	+4927-00232	Europe/Guernsey
+GG	+492717-0023210	Europe/Guernsey
 GH	+0533-00013	Africa/Accra
 GI	+3608-00521	Europe/Gibraltar
 GL	+6411-05144	America/Godthab	Greenland (most areas)
@@ -244,7 +244,7 @@ IQ	+3321+04425	Asia/Baghdad
 IR	+3540+05126	Asia/Tehran
 IS	+6409-02151	Atlantic/Reykjavik
 IT	+4154+01229	Europe/Rome
-JE	+4912-00207	Europe/Jersey
+JE	+491101-0020624	Europe/Jersey
 JM	+175805-0764736	America/Jamaica
 JO	+3157+03556	Asia/Amman
 JP	+353916+1394441	Asia/Tokyo
diff --git a/make/CreateJmods.gmk b/make/CreateJmods.gmk
index 299198b900..c073631714 100644
--- a/make/CreateJmods.gmk
+++ b/make/CreateJmods.gmk
@@ -80,8 +80,8 @@ ifneq ($(MAN_DIR), )
 endif
 
 LEGAL_NOTICES := \
-    $(SUPPORT_OUTPUTDIR)/modules_legal/java.base \
-    $(call FindModuleLegalDirs, $(MODULE)) \
+    $(call uniq, $(SUPPORT_OUTPUTDIR)/modules_legal/java.base \
+    $(call FindModuleLegalDirs, $(MODULE))) \
     #
 
 LEGAL_NOTICES_PATH := $(call PathList, $(LEGAL_NOTICES))
diff --git a/make/SourceRevision.gmk b/make/SourceRevision.gmk
index a14b3ef0e2..2218b21c37 100644
--- a/make/SourceRevision.gmk
+++ b/make/SourceRevision.gmk
@@ -39,8 +39,6 @@ include MakeBase.gmk
 # revisions of all repos will be stored in a file in the top dir, which is then
 # used when creating the tracker file.
 
-STORED_SOURCE_REVISION := $(TOPDIR)/.src-rev
-
 # Are we using mercurial?
 ifneq ($(and $(HG), $(wildcard $(TOPDIR)/.hg)), )
 
@@ -108,7 +106,15 @@ else
 	$(call LogInfo, No mercurial configuration present$(COMMA) not updating .src-rev)
 
     $(SOURCE_REVISION_TRACKER): $(STORED_SOURCE_REVISION)
-	$(install-file)
+	$(call MakeDir, $(@D))
+	$(RM) $@
+        # Only include revisions for repos that are included in the current
+        # source set.
+	for r in `cat $<`; do \
+	  if [ -d "$(TOPDIR)/`$(ECHO) $$r | $(CUT) -d':' -f1`" ]; then \
+	    $(PRINTF) "$$r " >> $@; \
+	  fi; \
+	done
 
     create-source-revision-tracker: $(SOURCE_REVISION_TRACKER)
   else
diff --git a/make/common/MakeBase.gmk b/make/common/MakeBase.gmk
index ff8ced0fcf..6f7b31dea2 100644
--- a/make/common/MakeBase.gmk
+++ b/make/common/MakeBase.gmk
@@ -342,11 +342,25 @@ endif # HAS_FILE_FUNCTION
 # the build was created from
 SOURCE_REVISION_TRACKER := $(SUPPORT_OUTPUTDIR)/src-rev/source-revision-tracker
 
-# Locate all hg repositories included in the forest, as absolute paths
+# A cache of the mercurial information which can be dropped in the top of the
+# source tree for inclusion in a source bundle.
+STORED_SOURCE_REVISION := $(TOPDIR)/.src-rev
+
+# Locate all hg repositories included in the forest, as absolute paths. Use .hg
+# dirs if present, otherwise parse the .src-rev file and match dirs.
 FindAllReposAbs = \
-    $(strip $(sort $(dir $(filter-out $(SRC_ROOT)/build/%, $(wildcard \
-        $(addprefix $(SRC_ROOT)/, .hg */.hg */*/.hg */*/*/.hg) \
-    )))))
+    $(if $(and $(HG), $(wildcard $(TOPDIR)/.hg)), \
+      $(strip $(sort $(dir $(filter-out $(SRC_ROOT)/build/%, $(wildcard \
+      $(addprefix $(SRC_ROOT)/, .hg */.hg */*/.hg */*/*/.hg)))))) \
+      , \
+      $(if $(wildcard $(STORED_SOURCE_REVISION)), \
+        $(strip $(foreach r, $(call ReadFile, $(STORED_SOURCE_REVISION)), \
+          $(wildcard $(TOPDIR)/$(firstword $(subst :,$(SPACE),$r))/) \
+        )) \
+      , \
+        $(error No mercurial or .src-rev available, cannot list repositories) \
+      ) \
+    )
 
