diff -Nru openjdk-8-8u191-b12/debian/changelog openjdk-8-8u191-b12/debian/changelog --- openjdk-8-8u191-b12/debian/changelog 2018-11-20 01:07:58.000000000 +0000 +++ openjdk-8-8u191-b12/debian/changelog 2019-01-14 21:02:00.000000000 +0000 @@ -1,12 +1,50 @@ -openjdk-8 (8u191-b12-0ubuntu0.16.04.1) xenial-security; urgency=medium +openjdk-8 (8u191-b12-2ubuntu0.16.04.1) xenial-security; urgency=medium - * Backport from Cosmic. + * Backport from Disco. + * debian/control: regenerated. - -- Tiago Stürmer Daitx Tue, 20 Nov 2018 01:07:58 +0000 + -- Tiago Stürmer Daitx Mon, 14 Jan 2019 21:02:00 +0000 -openjdk-8 (8u191-b12-0ubuntu0.18.10.1) cosmic-security; urgency=medium +openjdk-8 (8u191-b12-2ubuntu0.19.04.1) disco; urgency=medium - * Update to 8u191-b12. (Closes: #911925, LP: #1800792) + * Apply 11.0.2 security patches. + * Security fixes: + - CVE-2019-2422, S8206290: Better FileChannel transfer performance. + - CVE-2019-2426, S8209094: Improve web server connections. + - S8199156: Better route routing. + - S8199552: Update to build scripts. + - S8200659: Improve BigDecimal support. + - S8203955: Improve robot support. + - S8204895: Better icon support. + - S8205709: Proper allocation handling. + - S8205714: Initial class initialization. + - S8210094: Better loading of classloader classes. + - S8210606: Improved data set handling. + - S8210866: Improve JPEG processing. + * Update DEP8 tests: + - debian/tests/control: updated to allow stderr output and to remove + dpkg-dev dependency. + - debian/tests/jtdiff-autopkgtest.sh: use dpkg --print-architecture + instead of dpkg-architecture; log script name on any output. + - debian/tests/jtreg-autopkgtest.in: use dpkg --print-architecture instead + of dpkg-architecture; do not retain test temporary files; log script + name on any output. + - debian/tests/jtreg-autopkgtest.sh: regenerated. + * debian/patches/jdk-8u192-S8202261.patch: RandomAccessFile::setLength will + not shrink sparse files. (LP: #1811324) + + -- Tiago Stürmer Daitx Mon, 14 Jan 2019 04:14:40 +0000 + +openjdk-8 (8u191-b12-2) unstable; urgency=high + + * Upload to unstable. + * Remove the "Team upload" for the last upload to experimental. + + -- Matthias Klose Wed, 05 Dec 2018 09:06:06 +0100 + +openjdk-8 (8u191-b12-1) experimental; urgency=medium + + * Update to 8u191-b12. (Closes: #911925, Closes: #912333, LP: #1800792) * debian/excludelist.jdk.jtx: no longer needed, using ProblemsList.txt from upstream now. * debian/excludelist.langtools.jtx: upstream testing does not use any @@ -40,14 +78,9 @@ -- Tiago Stürmer Daitx Mon, 19 Nov 2018 11:02:46 +0000 -openjdk-8 (8u181-b13-1ubuntu0.16.04.1) xenial-security; urgency=medium - - * Backport from Cosmic. - - -- Tiago Stürmer Daitx Mon, 22 Oct 2018 17:29:08 +0000 - -openjdk-8 (8u181-b13-1ubuntu0.18.10.1) cosmic-security; urgency=medium +openjdk-8 (8u181-b13-2) unstable; urgency=high + [ Tiago Stürmer Daitx ] * Apply patches from 8u191-b12 security update. - CVE-2018-3136, S8194534: Manifest better support. - CVE-2018-3139, S8196902: Better HTTP Redirection. @@ -66,7 +99,10 @@ a memory leak; upstream fixed it in openjdk-7, albeit in a different way. Closes: #910672. - -- Tiago Stürmer Daitx Mon, 22 Oct 2018 17:25:20 +0000 + [ Matthias Klose ] + * Bump standards version. + + -- Matthias Klose Sun, 21 Oct 2018 12:23:32 +0200 openjdk-8 (8u181-b13-1) unstable; urgency=high diff -Nru openjdk-8-8u191-b12/debian/control openjdk-8-8u191-b12/debian/control --- openjdk-8-8u191-b12/debian/control 2018-11-20 01:07:58.000000000 +0000 +++ openjdk-8-8u191-b12/debian/control 2019-01-14 21:02:00.000000000 +0000 @@ -17,7 +17,7 @@ zlib1g-dev, libattr1-dev, libpng-dev, libjpeg-dev, libgif-dev, libpulse-dev (>= 0.9.12) [!alpha], systemtap-sdt-dev [!sh4], libnss3-dev (>= 2:3.17.1), openjdk-8-jdk-headless , dpkg-dev (>= 1.17.14), -Standards-Version: 4.1.5 +Standards-Version: 4.2.1 Homepage: http://openjdk.java.net/ Vcs-Bzr: http://bazaar.launchpad.net/~openjdk/openjdk/openjdk8 Vcs-Browser: https://code.launchpad.net/~openjdk/openjdk/openjdk8 diff -Nru openjdk-8-8u191-b12/debian/control.in openjdk-8-8u191-b12/debian/control.in --- openjdk-8-8u191-b12/debian/control.in 2018-11-06 19:31:22.000000000 +0000 +++ openjdk-8-8u191-b12/debian/control.in 2019-01-14 04:35:29.000000000 +0000 @@ -17,7 +17,7 @@ @bd_syslibs@ @bd_pulsejava@ @bd_systemtap@ @bd_nss@ @bd_cross@ -Standards-Version: 4.1.5 +Standards-Version: 4.2.1 Homepage: http://openjdk.java.net/ Vcs-Bzr: http://bazaar.launchpad.net/~openjdk/openjdk/openjdk8 Vcs-Browser: https://code.launchpad.net/~openjdk/openjdk/openjdk8 diff -Nru openjdk-8-8u191-b12/debian/patches/jdk-8u192-S8202261.patch openjdk-8-8u191-b12/debian/patches/jdk-8u192-S8202261.patch --- openjdk-8-8u191-b12/debian/patches/jdk-8u192-S8202261.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/jdk-8u192-S8202261.patch 2019-01-14 20:01:12.000000000 +0000 @@ -0,0 +1,527 @@ + +# HG changeset patch +# User robm +# Date 1538773502 25200 +# Node ID a2361ab40be82f93904766d7e0c352dabf147913 +# Parent fd78f7e83f3f1ce7d363b681b97583138218afcb +8202261: (fc) FileChannel.map and RandomAccessFile.setLength should not preallocate space +Reviewed-by: coffeys + +diff -r fd78f7e83f3f -r a2361ab40be8 make/mapfiles/libnio/mapfile-linux +--- openjdk/jdk/make/mapfiles/libnio/mapfile-linux Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/make/mapfiles/libnio/mapfile-linux Fri Oct 05 14:05:02 2018 -0700 +@@ -56,12 +56,11 @@ + Java_sun_nio_ch_FileChannelImpl_close0; + Java_sun_nio_ch_FileChannelImpl_initIDs; + Java_sun_nio_ch_FileChannelImpl_map0; +- Java_sun_nio_ch_FileChannelImpl_position0; + Java_sun_nio_ch_FileChannelImpl_transferTo0; + Java_sun_nio_ch_FileChannelImpl_unmap0; +- Java_sun_nio_ch_FileDispatcherImpl_allocate0; + Java_sun_nio_ch_FileDispatcherImpl_close0; + Java_sun_nio_ch_FileDispatcherImpl_closeIntFD; ++ Java_sun_nio_ch_FileDispatcherImpl_seek0; + Java_sun_nio_ch_FileDispatcherImpl_force0; + Java_sun_nio_ch_FileDispatcherImpl_init; + Java_sun_nio_ch_FileDispatcherImpl_lock0; +diff -r fd78f7e83f3f -r a2361ab40be8 make/mapfiles/libnio/mapfile-macosx +--- openjdk/jdk/make/mapfiles/libnio/mapfile-macosx Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/make/mapfiles/libnio/mapfile-macosx Fri Oct 05 14:05:02 2018 -0700 +@@ -39,12 +39,11 @@ + Java_sun_nio_ch_FileChannelImpl_close0; + Java_sun_nio_ch_FileChannelImpl_initIDs; + Java_sun_nio_ch_FileChannelImpl_map0; +- Java_sun_nio_ch_FileChannelImpl_position0; + Java_sun_nio_ch_FileChannelImpl_transferTo0; + Java_sun_nio_ch_FileChannelImpl_unmap0; +- Java_sun_nio_ch_FileDispatcherImpl_allocate0; + Java_sun_nio_ch_FileDispatcherImpl_close0; + Java_sun_nio_ch_FileDispatcherImpl_closeIntFD; ++ Java_sun_nio_ch_FileDispatcherImpl_seek0; + Java_sun_nio_ch_FileDispatcherImpl_force0; + Java_sun_nio_ch_FileDispatcherImpl_init; + Java_sun_nio_ch_FileDispatcherImpl_lock0; +diff -r fd78f7e83f3f -r a2361ab40be8 make/mapfiles/libnio/mapfile-solaris +--- openjdk/jdk/make/mapfiles/libnio/mapfile-solaris Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/make/mapfiles/libnio/mapfile-solaris Fri Oct 05 14:05:02 2018 -0700 +@@ -44,12 +44,11 @@ + Java_sun_nio_ch_FileChannelImpl_close0; + Java_sun_nio_ch_FileChannelImpl_initIDs; + Java_sun_nio_ch_FileChannelImpl_map0; +- Java_sun_nio_ch_FileChannelImpl_position0; + Java_sun_nio_ch_FileChannelImpl_transferTo0; + Java_sun_nio_ch_FileChannelImpl_unmap0; +- Java_sun_nio_ch_FileDispatcherImpl_allocate0; + Java_sun_nio_ch_FileDispatcherImpl_close0; + Java_sun_nio_ch_FileDispatcherImpl_closeIntFD; ++ Java_sun_nio_ch_FileDispatcherImpl_seek0; + Java_sun_nio_ch_FileDispatcherImpl_force0; + Java_sun_nio_ch_FileDispatcherImpl_init; + Java_sun_nio_ch_FileDispatcherImpl_lock0; +diff -r fd78f7e83f3f -r a2361ab40be8 src/share/classes/sun/nio/ch/FileChannelImpl.java +--- openjdk/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java Fri Oct 05 14:05:02 2018 -0700 +@@ -261,7 +261,7 @@ + return 0; + do { + // in append-mode then position is advanced to end before writing +- p = (append) ? nd.size(fd) : position0(fd, -1); ++ p = (append) ? nd.size(fd) : nd.seek(fd, -1); + } while ((p == IOStatus.INTERRUPTED) && isOpen()); + return IOStatus.normalize(p); + } finally { +@@ -285,7 +285,7 @@ + if (!isOpen()) + return null; + do { +- p = position0(fd, newPosition); ++ p = nd.seek(fd, newPosition); + } while ((p == IOStatus.INTERRUPTED) && isOpen()); + return this; + } finally { +@@ -345,7 +345,7 @@ + + // get current position + do { +- p = position0(fd, -1); ++ p = nd.seek(fd, -1); + } while ((p == IOStatus.INTERRUPTED) && isOpen()); + if (!isOpen()) + return null; +@@ -364,7 +364,7 @@ + if (p > newSize) + p = newSize; + do { +- rp = position0(fd, p); ++ rp = nd.seek(fd, p); + } while ((rp == IOStatus.INTERRUPTED) && isOpen()); + return this; + } finally { +@@ -906,7 +906,7 @@ + } + int rv; + do { +- rv = nd.allocate(fd, position + size); ++ rv = nd.truncate(fd, position + size); + } while ((rv == IOStatus.INTERRUPTED) && isOpen()); + if (!isOpen()) + return null; +@@ -1217,11 +1217,6 @@ + private native long transferTo0(FileDescriptor src, long position, + long count, FileDescriptor dst); + +- // Sets or reports this file's position +- // If offset is -1, the current position is returned +- // otherwise the position is set to offset +- private native long position0(FileDescriptor fd, long offset); +- + // Caches fieldIDs + private static native long initIDs(); + +diff -r fd78f7e83f3f -r a2361ab40be8 src/share/classes/sun/nio/ch/FileDispatcher.java +--- openjdk/jdk/src/share/classes/sun/nio/ch/FileDispatcher.java Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/share/classes/sun/nio/ch/FileDispatcher.java Fri Oct 05 14:05:02 2018 -0700 +@@ -36,12 +36,17 @@ + public static final int RET_EX_LOCK = 1; // Obtained exclusive lock + public static final int INTERRUPTED = 2; // Request interrupted + ++ /** ++ * Sets or reports this file's position ++ * If offset is -1, the current position is returned ++ * otherwise the position is set to offset. ++ */ ++ abstract long seek(FileDescriptor fd, long offset) throws IOException; ++ + abstract int force(FileDescriptor fd, boolean metaData) throws IOException; + + abstract int truncate(FileDescriptor fd, long size) throws IOException; + +- abstract int allocate(FileDescriptor fd, long size) throws IOException; +- + abstract long size(FileDescriptor