Mercurial > hg > openjdk > jdk8u > jdk
changeset 13437:b6dcf8ae496c
Merge
author | andrew |
---|---|
date | Wed, 06 Feb 2019 04:09:08 +0000 |
parents | c35f231af17a (current diff) f0b93fbd8cf8 (diff) |
children | 3bb8137f36a8 |
files | src/share/classes/java/time/chrono/JapaneseEra.java test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64 test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh |
diffstat | 107 files changed, 2926 insertions(+), 1255 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Tue Jan 29 22:38:26 2019 +0000 +++ b/.hgtags Wed Feb 06 04:09:08 2019 +0000 @@ -915,6 +915,7 @@ 22e01e7c5c39bfa3f5e2d18be76c7bf0dc71033a jdk8u181-b12 0cb452d66676bc1b3824bea4a0c16ac76e58b070 jdk8u181-b13 b01c6e5aa43c784fc66465b56227ddd9aa29eee6 jdk8u191-b01 +2db6890a956723ac347b573217d91bbbedbb0528 jdk8u201-b00 2db6890a956723ac347b573217d91bbbedbb0528 jdk8u191-b02 89e2889d02d2f5dabdeda7f60cf80a8df3100eb4 jdk8u191-b03 94e4769c6d69241f9eb7164a85fc91fc83faab5c jdk8u191-b04 @@ -945,4 +946,38 @@ 2cd82eb879dd0f853dbfb7ffa2441e81e2413447 jdk8u192-b11 f877dad22786f92aa495a595a1a4a16f0163c573 jdk8u192-b12 996dd3ce1ec5437da8b5a742c60a5ff7b6028122 jdk8u192-b26 +38b4a5b97f38c467446f1767d148075ac98397d1 jdk8u181-b31 +d679861a9a1efc80e0671b1c6b870fcffbfb9d9c jdk8u181-b32 +078a06936ffe2db2a00e928f88c6e345a126985a jdk8u181-b33 +ecfdede1e6ddf37dcca415861ab031c18ec4b349 jdk8u181-b34 +ac943243eaf1cb3971b953d56527287ae3f8d223 jdk8u181-b35 +674963395b9f747e746af782f2f3ea7995385420 jdk8u181-b36 +92587df933606ff8f03c6073be6c4089211de2b3 jdk8u181-b37 +fbc886dd68cc0e2d877406f73a24bd332bf78244 jdk8u201-b01 +fbeb9b9cc0106ef9bd6b03a441c9a2e06db07bd9 jdk8u201-b02 +274162fd9a2334ac99157a87ff3caff9069e4a66 jdk8u201-b03 +c0b2b82d2478bd641adf21f807809979756485c2 jdk8u201-b04 +3d28c8134ca184ed00271cbec9862f688d04bd4f jdk8u201-b74 +df3e701ab0766c48fe9c72e259aa5ecc278e9fcf jdk8u201-b05 +9fe667a8402b606db5b0c4aa2fb2d65dec2fcddc jdk8u201-b75 +dc2aeed27f71f87d52a81520773e64a06f8c8978 jdk8u201-b06 +a1845b252425953875de75560822576eddc185a8 jdk8u201-b76 +0a19f694c42c6d8e545743e3df938e80d3d56b87 jdk8u201-b07 +f0611120a4b7deae2219f72c5919712f1662ad9b jdk8u201-b77 +21ffcdd4d850dd240338c211bbeecb79c38e5403 jdk8u201-b08 +72a1a252527bb1ef9a67b7318411e117e7814e3e jdk8u201-b09 +c44a78b5e3c5c8f49901a251c0626f0134833ea4 jdk8u201-b79 +91c1f8b2df32a70763018d69b745639b6b94b393 jdk8u201-b25 +7ce5e345e1d26b459c54ede2aedc99e5afe45a5d jdk8u201-b26 +72a1a252527bb1ef9a67b7318411e117e7814e3e jdk8u201-ga 9da3ff5cd435240bc4941bc1c2ca170c567e012f jdk8u202-b01 +478a4add975beb90696a4ead5f8fcd9c17fc1a83 jdk8u202-b02 +03719dd7706173821b51f42b20ac3cb040696a56 jdk8u202-b03 +d1d759924a534328146368d9be0e49168ace93eb jdk8u202-b04 +620927565284a2cc75bbc3a9bf583997ffb4ea63 jdk8u202-b05 +a7d761df5f2b2a3506516c876381cfb1cdee9387 jdk8u202-b06 +eab55c31ad236f6c601deb5620dc029e9f1b9a72 jdk8u202-b07 +d10b8de706c1ea867abc5518dbb1cf92f6965f6a jdk8u202-b08 +96f7a4d6224a4cbf14c7ac54e39b7e35fee00c0c jdk8u202-b25 +4d01af1665277b6f5f5a6c9107f01bb6c1e0942d jdk8u202-b26 +d10b8de706c1ea867abc5518dbb1cf92f6965f6a jdk8u202-ga
--- a/THIRD_PARTY_README Tue Jan 29 22:38:26 2019 +0000 +++ b/THIRD_PARTY_README Wed Feb 06 04:09:08 2019 +0000 @@ -1668,13 +1668,13 @@ ------------------------------------------------------------------------------- -%% This notice is provided with respect to Little CMS 2.7, which may be +%% This notice is provided with respect to Little CMS 2.9, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- Little CMS -Copyright (c) 1998-2015 Marti Maria Saguer +Copyright (c) 1998-2011 Marti Maria Saguer Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal
--- a/make/data/tzdata/VERSION Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/VERSION Wed Feb 06 04:09:08 2019 +0000 @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2018e +tzdata2018g
--- a/make/data/tzdata/africa Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/africa Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Africa and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -29,7 +31,7 @@ # tz@iana.org for general use in the future). For more, please see # the file CONTRIBUTING in the tz distribution. -# From Paul Eggert (2017-04-09): +# From Paul Eggert (2018-05-27): # # Unless otherwise specified, the source for data through 1990 is: # Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition), @@ -74,13 +76,15 @@ # I vaguely recall 'WAT' also being used for -01 in the past but # cannot now come up with solid citations. # -# I invented the following abbreviations; corrections are welcome! -# +02 WAST West Africa Summer Time (no longer used) -# +03 CAST Central Africa Summer Time (no longer used) -# +03 SAST South Africa Summer Time (no longer used) +# I invented the following abbreviations in the 1990s: +# +02 WAST West Africa Summer Time +# +03 CAST Central Africa Summer Time +# +03 SAST South Africa Summer Time # +03 EAT East Africa Time -# 'EAT' also seems to have caught on; the others are rare but are paired -# with better-attested non-DST abbreviations. +# 'EAT' seems to have caught on and is in current timestamps, and though +# the other abbreviations are rarer and are only in past timestamps, +# they are paired with better-attested non-DST abbreviations. +# Corrections are welcome. # Algeria # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S @@ -385,6 +389,13 @@ # Eritrea # Ethiopia # See Africa/Nairobi. +# +# Unfortunately tzdb records only Western clock time in use in Ethiopia, +# as the tzdb format is not up to properly recording a common Ethiopian +# timekeeping practice that is based on solar time. See: +# Mortada D. If you have a meeting in Ethiopia, you'd better double +# check the time. PRI's The World. 2015-01-30 15:15 -05. +# https://www.pri.org/stories/2015-01-30/if-you-have-meeting-ethiopia-you-better-double-check-time # Gabon # See Africa/Lagos. @@ -856,94 +867,61 @@ # <https://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/> agrees # with the patch. -# From Paul Eggert (2015-06-08): -# For now, guess that later spring and fall transitions will use 2015's rules, -# and guess that Morocco will switch to standard time at 03:00 the last -# Sunday before Ramadan, and back to DST at 02:00 the first Sunday after -# Ramadan. To implement this, transition dates for 2016 through 2037 were -# determined by running the following program under GNU Emacs 24.3, with the -# results integrated by hand into the table below. -# (let ((islamic-year 1437)) -# (require 'cal-islam) -# (while (< islamic-year 1460) -# (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year))) -# (b (calendar-islamic-to-absolute (list 10 1 islamic-year))) -# (sunday 0)) -# (while (/= sunday (mod (setq a (1- a)) 7))) -# (while (/= sunday (mod b 7)) -# (setq b (1+ b))) -# (setq a (calendar-gregorian-from-absolute a)) -# (setq b (calendar-gregorian-from-absolute b)) -# (insert -# (format -# (concat "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 3:00\t0\t-\n" -# "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 2:00\t1:00\tS\n") -# (car (cdr (cdr a))) (calendar-month-name (car a) t) (car (cdr a)) -# (car (cdr (cdr b))) (calendar-month-name (car b) t) (car (cdr b))))) -# (setq islamic-year (+ 1 islamic-year)))) +# From Mohamed Essedik Najd (2018-10-26): +# Today, a Moroccan government council approved the perpetual addition +# of 60 minutes to the regular Moroccan timezone. +# From Brian Inglis (2018-10-26): +# http://www.maroc.ma/fr/actualites/le-conseil-de-gouvernement-adopte-un-projet-de-decret-relatif-lheure-legale-stipulant-le # RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S - -Rule Morocco 1939 only - Sep 12 0:00 1:00 S +Rule Morocco 1939 only - Sep 12 0:00 1:00 - Rule Morocco 1939 only - Nov 19 0:00 0 - -Rule Morocco 1940 only - Feb 25 0:00 1:00 S +Rule Morocco 1940 only - Feb 25 0:00 1:00 - Rule Morocco 1945 only - Nov 18 0:00 0 - -Rule Morocco 1950 only - Jun 11 0:00 1:00 S +Rule Morocco 1950 only - Jun 11 0:00 1:00 - Rule Morocco 1950 only - Oct 29 0:00 0 - -Rule Morocco 1967 only - Jun 3 12:00 1:00 S +Rule Morocco 1967 only - Jun 3 12:00 1:00 - Rule Morocco 1967 only - Oct 1 0:00 0 - -Rule Morocco 1974 only - Jun 24 0:00 1:00 S +Rule Morocco 1974 only - Jun 24 0:00 1:00 - Rule Morocco 1974 only - Sep 1 0:00 0 - -Rule Morocco 1976 1977 - May 1 0:00 1:00 S +Rule Morocco 1976 1977 - May 1 0:00 1:00 - Rule Morocco 1976 only - Aug 1 0:00 0 - Rule Morocco 1977 only - Sep 28 0:00 0 - -Rule Morocco 1978 only - Jun 1 0:00 1:00 S +Rule Morocco 1978 only - Jun 1 0:00 1:00 - Rule Morocco 1978 only - Aug 4 0:00 0 - -Rule Morocco 2008 only - Jun 1 0:00 1:00 S +Rule Morocco 2008 only - Jun 1 0:00 1:00 - Rule Morocco 2008 only - Sep 1 0:00 0 - -Rule Morocco 2009 only - Jun 1 0:00 1:00 S +Rule Morocco 2009 only - Jun 1 0:00 1:00 - Rule Morocco 2009 only - Aug 21 0:00 0 - -Rule Morocco 2010 only - May 2 0:00 1:00 S +Rule Morocco 2010 only - May 2 0:00 1:00 - Rule Morocco 2010 only - Aug 8 0:00 0 - -Rule Morocco 2011 only - Apr 3 0:00 1:00 S +Rule Morocco 2011 only - Apr 3 0:00 1:00 - Rule Morocco 2011 only - Jul 31 0:00 0 - -Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S +Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 - Rule Morocco 2012 only - Jul 20 3:00 0 - -Rule Morocco 2012 only - Aug 20 2:00 1:00 S +Rule Morocco 2012 only - Aug 20 2:00 1:00 - Rule Morocco 2012 only - Sep 30 3:00 0 - Rule Morocco 2013 only - Jul 7 3:00 0 - -Rule Morocco 2013 only - Aug 10 2:00 1:00 S -Rule Morocco 2013 max - Oct lastSun 3:00 0 - -Rule Morocco 2014 2021 - Mar lastSun 2:00 1:00 S +Rule Morocco 2013 only - Aug 10 2:00 1:00 - +Rule Morocco 2013 2018 - Oct lastSun 3:00 0 - +Rule Morocco 2014 2018 - Mar lastSun 2:00 1:00 - Rule Morocco 2014 only - Jun 28 3:00 0 - -Rule Morocco 2014 only - Aug 2 2:00 1:00 S +Rule Morocco 2014 only - Aug 2 2:00 1:00 - Rule Morocco 2015 only - Jun 14 3:00 0 - -Rule Morocco 2015 only - Jul 19 2:00 1:00 S +Rule Morocco 2015 only - Jul 19 2:00 1:00 - Rule Morocco 2016 only - Jun 5 3:00 0 - -Rule Morocco 2016 only - Jul 10 2:00 1:00 S +Rule Morocco 2016 only - Jul 10 2:00 1:00 - Rule Morocco 2017 only - May 21 3:00 0 - -Rule Morocco 2017 only - Jul 2 2:00 1:00 S +Rule Morocco 2017 only - Jul 2 2:00 1:00 - Rule Morocco 2018 only - May 13 3:00 0 - -Rule Morocco 2018 only - Jun 17 2:00 1:00 S -Rule Morocco 2019 only - May 5 3:00 0 - -Rule Morocco 2019 only - Jun 9 2:00 1:00 S -Rule Morocco 2020 only - Apr 19 3:00 0 - -Rule Morocco 2020 only - May 24 2:00 1:00 S -Rule Morocco 2021 only - Apr 11 3:00 0 - -Rule Morocco 2021 only - May 16 2:00 1:00 S -Rule Morocco 2022 only - May 8 2:00 1:00 S -Rule Morocco 2023 only - Apr 23 2:00 1:00 S -Rule Morocco 2024 only - Apr 14 2:00 1:00 S -Rule Morocco 2025 only - Apr 6 2:00 1:00 S -Rule Morocco 2026 max - Mar lastSun 2:00 1:00 S -Rule Morocco 2036 only - Oct 19 3:00 0 - -Rule Morocco 2037 only - Oct 4 3:00 0 - +Rule Morocco 2018 only - Jun 17 2:00 1:00 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26 - 0:00 Morocco WE%sT 1984 Mar 16 - 1:00 - CET 1986 - 0:00 Morocco WE%sT + 0:00 Morocco +00/+01 1984 Mar 16 + 1:00 - +01 1986 + 0:00 Morocco +00/+01 2018 Oct 27 + 1:00 - +01 # Western Sahara # @@ -958,7 +936,8 @@ Zone Africa/El_Aaiun -0:52:48 - LMT 1934 Jan # El Aaiún -1:00 - -01 1976 Apr 14 - 0:00 Morocco WE%sT + 0:00 Morocco +00/+01 2018 Oct 27 + 1:00 - +01 # Mozambique #
--- a/make/data/tzdata/antarctica Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/antarctica Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Antarctica and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson.
--- a/make/data/tzdata/asia Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/asia Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Asia and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -29,7 +31,7 @@ # tz@iana.org for general use in the future). For more, please see # the file CONTRIBUTING in the tz distribution. -# From Paul Eggert (2017-01-13): +# From Paul Eggert (2018-06-19): # # Unless otherwise specified, the source for data through 1990 is: # Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition), @@ -58,7 +60,8 @@ # A reliable and entertaining source about time zones is # Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997). # -# The following alphabetic abbreviations appear in these tables: +# The following alphabetic abbreviations appear in these tables +# (corrections are welcome): # std dst # LMT Local Mean Time # 2:00 EET EEST Eastern European Time @@ -67,11 +70,13 @@ # 7:00 WIB west Indonesia (Waktu Indonesia Barat) # 8:00 WITA central Indonesia (Waktu Indonesia Tengah) # 8:00 CST China +# 8:00 PST PDT* Philippine Standard Time # 8:30 KST KDT Korea when at +0830 # 9:00 WIT east Indonesia (Waktu Indonesia Timur) # 9:00 JST JDT Japan # 9:00 KST KDT Korea when at +09 # 9:30 ACST Australian Central Standard Time +# *I invented the abbreviation PDT; see "Philippines" below. # Otherwise, these tables typically use numeric abbreviations like +03 # and +0330 for integer hour and minute UT offsets. Although earlier # editions invented alphabetic time zone abbreviations for every @@ -304,6 +309,29 @@ # China +# From Paul Eggert (2018-10-02): +# The following comes from Table 1 of: +# Li Yu. Research on the daylight saving movement in 1940s Shanghai. +# Nanjing Journal of Social Sciences. 2014;(2):144-50. +# http://oversea.cnki.net/kns55/detail.aspx?dbname=CJFD2014&filename=NJSH201402020 +# The table lists dates only; I am guessing 00:00 and 24:00 transition times. +# Also, the table lists the planned end of DST in 1949, but the corresponding +# zone line cuts this off on May 28, when the Communists took power. +# +# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +Rule Shang 1940 only - Jun 1 0:00 1:00 D +Rule Shang 1940 only - Oct 12 24:00 0 S +Rule Shang 1941 only - Mar 15 0:00 1:00 D +Rule Shang 1941 only - Nov 1 24:00 0 S +Rule Shang 1942 only - Jan 31 0:00 1:00 D +Rule Shang 1945 only - Sep 1 24:00 0 S +Rule Shang 1946 only - May 15 0:00 1:00 D +Rule Shang 1946 only - Sep 30 24:00 0 S +Rule Shang 1947 only - Apr 15 0:00 1:00 D +Rule Shang 1947 only - Oct 31 24:00 0 S +Rule Shang 1948 1949 - May 1 0:00 1:00 D +Rule Shang 1948 1949 - Sep 30 24:00 0 S #plan + # From Guy Harris: # People's Republic of China. Yes, they really have only one time zone. @@ -330,18 +358,33 @@ # time - sort of", Los Angeles Times, 1986-05-05 ... [says] that China began # observing daylight saving time in 1986. -# From Paul Eggert (2014-06-30): -# Shanks & Pottenger have China switching to a single time zone in 1980, but -# this doesn't seem to be correct. They also write that China observed summer -# DST from 1986 through 1991, which seems to match the above commentary, so -# go with them for DST rules as follows: +# From P Chan (2018-05-07): +# The start and end time of DST in China [from 1986 on] should be 2:00 +# (i.e. 2:00 to 3:00 at the start and 2:00 to 1:00 at the end).... +# Government notices about summer time: +# +# 1986-04-12 http://www.zj.gov.cn/attach/zfgb/198608.pdf p.21-22 +# (To establish summer time from 1986. On 4 May, set the clocks ahead one hour +# at 2 am. On 14 September, set the clocks backward one hour at 2 am.) +# +# 1987-02-15 http://www.gov.cn/gongbao/shuju/1987/gwyb198703.pdf p.114 +# (Summer time in 1987 to start from 12 April until 13 September) +# +# 1987-09-09 http://www.gov.cn/gongbao/shuju/1987/gwyb198721.pdf p.709 +# (From 1988, summer time to start from 2 am of the first Sunday of mid-April +# until 2 am of the first Sunday of mid-September) +# +# 1992-03-03 http://www.gov.cn/gongbao/shuju/1992/gwyb199205.pdf p.152 +# (To suspend summer time from 1992) +# +# The first page of People's Daily on 12 April 1988 stating that summer time +# to begin on 17 April. +# http://data.people.com.cn/pic/101p/1988/04/1988041201.jpg + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Shang 1940 only - Jun 3 0:00 1:00 D -Rule Shang 1940 1941 - Oct 1 0:00 0 S -Rule Shang 1941 only - Mar 16 0:00 1:00 D -Rule PRC 1986 only - May 4 0:00 1:00 D -Rule PRC 1986 1991 - Sep Sun>=11 0:00 0 S -Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D +Rule PRC 1986 only - May 4 2:00 1:00 D +Rule PRC 1986 1991 - Sep Sun>=11 2:00 0 S +Rule PRC 1987 1991 - Apr Sun>=11 2:00 1:00 D # From Anthony Fok (2001-12-20): # BTW, I did some research on-line and found some info regarding these five @@ -363,10 +406,11 @@ # Alois Treindl kindly sent me translations of the following two sources: # # (1) -# Guo Qingsheng (National Time-Service Center, CAS, Xi'an 710600, China) +# Guo Qing-sheng (National Time-Service Center, CAS, Xi'an 710600, China) # Beijing Time at the Beginning of the PRC # China Historical Materials of Science and Technology -# (Zhongguo ke ji shi liao, 中国科技史料), Vol. 24, No. 1 (2003) +# (Zhongguo ke ji shi liao, 中国科技史料). 