 # Locate all hg repositories included in the forest, as relative paths
 FindAllReposRel = \
diff --git a/make/common/Modules.gmk b/make/common/Modules.gmk
index 9bbcf6c8f5..a50528d1e0 100644
--- a/make/common/Modules.gmk
+++ b/make/common/Modules.gmk
@@ -397,8 +397,10 @@ LEGAL_SUBDIRS += share/legal
 # $1 - Module to find legal dirs for
 FindModuleLegalDirs = \
     $(strip $(wildcard \
-        $(addsuffix /$(strip $1), $(IMPORT_MODULES_LEGAL)) \
-        $(foreach sub, $(LEGAL_SUBDIRS), $(addsuffix /$(strip $1)/$(sub), $(TOP_SRC_DIRS)))))
+        $(addsuffix /$(strip $1), $(SUPPORT_OUTPUTDIR)/modules_legal \
+            $(IMPORT_MODULES_LEGAL)) \
+        $(foreach sub, $(LEGAL_SUBDIRS), $(addsuffix /$(strip $1)/$(sub), $(TOP_SRC_DIRS))) \
+    ))
 
 ################################################################################
 
diff --git a/nashorn/.hgtags b/nashorn/.hgtags
index e890681b0b..e80bc5568e 100644
--- a/nashorn/.hgtags
+++ b/nashorn/.hgtags
@@ -408,9 +408,32 @@ fc416270a776409b74006262dd0a9f5f5ff31555 jdk-9+171
 c8d6b740f0f7ec834b4157bf0d4523e8bbddb3f0 jdk-9+172
 fa8e4de50e821eed876388c84f7129a6739268be jdk-9+173
 7d4006eaa088848c4fa2ac4aef0ba9982f80752a jdk-9+174
+da6134f74952ac2467c6dce9858ca85f49afe249 jdk-9.0.1+00
+da6134f74952ac2467c6dce9858ca85f49afe249 jdk-9.0.3+00
 734b3209b6edeb57e482c97793ae9c066af72871 jdk-9+175
 3c6fbdf6e785aaf18d35ce9c6684369952fd22ec jdk-9+176
 aa7404e062b95f679018f25eaaf933dcf0cf3f2b jdk-9+177
 7497ad85759ff010f44344b553223d1647fb6eba jdk-9+178
 3adfb547e3e49e304ffc82d8c6489cb830b74d62 jdk-9+179
 bece58f762168a6615bd036626a572a647f6b507 jdk-9+180
+47f8d75b8765ff8410ebc89619e537321cc10c32 jdk-9+181
+160b0368637dbc7439b1e515912b83aed7727295 jdk-9.0.3+1
+4a0bf4d2a9742c1f4fe67de20441fd5388561bc0 jdk-9.0.3+2
+5b0b330f31388db8ee364cbe551faf39052adcc4 jdk-9.0.3+3
+562b0734e6c01ce4e40deb3bc9b2c63633255f9a jdk-9.0.3+4
+8e253b723296edd3a001b7b022cbbec3c35d3b8a jdk-9.0.3+5
+660535906fbc02fad96c383ab1808c5fcebf19f9 jdk-9.0.3+6
+7fc3775a6ddd390be19f528b22fce89676474dfe jdk-9.0.3+7
+851771ff97ee40524f38193652df414a98df3a38 jdk-9.0.3+8
+d0613935476046b1d8a477e1ebe63e3fb8e71feb jdk-9.0.3+9
+1ff851c4d8d5e36ddcf463f09f90efe2dd5b7535 jdk-9.0.1+10
+850264cdb6863f9dab53e5d707d49529fb45c575 jdk-9.0.1+11
+8793d38f6b7a4864cea92cee11ac0cc15f6a997e jdk-9.0.4+00
+9622aae5026e892f758373fa304e83ce309718fc jdk-9.0.4+1
+22fd41c5738df157bc17574701aa8c125c17229a jdk-9.0.4+2
+e9e145417513c0b637d7de54bf116310addcba20 jdk-9.0.4+3
+3d28936b7a993830d4f3db05b788bba36f743560 jdk-9.0.4+4
+e1d9469d009de541005b64d061bd32cc4934c16d jdk-9.0.4+5
+25ff3b91ed429c151176ec39130d5fb0b464de49 jdk-9.0.4+6
+d740ad072f20b7e35fbc35747acbabb361d71371 jdk-9.0.4+7
+a6c27a656a5267b64ce550f5c9602af5f0d7af2f jdk-9.0.4+8
diff --git a/nashorn/.jcheck/conf b/nashorn/.jcheck/conf
index 5c6f62dc12..9bd9e92741 100644
--- a/nashorn/.jcheck/conf
+++ b/nashorn/.jcheck/conf
@@ -1 +1,2 @@
 project=jdk9
+bugids=dup
diff --git a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/objects/NativeDataView.java b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/objects/NativeDataView.java
index 44d0606559..759c168bbb 100644
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/objects/NativeDataView.java
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/objects/NativeDataView.java
@@ -416,7 +416,7 @@ public class NativeDataView extends ScriptObject {
      * @return 32-bit unsigned int value at the byteOffset
      */
     @Function(attributes = Attribute.NOT_ENUMERABLE, arity = 1)
-    public static long getUint32(final Object self, final Object byteOffset, final Object littleEndian) {
+    public static double getUint32(final Object self, final Object byteOffset, final Object littleEndian) {
         try {
             return 0xFFFFFFFFL & getBuffer(self, littleEndian).getInt(JSType.toInt32(byteOffset));