fd) throws IOException; + + abstract int lock(FileDescriptor fd, boolean blocking, long pos, long size, +diff -r fd78f7e83f3f -r a2361ab40be8 src/solaris/classes/sun/nio/ch/FileDispatcherImpl.java +--- openjdk/jdk/src/solaris/classes/sun/nio/ch/FileDispatcherImpl.java Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/solaris/classes/sun/nio/ch/FileDispatcherImpl.java Fri Oct 05 14:05:02 2018 -0700 +@@ -72,6 +72,10 @@ + return writev0(fd, address, len); + } + ++ long seek(FileDescriptor fd, long offset) throws IOException { ++ return seek0(fd, offset); ++ } ++ + int force(FileDescriptor fd, boolean metaData) throws IOException { + return force0(fd, metaData); + } +@@ -80,10 +84,6 @@ + return truncate0(fd, size); + } + +- int allocate(FileDescriptor fd, long size) throws IOException { +- return allocate0(fd, size); +- } +- + long size(FileDescriptor fd) throws IOException { + return size0(fd); + } +@@ -143,10 +143,10 @@ + static native int force0(FileDescriptor fd, boolean metaData) + throws IOException; + +- static native int truncate0(FileDescriptor fd, long size) ++ static native long seek0(FileDescriptor fd, long size) + throws IOException; + +- static native int allocate0(FileDescriptor fd, long size) ++ static native int truncate0(FileDescriptor fd, long size) + throws IOException; + + static native long size0(FileDescriptor fd) throws IOException; +diff -r fd78f7e83f3f -r a2361ab40be8 src/solaris/native/java/io/io_util_md.c +--- openjdk/jdk/src/solaris/native/java/io/io_util_md.c Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/solaris/native/java/io/io_util_md.c Fri Oct 05 14:05:02 2018 -0700 +@@ -212,25 +212,6 @@ + handleSetLength(FD fd, jlong length) + { + int result; +-#if defined(__linux__) +- /* +- * On Linux, if the file size is being increased, then ftruncate64() +- * will modify the metadata value of the size without actually allocating +- * any blocks which can cause a SIGBUS error if the file is subsequently +- * memory-mapped. +- */ +- struct stat64 sb; +- +- if (fstat64(fd, &sb) == 0 && length > sb.st_blocks*512) { +- RESTARTABLE(posix_fallocate(fd, 0, length), result); +- // Return on success or if errno is neither EOPNOTSUPP nor ENOSYS +- if (result == 0) { +- return 0; +- } else if (errno != EOPNOTSUPP && errno != ENOSYS) { +- return result; +- } +- } +-#endif + RESTARTABLE(ftruncate64(fd, length), result); + return result; + } +diff -r fd78f7e83f3f -r a2361ab40be8 src/solaris/native/sun/nio/ch/FileChannelImpl.c +--- openjdk/jdk/src/solaris/native/sun/nio/ch/FileChannelImpl.c Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/solaris/native/sun/nio/ch/FileChannelImpl.c Fri Oct 05 14:05:02 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,26 +23,17 @@ + * questions. + */ + +-#include "jni.h" +-#include "jni_util.h" +-#include "jvm.h" +-#include "jvm_md.h" +-#include "jlong.h" + #include + #include + #include +-#include "sun_nio_ch_FileChannelImpl.h" +-#include "java_lang_Integer.h" +-#include "nio.h" +-#include "nio_util.h" +-#include ++#include ++#include + + #if defined(__linux__) || defined(__solaris__) + #include + #elif defined(_AIX) + #include + #elif defined(_ALLBSD_SOURCE) +-#include + #include + #include + +@@ -50,6 +41,14 @@ + #define mmap64 mmap + #endif + ++#include "jni.h" ++#include "jni_util.h" ++#include "jlong.h" ++#include "nio.h" ++#include "nio_util.h" ++#include "sun_nio_ch_FileChannelImpl.h" ++#include "java_lang_Integer.h" ++ + static jfieldID chan_fd; /* jobject 'fd' in sun.io.FileChannelImpl */ + + JNIEXPORT jlong JNICALL +@@ -124,22 +123,6 @@ + } + + +-JNIEXPORT jlong JNICALL +-Java_sun_nio_ch_FileChannelImpl_position0(JNIEnv *env, jobject this, +- jobject fdo, jlong offset) +-{ +- jint fd = fdval(env, fdo); +- jlong result = 0; +- +- if (offset < 0) { +- result = lseek64(fd, 0, SEEK_CUR); +- } else { +- result = lseek64(fd, offset, SEEK_SET); +- } +- return handle(env, result, "Position failed"); +-} +- +- + JNIEXPORT void JNICALL + Java_sun_nio_ch_FileChannelImpl_close0(JNIEnv *env, jobject this, jobject fdo) + { +diff -r fd78f7e83f3f -r a2361ab40be8 src/solaris/native/sun/nio/ch/FileDispatcherImpl.c +--- openjdk/jdk/src/solaris/native/sun/nio/ch/FileDispatcherImpl.c Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/solaris/native/sun/nio/ch/FileDispatcherImpl.c Fri Oct 05 14:05:02 2018 -0700 +@@ -27,25 +27,19 @@ + #define _FILE_OFFSET_BITS 64 + #endif + +-#include "jni.h" +-#include "jni_util.h" +-#include "jvm.h" +-#include "jlong.h" +-#include "sun_nio_ch_FileDispatcherImpl.h" +-#include "java_lang_Long.h" + #include + #include + #include + #include + #include ++#include + #if defined(__linux__) + #include + #include + #endif +-#include "nio.h" +-#include "nio_util.h" + +-#ifdef _ALLBSD_SOURCE ++#if defined(_ALLBSD_SOURCE) ++#define lseek64 lseek + #define stat64 stat + #define flock64 flock + #define off64_t off_t +@@ -60,6 +54,15 @@ + #define fdatasync fsync + #endif + ++#include "jni.h" ++#include "jni_util.h" ++#include "jvm.h" ++#include "jlong.h" ++#include "nio.h" ++#include "nio_util.h" ++#include "sun_nio_ch_FileDispatcherImpl.h" ++#include "java_lang_Long.h" ++ + static int preCloseFD = -1; /* File descriptor to which we dup other fd's + before closing them for real */ + +@@ -145,6 +148,20 @@ + return IOS_THROWN; + } + ++JNIEXPORT jlong JNICALL ++Java_sun_nio_ch_FileDispatcherImpl_seek0(JNIEnv *env, jclass clazz, ++ jobject fdo, jlong offset) ++{ ++ jint fd = fdval(env, fdo); ++ off64_t result; ++ if (offset < 0) { ++ result = lseek64(fd, 0, SEEK_CUR); ++ } else { ++ result = lseek64(fd, offset, SEEK_SET); ++ } ++ return handle(env, (jlong)result, "lseek64 failed"); ++} ++ + JNIEXPORT jint JNICALL + Java_sun_nio_ch_FileDispatcherImpl_force0(JNIEnv *env, jobject this, + jobject fdo, jboolean md) +@@ -182,30 +199,6 @@ + "Truncation failed"); + } + +-JNIEXPORT jint JNICALL +-Java_sun_nio_ch_FileDispatcherImpl_allocate0(JNIEnv *env, jobject this, +- jobject fdo, jlong size) +-{ +-#if defined(__linux__) +- /* +- * On Linux, if the file size is being increased, then ftruncate64() +- * will modify the metadata value of the size without actually allocating +- * any blocks which can cause a SIGBUS error if the file is subsequently +- * memory-mapped. +- */ +- // Return on success or if errno is neither EOPNOTSUPP nor ENOSYS +- int result = posix_fallocate(fdval(env, fdo), 0, size); +- if (result == 0) { +- return 0; +- } else if (errno != EOPNOTSUPP && errno != ENOSYS) { +- return handle(env, result, "Allocation failed"); +- } +-#endif +- return handle(env, +- ftruncate64(fdval(env, fdo), size), +- "Truncation failed"); +-} +- + JNIEXPORT jlong JNICALL + Java_sun_nio_ch_FileDispatcherImpl_size0(JNIEnv *env, jobject this, jobject fdo) + { +diff -r fd78f7e83f3f -r a2361ab40be8 src/windows/classes/sun/nio/ch/FileDispatcherImpl.java +--- openjdk/jdk/src/windows/classes/sun/nio/ch/FileDispatcherImpl.java Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/windows/classes/sun/nio/ch/FileDispatcherImpl.java Fri Oct 05 14:05:02 2018 -0700 +@@ -85,6 +85,10 @@ + return writev0(fd, address, len, append); + } + ++ long seek(FileDescriptor fd, long offset) throws IOException { ++ return seek0(fd, offset); ++ } ++ + int force(FileDescriptor fd, boolean metaData) throws IOException { + return force0(fd, metaData); + } +@@ -93,11 +97,6 @@ + return truncate0(fd, size); + } + +- int allocate(FileDescriptor fd, long size) throws IOException { +- // truncate0() works for extending and truncating file size +- return truncate0(fd, size); +- } +- + long size(FileDescriptor fd) throws IOException { + return size0(fd); + } +@@ -176,6 +175,8 @@ + static native long writev0(FileDescriptor fd, long address, int len, boolean append) + throws IOException; + ++ static native long seek0(FileDescriptor fd, long offset) throws IOException; ++ + static native int force0(FileDescriptor fd, boolean metaData) + throws IOException; + +diff -r fd78f7e83f3f -r a2361ab40be8 src/windows/native/sun/nio/ch/FileChannelImpl.c +--- openjdk/jdk/src/windows/native/sun/nio/ch/FileChannelImpl.c Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/windows/native/sun/nio/ch/FileChannelImpl.c Fri Oct 05 14:05:02 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -140,30 +140,6 @@ + return 0; + } + +-JNIEXPORT jlong JNICALL +-Java_sun_nio_ch_FileChannelImpl_position0(JNIEnv *env, jobject this, +- jobject fdo, jlong offset) +-{ +- DWORD lowPos = 0; +- long highPos = 0; +- HANDLE h = (HANDLE)(handleval(env, fdo)); +- +- if (offset < 0) { +- lowPos = SetFilePointer(h, 0, &highPos, FILE_CURRENT); +- } else { +- lowPos = (DWORD)offset; +- highPos = (long)(offset >> 32); +- lowPos = SetFilePointer(h, lowPos, &highPos, FILE_BEGIN); +- } +- if (lowPos == ((DWORD)-1)) { +- if (GetLastError() != ERROR_SUCCESS) { +- JNU_ThrowIOExceptionWithLastError(env, "Seek failed"); +- return IOS_THROWN; +- } +- } +- return (((jlong)highPos) << 32) | lowPos; +-} +- + JNIEXPORT void JNICALL + Java_sun_nio_ch_FileChannelImpl_close0(JNIEnv *env, jobject this, jobject fdo) + { +@@ -184,14 +160,17 @@ + { + const int PACKET_SIZE = 524288; + ++ LARGE_INTEGER where; + HANDLE src = (HANDLE)(handleval(env, srcFD)); + SOCKET dst = (SOCKET)(fdval(env, dstFD)); + DWORD chunkSize = (count > java_lang_Integer_MAX_VALUE) ? + java_lang_Integer_MAX_VALUE : (DWORD)count; +- BOOL result = 0; ++ BOOL result; + +- jlong pos = Java_sun_nio_ch_FileChannelImpl_position0(env, this, srcFD, position); +- if (pos == IOS_THROWN) { ++ where.QuadPart = position; ++ result = SetFilePointerEx(src, where, &where, FILE_BEGIN); ++ if (result == 0) { ++ JNU_ThrowIOExceptionWithLastError(env, "SetFilePointerEx failed"); + return IOS_THROWN; + } + +diff -r fd78f7e83f3f -r a2361ab40be8 src/windows/native/sun/nio/ch/FileDispatcherImpl.c +--- openjdk/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c Sun Jun 01 11:54:04 2014 -0400 ++++ openjdk/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c Fri Oct 05 14:05:02 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -315,6 +315,31 @@ + return convertReturnVal(env, (jint)written, JNI_FALSE); + } + ++JNIEXPORT jlong JNICALL ++Java_sun_nio_ch_FileDispatcherImpl_seek0(JNIEnv *env, jclass clazz, ++ jobject fdo, jlong offset) ++{ ++ BOOL result = 0; ++ HANDLE h = (HANDLE)(handleval(env, fdo)); ++ LARGE_INTEGER where; ++ DWORD whence; ++ ++ if (offset < 0) { ++ where.QuadPart = 0; ++ whence = FILE_CURRENT; ++ } else { ++ where.QuadPart = offset; ++ whence = FILE_BEGIN; ++ } ++ ++ result = SetFilePointerEx(h, where, &where, whence); ++ if (result == 0) { ++ JNU_ThrowIOExceptionWithLastError(env, "SetFilePointerEx failed"); ++ return IOS_THROWN; ++ } ++ return (jlong)where.QuadPart; ++} ++ + JNIEXPORT jint JNICALL + Java_sun_nio_ch_FileDispatcherImpl_force0(JNIEnv *env, jobject this, + jobject fdo, jboolean md) + diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8199156-jdk.