2003;24(1):5-9. +# http://oversea.cnki.net/kcms/detail/detail.aspx?filename=ZGKS200301000&dbname=CJFD2003 # It gives evidence that at the beginning of the PRC, Beijing time was # officially apparent solar time! However, Guo also says that the # evidence is dubious, as the relevant institute of astronomy had not @@ -543,7 +587,7 @@ # Zone NAME GMTOFF RULES FORMAT [UNTIL] # Beijing time, used throughout China; represented by Shanghai. Zone Asia/Shanghai 8:05:43 - LMT 1901 - 8:00 Shang C%sT 1949 + 8:00 Shang C%sT 1949 May 28 8:00 PRC C%sT # Xinjiang time, used by many in western China; represented by Ürümqi / Ürümchi # / Wulumuqi. (Please use Asia/Shanghai if you prefer Beijing time.) @@ -772,24 +816,140 @@ 8:00 Taiwan C%sT # Macau (Macao, Aomen) +# +# From P Chan (2018-05-10): +# * LegisMac +# http://legismac.safp.gov.mo/legismac/descqry/Descqry.jsf?lang=pt +# A database for searching titles of legal documents of Macau in +# Chinese and Portuguese. The term "HORÁRIO DE VERÃO" can be used for +# searching decrees about summer time. +# * Archives of Macao +# http://www.archives.gov.mo/en/bo/ +# It contains images of old official gazettes. +# * The Macao Meteorological and Geophysical Bureau have a page listing the +# summer time history. But it is not complete and has some mistakes. +# http://www.smg.gov.mo/smg/geophysics/e_t_Summer%20Time.htm +# Macau adopted GMT+8 on 30 Oct 1904 to follow Hong Kong. Clocks were +# advanced by 25 minutes and 50 seconds. Which means the LMT used was +# +7:34:10. As stated in the "Portaria No. 204" dated 21 October 1904 +# and published in the Official Gazette on 29 October 1904. +# http://igallery.icm.gov.mo/Images/Archives/BO/MO_AH_PUB_BO_1904_10/MO_AH_PUB_BO_1904_10_00025_Grey.JPG +# +# Therefore the 1911 decree of Portugal did not change time in Macau. +# +# From LegisMac, here is a list of decrees that changed the time ... +# [Decree Gazette-no. date; titles omitted in this quotation] +# DIL 732 BOCM 51 1941.12.20 +# DIL 764 BOCM 9S 1942.04.30 +# DIL 781 BOCM 21 1942.10.10 +# PT 3434 BOCM 8S 1943.04.17 +# PT 3504 BOCM 20 1943.09.25 +# PT 3843 BOCM 39 1945.09.29 +# PT 3961 BOCM 17 1946.04.27 +# PT 4026 BOCM 39 1946.09.28 +# PT 4153 BOCM 16 1947.04.10 +# PT 4271 BOCM 48 1947.11.29 +# PT 4374 BOCM 18 1948.05.01 +# PT 4465 BOCM 44 1948.10.30 +# PT 4590 BOCM 14 1949.04.02 +# PT 4666 BOCM 44 1949.10.29 +# PT 4771 BOCM 12 1950.03.25 +# PT 4838 BOCM 43 1950.10.28 +# PT 4946 BOCM 12 1951.03.24 +# PT 5025 BO 43 1951.10.27 +# PT 5149 BO 14 1952.04.05 +# PT 5251 BO 43 1952.10.25 +# PT 5366 BO 13 1953.03.28 +# PT 5444 BO 44 1953.10.31 +# PT 5540 BO 12 1954.03.20 +# PT 5589 BO 44 1954.10.30 +# PT 5676 BO 12 1955.03.19 +# PT 5739 BO 45 1955.11.05 +# PT 5823 BO 11 1956.03.17 +# PT 5891 BO 44 1956.11.03 +# PT 5981 BO 12 1957.03.23 +# PT 6064 BO 43 1957.10.26 +# PT 6172 BO 12 1958.03.22 +# PT 6243 BO 43 1958.10.25 +# PT 6341 BO 12 1959.03.21 +# PT 6411 BO 43 1959.10.24 +# PT 6514 BO 11 1960.03.12 +# PT 6584 BO 44 1960.10.29 +# PT 6721 BO 10 1961.03.11 +# PT 6815 BO 43 1961.10.28 +# PT 6947 BO 10 1962.03.10 +# PT 7080 BO 43 1962.10.27 +# PT 7218 BO 12 1963.03.23 +# PT 7340 BO 43 1963.10.26 +# PT 7491 BO 11 1964.03.14 +# PT 7664 BO 43 1964.10.24 +# PT 7846 BO 15 1965.04.10 +# PT 7979 BO 42 1965.10.16 +# PT 8146 BO 15 1966.04.09 +# PT 8252 BO 41 1966.10.08 +# PT 8429 BO 15 1967.04.15 +# PT 8540 BO 41 1967.10.14 +# PT 8735 BO 15 1968.04.13 +# PT 8860 BO 41 1968.10.12 +# PT 9035 BO 16 1969.04.19 +# PT 9156 BO 42 1969.10.18 +# PT 9328 BO 15 1970.04.11 +# PT 9418 BO 41 1970.10.10 +# PT 9587 BO 14 1971.04.03 +# PT 9702 BO 41 1971.10.09 +# PT 38-A/72 BO 14 1972.04.01 +# PT 126-A/72 BO 41 1972.10.07 +# PT 61/73 BO 14 1973.04.07 +# PT 182/73 BO 40 1973.10.06 +# PT 282/73 BO 51 1973.12.22 +# PT 177/74 BO 41 1974.10.12 +# PT 51/75 BO 15 1975.04.12 +# PT 173/75 BO 41 1975.10.11 +# PT 67/76/M BO 14 1976.04.03 +# PT 169/76/M BO 41 1976.10.09 +# PT 78/79/M BO 19 1979.05.12 +# PT 166/79/M BO 42 1979.10.20 +# Note that DIL 732 does not belong to "HORÁRIO DE VERÃO" according to +# LegisMac.... Note that between 1942 and 1945, the time switched +# between GMT+9 and GMT+10. Also in 1965 and 1965 the DST ended at 2:30am. + +# From Paul Eggert (2018-05-10): +# The 1904 decree says that Macau changed from the meridian of +# Fortaleza do Monte, presumably the basis for the 7:34:10 for LMT. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Macau 1961 1962 - Mar Sun>=16 3:30 1:00 D -Rule Macau 1961 1964 - Nov Sun>=1 3:30 0 S -Rule Macau 1963 only - Mar Sun>=16 0:00 1:00 D -Rule Macau 1964 only - Mar Sun>=16 3:30 1:00 D -Rule Macau 1965 only - Mar Sun>=16 0:00 1:00 D -Rule Macau 1965 only - Oct 31 0:00 0 S -Rule Macau 1966 1971 - Apr Sun>=16 3:30 1:00 D -Rule Macau 1966 1971 - Oct Sun>=16 3:30 0 S -Rule Macau 1972 1974 - Apr Sun>=15 0:00 1:00 D -Rule Macau 1972 1973 - Oct Sun>=15 0:00 0 S -Rule Macau 1974 1977 - Oct Sun>=15 3:30 0 S -Rule Macau 1975 1977 - Apr Sun>=15 3:30 1:00 D -Rule Macau 1978 1980 - Apr Sun>=15 0:00 1:00 D -Rule Macau 1978 1980 - Oct Sun>=15 0:00 0 S -# See Europe/Lisbon for info about the 1912 transition. +Rule Macau 1942 1943 - Apr 30 23:00 1:00 - +Rule Macau 1942 only - Nov 17 23:00 0 - +Rule Macau 1943 only - Sep 30 23:00 0 S +Rule Macau 1946 only - Apr 30 23:00s 1:00 D +Rule Macau 1946 only - Sep 30 23:00s 0 S +Rule Macau 1947 only - Apr 19 23:00s 1:00 D +Rule Macau 1947 only - Nov 30 23:00s 0 S +Rule Macau 1948 only - May 2 23:00s 1:00 D +Rule Macau 1948 only - Oct 31 23:00s 0 S +Rule Macau 1949 1950 - Apr Sat>=1 23:00s 1:00 D +Rule Macau 1949 1950 - Oct lastSat 23:00s 0 S +Rule Macau 1951 only - Mar 31 23:00s 1:00 D +Rule Macau 1951 only - Oct 28 23:00s 0 S +Rule Macau 1952 1953 - Apr Sat>=1 23:00s 1:00 D +Rule Macau 1952 only - Nov 1 23:00s 0 S +Rule Macau 1953 1954 - Oct lastSat 23:00s 0 S +Rule Macau 1954 1956 - Mar Sat>=17 23:00s 1:00 D +Rule Macau 1955 only - Nov 5 23:00s 0 S +Rule Macau 1956 1964 - Nov Sun>=1 03:30 0 S +Rule Macau 1957 1964 - Mar Sun>=18 03:30 1:00 D +Rule Macau 1965 1973 - Apr Sun>=16 03:30 1:00 D +Rule Macau 1965 1966 - Oct Sun>=16 02:30 0 S +Rule Macau 1967 1976 - Oct Sun>=16 03:30 0 S +Rule Macau 1973 only - Dec 30 03:30 1:00 D +Rule Macau 1975 1976 - Apr Sun>=16 03:30 1:00 D +Rule Macau 1979 only - May 13 03:30 1:00 D +Rule Macau 1979 only - Oct Sun>=16 03:30 0 S + # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Asia/Macau 7:34:20 - LMT 1911 Dec 31 16:00u +Zone Asia/Macau 7:34:10 - LMT 1904 Oct 30 + 8:00 - CST 1941 Dec 21 23:00 + 9:00 Macau +09/+10 1945 Sep 30 24:00 8:00 Macau C%sT @@ -1494,9 +1654,29 @@ # http://www.shugiin.go.jp/internet/itdb_housei.nsf/html/houritsu/00719500331039.htm # ... In summary, it is written as follows. From 24:00 on the first Saturday # in May, until 0:00 on the day after the second Saturday in September. + +# From Phake Nick (2018-09-27): +# [T]he webpage authored by National Astronomical Observatory of Japan +# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EF.html +# ... mentioned that using Showa 23 (year 1948) as example, 13pm of September +# 11 in summer time will equal to 0am of September 12 in standard time. +# It cited a document issued by the Liaison Office which briefly existed +# during the postwar period of Japan, where the detail on implementation +# of the summer time is described in the document. +# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EFB2C6BBFEB9EFA4CEBCC2BBDCA4CBA4C4A4A4A4C6.pdf +# The text in the document do instruct a fall back to occur at +# September 11, 13pm in summer time, while ordinary citizens can +# change the clock before they sleep. +# +# From Paul Eggert (2018-09-27): +# This instruction is equivalent to "Sat>=8 25:00", so use that. zic treats +# it like "Sun>=9 01:00", which is not quite the same but is the best we can +# do in any POSIX or C platform. The "25:00" assumes zic from 2007 or later, +# which should be safe now. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Japan 1948 only - May Sat>=1 24:00 1:00 D -Rule Japan 1948 1951 - Sep Sun>=9 0:00 0 S +Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D Rule Japan 1950 1951 - May Sat>=1 24:00 1:00 D @@ -1878,7 +2058,7 @@ 5:00 - +05 # Mangghystaū (KZ-MAN) # Aqtau was not founded until 1963, but it represents an inhabited region, -# so include time stamps before 1963. +# so include timestamps before 1963. Zone Asia/Aqtau 3:21:04 - LMT 1924 May 2 4:00 - +04 1930 Jun 21 5:00 - +05 1981 Oct 1 @@ -2018,6 +2198,10 @@ # Assembly, as published in Rodong Sinmun. # From Tim Parenti (2018-04-29): # It appears to be the front page story at the top in the right-most column. +# +# From Paul Eggert (2018-05-04): +# The BBC reported that the transition was from 23:30 to 24:00 today. +# https://www.bbc.com/news/world-asia-44010705 # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Seoul 8:27:52 - LMT 1908 Apr 1 @@ -2030,7 +2214,7 @@ 8:30 - KST 1912 Jan 1 9:00 - JST 1945 Aug 24 9:00 - KST 2015 Aug 15 00:00 - 8:30 - KST 2018 May 5 + 8:30 - KST 2018 May 4 23:30 9:00 - KST ############################################################################### @@ -2780,19 +2964,35 @@ # Philippine Star 2014-08-05 # http://www.philstar.com/headlines/2014/08/05/1354152/pnoy-urged-declare-use-daylight-saving-time +# From Paul Goyette (2018-06-15): +# In the Philippines, there is a national law, Republic Act No. 10535 +# which declares the official time here as "Philippine Standard Time". +# The act [1] even specifies use of PST as the abbreviation, although +# the FAQ provided by PAGASA [2] uses the "acronym PhST to distinguish +# it from the Pacific Standard Time (PST)." +# [1] http://www.officialgazette.gov.ph/2013/05/15/republic-act-no-10535/ +# [2] https://www1.pagasa.dost.gov.ph/index.php/astronomy/philippine-standard-time#republic-act-10535 +# +# From Paul Eggert (2018-06-19): +# I surveyed recent news reports, and my impression is that "PST" is +# more popular among reliable English-language news sources. This is +# not just a measure of Google hit counts: it's also the sizes and +# influence of the sources. There is no current abbreviation for DST, +# so use "PDT", the usual American style. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Phil 1936 only - Nov 1 0:00 1:00 - -Rule Phil 1937 only - Feb 1 0:00 0 - -Rule Phil 1954 only - Apr 12 0:00 1:00 - -Rule Phil 1954 only - Jul 1 0:00 0 - -Rule Phil 1978 only - Mar 22 0:00 1:00 - -Rule Phil 1978 only - Sep 21 0:00 0 - +Rule Phil 1936 only - Nov 1 0:00 1:00 D +Rule Phil 1937 only - Feb 1 0:00 0 S +Rule Phil 1954 only - Apr 12 0:00 1:00 D +Rule Phil 1954 only - Jul 1 0:00 0 S +Rule Phil 1978 only - Mar 22 0:00 1:00 D +Rule Phil 1978 only - Sep 21 0:00 0 S # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Manila -15:56:00 - LMT 1844 Dec 31 8:04:00 - LMT 1899 May 11 - 8:00 Phil +08/+09 1942 May - 9:00 - +09 1944 Nov - 8:00 Phil +08/+09 + 8:00 Phil P%sT 1942 May + 9:00 - JST 1944 Nov + 8:00 Phil P%sT # Qatar # Zone NAME GMTOFF RULES FORMAT [UNTIL] @@ -2803,15 +3003,34 @@ # Saudi Arabia # -# From Paul Eggert (2014-07-15): +# From Paul Eggert (2018-08-29): # Time in Saudi Arabia and other countries in the Arabian peninsula was not -# standardized until relatively recently; we don't know when, and possibly it +# standardized until 1968 or so; we don't know exactly when, and possibly it # has never been made official. Richard P Hunt, in "Islam city yielding to # modern times", New York Times (1961-04-09), p 20, wrote that only airlines # observed standard time, and that people in Jeddah mostly observed quasi-solar # time, doing so by setting their watches at sunrise to 6 o'clock (or to 12 # o'clock for "Arab" time). # +# Timekeeping differed depending on who you were and which part of Saudi +# Arabia you were in. In 1969, Elias Antar wrote that although a common +# practice had been to set one's watch to 12:00 (i.e., midnight) at sunset - +# which meant that the time on one side of a mountain could differ greatly from +# the time on the other side - many foreigners set their watches to 6pm +# instead, while airlines instead used UTC +03 (except in Dhahran, where they +# used UTC +04), Aramco used UTC +03 with DST, and the Trans-Arabian Pipe Line +# Company used Aramco time in eastern Saudi Arabia and airline time in western. +# (The American Military Aid Advisory Group used plain UTC.) Antar writes, +# "A man named Higgins, so the story goes, used to run a local power +# station. One day, the whole thing became too much for Higgins and he +# assembled his staff and laid down the law. 'I've had enough of this,' he +# shrieked. 'It is now 12 o'clock Higgins Time, and from now on this station is +# going to run on Higgins Time.' And so, until last year, it did." See: +# Antar E. Dinner at When? Saudi Aramco World, 1969 March/April. 2-3. +# http://archive.aramcoworld.com/issue/196902/dinner.at.when.htm +# newspapers.com says a similar story about Higgins was published in the Port +# Angeles (WA) Evening News, 1965-03-10, page 5, but I lack access to the text. +# # The TZ database cannot represent quasi-solar time; airline time is the best # we can do. The 1946 foreign air news digest of the U.S. Civil Aeronautics # Board (OCLC 42299995) reported that the "... Arabian Government, inaugurated @@ -2821,7 +3040,8 @@ # # Shanks & Pottenger also state that until 1968-05-01 Saudi Arabia had two # time zones; the other zone, at UT +04, was in the far eastern part of -# the country. Ignore this, as it's before our 1970 cutoff. +# the country. Presumably this is documenting airline time. Ignore this, +# as it's before our 1970 cutoff. # # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Riyadh 3:06:52 - LMT 1947 Mar 14
--- a/make/data/tzdata/australasia Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/australasia Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Australasia and environs, and for much of the Pacific + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -384,8 +386,15 @@ # Dominic Fok writes (2017-08-20) that DST ends 2018-01-14, citing # Extraordinary Government of Fiji Gazette Supplement No. 21 (2017-08-27), # [Legal Notice No. 41] of an order of the previous day by J Usamate. + +# From Raymond Kumar (2018-07-13): +# http://www.fijitimes.com/government-approves-2018-daylight-saving/ +# ... The daylight saving period will end at 3am on Sunday January 13, 2019. +# +# From Paul Eggert (2018-07-15): # For now, guess DST from 02:00 the first Sunday in November to 03:00 -# the first Sunday on or after January 14. Although ad hoc, it matches +# the first Sunday on or after January 13. January transitions reportedly +# depend on when school terms start. Although the guess is ad hoc, it matches # transitions since late 2014 and seems more likely to match future # practice than guessing no DST. @@ -399,7 +408,7 @@ Rule Fiji 2012 2013 - Jan Sun>=18 3:00 0 - Rule Fiji 2014 only - Jan Sun>=18 2:00 0 - Rule Fiji 2014 max - Nov Sun>=1 2:00 1:00 - -Rule Fiji 2015 max - Jan Sun>=14 3:00 0 - +Rule Fiji 2015 max - Jan Sun>=13 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Pacific/Fiji 11:55:44 - LMT 1915 Oct 26 # Suva 12:00 Fiji +12/+13
--- a/make/data/tzdata/backward Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/backward Wed Feb 06 04:09:08 2019 +0000 @@ -21,10 +21,12 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb links for backward compatibility + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. -# This file provides links between current names for time zones +# This file provides links between current names for timezones # and their old names. Many names changed in late 1993. # Link TARGET LINK-NAME
--- a/make/data/tzdata/etcetera Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/etcetera Wed Feb 06 04:09:08 2019 +0000 @@ -21,12 +21,14 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for ships at sea and other miscellany + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. # These entries are mostly present for historical reasons, so that # people in areas not otherwise covered by the tz files could "zic -l" -# to a time zone that was right for their area. These days, the +# to a timezone that was right for their area. These days, the # tz files cover almost all the inhabited world, and the only practical # need now for the entries that are not on UTC are for ships at sea # that cannot use POSIX TZ settings.