         } catch (final IllegalArgumentException iae) {
@@ -432,7 +432,7 @@ public class NativeDataView extends ScriptObject {
      * @return 32-bit unsigned int value at the byteOffset
      */
     @SpecializedFunction
-    public static long getUint32(final Object self, final int byteOffset) {
+    public static double getUint32(final Object self, final int byteOffset) {
         try {
             return JSType.toUint32(getBuffer(self, false).getInt(JSType.toInt32(byteOffset)));
         } catch (final IllegalArgumentException iae) {
@@ -449,7 +449,7 @@ public class NativeDataView extends ScriptObject {
      * @return 32-bit unsigned int value at the byteOffset
      */
     @SpecializedFunction
-    public static long getUint32(final Object self, final int byteOffset, final boolean littleEndian) {
+    public static double getUint32(final Object self, final int byteOffset, final boolean littleEndian) {
         try {
             return JSType.toUint32(getBuffer(self, littleEndian).getInt(JSType.toInt32(byteOffset)));
         } catch (final IllegalArgumentException iae) {
@@ -837,9 +837,9 @@ public class NativeDataView extends ScriptObject {
      * @return undefined
      */
     @SpecializedFunction
-    public static Object setUint32(final Object self, final int byteOffset, final long value) {
+    public static Object setUint32(final Object self, final int byteOffset, final double value) {
         try {
-            getBuffer(self, false).putInt(byteOffset, (int)value);
+            getBuffer(self, false).putInt(byteOffset, (int) JSType.toUint32(value));
             return UNDEFINED;
         } catch (final IllegalArgumentException iae) {
             throw rangeError(iae, "dataview.offset");
@@ -856,9 +856,9 @@ public class NativeDataView extends ScriptObject {
      * @return undefined
      */
     @SpecializedFunction
-    public static Object setUint32(final Object self, final int byteOffset, final long value, final boolean littleEndian) {
+    public static Object setUint32(final Object self, final int byteOffset, final double value, final boolean littleEndian) {
         try {
-            getBuffer(self, littleEndian).putInt(byteOffset, (int)value);
+            getBuffer(self, littleEndian).putInt(byteOffset, (int) JSType.toUint32(value));
             return UNDEFINED;
         } catch (final IllegalArgumentException iae) {
             throw rangeError(iae, "dataview.offset");
diff --git a/nashorn/test/script/basic/JDK-8181191.js b/nashorn/test/script/basic/JDK-8181191.js
new file mode 100644
index 0000000000..4f4ef496d1
--- /dev/null
+++ b/nashorn/test/script/basic/JDK-8181191.js
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ * 
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ * 
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ * 
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8181191: getUint32 returning Long
+ *
+ * @test
+ * @run
+ */
+
+
+function uint32(x) {
+    var buffer = new ArrayBuffer(16);
+    var dataview = new DataView(buffer);
+    dataview.setUint32(0, x);
+    return dataview.getUint32(0);
+}
+
+Assert.assertTrue(typeof uint32(0x7f) === 'number');
+Assert.assertTrue(typeof uint32(0x80) === 'number');
+Assert.assertTrue(typeof uint32(0xffffffff) === 'number');
+Assert.assertTrue(typeof uint32(0x100000000) === 'number');
+
+Assert.assertTrue(uint32(0x7f) === 0x7f);
+Assert.assertTrue(uint32(0x80) === 0x80);
+Assert.assertTrue(uint32(0xffffffff) === 0xffffffff);
+Assert.assertTrue(uint32(0x100000000) === 0x0);
+
+Assert.assertTrue(uint32(0x7f) === uint32(0x7f));
+Assert.assertTrue(uint32(0x80) === uint32(0x80));
+Assert.assertTrue(uint32(0xffffffff) === uint32(0xffffffff));
+Assert.assertTrue(uint32(0x100000000) === uint32(0x100000000));