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8199156-jdk.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8199156-jdk.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8199156-jdk.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,21 @@ +# HG changeset patch +# User igerasim +# Date 1534360336 25200 +# Wed Aug 15 12:12:16 2018 -0700 +# Node ID b965edac64adde5831d1aa082e96add4b163d7ea +# Parent d3a211e0cceda2ff5ed755a612d97110ac0d0cb5 +8199156: Better route routing +Reviewed-by: igerasim, mschoene, michaelm, rhalade + +diff -r d3a211e0cced -r b965edac64ad src/solaris/native/java/net/net_util_md.c +--- openjdk/jdk/src/solaris/native/java/net/net_util_md.c Fri Aug 10 13:23:09 2018 +0100 ++++ openjdk/jdk/src/solaris/native/java/net/net_util_md.c Wed Aug 15 12:12:16 2018 -0700 +@@ -606,6 +606,8 @@ + + if (loRoutesTemp == 0) { + free(loRoutes); ++ loRoutes = NULL; ++ nRoutes = 0; + fclose (f); + return; + } diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8200659-jdk.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8200659-jdk.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8200659-jdk.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8200659-jdk.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,620 @@ +# HG changeset patch +# User igerasim +# Date 1539145891 25200 +# Tue Oct 09 21:31:31 2018 -0700 +# Node ID fbc886dd68cc0e2d877406f73a24bd332bf78244 +# Parent 2369004fc551f3048d7f1dff97a8f7497153cb16 +8200659: Improve BigDecimal support +Reviewed-by: darcy, rhalade, mschoene + +diff -r 2369004fc551 -r fbc886dd68cc src/share/classes/java/math/BigDecimal.java +--- openjdk/jdk/src/share/classes/java/math/BigDecimal.java Tue Oct 09 16:01:35 2018 -0700 ++++ openjdk/jdk/src/share/classes/java/math/BigDecimal.java Tue Oct 09 21:31:31 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -29,8 +29,8 @@ + + package java.math; + ++import static java.math.BigInteger.LONG_MASK; + import java.util.Arrays; +-import static java.math.BigInteger.LONG_MASK; + + /** + * Immutable, arbitrary-precision signed decimal numbers. A +@@ -407,9 +407,12 @@ + * @since 1.5 + */ + public BigDecimal(char[] in, int offset, int len, MathContext mc) { +- // protect against huge length. +- if (offset + len > in.length || offset < 0) +- throw new NumberFormatException("Bad offset or len arguments for char[] input."); ++ // protect against huge length, negative values, and integer overflow ++ if ((in.length | len | offset) < 0 || len > in.length - offset) { ++ throw new NumberFormatException ++ ("Bad offset or len arguments for char[] input."); ++ } ++ + // This is the primary string to BigDecimal constructor; all + // incoming strings end up here; it uses explicit (inline) + // parsing for speed and generates at most one intermediate +diff -r 2369004fc551 -r fbc886dd68cc src/share/classes/java/math/BigInteger.java +--- openjdk/jdk/src/share/classes/java/math/BigInteger.java Tue Oct 09 16:01:35 2018 -0700 ++++ openjdk/jdk/src/share/classes/java/math/BigInteger.java Tue Oct 09 21:31:31 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -1161,6 +1161,14 @@ + private static final double LOG_TWO = Math.log(2.0); + + static { ++ assert 0 < KARATSUBA_THRESHOLD ++ && KARATSUBA_THRESHOLD < TOOM_COOK_THRESHOLD ++ && TOOM_COOK_THRESHOLD < Integer.MAX_VALUE ++ && 0 < KARATSUBA_SQUARE_THRESHOLD ++ && KARATSUBA_SQUARE_THRESHOLD < TOOM_COOK_SQUARE_THRESHOLD ++ && TOOM_COOK_SQUARE_THRESHOLD < Integer.MAX_VALUE : ++ "Algorithm thresholds are inconsistent"; ++ + for (int i = 1; i <= MAX_CONSTANT; i++) { + int[] magnitude = new int[1]; + magnitude[0] = i; +@@ -1482,6 +1490,18 @@ + * @return {@code this * val} + */ + public BigInteger multiply(BigInteger val) { ++ return multiply(val, false); ++ } ++ ++ /** ++ * Returns a BigInteger whose value is {@code (this * val)}. If ++ * the invocation is recursive certain overflow checks are skipped. ++ * ++ * @param val value to be multiplied by this BigInteger. ++ * @param isRecursion whether this is a recursive invocation ++ * @return {@code this * val} ++ */ ++ private BigInteger multiply(BigInteger val, boolean isRecursion) { + if (val.signum == 0 || signum == 0) + return ZERO; + +@@ -1509,6 +1529,63 @@ + if ((xlen < TOOM_COOK_THRESHOLD) && (ylen < TOOM_COOK_THRESHOLD)) { + return multiplyKaratsuba(this, val); + } else { ++ // ++ // In "Hacker's Delight" section 2-13, p.33, it is explained ++ // that if x and y are unsigned 32-bit quantities and m and n ++ // are their respective numbers of leading zeros within 32 bits, ++ // then the number of leading zeros within their product as a ++ // 64-bit unsigned quantity is either m + n or m + n + 1. If ++ // their product is not to overflow, it cannot exceed 32 bits, ++ // and so the number of leading zeros of the product within 64 ++ // bits must be at least 32, i.e., the leftmost set bit is at ++ // zero-relative position 31 or less. ++ // ++ // From the above there are three cases: ++ // ++ // m + n leftmost set bit condition ++ // ----- ---------------- --------- ++ // >= 32 x <= 64 - 32 = 32 no overflow ++ // == 31 x >= 64 - 32 = 32 possible overflow ++ // <= 30 x >= 64 - 31 = 33 definite overflow ++ // ++ // The "possible overflow" condition cannot be detected by ++ // examning data lengths alone and requires further calculation. ++ // ++ // By analogy, if 'this' and 'val' have m and n as their ++ // respective numbers of leading zeros within 32*MAX_MAG_LENGTH ++ // bits, then: ++ // ++ // m + n >= 32*MAX_MAG_LENGTH no overflow ++ // m + n == 32*MAX_MAG_LENGTH - 1 possible overflow ++ // m + n <= 32*MAX_MAG_LENGTH - 2 definite overflow ++ // ++ // Note however that if the number of ints in the result ++ // were to be MAX_MAG_LENGTH and mag[0] < 0, then there would ++ // be overflow. As a result the leftmost bit (of mag[0]) cannot ++ // be used and the constraints must be adjusted by one bit to: ++ // ++ // m + n > 32*MAX_MAG_LENGTH no overflow ++ // m + n == 32*MAX_MAG_LENGTH possible overflow ++ // m + n < 32*MAX_MAG_LENGTH definite overflow ++ // ++ // The foregoing leading zero-based discussion is for clarity ++ // only. The actual calculations use the estimated bit length ++ // of the product as this is more natural to the internal ++ // array representation of the magnitude which has no leading ++ // zero elements. ++ // ++ if (!isRecursion) { ++ // The bitLength() instance method is not used here as we ++ // are only considering the magnitudes as non-negative. The ++ // Toom-Cook multiplication algorithm determines the sign ++ // at its end from the two signum values. ++ if (bitLength(mag, mag.length) + ++ bitLength(val.mag, val.mag.length) > ++ 32L*MAX_MAG_LENGTH) { ++ reportOverflow(); ++ } ++ } ++ + return multiplyToomCook3(this, val); + } + } +@@ -1587,7 +1664,7 @@ + int ystart = ylen - 1; + + if (z == null || z.length < (xlen+ ylen)) +- z = new int[xlen+ylen]; ++ z = new int[xlen+ylen]; + + long carry = 0; + for (int j=ystart, k=ystart+1+xstart; j >= 0; j--, k--) { +@@ -1709,16 +1786,16 @@ + + BigInteger v0, v1, v2, vm1, vinf, t1, t2, tm1, da1, db1; + +- v0 = a0.multiply(b0); ++ v0 = a0.multiply(b0, true); + da1 = a2.add(a0); + db1 = b2.add(b0); +- vm1 = da1.subtract(a1).multiply(db1.subtract(b1)); ++ vm1 = da1.subtract(a1).multiply(db1.subtract(b1), true); + da1 = da1.add(a1); + db1 = db1.add(b1); +- v1 = da1.multiply(db1); ++ v1 = da1.multiply(db1, true); + v2 = da1.add(a2).shiftLeft(1).subtract(a0).multiply( +- db1.add(b2).shiftLeft(1).subtract(b0)); +- vinf = a2.multiply(b2); ++ db1.add(b2).shiftLeft(1).subtract(b0), true); ++ vinf = a2.multiply(b2, true); + + // The algorithm requires two divisions by 2 and one by 3. + // All divisions are known to be exact, that is, they do not produce +@@ -1884,6 +1961,17 @@ + * @return {@code this2} + */ + private BigInteger square() { ++ return square(false); ++ } ++ ++ /** ++ * Returns a BigInteger whose value is {@code (this2)}. If ++ * the invocation is recursive certain overflow checks are skipped. ++ * ++ * @param isRecursion whether this is a recursive invocation ++ * @return {@code this2} ++ */ ++ private BigInteger square(boolean isRecursion) { + if (signum == 0) { + return ZERO; + } +@@ -1896,6 +1984,15 @@ + if (len < TOOM_COOK_SQUARE_THRESHOLD) { + return squareKaratsuba(); + } else { ++ // ++ // For a discussion of overflow detection see multiply() ++ // ++ if (!isRecursion) { ++ if (bitLength(mag, mag.length) > 16L*MAX_MAG_LENGTH) { ++ reportOverflow(); ++ } ++ } ++ + return squareToomCook3(); + } + } +@@ -2046,13 +2143,13 @@ + a0 = getToomSlice(k, r, 2, len); + BigInteger v0, v1, v2, vm1, vinf, t1, t2, tm1, da1; + +- v0 = a0.square(); ++ v0 = a0.square(true); + da1 = a2.add(a0); +- vm1 = da1.subtract(a1).square(); ++ vm1 = da1.subtract(a1).square(true); + da1 = da1.add(a1); +- v1 = da1.square(); +- vinf = a2.square(); +- v2 = da1.add(a2).shiftLeft(1).subtract(a0).square(); ++ v1 = da1.square(true); ++ vinf = a2.square(true); ++ v2 = da1.add(a2).shiftLeft(1).subtract(a0).square(true); + + // The algorithm requires two divisions by 2 and one by 3. + // All divisions are known to be exact, that is, they do not produce +@@ -2223,10 +2320,11 @@ + // The remaining part can then be exponentiated faster. The + // powers of two will be multiplied back at the end. + int powersOfTwo = partToSquare.getLowestSetBit(); +- long bitsToShift = (long)powersOfTwo * exponent; +- if (bitsToShift > Integer.MAX_VALUE) { ++ long bitsToShiftLong = (long)powersOfTwo * exponent; ++ if (bitsToShiftLong > Integer.MAX_VALUE) { + reportOverflow(); + } ++ int bitsToShift = (int)bitsToShiftLong; + + int remainingBits; + +@@ -2236,9 +2334,9 @@ + remainingBits = partToSquare.bitLength(); + if (remainingBits == 1) { // Nothing left but +/- 1? + if (signum < 0 && (exponent&1) == 1) { +- return NEGATIVE_ONE.shiftLeft(powersOfTwo*exponent); ++ return NEGATIVE_ONE.shiftLeft(bitsToShift); + } else { +- return ONE.shiftLeft(powersOfTwo*exponent); ++ return ONE.shiftLeft(bitsToShift); + } + } + } else { +@@ -2283,13 +2381,16 @@ + if (bitsToShift + scaleFactor <= 62) { // Fits in long? + return valueOf((result << bitsToShift) * newSign); + } else { +- return valueOf(result*newSign).shiftLeft((int) bitsToShift); ++ return valueOf(result*newSign).shiftLeft(bitsToShift); + } +- } +- else { ++ } else { + return valueOf(result*newSign); + } + } else { ++ if ((long)bitLength() * exponent / Integer.SIZE > MAX_MAG_LENGTH) { ++ reportOverflow(); ++ } ++ + // Large number algorithm. This is basically identical to + // the algorithm above, but calls multiply() and square() + // which may use more efficient algorithms for large numbers. +@@ -2309,7 +2410,7 @@ + // Multiply back the (exponentiated) powers of two (quickly, + // by shifting left) + if (powersOfTwo > 0) { +- answer = answer.shiftLeft(powersOfTwo*exponent); ++ answer = answer.shiftLeft(bitsToShift); + } + + if (signum < 0 && (exponent&1) == 1) { +@@ -3434,7 +3535,7 @@ + for (int i=1; i< len && pow2; i++) + pow2 = (mag[i] == 0); + +- n = (pow2 ? magBitLength -1 : magBitLength); ++ n = (pow2 ? magBitLength - 1 : magBitLength); + } else { + n = magBitLength; + } +diff -r 2369004fc551 -r fbc886dd68cc test/java/math/BigDecimal/AddTests.java +--- openjdk/jdk/test/java/math/BigDecimal/AddTests.java Tue Oct 09 16:01:35 2018 -0700 ++++ openjdk/jdk/test/java/math/BigDecimal/AddTests.java Tue Oct 09 21:31:31 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 6362557 ++ * @bug 6362557 8200698 + * @summary Some tests of add(BigDecimal, mc) + * @author Joseph D. Darcy + */ +@@ -290,12 +290,35 @@ + return failures; + } + ++ private static int arithmeticExceptionTest() { ++ int failures = 0; ++ BigDecimal x; ++ try { ++ // ++ // The string representation "1e2147483647", which is equivalent ++ // to 10^Integer.MAX_VALUE, is used to create an augend with an ++ // unscaled value of 1 and a scale of -Integer.MAX_VALUE. The ++ // addend "1" has an unscaled value of 1 with a scale of 0. The ++ // addition is performed exactly and is specified to have a ++ // preferred scale of max(-Integer.MAX_VALUE, 0). As the scale ++ // of the result is 0, a value with Integer.MAX_VALUE + 1 digits ++ // would need to be created. Therefore the next statement is ++ // expected to overflow with an ArithmeticException. ++ // ++ x = new BigDecimal("1e2147483647").add(new BigDecimal(1)); ++ failures++; ++ } catch (ArithmeticException ae) { ++ } ++ return failures; ++ } ++ + public static void main(String argv[]) { + int failures = 0; + + failures += extremaTests(); + failures += roundingGradationTests(); + failures += precisionConsistencyTest(); ++ failures += arithmeticExceptionTest(); + + if (failures > 0) { + throw new RuntimeException("Incurred " + failures + +diff -r 2369004fc551 -r fbc886dd68cc test/java/math/BigDecimal/Constructor.java +--- openjdk/jdk/test/java/math/BigDecimal/Constructor.java Tue Oct 09 16:01:35 2018 -0700 ++++ openjdk/jdk/test/java/math/BigDecimal/Constructor.java Tue Oct 09 21:31:31 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,20 +23,48 @@ + + /* + * @test +- * @bug 4259453 +- * @summary Test string constructor of BigDecimal ++ * @bug 4259453 8200698 ++ * @summary Test constructors of BigDecimal ++ * @library .. ++ * @run testng Constructor + */ ++ + import java.math.BigDecimal; ++import org.testng.annotations.Test; + + public class Constructor { +- public static void main(String[] args) throws Exception { +- boolean nfe = false; ++ @Test(expectedExceptions=NumberFormatException.class) ++ public void stringConstructor() { ++ BigDecimal bd = new BigDecimal("1.2e"); ++ } ++ ++ @Test(expectedExceptions=NumberFormatException.class) ++ public void charArrayConstructorNegativeOffset() { ++ BigDecimal bd = new BigDecimal(new char[5], -1, 4, null); ++ } ++ ++ @Test(expectedExceptions=NumberFormatException.class) ++ public void charArrayConstructorNegativeLength() { ++ BigDecimal bd = new BigDecimal(new char[5], 0, -1, null); ++ } ++ ++ @Test(expectedExceptions=NumberFormatException.class) ++ public void charArrayConstructorIntegerOverflow() { + try { +- BigDecimal bd = new BigDecimal("1.2e"); +- } catch (NumberFormatException e) { +- nfe = true; ++ BigDecimal bd = new BigDecimal(new char[5], Integer.MAX_VALUE - 5, ++ 6, null); ++ } catch (NumberFormatException nfe) { ++ if (nfe.getCause() instanceof IndexOutOfBoundsException) { ++ throw new RuntimeException ++ ("NumberFormatException should not have a cause"); ++ } else { ++ throw nfe; ++ } + } +- if (!nfe) +- throw new Exception("Didn't throw NumberFormatException"); ++ } ++ ++ @Test(expectedExceptions=NumberFormatException.class) ++ public void charArrayConstructorIndexOutOfBounds() { ++ BigDecimal bd = new BigDecimal(new char[5], 1, 5, null); + } + } +diff -r 2369004fc551 -r fbc886dd68cc test/java/math/BigInteger/LargeValueExceptions.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/jdk/test/java/math/BigInteger/LargeValueExceptions.java Tue Oct 09 21:31:31 2018 -0700 +@@ -0,0 +1,192 @@ ++/* ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ++ * @bug 8200698 ++ * @summary Tests that exceptions are thrown for ops which would overflow ++ * @requires (sun.arch.data.model == "64" & os.maxMemory > 4g) ++ * @run testng/othervm -Xmx4g LargeValueExceptions ++ */ ++import java.math.BigInteger; ++import static java.math.BigInteger.ONE; ++import org.testng.annotations.Test; ++ ++// ++// The intent of this test is to probe the boundaries between overflow and ++// non-overflow, principally for multiplication and squaring, specifically ++// the largest values which should not overflow and the smallest values which ++// should. The transition values used are not necessarily at the exact ++// boundaries but should be "close." Quite a few different values were used ++// experimentally before settling on the ones in this test. For multiplication ++// and squaring all cases are exercised: definite overflow and non-overflow ++// which can be detected "up front," and "indefinite" overflow, i.e., overflow ++// which cannot be detected up front so further calculations are required. ++// ++// Testing negative values is unnecessary. For both multiplication and squaring ++// the paths lead to the Toom-Cook algorithm where the signum is used only to ++// determine the sign of the result and not in the intermediate calculations. ++// This is also true for exponentiation. ++// ++// @Test annotations with optional element "enabled" set to "false" should ++// succeed when "enabled" is set to "true" but they take too to run in the ++// course of the typical regression test execution scenario. ++// ++public class LargeValueExceptions { ++ // BigInteger.MAX_MAG_LENGTH ++ private static final int MAX_INTS = 1 << 26; ++ ++ // Number of bits corresponding to MAX_INTS ++ private static final long MAX_BITS = (0xffffffffL & MAX_INTS) << 5L; ++ ++ // Half BigInteger.MAX_MAG_LENGTH ++ private static final int MAX_INTS_HALF = MAX_INTS / 2; ++ ++ // --- squaring --- ++ ++ // Largest no overflow determined by examining data lengths alone. ++ @Test(enabled=false) ++ public void squareNoOverflow() { ++ BigInteger x = ONE.shiftLeft(16*MAX_INTS - 1).subtract(ONE); ++ BigInteger y = x.multiply(x); ++ } ++ ++ // Smallest no overflow determined by extra calculations. ++ @Test(enabled=false) ++ public void squareIndefiniteOverflowSuccess() { ++ BigInteger x = ONE.shiftLeft(16*MAX_INTS - 1); ++ BigInteger y = x.multiply(x); ++ } ++ ++ // Largest overflow detected by extra calculations. ++ @Test(expectedExceptions=ArithmeticException.class,enabled=false) ++ public void squareIndefiniteOverflowFailure() { ++ BigInteger x = ONE.shiftLeft(16*MAX_INTS).subtract(ONE); ++ BigInteger y = x.multiply(x); ++ } ++ ++ // Smallest overflow detected by examining data lengths alone. ++ @Test(expectedExceptions=ArithmeticException.class) ++ public void squareDefiniteOverflow() { ++ BigInteger x = ONE.shiftLeft(16*MAX_INTS); ++ BigInteger y = x.multiply(x); ++ } ++ ++ // --- multiplication --- ++ ++ // Largest no overflow determined by examining data lengths alone. ++ @Test(enabled=false) ++ public void multiplyNoOverflow() { ++ final int halfMaxBits = MAX_INTS_HALF << 5; ++ ++ BigInteger x = ONE.shiftLeft(halfMaxBits).subtract(ONE); ++ BigInteger y = ONE.shiftLeft(halfMaxBits - 1).subtract(ONE); ++ BigInteger z = x.multiply(y); ++ } ++ ++ // Smallest no overflow determined by extra calculations. ++ @Test(enabled=false) ++ public void multiplyIndefiniteOverflowSuccess() { ++ BigInteger x = ONE.shiftLeft((int)(MAX_BITS/2) - 1); ++ long m = MAX_BITS - x.bitLength(); ++ ++ BigInteger y = ONE.shiftLeft((int)(MAX_BITS/2) - 1); ++ long n = MAX_BITS - y.bitLength(); ++ ++ if (m + n != MAX_BITS) { ++ throw new RuntimeException("Unexpected leading zero sum"); ++ } ++ ++ BigInteger z = x.multiply(y); ++ } ++ ++ // Largest overflow detected by extra calculations. ++ @Test(expectedExceptions=ArithmeticException.class,enabled=false) ++ public void multiplyIndefiniteOverflowFailure() { ++ BigInteger x = ONE.shiftLeft((int)(MAX_BITS/2)).subtract(ONE); ++ long m = MAX_BITS - x.bitLength(); ++ ++ BigInteger y = ONE.shiftLeft((int)(MAX_BITS/2)).subtract(ONE); ++ long n = MAX_BITS - y.bitLength(); ++ ++ if (m + n != MAX_BITS) { ++ throw new RuntimeException("Unexpected leading zero sum"); ++ } ++ ++ BigInteger z = x.multiply(y); ++ } ++ ++ // Smallest overflow detected by examining data lengths alone. ++ @Test(expectedExceptions=ArithmeticException.class) ++ public void multiplyDefiniteOverflow() { ++ // multiply by 4 as MAX_INTS_HALF refers to ints ++ byte[] xmag = new byte[4*MAX_INTS_HALF]; ++ xmag[0] = (byte)0xff; ++ BigInteger x = new BigInteger(1, xmag); ++ ++ byte[] ymag = new byte[4*MAX_INTS_HALF + 1]; ++ ymag[0] = (byte)0xff; ++ BigInteger y = new BigInteger(1, ymag); ++ ++ BigInteger z = x.multiply(y); ++ } ++ ++ // --- exponentiation --- ++ ++ @Test(expectedExceptions=ArithmeticException.class) ++ public void powOverflow() { ++ BigInteger.TEN.pow(Integer.MAX_VALUE); ++ } ++ ++ @Test(expectedExceptions=ArithmeticException.class) ++ public void powOverflow1() { ++ int shift = 20; ++ int exponent = 1 << shift; ++ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)); ++ BigInteger y = x.pow(exponent); ++ } ++ ++ @Test(expectedExceptions=ArithmeticException.class) ++ public void powOverflow2() { ++ int shift = 20; ++ int exponent = 1 << shift; ++ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)).add(ONE); ++ BigInteger y = x.pow(exponent); ++ } ++ ++ @Test(expectedExceptions=ArithmeticException.class,enabled=false) ++ public void powOverflow3() { ++ int shift = 20; ++ int exponent = 1 << shift; ++ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)).subtract(ONE); ++ BigInteger y = x.pow(exponent); ++ } ++ ++ @Test(enabled=false) ++ public void powOverflow4() { ++ int shift = 20; ++ int exponent = 1 << shift; ++ BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent - 1)).add(ONE); ++ BigInteger y = x.pow(exponent); ++ } ++} diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8203955-jdk.