--- a/make/data/tzdata/europe Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/europe Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Europe and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -540,7 +542,7 @@ # # To work around this problem, the build procedure can translate the # following data into two forms, one with negative SAVE values and the -# other form with a traditional approximation for Irish time stamps +# other form with a traditional approximation for Irish timestamps # after 1971-10-31 02:00 UTC; although this approximation has tm_isdst # flags that are reversed, its UTC offsets are correct and this often # suffices. This source file currently uses only nonnegative SAVE @@ -2450,6 +2452,33 @@ # administratively part of Sakhalin oblast', they appear to have # remained on UTC+11 along with Magadan. +# From Marat Nigametzianov (2018-07-16): +# this is link to order from 1956 about timezone in USSR +# http://astro.uni-altai.ru/~orion/blog/2011/11/novyie-granitsyi-chasovyih-poyasov-v-sssr/ +# +# From Paul Eggert (2018-07-16): +# Perhaps someone could translate the above-mentioned link and use it +# to correct our data for the ex-Soviet Union. It cites the following: +# «Поясное время и новые границы часовых поясов» / сост. П.Н. Долгов, +# отв. ред. Г.Д. Бурдун - М: Комитет стандартов, мер и измерительных +# приборов при Совете Министров СССР, Междуведомственная комиссия +# единой службы времени, 1956 г. +# This book looks like it would be a helpful resource for the Soviet +# Union through 1956. Although a copy was in the Scientific Library +# of Tomsk State University, I have not been able to track down a copy nearby. +# +# From Stepan Golosunov (2018-07-21): +# http://astro.uni-altai.ru/~orion/blog/2015/05/center-reforma-ischisleniya-vremeni-br-na-territorii-sssr-v-1957-godu-center/ +# says that the 1956 decision to change time belts' borders was not +# implemented as planned in 1956 and the change happened in 1957. +# There is also the problem that actual time zones were different from +# the official time belts (and from many time belts' maps) as there were +# numerous exceptions to application of time belt rules. For example, +# https://ru.wikipedia.org/wiki/Московское_время#Перемещение_границы_применения_московского_времени_на_восток +# says that by 1962 there were many regions in the 3rd time belt that +# were on Moscow time, referring to a 1962 map. By 1989 number of such +# exceptions grew considerably. + # From Tim Parenti (2014-07-06): # The comments detailing the coverage of each Russian zone are meant to assist # with maintenance only and represent our best guesses as to which regions @@ -2460,9 +2489,6 @@ # future stability. ISO 3166-2:RU codes are also listed for first-level # divisions where available. -# Zone NAME GMTOFF RULES FORMAT [UNTIL] - - # From Tim Parenti (2014-07-03): # Europe/Kaliningrad covers... # 39 RU-KGD Kaliningrad Oblast @@ -2730,6 +2756,15 @@ # 34 RU-VGG Volgograd Oblast # The 1988 transition is from USSR act No. 5 (1988-01-04). +# From Alexander Fetisov (2018-09-20): +# Volgograd region in southern Russia (Europe/Volgograd) change +# timezone from UTC+3 to UTC+4 from 28oct2018. +# http://sozd.parliament.gov.ru/bill/452878-7 +# +# From Stepan Golosunov (2018-10-11): +# The law has been published today on +# http://publication.pravo.gov.ru/Document/View/0001201810110037 + Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3 3:00 - +03 1930 Jun 21 4:00 - +04 1961 Nov 11 @@ -2738,7 +2773,8 @@ 4:00 - +04 1992 Mar 29 2:00s 3:00 Russia +03/+04 2011 Mar 27 2:00s 4:00 - +04 2014 Oct 26 2:00s - 3:00 - +03 + 3:00 - +03 2018 Oct 28 2:00s + 4:00 - +04 # From Paul Eggert (2016-11-11): # Europe/Saratov covers: @@ -3427,7 +3463,8 @@ #Rule NatSpain 1937 only - May 22 23:00 1:00 S #Rule NatSpain 1937 1938 - Oct Sat>=1 24:00s 0 - #Rule NatSpain 1938 only - Mar 26 23:00 1:00 S -# The following rules are copied from Morocco from 1967 through 1978. +# The following rules are copied from Morocco from 1967 through 1978, +# except with "S" letters. Rule SpainAfrica 1967 only - Jun 3 12:00 1:00 S Rule SpainAfrica 1967 only - Oct 1 0:00 0 - Rule SpainAfrica 1974 only - Jun 24 0:00 1:00 S @@ -3447,6 +3484,7 @@ 0:00 1:00 WEST 1918 Oct 7 23:00 0:00 - WET 1924 0:00 Spain WE%sT 1929 + 0:00 - WET 1967 # Help zishrink.awk. 0:00 SpainAfrica WE%sT 1984 Mar 16 1:00 - CET 1986 1:00 EU CE%sT @@ -3632,7 +3670,7 @@ # http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2 - for 2001 # http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2 - for 2002-2006 # From Paul Eggert (2016-09-25): -# Prefer the above sources to Shanks & Pottenger for time stamps after 1985. +# Prefer the above sources to Shanks & Pottenger for timestamps after 1985. # From Steffen Thorsen (2007-03-09): # Starting 2007 though, it seems that they are adopting EU's 1:00 UTC @@ -3842,10 +3880,29 @@ # * Ukrainian Government's Resolution of 20.03.1992, No. 139. # http://www.uazakon.com/documents/date_8u/pg_grcasa.htm +# From Paul Eggert (2018-10-03): +# As is usual in tzdb, Ukrainian zones use the most common English spellings. +# For example, tzdb uses Europe/Kiev, as "Kiev" is the most common spelling in +# English for Ukraine's capital, even though it is certainly wrong as a +# transliteration of the Ukrainian "Київ". This is similar to tzdb's use of +# Europe/Prague, which is certainly wrong as a transliteration of the Czech +# "Praha". ("Kiev" came from old Slavic via Russian to English, and "Prague" +# came from old Slavic via French to English, so the two cases have something +# in common.) Admittedly English-language spelling of Ukrainian names is +# controversial, and some day "Kyiv" may become substantially more popular in +# English; in the meantime, stick with the traditional English "Kiev" as that +# means less disruption for our users. +# +# Anyway, none of the common English-language spellings (Kiev, Kyiv, Kieff, +# Kijeff, Kijev, Kiyef, Kiyeff) do justice to the common pronunciation in +# Ukrainian, namely [ˈkɪjiu̯] (IPA). This pronunciation has nothing like an +# English "v" or "f", and instead trails off with what an English-speaker +# would call a demure "oo" sound, and it would would be better anglicized as +# "Kuiyu". Here's a sound file, if you would like to do as the Kuiyuvians do: +# https://commons.wikimedia.org/wiki/File:Uk-Київ.ogg + # Zone NAME GMTOFF RULES FORMAT [UNTIL] -# Most of Ukraine since 1970 has been like Kiev. -# "Kyiv" is the transliteration of the Ukrainian name, but -# "Kiev" is more common in English. +# This represents most of Ukraine. See above for the spelling of "Kiev". Zone Europe/Kiev 2:02:04 - LMT 1880 2:02:04 - KMT 1924 May 2 # Kiev Mean Time 2:00 - EET 1930 Jun 21
--- a/make/data/tzdata/factory Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/factory Wed Feb 06 04:09:08 2019 +0000 @@ -21,11 +21,13 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for noncommittal factory settings + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. -# For distributors who don't want to put time zone specification in -# their installation procedures. Users that run 'date' will get the +# For distributors who don't want to specify a timezone in their +# installation procedures. Users who run 'date' will get the # time zone abbreviation "-00", indicating that the actual time zone # is unknown.