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8203955-jdk.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8203955-jdk.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8203955-jdk.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,20 @@ +# HG changeset patch +# User serb +# Date 1534897118 25200 +# Tue Aug 21 17:18:38 2018 -0700 +# Node ID f8279bb6639f661ad8d7d30a80293e726bdb2056 +# Parent 5ba4548478b814dafe59bef2f7b5b41bcd90f624 +8203955: Improve robot support +Reviewed-by: prr, psadhukhan, rhalade, skoivu + +diff -r 5ba4548478b8 -r f8279bb6639f src/share/classes/java/awt/Robot.java +--- openjdk/jdk/src/share/classes/java/awt/Robot.java Tue Aug 21 11:43:03 2018 +0530 ++++ openjdk/jdk/src/share/classes/java/awt/Robot.java Tue Aug 21 17:18:38 2018 -0700 +@@ -391,6 +391,7 @@ + * @return Color of the pixel + */ + public synchronized Color getPixelColor(int x, int y) { ++ checkScreenCaptureAllowed(); + Color color = new Color(peer.getRGBPixel(x, y)); + return color; + } diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8204895-jdk.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8204895-jdk.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8204895-jdk.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8204895-jdk.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,27 @@ +# HG changeset patch +# User serb +# Date 1536633076 25200 +# Mon Sep 10 19:31:16 2018 -0700 +# Node ID c781c1726b62bc5c37c1fd1e4e62eadace75111b +# Parent d8b98efabf5740af89e495c4b7d03e48d229d1c3 +8204895: Better icon support +Reviewed-by: prr, mschoene, aghaisas, rhalade + +diff -r d8b98efabf57 -r c781c1726b62 src/solaris/native/sun/awt/awt_UNIXToolkit.c +--- openjdk/jdk/src/solaris/native/sun/awt/awt_UNIXToolkit.c Mon Sep 10 19:37:53 2018 +0100 ++++ openjdk/jdk/src/solaris/native/sun/awt/awt_UNIXToolkit.c Mon Sep 10 19:31:16 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -209,6 +209,7 @@ + detail_str = (char *)SAFE_SIZE_ARRAY_ALLOC(malloc, + sizeof(char), len + 1); + if (detail_str == NULL) { ++ free(stock_id_str); + JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError"); + return JNI_FALSE; + } diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8205709-jdk.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8205709-jdk.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8205709-jdk.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8205709-jdk.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,164 @@ +# HG changeset patch +# User dtitov +# Date 1532551153 25200 +# Wed Jul 25 13:39:13 2018 -0700 +# Node ID 6a83c2f66345ae5e585c5df5a1d65fe0ae8822be +# Parent ee20d1e68661cf1c30e8a087f551f8f39c867211 +8205709: Proper allocation handling +Reviewed-by: sspitsyn + +diff -r ee20d1e68661 -r 6a83c2f66345 src/solaris/instrument/FileSystemSupport_md.c +--- openjdk/jdk/src/solaris/instrument/FileSystemSupport_md.c Mon Jul 23 21:34:30 2018 -0700 ++++ openjdk/jdk/src/solaris/instrument/FileSystemSupport_md.c Wed Jul 25 13:39:13 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,6 +23,7 @@ + * questions. + */ + ++#include + #include + #include + +@@ -50,6 +51,10 @@ + } else { + int len = last - path; + char* str = (char*)malloc(len+1); ++ if (str == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; ++ } + if (len > 0) { + memcpy(str, path, len); + } +@@ -80,6 +85,10 @@ + if (n == 0) return strdup("/"); + + sb = (char*)malloc(strlen(pathname)+1); ++ if (sb == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; ++ } + sbLen = 0; + + if (off > 0) { +@@ -128,6 +137,10 @@ + len = parentEnd + cn - childStart; + if (child[0] == slash) { + theChars = (char*)malloc(len+1); ++ if (theChars == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; ++ } + if (parentEnd > 0) + memcpy(theChars, parent, parentEnd); + if (cn > 0) +@@ -135,6 +148,10 @@ + theChars[len] = '\0'; + } else { + theChars = (char*)malloc(len+2); ++ if (theChars == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; ++ } + if (parentEnd > 0) + memcpy(theChars, parent, parentEnd); + theChars[parentEnd] = slash; +@@ -150,10 +167,13 @@ + if (len > 1 && path[len-1] == slash) { + // "/foo/" --> "/foo", but "/" --> "/" + char* str = (char*)malloc(len); +- if (str != NULL) { +- memcpy(str, path, len-1); +- str[len-1] = '\0'; ++ if (str == NULL) ++ { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; + } ++ memcpy(str, path, len-1); ++ str[len-1] = '\0'; + return str; + } else { + return (char*)path; +diff -r ee20d1e68661 -r 6a83c2f66345 src/windows/instrument/FileSystemSupport_md.c +--- openjdk/jdk/src/windows/instrument/FileSystemSupport_md.c Mon Jul 23 21:34:30 2018 -0700 ++++ openjdk/jdk/src/windows/instrument/FileSystemSupport_md.c Wed Jul 25 13:39:13 2018 -0700 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,6 +23,7 @@ + * questions. + */ + ++#include + #include + #include + #include +@@ -66,6 +67,10 @@ + } else { + int len = (int)(last - path); + char* str = (char*)malloc(len+1); ++ if (str == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; ++ } + if (len > 0) { + memcpy(str, path, len); + } +@@ -135,6 +140,10 @@ + if (off < 3) off = 0; /* Avoid fencepost cases with UNC pathnames */ + + sb = (char*)malloc(len+1); ++ if (sb == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; ++ } + sbLen = 0; + + if (off == 0) { +@@ -261,11 +270,19 @@ + + if (child[childStart] == slash) { + theChars = (char*)malloc(len+1); ++ if (theChars == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; ++ } + memcpy(theChars, parent, parentEnd); + memcpy(theChars+parentEnd, child+childStart, (cn-childStart)); + theChars[len] = '\0'; + } else { + theChars = (char*)malloc(len+2); ++ if (theChars == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; ++ } + memcpy(theChars, parent, parentEnd); + theChars[parentEnd] = slash; + memcpy(theChars+parentEnd+1, child+childStart, (cn-childStart)); +@@ -320,10 +337,12 @@ + return (char*)path; + } else { + char* p = (char*)malloc(len+1); +- if (p != NULL) { +- memcpy(p, path+start, len); +- p[len] = '\0'; ++ if (p == NULL) { ++ fprintf(stderr, "OOM error in native tmp buffer allocation"); ++ return NULL; + } ++ memcpy(p, path+start, len); ++ p[len] = '\0'; + return p; + } + } diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8205714-hotspot.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8205714-hotspot.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8205714-hotspot.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8205714-hotspot.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,63 @@ +# HG changeset patch +# User dholmes +# Date 1538206654 14400 +# Sat Sep 29 03:37:34 2018 -0400 +# Node ID da06fcb193872a1df824255ec4d94e498b99a470 +# Parent 0ff99c48884b366df41ce55510710e4da632582e +8205714: Initial class initialization +Reviewed-by: acorn, coleenp, kvn, vlivanov + +diff -r 0ff99c48884b -r da06fcb19387 src/share/vm/oops/cpCache.cpp +--- openjdk/hotspot/src/share/vm/oops/cpCache.cpp Mon Sep 17 15:04:58 2018 +0100 ++++ openjdk/hotspot/src/share/vm/oops/cpCache.cpp Sat Sep 29 03:37:34 2018 -0400 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -209,12 +209,22 @@ + if (byte_no == 1) { + assert(invoke_code != Bytecodes::_invokevirtual && + invoke_code != Bytecodes::_invokeinterface, ""); ++ bool do_resolve = true; + // Don't mark invokespecial to method as resolved if sender is an interface. The receiver + // has to be checked that it is a subclass of the current class every time this bytecode + // is executed. +- if (invoke_code != Bytecodes::_invokespecial || !sender_is_interface || +- method->name() == vmSymbols::object_initializer_name()) { +- set_bytecode_1(invoke_code); ++ if (invoke_code == Bytecodes::_invokespecial && sender_is_interface && ++ method->name() != vmSymbols::object_initializer_name()) { ++ do_resolve = false; ++ } ++ // Don't mark invokestatic to method as resolved if the holder class has not yet completed ++ // initialization. An invokestatic must only proceed if the class is initialized, but if ++ // we resolve it before then that class initialization check is skipped. ++ if (invoke_code == Bytecodes::_invokestatic && !method->method_holder()->is_initialized()) { ++ do_resolve = false; ++ } ++ if (do_resolve) { ++ set_bytecode_1(invoke_code); + } + } else if (byte_no == 2) { + if (change_to_virtual) { +diff -r 0ff99c48884b -r da06fcb19387 src/share/vm/runtime/sharedRuntime.cpp +--- openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp Mon Sep 17 15:04:58 2018 +0100 ++++ openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp Sat Sep 29 03:37:34 2018 -0400 +@@ -1232,6 +1232,14 @@ + } + #endif + ++ // Do not patch call site for static call when the class is not ++ // fully initialized. ++ if (invoke_code == Bytecodes::_invokestatic && ++ !callee_method->method_holder()->is_initialized()) { ++ assert(callee_method->method_holder()->is_linked(), "must be"); ++ return callee_method; ++ } ++ + // JSR 292 key invariant: + // If the resolved method is a MethodHandle invoke target, the call + // site must be a MethodHandle call site, because the lambda form might tail-call diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8206290-jdk.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8206290-jdk.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8206290-jdk.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8206290-jdk.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,56 @@ +# HG changeset patch +# User igerasim +# Date 1538201050 25200 +# Fri Sep 28 23:04:10 2018 -0700 +# Node ID 01337312ad1e388d6131948254b5420798624caf +# Parent 2cf0eb69a28826b6b21c2d8da3947d1d204715f3 +8206290: Better FileChannel transfer performance +Reviewed-by: alanb, rhalade, mschoene + +diff -r 2cf0eb69a288 -r 01337312ad1e src/share/classes/sun/nio/ch/FileChannelImpl.java +--- openjdk/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java Mon Sep 17 15:06:15 2018 +0100 ++++ openjdk/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java Fri Sep 28 23:04:10 2018 -0700 +@@ -551,11 +551,10 @@ + { + // Untrusted target: Use a newly-erased buffer + int c = Math.min(icount, TRANSFER_SIZE); +- ByteBuffer bb = Util.getTemporaryDirectBuffer(c); ++ ByteBuffer bb = ByteBuffer.allocate(c); + long tw = 0; // Total bytes written + long pos = position; + try { +- Util.erase(bb); + while (tw < icount) { + bb.limit(Math.min((int)(icount - tw), TRANSFER_SIZE)); + int nr = read(bb, pos); +@@ -576,8 +575,6 @@ + if (tw > 0) + return tw; + throw x; +- } finally { +- Util.releaseTemporaryDirectBuffer(bb); + } + } + +@@ -661,11 +658,10 @@ + { + // Untrusted target: Use a newly-erased buffer + int c = (int)Math.min(count, TRANSFER_SIZE); +- ByteBuffer bb = Util.getTemporaryDirectBuffer(c); ++ ByteBuffer bb = ByteBuffer.allocate(c); + long tw = 0; // Total bytes written + long pos = position; + try { +- Util.erase(bb); + while (tw < count) { + bb.limit((int)Math.min((count - tw), (long)TRANSFER_SIZE)); + // ## Bug: Will block reading src if this channel +@@ -686,8 +682,6 @@ + if (tw > 0) + return tw; + throw x; +- } finally { +- Util.releaseTemporaryDirectBuffer(bb); + } + } + diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8208585-jdk.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8208585-jdk.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8208585-jdk.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8208585-jdk.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,105 @@ +# HG changeset patch +# User coffeys +# Date 1535365754 -3600 +# Mon Aug 27 11:29:14 2018 +0100 +# Node ID 8796258816cd385a3763e1b64b494e6328de0f6e +# Parent b63702f5cc12b308770ec4bb622d614a7fc3b30b +8208585: Make crypto code more robust +Reviewed-by: ascarpino, mschoene + +diff -r b63702f5cc12 -r 8796258816cd src/share/classes/com/sun/crypto/provider/RSACipher.java +--- openjdk/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java Thu Aug 23 13:23:39 2018 +0530 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java Mon Aug 27 11:29:14 2018 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -329,7 +329,7 @@ + if ((inLen == 0) || (in == null)) { + return; + } +- if (bufOfs + inLen > buffer.length) { ++ if (inLen > (buffer.length - bufOfs)) { + bufOfs = buffer.length + 1; + return; + } +diff -r b63702f5cc12 -r 8796258816cd src/share/classes/sun/security/pkcs11/P11Signature.java +--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java Thu Aug 23 13:23:39 2018 +0530 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java Mon Aug 27 11:29:14 2018 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -472,6 +472,10 @@ + if (len == 0) { + return; + } ++ // check for overflow ++ if (len + bytesProcessed < 0) { ++ throw new ProviderException("Processed bytes limits exceeded."); ++ } + switch (type) { + case T_UPDATE: + try { +diff -r b63702f5cc12 -r 8796258816cd src/share/classes/sun/security/provider/DSA.java +--- openjdk/jdk/src/share/classes/sun/security/provider/DSA.java Thu Aug 23 13:23:39 2018 +0530 ++++ openjdk/jdk/src/share/classes/sun/security/provider/DSA.java Mon Aug 27 11:29:14 2018 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -491,7 +491,7 @@ + } + } + protected void engineUpdate(byte[] input, int offset, int len) { +- if (ofs + len > digestBuffer.length) { ++ if (len > (digestBuffer.length - ofs)) { + ofs = Integer.MAX_VALUE; + } else { + System.arraycopy(input, offset, digestBuffer, ofs, len); +@@ -500,7 +500,7 @@ + } + protected final void engineUpdate(ByteBuffer input) { + int inputLen = input.remaining(); +- if (ofs + inputLen > digestBuffer.length) { ++ if (inputLen > (digestBuffer.length - ofs)) { + ofs = Integer.MAX_VALUE; + } else { + input.get(digestBuffer, ofs, inputLen); +diff -r b63702f5cc12 -r 8796258816cd src/windows/classes/sun/security/mscapi/RSASignature.java +--- openjdk/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java Thu Aug 23 13:23:39 2018 +0530 ++++ openjdk/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java Mon Aug 27 11:29:14 2018 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -132,7 +132,7 @@ + @Override + protected void engineUpdate(byte[] b, int off, int len) + throws SignatureException { +- if (offset + len > precomputedDigest.length) { ++ if (len > (precomputedDigest.length - offset)) { + offset = RAW_RSA_MAX + 1; + return; + } +@@ -147,7 +147,7 @@ + if (len <= 0) { + return; + } +- if (offset + len > precomputedDigest.length) { ++ if (len > (precomputedDigest.length - offset)) { + offset = RAW_RSA_MAX + 1; + return; + } diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8209094-jdk.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8209094-jdk.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8209094-jdk.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8209094-jdk.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,304 @@ +# HG changeset patch +# User igerasim +# Date 1539042688 25200 +# Mon Oct 08 16:51:28 2018 -0700 +# Node ID d0d0b71e3a2a5c523a39fec29a50b262e215c6bf +# Parent baa7a736796bb24bf7988504f42ccffc4d02cbc3 +8209094: Improve web server connections +Reviewed-by: chegar, dfuchs, mschoene, igerasim + +diff -r baa7a736796b -r d0d0b71e3a2a make/lib/NetworkingLibraries.gmk +--- openjdk/jdk/make/lib/NetworkingLibraries.gmk Mon Oct 08 15:24:21 2018 -0700 ++++ openjdk/jdk/make/lib/NetworkingLibraries.gmk Mon Oct 08 16:51:28 2018 -0700 +@@ -75,7 +75,7 @@ + LDFLAGS_SUFFIX_linux := $(LIBDL) -ljvm -lpthread -ljava, \ + LDFLAGS_SUFFIX_aix := $(LIBDL) -ljvm -ljava,\ + LDFLAGS_SUFFIX_windows := ws2_32.lib jvm.lib secur32.lib iphlpapi.lib \ +- delayimp.lib $(WIN_JAVA_LIB) advapi32.lib \ ++ delayimp.lib urlmon.lib $(WIN_JAVA_LIB) advapi32.lib \ + -DELAYLOAD:secur32.dll -DELAYLOAD:iphlpapi.dll, \ + VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ + RC_FLAGS := $(RC_FLAGS) \ +diff -r baa7a736796b -r d0d0b71e3a2a src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java +--- openjdk/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java Mon Oct 08 15:24:21 2018 -0700 ++++ openjdk/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java Mon Oct 08 16:51:28 2018 -0700 +@@ -33,8 +33,7 @@ + * credentials without prompting) should only be tried with trusted sites. + */ + public abstract class NTLMAuthenticationCallback { +- private static volatile NTLMAuthenticationCallback callback = +- new DefaultNTLMAuthenticationCallback(); ++ private static volatile NTLMAuthenticationCallback callback; + + public static void setNTLMAuthenticationCallback( + NTLMAuthenticationCallback callback) { +@@ -50,10 +49,5 @@ + * transparent Authentication. + */ + public abstract boolean isTrustedSite(URL url); +- +- static class DefaultNTLMAuthenticationCallback extends NTLMAuthenticationCallback { +- @Override +- public boolean isTrustedSite(URL url) { return true; } +- } + } + +diff -r baa7a736796b -r d0d0b71e3a2a src/share/lib/net.properties +--- openjdk/jdk/src/share/lib/net.properties Mon Oct 08 15:24:21 2018 -0700 ++++ openjdk/jdk/src/share/lib/net.properties Mon Oct 08 16:51:28 2018 -0700 +@@ -1,5 +1,5 @@ + ############################################################ +-# Default Networking Configuration File ++# Default Networking Configuration File + # + # This file may contain default values for the networking system properties. + # These values are only used when the system properties are not specified +@@ -14,7 +14,7 @@ + # Note that the system properties that do explicitely set proxies + # (like http.proxyHost) do take precedence over the system settings + # even if java.net.useSystemProxies is set to true. +- ++ + java.net.useSystemProxies=false + + #------------------------------------------------------------------------ +@@ -66,8 +66,8 @@ + # socksProxyPort=1080 + # + # HTTP Keep Alive settings. remainingData is the maximum amount of data +-# in kilobytes that will be cleaned off the underlying socket so that it +-# can be reused (default value is 512K), queuedConnections is the maximum ++# in kilobytes that will be cleaned off the underlying socket so that it ++# can be reused (default value is 512K), queuedConnections is the maximum + # number of Keep Alive connections to be on the queue for clean up (default + # value is 10). + # http.KeepAlive.remainingData=512 +@@ -99,3 +99,23 @@ + #jdk.http.auth.proxying.disabledSchemes= + jdk.http.auth.tunneling.disabledSchemes=Basic + ++# ++# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication ++# can be used for the NTLM scheme, where the security credentials based on the ++# currently logged in user's name and password can be obtained directly from the ++# operating system, without prompting the user. This property has three possible ++# values which regulate the behavior as shown below. Other unrecognized values ++# are handled the same as 'disabled'. Note, that NTLM is not considered to be a ++# strongly secure authentication scheme and care should be taken before enabling ++# this mechanism. ++# ++# Transparent authentication never used. ++#jdk.http.ntlm.transparentAuth=disabled ++# ++# Enabled for all hosts. ++#jdk.http.ntlm.transparentAuth=allHosts ++# ++# Enabled for hosts that are trusted in Windows Internet settings ++#jdk.http.ntlm.transparentAuth=trustedHosts ++# ++jdk.http.ntlm.transparentAuth=disabled +diff -r baa7a736796b -r d0d0b71e3a2a src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java +--- openjdk/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Mon Oct 08 15:24:21 2018 -0700 ++++ openjdk/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Mon Oct 08 16:51:28 2018 -0700 +@@ -90,10 +90,13 @@ + + /** + * Returns true if the given site is trusted, i.e. we can try +- * transparent Authentication. ++ * transparent Authentication. Shouldn't be called since ++ * capability not supported on Unix + */ + public static boolean isTrustedSite(URL url) { +- return NTLMAuthCallback.isTrustedSite(url); ++ if (NTLMAuthCallback != null) ++ return NTLMAuthCallback.isTrustedSite(url); ++ return false; + } + + private void