--- a/make/data/tzdata/leapseconds Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/leapseconds Wed Feb 06 04:09:08 2019 +0000 @@ -26,21 +26,25 @@ # This file is in the public domain. # This file is generated automatically from the data in the public-domain -# leap-seconds.list file, which is copied from: -# ftp://ftp.nist.gov/pub/time/leap-seconds.list +# leap-seconds.list file, which can be copied from +# <ftp://ftp.nist.gov/pub/time/leap-seconds.list> +# or <ftp://ftp.boulder.nist.gov/pub/time/leap-seconds.list> +# or <ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.list>. # For more about leap-seconds.list, please see # The NTP Timescale and Leap Seconds -# https://www.eecis.udel.edu/~mills/leap.html +# <https://www.eecis.udel.edu/~mills/leap.html>. # The International Earth Rotation and Reference Systems Service # periodically uses leap seconds to keep UTC to within 0.9 s of UT1 -# (which measures the true angular orientation of the earth in space); see -# Levine J. Coordinated Universal Time and the leap second. +# (which measures the true angular orientation of the earth in space) +# and publishes leap second data in a copyrighted file +# <https://hpiers.obspm.fr/iers/bul/bulc/Leap_Second.dat>. +# See: Levine J. Coordinated Universal Time and the leap second. # URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995 -# http://ieeexplore.ieee.org/document/7909995/ +# <https://ieeexplore.ieee.org/document/7909995>. # There were no leap seconds before 1972, because the official mechanism # accounting for the discrepancy between atomic time and the earth's rotation -# did not exist until the early 1970s. +# did not exist. # The correction (+ or -) is made at the given time, so lines # will typically look like: @@ -48,10 +52,7 @@ # or # Leap YEAR MON DAY 23:59:59 - R/S -# If the leapsecond is Rolling (R) the given time is local time. -# If the leapsecond is Stationary (S) the given time is UTC. - -# Leap YEAR MONTH DAY HH:MM:SS CORR R/S +# If the leap second is Rolling (R) the given time is local time (unused here). Leap 1972 Jun 30 23:59:60 + S Leap 1972 Dec 31 23:59:60 + S Leap 1973 Dec 31 23:59:60 + S @@ -80,5 +81,9 @@ Leap 2015 Jun 30 23:59:60 + S Leap 2016 Dec 31 23:59:60 + S -# Updated through IERS Bulletin C55 -# File expires on: 28 December 2018 +# POSIX timestamps for the data in this file: +#updated 1467936000 +#expires 1561680000 + +# Updated through IERS Bulletin C56 +# File expires on: 28 June 2019
--- a/make/data/tzdata/northamerica Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/northamerica Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for North and Central America and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -71,7 +73,7 @@ # # Most of the US soon followed suit. See: # Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56. -# http://dx.doi.org/10.2307/3105430 +# https://dx.doi.org/10.2307/3105430 # From Paul Eggert (2005-04-16): # That 1883 transition occurred at 12:00 new time, not at 12:00 old time. @@ -460,6 +462,19 @@ # western South Dakota, far western Texas (El Paso County, Hudspeth County, # and Pine Springs and Nickel Creek in Culberson County), Utah, Wyoming # +# From Paul Eggert (2018-10-25): +# On 1921-03-04 federal law placed all of Texas into the central time zone. +# However, El Paso ignored the law for decades and continued to observe +# mountain time, on the grounds that that's what they had always done +# and they weren't about to let the federal government tell them what to do. +# Eventually the federal government gave in and changed the law on +# 1970-04-10 to match what El Paso was actually doing. Although +# that's slightly after our 1970 cutoff, there is no need to create a +# separate zone for El Paso since they were ignoring the law anyway. See: +# Long T. El Pasoans were time rebels, fought to stay in Mountain zone. +# El Paso Times. 2018-10-24 06:40 -06. +# https://www.elpasotimes.com/story/news/local/el-paso/2018/10/24/el-pasoans-were-time-rebels-fought-stay-mountain-zone/1744509002/ +# # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER Rule Denver 1920 1921 - Mar lastSun 2:00 1:00 D Rule Denver 1920 only - Oct lastSun 2:00 0 S @@ -729,9 +744,7 @@ Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00 -10:30 - HST 1933 Apr 30 2:00 -10:30 1:00 HDT 1933 May 21 12:00 - -10:30 - HST 1942 Feb 9 2:00 - -10:30 1:00 HDT 1945 Sep 30 2:00 - -10:30 - HST 1947 Jun 8 2:00 + -10:30 US H%sT 1947 Jun 8 2:00 -10:00 - HST # Now we turn to US areas that have diverged from the consensus since 1970.
--- a/make/data/tzdata/pacificnew Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/pacificnew Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for proposed US election time (this file is obsolete) + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson.
--- a/make/data/tzdata/southamerica Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/southamerica Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for South America and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -415,7 +417,7 @@ # standard time, so let's do that here too. This does not change UTC # offsets, only tm_isdst and the time zone abbreviations. One minor # plus is that this silences a zic complaint that there's no POSIX TZ -# setting for time stamps past 2038. +# setting for timestamps past 2038. # Zone NAME GMTOFF RULES FORMAT [UNTIL] # @@ -948,6 +950,14 @@ # ... https://www.timeanddate.com/news/time/brazil-delays-dst-2018.html # From Steffen Thorsen (2017-12-20): # http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2017/decreto/D9242.htm +# +# From Fábio Gomes (2018-10-04): +# The Brazilian president just announced a new change on this year DST. +# It was scheduled to start on November 4th and it was changed to November 18th. +# From Rodrigo Brüning Wessler (2018-10-15): +# The Brazilian government just announced that the change in DST was +# canceled.... Maybe the president Michel Temer also woke up one hour +# earlier today. :) Rule Brazil 2018 max - Nov Sun>=1 0:00 1:00 - Rule Brazil 2023 only - Feb Sun>=22 0:00 0 - Rule Brazil 2024 2025 - Feb Sun>=15 0:00 0 - @@ -1254,6 +1264,24 @@ # they will switch from -03 to -04 one hour after Santiago does that day. # For now, assume that they will not revert. +# From Juan Correa (2018-08-13): +# As of moments ago, the Ministry of Energy in Chile has announced the new +# schema for DST. ... Announcement in video (in Spanish): +# https://twitter.com/MinEnergia/status/1029000399129374720 +# From Yonathan Dossow (2018-08-13): +# The video says "first Saturday of September", we all know it means Sunday at +# midnight. +# From Tim Parenti (2018-08-13): +# Translating the captions on the video at 0:44-0:55, "We want to announce as +# Government that from 2019, Winter Time will be increased to 5 months, between +# the first Saturday of April and the first Saturday of September." +# At 2:08-2:20, "The Magallanes region will maintain its current time, as +# decided by the citizens during 2017, but our Government will promote a +# regional dialogue table to gather their opinion on this matter." +# https://twitter.com/MinEnergia/status/1029009354001973248 +# "We will keep the new time policy unchanged for at least the next 4 years." +# So we extend the new rules on Saturdays at 24:00 mainland time indefinitely. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Chile 1927 1931 - Sep 1 0:00 1:00 - Rule Chile 1928 1932 - Apr 1 0:00 0 - @@ -1287,8 +1315,10 @@ Rule Chile 2011 only - Aug Sun>=16 4:00u 1:00 - Rule Chile 2012 2014 - Apr Sun>=23 3:00u 0 - Rule Chile 2012 2014 - Sep Sun>=2 4:00u 1:00 - -Rule Chile 2016 max - May Sun>=9 3:00u 0 - -Rule Chile 2016 max - Aug Sun>=9 4:00u 1:00 - +Rule Chile 2016 2018 - May Sun>=9 3:00u 0 - +Rule Chile 2016 2018 - Aug Sun>=9 4:00u 1:00 - +Rule Chile 2019 max - Apr Sun>=2 3:00u 0 - +Rule Chile 2019 max - Sep Sun>=2 4:00u 1:00 - # IATA SSIM anomalies: (1992-02) says 1992-03-14; # (1996-09) says 1998-03-08. Ignore these. # Zone NAME GMTOFF RULES FORMAT [UNTIL]
--- a/make/data/tzdata/systemv Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/systemv Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for System V rules (this file is obsolete) + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson.