init0() { +diff -r baa7a736796b -r d0d0b71e3a2a src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java +--- openjdk/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Mon Oct 08 15:24:21 2018 -0700 ++++ openjdk/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Mon Oct 08 16:51:28 2018 -0700 +@@ -30,6 +30,7 @@ + import java.net.PasswordAuthentication; + import java.net.UnknownHostException; + import java.net.URL; ++import sun.net.NetProperties; + import sun.net.www.HeaderParser; + import sun.net.www.protocol.http.AuthenticationInfo; + import sun.net.www.protocol.http.AuthScheme; +@@ -52,6 +53,14 @@ + private static String defaultDomain; /* Domain to use if not specified by user */ + private static final boolean ntlmCache; /* Whether cache is enabled for NTLM */ + ++ enum TransparentAuth { ++ DISABLED, // disable for all hosts (default) ++ TRUSTED_HOSTS, // use Windows trusted hosts settings ++ ALL_HOSTS // attempt for all hosts ++ } ++ ++ private static final TransparentAuth authMode; ++ + static { + defaultDomain = java.security.AccessController.doPrivileged( + new sun.security.action.GetPropertyAction("http.auth.ntlm.domain", +@@ -59,6 +68,19 @@ + String ntlmCacheProp = java.security.AccessController.doPrivileged( + new sun.security.action.GetPropertyAction("jdk.ntlm.cache", "true")); + ntlmCache = Boolean.parseBoolean(ntlmCacheProp); ++ String modeProp = java.security.AccessController.doPrivileged( ++ new java.security.PrivilegedAction() { ++ public String run() { ++ return NetProperties.get("jdk.http.ntlm.transparentAuth"); ++ } ++ }); ++ ++ if ("trustedHosts".equalsIgnoreCase(modeProp)) ++ authMode = TransparentAuth.TRUSTED_HOSTS; ++ else if ("allHosts".equalsIgnoreCase(modeProp)) ++ authMode = TransparentAuth.ALL_HOSTS; ++ else ++ authMode = TransparentAuth.DISABLED; + }; + + private void init0() { +@@ -159,9 +181,21 @@ + * transparent Authentication. + */ + public static boolean isTrustedSite(URL url) { +- return NTLMAuthCallback.isTrustedSite(url); ++ if (NTLMAuthCallback != null) ++ return NTLMAuthCallback.isTrustedSite(url); ++ ++ switch (authMode) { ++ case TRUSTED_HOSTS: ++ return isTrustedSite(url.toString()); ++ case ALL_HOSTS: ++ return true; ++ default: ++ return false; ++ } + } + ++ static native boolean isTrustedSite(String url); ++ + /** + * Not supported. Must use the setHeaders() method + */ +@@ -211,5 +245,4 @@ + return false; + } + } +- + } +diff -r baa7a736796b -r d0d0b71e3a2a src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/jdk/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c Mon Oct 08 16:51:28 2018 -0700 +@@ -0,0 +1,107 @@ ++/* ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#include ++#include ++#include "jni_util.h" ++#include ++ ++JNIEXPORT jboolean JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthentication_isTrustedSite(JNIEnv *env, jclass clazz, jstring url ) ++{ ++ ++ HRESULT hr; ++ DWORD dwZone; ++ DWORD pPolicy = 0; ++ IInternetSecurityManager *spSecurityManager; ++ jboolean ret; ++ LPCWSTR bstrURL; ++ ++ // Create IInternetSecurityManager ++ hr = CoInternetCreateSecurityManager(NULL, &spSecurityManager, (DWORD)0); ++ if (FAILED(hr)) { ++ return JNI_FALSE; ++ } ++ ++ bstrURL = (LPCWSTR)((*env)->GetStringChars(env, url, NULL)); ++ if (bstrURL == NULL) { ++ if (!(*env)->ExceptionCheck(env)) ++ JNU_ThrowOutOfMemoryError(env, NULL); ++ spSecurityManager->lpVtbl->Release(spSecurityManager); ++ return JNI_FALSE; ++ } ++ ++ // Determines the policy for the URLACTION_CREDENTIALS_USE action and display ++ // a user interface, if the policy indicates that the user should be queried ++ hr = spSecurityManager->lpVtbl->ProcessUrlAction( ++ spSecurityManager, ++ bstrURL, ++ URLACTION_CREDENTIALS_USE, ++ (LPBYTE)&pPolicy, ++ sizeof(DWORD), 0, 0, 0, 0); ++ ++ if (FAILED(hr)) { ++ ret = JNI_FALSE; ++ goto cleanupAndReturn; ++ } ++ ++ // If these two User Authentication Logon options is selected ++ // Anonymous logon ++ // Prompt for user name and password ++ if (pPolicy == URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY || ++ pPolicy == URLPOLICY_CREDENTIALS_MUST_PROMPT_USER) { ++ ret = JNI_FALSE; ++ goto cleanupAndReturn; ++ } ++ ++ // Option "Automatic logon with current user name and password" is selected ++ if (pPolicy == URLPOLICY_CREDENTIALS_SILENT_LOGON_OK) { ++ ret = JNI_TRUE; ++ goto cleanupAndReturn; ++ } ++ ++ // Option "Automatic logon only in intranet zone" is selected ++ if (pPolicy == URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT) { ++ ++ // Gets the zone index from the specified URL ++ hr = spSecurityManager->lpVtbl->MapUrlToZone( ++ spSecurityManager, bstrURL, &dwZone, 0); ++ if (FAILED(hr)) { ++ ret = JNI_FALSE; ++ goto cleanupAndReturn; ++ } ++ ++ // Check if the URL is in Local or Intranet zone ++ if (dwZone == URLZONE_INTRANET || dwZone == URLZONE_LOCAL_MACHINE) { ++ ret = JNI_TRUE; ++ goto cleanupAndReturn; ++ } ++ } ++ ret = JNI_FALSE; ++ ++cleanupAndReturn: ++ (*env)->ReleaseStringChars(env, url, bstrURL); ++ spSecurityManager->lpVtbl->Release(spSecurityManager); ++ return ret; ++} diff -Nru openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8210094-hotspot.patch openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8210094-hotspot.patch --- openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8210094-hotspot.patch 1970-01-01 00:00:00.000000000 +0000 +++ openjdk-8-8u191-b12/debian/patches/sec-webrev-8u201-S8210094-hotspot.patch 2019-01-14 04:10:43.000000000 +0000 @@ -0,0 +1,574 @@ +# HG changeset patch +# User coleenp +# Date 1536761491 14400 +# Wed Sep 12 10:11:31 2018 -0400 +# Node ID 9fce84e6f51a2224310aa3057034cac5f405eccf +# Parent c2807622fbbd403e5ffe1bdd65d3dacc16aabcbf +8210094: Better loading of classloader classes +Reviewed-by: acorn, hseigel, ahgross, rhalade + +diff -r c2807622fbbd -r 9fce84e6f51a src/share/vm/classfile/classFileParser.cpp +--- openjdk/hotspot/src/share/vm/classfile/classFileParser.cpp Mon Sep 10 16:19:47 2018 +0100 ++++ openjdk/hotspot/src/share/vm/classfile/classFileParser.cpp Wed Sep 12 10:11:31 2018 -0400 +@@ -4210,9 +4210,6 @@ + this_klass(), &all_mirandas, CHECK_(nullHandle)); + } + +- // Update the loader_data graph. +- record_defined_class_dependencies(this_klass, CHECK_NULL); +- + ClassLoadingService::notify_class_loaded(InstanceKlass::cast(this_klass()), + false /* not shared class */); + +@@ -4498,30 +4495,6 @@ + } + } + +-// Attach super classes and interface classes to class loader data +-void ClassFileParser::record_defined_class_dependencies(instanceKlassHandle defined_klass, TRAPS) { +- ClassLoaderData * defining_loader_data = defined_klass->class_loader_data(); +- if (defining_loader_data->is_the_null_class_loader_data()) { +- // Dependencies to null class loader data are implicit. +- return; +- } else { +- // add super class dependency +- Klass* super = defined_klass->super(); +- if (super != NULL) { +- defining_loader_data->record_dependency(super, CHECK); +- } +- +- // add super interface dependencies +- Array* local_interfaces = defined_klass->local_interfaces(); +- if (local_interfaces != NULL) { +- int length = local_interfaces->length(); +- for (int i = 0; i < length; i++) { +- defining_loader_data->record_dependency(local_interfaces->at(i), CHECK); +- } +- } +- } +-} +- + // utility methods for appending an array with check for duplicates + + void append_interfaces(GrowableArray* result, Array* ifs) { +diff -r c2807622fbbd -r 9fce84e6f51a src/share/vm/classfile/dictionary.cpp +--- openjdk/hotspot/src/share/vm/classfile/dictionary.cpp Mon Sep 10 16:19:47 2018 +0100 ++++ openjdk/hotspot/src/share/vm/classfile/dictionary.cpp Wed Sep 12 10:11:31 2018 -0400 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -159,33 +159,9 @@ + if (!is_strongly_reachable(loader_data, e)) { + // Entry was not visited in phase1 (negated test from phase1) + assert(!loader_data->is_the_null_class_loader_data(), "unloading entry with null class loader"); +- ClassLoaderData* k_def_class_loader_data = ik->class_loader_data(); +- +- // Do we need to delete this system dictionary entry? +- bool purge_entry = false; + + // Do we need to delete this system dictionary entry? + if (loader_data->is_unloading()) { +- // If the loader is not live this entry should always be +- // removed (will never be looked up again). +- purge_entry = true; +- } else { +- // The loader in this entry is alive. If the klass is dead, +- // (determined by checking the defining class loader) +- // the loader must be an initiating loader (rather than the +- // defining loader). Remove this entry. +- if (k_def_class_loader_data->is_unloading()) { +- // If we get here, the class_loader_data must not be the defining +- // loader, it must be an initiating one. +- assert(k_def_class_loader_data != loader_data, +- "cannot have live defining loader and unreachable klass"); +- // Loader is live, but class and its defining loader are dead. +- // Remove the entry. The class is going away. +- purge_entry = true; +- } +- } +- +- if (purge_entry) { + *p = probe->next(); + if (probe == _current_class_entry) { + _current_class_entry = NULL; +diff -r c2807622fbbd -r 9fce84e6f51a src/share/vm/classfile/systemDictionary.cpp +--- openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp Mon Sep 10 16:19:47 2018 +0100 ++++ openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp Wed Sep 12 10:11:31 2018 -0400 +@@ -816,7 +816,16 @@ + check_constraints(d_index, d_hash, k, class_loader, false, THREAD); + + // Need to check for a PENDING_EXCEPTION again; check_constraints +- // can throw and doesn't use the CHECK macro. ++ // can throw but we may have to remove entry from the placeholder table below. ++ if (!HAS_PENDING_EXCEPTION) { ++ // Record dependency for non-parent delegation. ++ // This recording keeps the defining class loader of the klass (k) found ++ // from being unloaded while the initiating class loader is loaded ++ // even if the reference to the defining class loader is dropped ++ // before references to the initiating class loader. ++ loader_data->record_dependency(k(), THREAD); ++ } ++ + if (!HAS_PENDING_EXCEPTION) { + { // Grabbing the Compile_lock prevents systemDictionary updates + // during compilations. +diff -r c2807622fbbd -r 9fce84e6f51a src/share/vm/classfile/verificationType.cpp +--- openjdk/hotspot/src/share/vm/classfile/verificationType.cpp Mon Sep 10 16:19:47 2018 +0100 ++++ openjdk/hotspot/src/share/vm/classfile/verificationType.cpp Wed Sep 12 10:11:31 2018 -0400 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -63,7 +63,6 @@ + name(), Handle(THREAD, klass->class_loader()), + Handle(THREAD, klass->protection_domain()), true, CHECK_false); + KlassHandle this_class(THREAD, obj); +- klass->class_loader_data()->record_dependency(obj, CHECK_false); + + if (this_class->is_interface() && (!from_field_is_protected || + from.name() != vmSymbols::java_lang_Object())) { +@@ -75,7 +74,6 @@ + Klass* from_class = SystemDictionary::resolve_or_fail( + from.name(), Handle(THREAD, klass->class_loader()), + Handle(THREAD, klass->protection_domain()), true, CHECK_false); +- klass->class_loader_data()->record_dependency(from_class, CHECK_false); + bool result = InstanceKlass::cast(from_class)->is_subclass_of(this_class()); + if (result && DumpSharedSpaces) { + if (klass()->is_subclass_of(from_class) && klass()->is_subclass_of(this_class())) { +diff -r c2807622fbbd -r 9fce84e6f51a src/share/vm/classfile/verifier.cpp +--- openjdk/hotspot/src/share/vm/classfile/verifier.cpp Mon Sep 10 16:19:47 2018 +0100 ++++ openjdk/hotspot/src/share/vm/classfile/verifier.cpp Wed Sep 12 10:11:31 2018 -0400 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -1949,11 +1949,9 @@ + oop loader = current_class()->class_loader(); + oop protection_domain = current_class()->protection_domain(); + +- Klass* kls = SystemDictionary::resolve_or_fail( ++ return SystemDictionary::resolve_or_fail( + name, Handle(THREAD, loader), Handle(THREAD, protection_domain), + true, CHECK_NULL); +- current_class()->class_loader_data()->record_dependency(kls, CHECK_NULL); +- return kls; + } + + bool ClassVerifier::is_protected_access(instanceKlassHandle this_class, +diff -r c2807622fbbd -r 9fce84e6f51a src/share/vm/oops/constantPool.cpp +--- openjdk/hotspot/src/share/vm/oops/constantPool.cpp Mon Sep 10 16:19:47 2018 +0100 ++++ openjdk/hotspot/src/share/vm/oops/constantPool.cpp Wed Sep 12 10:11:31 2018 -0400 +@@ -339,8 +339,6 @@ + // Only updated constant pool - if it is resolved. + do_resolve = this_oop->tag_at(which).is_unresolved_klass(); + if (do_resolve) { +- ClassLoaderData* this_key = this_oop->pool_holder()->class_loader_data(); +- this_key->record_dependency(k(), CHECK_NULL); // Can throw OOM + this_oop->klass_at_put(which, k()); + } + } +diff -r c2807622fbbd -r 9fce84e6f51a src/share/vm/prims/jvm.cpp +--- openjdk/hotspot/src/share/vm/prims/jvm.cpp Mon Sep 10 16:19:47 2018 +0100 ++++ openjdk/hotspot/src/share/vm/prims/jvm.cpp Wed Sep 12 10:11:31 2018 -0400 +@@ -991,12 +991,6 @@ + Handle h_prot (THREAD, protection_domain); + jclass result = find_class_from_class_loader(env, h_name, init, h_loader, + h_prot, true, thread); +- if (result != NULL) { +- oop mirror = JNIHandles::resolve_non_null(result); +- Klass* to_class = java_lang_Class::as_Klass(mirror); +- ClassLoaderData* cld = ClassLoaderData::class_loader_data(h_loader()); +- cld->record_dependency(to_class, CHECK_NULL); +- } + + if (TraceClassResolution && result != NULL) { + // this function is generally only used for class loading during verification. +diff -r c2807622fbbd -r 9fce84e6f51a test/runtime/ClassUnload/ConstantPoolDependsTest.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/hotspot/test/runtime/ClassUnload/ConstantPoolDependsTest.java Wed Sep 12 10:11:31 2018 -0400 +@@ -0,0 +1,86 @@ ++/* ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ConstantPoolDependsTest ++ * @bug 8210094 ++ * @summary Create ClassLoader dependency from initiating loader to class loader through constant pool reference ++ * @modules java.base/jdk.internal.misc ++ * java.compiler ++ * @library /testlibrary /testlibrary/whitebox /runtime/testlibrary ++ * @build sun.hotspot.WhiteBox ++ * @compile p2/c2.java MyDiffClassLoader.java ++ * @run main ClassFileInstaller sun.hotspot.WhiteBox ++ * sun.hotspot.WhiteBox$WhiteBoxPermission ++ * @run main/othervm -Xbootclasspath/a:. -Xmn8m -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI ConstantPoolDependsTest ++ */ ++ ++import sun.hotspot.WhiteBox; ++ ++ ++public class ConstantPoolDependsTest { ++ public static WhiteBox wb = WhiteBox.getWhiteBox(); ++ public static final String MY_TEST = "ConstantPoolDependsTest$c1c"; ++ ++ public static class c1c { ++ private void test() throws Exception { ++ // ConstantPool.klass_at_impl loads through constant pool and creates dependency ++ p2.c2 c2_obj = new p2.c2(); ++ c2_obj.method2(); ++ } ++ ++ public c1c () throws Exception { ++ test(); ++ ClassUnloadCommon.triggerUnloading(); // should not unload anything ++ test(); ++ ClassUnloadCommon.triggerUnloading(); // should not unload anything ++ } ++ } ++ ++ static void test() throws Throwable { ++ ++ // now use the same loader to load class MyTest ++ Class MyTest_class = new MyDiffClassLoader(MY_TEST).loadClass(MY_TEST); ++ ++ try { ++ // Call MyTest to load p2.c2 twice and call p2.c2.method2 ++ MyTest_class.newInstance(); ++ } catch (Exception e) { ++ throw new RuntimeException("Test FAILED if NoSuchMethodException is thrown"); ++ } ++ ClassUnloadCommon.triggerUnloading(); // should not unload anything ++ ClassUnloadCommon.failIf(!wb.isClassAlive(MY_TEST), "should not be unloaded"); ++ ClassUnloadCommon.failIf(!wb.isClassAlive("p2.c2"), "should not be unloaded"); ++ // Unless MyTest_class is referenced here, the compiler can unload it. ++ System.out.println("Should not unload anything before here because " + MyTest_class + " is still alive."); ++ } ++ ++ public static void main(String args[]) throws Throwable { ++ test(); ++ ClassUnloadCommon.triggerUnloading(); // should unload ++ System.gc(); ++ System.out.println("Should unload p2.c2 just now"); ++ ClassUnloadCommon.failIf(wb.isClassAlive(MY_TEST), "should be unloaded"); ++ ClassUnloadCommon.failIf(wb.isClassAlive("p2.c2"), "should be unloaded"); ++ } ++} +diff -r c2807622fbbd -r 9fce84e6f51a test/runtime/ClassUnload/DictionaryDependsTest.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/hotspot/test/runtime/ClassUnload/DictionaryDependsTest.java Wed Sep 12 10:11:31 2018 -0400 +@@ -0,0 +1,89 @@ ++/* ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test DictionaryDependsTest ++ * @bug 8210094 ++ * @summary Create ClassLoader dependency from initiating loader to class loader through reflection ++ * @modules java.base/jdk.internal.misc ++ * java.compiler ++ * @library /testlibrary /testlibrary/whitebox /runtime/testlibrary ++ * @build sun.hotspot.WhiteBox ++ * @compile p2/c2.java MyDiffClassLoader.java ++ * @run main ClassFileInstaller sun.hotspot.WhiteBox ++ * sun.hotspot.WhiteBox$WhiteBoxPermission ++ * @run main/othervm -Xbootclasspath/a:. -Xmn8m -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI DictionaryDependsTest ++ */ ++import sun.hotspot.WhiteBox; ++import java.lang.reflect.Method; ++ ++public class DictionaryDependsTest { ++ public static WhiteBox wb = WhiteBox.getWhiteBox(); ++ public static final String MY_TEST = "DictionaryDependsTest$c1r"; ++ ++ static public class c1r { ++ ++ private void test() throws Exception { ++ // forName loads through reflection and doesn't create dependency ++ Class x = Class.forName("p2.c2", true, c1r.class.getClassLoader()); ++ Method m = x.getMethod("method2"); ++ java.lang.Object t = x.newInstance(); ++ m.invoke(t); ++ } ++ ++ public c1r () throws Exception { ++ test(); ++ ClassUnloadCommon.triggerUnloading(); // should unload p2.c2 ++ test(); ++ ClassUnloadCommon.triggerUnloading(); // should unload p2.c2 ++ } ++ } ++ ++ public void test() throws Throwable { ++ ++ // now use the same loader to load class MyTest ++ Class MyTest_class = new MyDiffClassLoader(MY_TEST).loadClass(MY_TEST); ++ ++ try { ++ // Call MyTest to load p2.c2 twice and call p2.c2.method2 ++ MyTest_class.newInstance(); ++ } catch (Exception e) { ++ System.out.println("Not expected NSME"); ++ throw new RuntimeException("Not expecting NSME"); ++ } ++ ClassUnloadCommon.triggerUnloading(); // should not unload anything ++ ClassUnloadCommon.failIf(!wb.isClassAlive(MY_TEST), "should not be unloaded"); ++ ClassUnloadCommon.failIf(!wb.isClassAlive("p2.c2"), "should not be unloaded"); ++ // Unless MyTest_class is referenced here, the compiler can unload it. ++ System.out.println("Should not unload anything before here because " + MyTest_class + " is still alive."); ++ } ++ ++ public static void main(String args[]) throws Throwable { ++ DictionaryDependsTest d = new DictionaryDependsTest(); ++ d.test(); ++ ClassUnloadCommon.triggerUnloading(); // should not unload anything ++ System.out.println("Should unload MyTest and p2.c2 just now"); ++ ClassUnloadCommon.failIf(wb.isClassAlive(MY_TEST), "should be unloaded"); ++ ClassUnloadCommon.failIf(wb.isClassAlive("p2.c2"), "should be unloaded"); ++ } ++} +diff -r c2807622fbbd -r 9fce84e6f51a test/runtime/ClassUnload/MyDiffClassLoader.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/hotspot/test/runtime/ClassUnload/MyDiffClassLoader.java Wed Sep 12 10:11:31 2018 -0400 +@@ -0,0 +1,75 @@ ++/* ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.io.*; ++import com.oracle.java.testlibrary.InMemoryJavaCompiler; ++ ++public class MyDiffClassLoader extends ClassLoader { ++ ++ public String loaderName; ++ public static boolean switchClassData = false; ++ ++ MyDiffClassLoader(String name) { ++ this.loaderName = name; ++ } ++ ++ public Class loadClass(String name) throws ClassNotFoundException { ++ if (!name.contains("c1r") && ++ !name.contains("c1c") && ++ !name.contains("c1s") && ++ !name.equals("p2.c2")) { ++ return super.loadClass(name); ++ } ++ ++ // new loader loads p2.c2 ++ if (name.equals("p2.c2") && !loaderName.equals("C2Loader")) { ++ Class c = new MyDiffClassLoader("C2Loader").loadClass(name); ++ switchClassData = true; ++ return c; ++ } ++ ++ byte[] data = switchClassData ? getNewClassData(name) : getClassData(name); ++ System.out.println("name is " + name); ++ return defineClass(name, data, 0, data.length); ++ } ++ byte[] getClassData(String name) { ++ try { ++ String TempName = name.replaceAll("\\.", "/"); ++ String currentDir = System.getProperty("test.classes"); ++ String filename = currentDir + File.separator + TempName + ".class"; ++ FileInputStream fis = new FileInputStream(filename); ++ byte[] b = new byte[5000]; ++ int cnt = fis.read(b, 0, 5000); ++ byte[] c = new byte[cnt]; ++ for (int i=0; i