--- a/make/data/tzdata/zone.tab Tue Jan 29 22:38:26 2019 +0000 +++ b/make/data/tzdata/zone.tab Wed Feb 06 04:09:08 2019 +0000 @@ -21,12 +21,12 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -# tz zone descriptions (deprecated version) +# tzdb timezone descriptions (deprecated version) # # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. # -# From Paul Eggert (2014-07-31): +# From Paul Eggert (2018-06-27): # This file is intended as a backward-compatibility aid for older programs. # New programs should use zone1970.tab. This file is like zone1970.tab (see # zone1970.tab's comments), but with the following additional restrictions: @@ -35,13 +35,13 @@ # 2. The first data column contains exactly one country code. # # Because of (2), each row stands for an area that is the intersection -# of a region identified by a country code and of a zone where civil +# of a region identified by a country code and of a timezone where civil # clocks have agreed since 1970; this is a narrower definition than # that of zone1970.tab. # -# This table is intended as an aid for users, to help them select time -# zone data entries appropriate for their practical needs. It is not -# intended to take or endorse any position on legal or territorial claims. +# This table is intended as an aid for users, to help them select timezones +# appropriate for their practical needs. It is not intended to take or +# endorse any position on legal or territorial claims. # #country- #code coordinates TZ comments @@ -291,7 +291,7 @@ MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas) MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar -MO +2214+11335 Asia/Macau +MO +221150+1133230 Asia/Macau MP +1512+14545 Pacific/Saipan MQ +1436-06105 America/Martinique MR +1806-01557 Africa/Nouakchott
--- a/make/lib/NetworkingLibraries.gmk Tue Jan 29 22:38:26 2019 +0000 +++ b/make/lib/NetworkingLibraries.gmk Wed Feb 06 04:09:08 2019 +0000 @@ -75,7 +75,7 @@ LDFLAGS_SUFFIX_linux := $(LIBDL) -ljvm -lpthread -ljava, \ LDFLAGS_SUFFIX_aix := $(LIBDL) -ljvm -ljava,\ LDFLAGS_SUFFIX_windows := ws2_32.lib jvm.lib secur32.lib iphlpapi.lib \ - delayimp.lib $(WIN_JAVA_LIB) advapi32.lib \ + delayimp.lib urlmon.lib $(WIN_JAVA_LIB) advapi32.lib \ -DELAYLOAD:secur32.dll -DELAYLOAD:iphlpapi.dll, \ VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ RC_FLAGS := $(RC_FLAGS) \
--- a/src/macosx/native/sun/font/CCharToGlyphMapper.m Tue Jan 29 22:38:26 2019 +0000 +++ b/src/macosx/native/sun/font/CCharToGlyphMapper.m Wed Feb 06 04:09:08 2019 +0000 @@ -1,10 +1,12 @@ /* - * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -329,7 +329,7 @@ if ((inLen == 0) || (in == null)) { return; } - if (bufOfs + inLen > buffer.length) { + if (inLen > (buffer.length - bufOfs)) { bufOfs = buffer.length + 1; return; }
--- a/src/share/classes/java/awt/Robot.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/java/awt/Robot.java Wed Feb 06 04:09:08 2019 +0000 @@ -391,6 +391,7 @@ * @return Color of the pixel */ public synchronized Color getPixelColor(int x, int y) { + checkScreenCaptureAllowed(); Color color = new Color(peer.getRGBPixel(x, y)); return color; }
--- a/src/share/classes/java/math/BigDecimal.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/java/math/BigDecimal.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,8 @@ package java.math; +import static java.math.BigInteger.LONG_MASK; import java.util.Arrays; -import static java.math.BigInteger.LONG_MASK; /** * Immutable, arbitrary-precision signed decimal numbers. A @@ -407,9 +407,12 @@ * @since 1.5 */ public BigDecimal(char[] in, int offset, int len, MathContext mc) { - // protect against huge length. - if (offset + len > in.length || offset < 0) - throw new NumberFormatException("Bad offset or len arguments for char[] input."); + // protect against huge length, negative values, and integer overflow + if ((in.length | len | offset) < 0 || len > in.length - offset) { + throw new NumberFormatException + ("Bad offset or len arguments for char[] input."); + } + // This is the primary string to BigDecimal constructor; all // incoming strings end up here; it uses explicit (inline) // parsing for speed and generates at most one intermediate
--- a/src/share/classes/java/math/BigInteger.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/java/math/BigInteger.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1161,6 +1161,14 @@ private static final double LOG_TWO = Math.log(2.0); static { + assert 0 < KARATSUBA_THRESHOLD + && KARATSUBA_THRESHOLD < TOOM_COOK_THRESHOLD + && TOOM_COOK_THRESHOLD < Integer.MAX_VALUE + && 0 < KARATSUBA_SQUARE_THRESHOLD + && KARATSUBA_SQUARE_THRESHOLD < TOOM_COOK_SQUARE_THRESHOLD + && TOOM_COOK_SQUARE_THRESHOLD < Integer.MAX_VALUE : + "Algorithm thresholds are inconsistent"; + for (int i = 1; i <= MAX_CONSTANT; i++) { int[] magnitude = new int[1]; magnitude[0] = i; @@ -1482,6 +1490,18 @@ * @return {@code this * val} */ public BigInteger multiply(BigInteger val) { + return multiply(val, false); + } + + /** + * Returns a BigInteger whose value is {@code (this * val)}. If + * the invocation is recursive certain overflow checks are skipped. + * + * @param val value to be multiplied by this BigInteger. + * @param isRecursion whether this is a recursive invocation + * @return {@code this * val} + */ + private BigInteger multiply(BigInteger val, boolean isRecursion) { if (val.signum == 0 || signum == 0) return ZERO; @@ -1509,6 +1529,63 @@ if ((xlen < TOOM_COOK_THRESHOLD) && (ylen < TOOM_COOK_THRESHOLD)) { return multiplyKaratsuba(this, val); } else { + // + // In "Hacker's Delight" section 2-13, p.33, it is explained + // that if x and y are unsigned 32-bit quantities and m and n + // are their respective numbers of leading zeros within 32 bits, + // then the number of leading zeros within their product as a + // 64-bit unsigned quantity is either m + n or m + n + 1. If + // their product is not to overflow, it cannot exceed 32 bits, + // and so the number of leading zeros of the product within 64 + // bits must be at least 32, i.e., the leftmost set bit is at + // zero-relative position 31 or less. + // + // From the above there are three cases: + // + // m + n leftmost set bit condition + // ----- ---------------- --------- + // >= 32 x <= 64 - 32 = 32 no overflow + // == 31 x >= 64 - 32 = 32 possible overflow + // <= 30 x >= 64 - 31 = 33 definite overflow + // + // The "possible overflow" condition cannot be detected by + // examning data lengths alone and requires further calculation. + // + // By analogy, if 'this' and 'val' have m and n as their + // respective numbers of leading zeros within 32*MAX_MAG_LENGTH + // bits, then: + // + // m + n >= 32*MAX_MAG_LENGTH no overflow + // m + n == 32*MAX_MAG_LENGTH - 1 possible overflow + // m + n <= 32*MAX_MAG_LENGTH - 2 definite overflow + // + // Note however that if the number of ints in the result + // were to be MAX_MAG_LENGTH and mag[0] < 0, then there would + // be overflow. As a result the leftmost bit (of mag[0]) cannot + // be used and the constraints must be adjusted by one bit to: + // + // m + n > 32*MAX_MAG_LENGTH no overflow + // m + n == 32*MAX_MAG_LENGTH possible overflow + // m + n < 32*MAX_MAG_LENGTH definite overflow + // + // The foregoing leading zero-based discussion is for clarity + // only. The actual calculations use the estimated bit length + // of the product as this is more natural to the internal + // array representation of the magnitude which has no leading + // zero elements. + // + if (!isRecursion) { + // The bitLength() instance method is not used here as we + // are only considering the magnitudes as non-negative. The + // Toom-Cook multiplication algorithm determines the sign + // at its end from the two signum values. + if (bitLength(mag, mag.length) + + bitLength(val.mag, val.mag.length) > + 32L*MAX_MAG_LENGTH) { + reportOverflow(); + } + } + return multiplyToomCook3(this, val); } } @@ -1587,7 +1664,7 @@ int ystart = ylen - 1; if (z == null || z.length < (xlen+ ylen)) - z = new int[xlen+ylen]; + z = new int[xlen+ylen]; long carry = 0; for (int j=ystart, k=ystart+1+xstart; j >= 0; j--, k--) { @@ -1709,16 +1786,16 @@ BigInteger v0, v1, v2, vm1, vinf, t1, t2, tm1, da1, db1; - v0 = a0.multiply(b0); + v0 = a0.multiply(b0, true); da1 = a2.add(a0); db1 = b2.add(b0); - vm1 = da1.subtract(a1).multiply(db1.subtract(b1)); + vm1 = da1.subtract(a1).multiply(db1.subtract(b1), true); da1 = da1.add(a1); db1 = db1.add(b1); - v1 = da1.multiply(db1); + v1 = da1.multiply(db1, true); v2 = da1.add(a2).shiftLeft(1).subtract(a0).multiply( - db1.add(b2).shiftLeft(1).subtract(b0)); - vinf = a2.multiply(b2); + db1.add(b2).shiftLeft(1).subtract(b0), true); + vinf = a2.multiply(b2, true); // The algorithm requires two divisions by 2 and one by 3. // All divisions are known to be exact, that is, they do not produce @@ -1884,6 +1961,17 @@ * @return {@code this<sup>2</sup>} */ private BigInteger square() { + return square(false); + } + + /** + * Returns a BigInteger whose value is {@code (this<sup>2</sup>)}. If + * the invocation is recursive certain overflow checks are skipped. + * + * @param isRecursion whether this is a recursive invocation + * @return {@code this<sup>2</sup>} + */ + private BigInteger square(boolean isRecursion) { if (signum == 0) { return ZERO; } @@ -1896,6 +1984,15 @@ if (len < TOOM_COOK_SQUARE_THRESHOLD) { return squareKaratsuba(); } else { + // + // For a discussion of overflow detection see multiply() + // + if (!isRecursion) { + if (bitLength(mag, mag.length) > 16L*MAX_MAG_LENGTH) { + reportOverflow(); + } + } + return squareToomCook3(); } } @@ -2046,13 +2143,13 @@ a0 = getToomSlice(k, r, 2, len); BigInteger v0, v1, v2, vm1, vinf, t1, t2, tm1, da1; - v0 = a0.square(); + v0 = a0.square(true); da1 = a2.add(a0); - vm1 = da1.subtract(a1).square(); + vm1 = da1.subtract(a1).square(true); da1 = da1.add(a1); - v1 = da1.square(); - vinf = a2.square(); - v2 = da1.add(a2).shiftLeft(1).subtract(a0).square(); + v1 = da1.square(true); + vinf = a2.square(true); + v2 = da1.add(a2).shiftLeft(1).subtract(a0).square(true); // The algorithm requires two divisions by 2 and one by 3. // All divisions are known to be exact, that is, they do not produce @@ -2223,10 +2320,11 @@ // The remaining part can then be exponentiated faster. The // powers of two will be multiplied back at the end. int powersOfTwo = partToSquare.getLowestSetBit(); - long bitsToShift = (long)powersOfTwo * exponent; - if (bitsToShift > Integer.MAX_VALUE) { + long bitsToShiftLong = (long)powersOfTwo * exponent; + if (bitsToShiftLong > Integer.MAX_VALUE) { reportOverflow(); } + int bitsToShift = (int)bitsToShiftLong; int remainingBits; @@ -2236,9 +2334,9 @@ remainingBits = partToSquare.bitLength(); if (remainingBits == 1) { // Nothing left but +/- 1? if (signum < 0 && (exponent&1) == 1) { - return NEGATIVE_ONE.shiftLeft(powersOfTwo*exponent); + return NEGATIVE_ONE.shiftLeft(bitsToShift); } else { - return ONE.shiftLeft(powersOfTwo*exponent); + return ONE.shiftLeft(bitsToShift); } } } else { @@ -2283,13 +2381,16 @@ if (bitsToShift + scaleFactor <= 62) { // Fits in long? return valueOf((result << bitsToShift) * newSign); } else { - return valueOf(result*newSign).shiftLeft((int) bitsToShift); + return valueOf(result*newSign).shiftLeft(bitsToShift); } - } - else { + } else { return valueOf(result*newSign); } } else { + if ((long)bitLength() * exponent / Integer.SIZE > MAX_MAG_LENGTH) { + reportOverflow(); + } + // Large number algorithm. This is basically identical to // the algorithm above, but calls multiply() and square() // which may use more efficient algorithms for large numbers. @@ -2309,7 +2410,7 @@ // Multiply back the (exponentiated) powers of two (quickly, // by shifting left) if (powersOfTwo > 0) { - answer = answer.shiftLeft(powersOfTwo*exponent); + answer = answer.shiftLeft(bitsToShift); } if (signum < 0 && (exponent&1) == 1) { @@ -3434,7 +3535,7 @@ for (int i=1; i< len && pow2; i++) pow2 = (mag[i] == 0); - n = (pow2 ? magBitLength -1 : magBitLength); + n = (pow2 ? magBitLength - 1 : magBitLength); } else { n = magBitLength; }
--- a/src/share/classes/java/time/chrono/JapaneseEra.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/java/time/chrono/JapaneseEra.java Wed Feb 06 04:09:08 2019 +0000 @@ -73,6 +73,7 @@ import java.io.Serializable; import java.time.DateTimeException; import java.time.LocalDate; +import java.time.format.DateTimeFormatterBuilder; import java.time.format.TextStyle; import java.time.temporal.ChronoField; import java.time.temporal.TemporalField; @@ -283,7 +284,12 @@ Objects.requireNonNull(locale, "locale"); return style.asNormal() == TextStyle.NARROW ? getAbbreviation() : getName(); } - return Era.super.getDisplayName(style, locale); + + return new DateTimeFormatterBuilder() + .appendText(ERA, style) + .toFormatter(locale) + .withChronology(JapaneseChronology.INSTANCE) + .format(this == MEIJI ? MEIJI_6_ISODATE : since); } //-----------------------------------------------------------------------
--- a/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java Wed Feb 06 04:09:08 2019 +0000 @@ -33,8 +33,7 @@ * credentials without prompting) should only be tried with trusted sites. */ public abstract class NTLMAuthenticationCallback { - private static volatile NTLMAuthenticationCallback callback = - new DefaultNTLMAuthenticationCallback(); + private static volatile NTLMAuthenticationCallback callback; public static void setNTLMAuthenticationCallback( NTLMAuthenticationCallback callback) { @@ -50,10 +49,5 @@ * transparent Authentication. */ public abstract boolean isTrustedSite(URL url); - - static class DefaultNTLMAuthenticationCallback extends NTLMAuthenticationCallback { - @Override - public boolean isTrustedSite(URL url) { return true; } - } }
--- a/src/share/classes/sun/nio/ch/FileChannelImpl.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/nio/ch/FileChannelImpl.java Wed Feb 06 04:09:08 2019 +0000 @@ -551,11 +551,10 @@ { // Untrusted target: Use a newly-erased buffer int c = Math.min(icount, TRANSFER_SIZE); - ByteBuffer bb = Util.getTemporaryDirectBuffer(c); + ByteBuffer bb = ByteBuffer.allocate(c); long tw = 0; // Total bytes written long pos = position; try { - Util.erase(bb); while (tw < icount) { bb.limit(Math.min((int)(icount - tw), TRANSFER_SIZE)); int nr = read(bb, pos); @@ -576,8 +575,6 @@ if (tw > 0) return tw; throw x; - } finally { - Util.releaseTemporaryDirectBuffer(bb); } } @@ -661,11 +658,10 @@ { // Untrusted target: Use a newly-erased buffer int c = (int)Math.min(count, TRANSFER_SIZE); - ByteBuffer bb = Util.getTemporaryDirectBuffer(c); + ByteBuffer bb = ByteBuffer.allocate(c); long tw = 0; // Total bytes written long pos = position; try { - Util.erase(bb); while (tw < count) { bb.limit((int)Math.min((count - tw), (long)TRANSFER_SIZE)); // ## Bug: Will block reading src if this channel @@ -686,8 +682,6 @@ if (tw > 0) return tw; throw x; - } finally { - Util.releaseTemporaryDirectBuffer(bb); } }
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/security/pkcs11/P11Signature.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -472,6 +472,10 @@ if (len == 0) { return; } + // check for overflow + if (len + bytesProcessed < 0) { + throw new ProviderException("Processed bytes limits exceeded."); + } switch (type) { case T_UPDATE: try {
--- a/src/share/classes/sun/security/provider/DSA.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/security/provider/DSA.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -491,7 +491,7 @@ } } protected void engineUpdate(byte[] input, int offset, int len) { - if (ofs + len > digestBuffer.length) { + if (len > (digestBuffer.length - ofs)) { ofs = Integer.MAX_VALUE; } else { System.arraycopy(input, offset, digestBuffer, ofs, len); @@ -500,7 +500,7 @@ } protected final void engineUpdate(ByteBuffer input) { int inputLen = input.remaining(); - if (ofs + inputLen > digestBuffer.length) { + if (inputLen > (digestBuffer.length - ofs)) { ofs = Integer.MAX_VALUE; } else { input.get(digestBuffer, ofs, inputLen);
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Main.java Wed Feb 06 04:09:08 2019 +0000 @@ -29,6 +29,7 @@ import java.security.cert.CertPathValidatorException; import java.security.cert.PKIXBuilderParameters; import java.util.*; +import java.util.stream.Collectors; import java.util.zip.*; import java.util.jar.*; import java.math.BigInteger; @@ -101,6 +102,7 @@ private static final String P11KEYSTORE = "PKCS11"; private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds + private static final long ONE_YEAR = 366*24*60*60*1000L; private static final DisabledAlgorithmConstraints DISABLED_CHECK = new DisabledAlgorithmConstraints( @@ -111,6 +113,14 @@ private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections .unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); + static final String VERSION = "1.0"; + + static final int IN_KEYSTORE = 0x01; // signer is in keystore + static final int IN_SCOPE = 0x02; + static final int NOT_ALIAS = 0x04; // alias list is NOT empty and + // signer is not in alias list + static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list + // Attention: // This is the entry that get launched by the security tool jarsigner. public static void main(String args[]) throws Exception { @@ -118,14 +128,6 @@ js.run(args); } - static final String VERSION = "1.0"; - - static final int IN_KEYSTORE = 0x01; // signer is in keystore - static final int IN_SCOPE = 0x02; - static final int NOT_ALIAS = 0x04; // alias list is NOT empty and - // signer is not in alias list - static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list - X509Certificate[] certChain; // signer's cert chain (when composing) PrivateKey privateKey; // private key KeyStore store; // the keystore specified by -keystore @@ -172,8 +174,16 @@ // Informational warnings private boolean hasExpiringCert = false; - private boolean noTimestamp = false; - private Date expireDate = new Date(0L); // used in noTimestamp warning + private boolean hasExpiringTsaCert = false; + private boolean noTimestamp = true; + + // Expiration date. The value could be null if signed by a trusted cert. + private Date expireDate = null; + private Date tsaExpireDate = null; + + // If there is a time stamp block inside the PKCS7 block file + boolean hasTimestampBlock = false; + // Severe warnings. @@ -186,6 +196,7 @@ private int weakAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg private boolean hasExpiredCert = false; + private boolean hasExpiredTsaCert = false; private boolean notYetValidCert = false; private boolean chainNotValidated = false; private boolean tsaChainNotValidated = false; @@ -203,6 +214,7 @@ private boolean seeWeak = false; PKIXBuilderParameters pkixParameters; + Set<X509Certificate> trustedCerts = new HashSet<>(); public void run(String args[]) { try { @@ -289,8 +301,8 @@ if (strict) { int exitCode = 0; - if (weakAlg != 0 || chainNotValidated - || hasExpiredCert || notYetValidCert || signerSelfSigned) { + if (weakAlg != 0 || chainNotValidated || hasExpiredCert + || hasExpiredTsaCert || notYetValidCert || signerSelfSigned) { exitCode |= 4; } if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) { @@ -825,9 +837,6 @@ System.out.println(rb.getString("no.manifest.")); } - // If there is a time stamp block inside the PKCS7 block file - boolean hasTimestampBlock = false; - // Even if the verbose option is not specified, all out strings // must be generated so seeWeak can be updated. if (!digestMap.isEmpty() @@ -913,8 +922,9 @@ System.out.println(); // If signer is a trusted cert or private entry in user's own - // keystore, it can be self-signed. - if (!aliasNotInStore) { + // keystore, it can be self-signed. Please note aliasNotInStore + // is always false when ~/.keystore is used. + if (!aliasNotInStore && keystore != null) { signerSelfSigned = false; } @@ -934,116 +944,7 @@ System.out.println(rb.getString("jar.is.unsigned")); } } else { - boolean warningAppeared = false; - boolean errorAppeared = false; - if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || - notYetValidCert || chainNotValidated || hasExpiredCert || - hasUnsignedEntry || signerSelfSigned || (weakAlg != 0) || - aliasNotInStore || notSignedByAlias || tsaChainNotValidated) { - - if (strict) { - System.out.println(rb.getString("jar.verified.with.signer.errors.")); - System.out.println(); - System.out.println(rb.getString("Error.")); - errorAppeared = true; - } else { - System.out.println(rb.getString("jar.verified.")); - System.out.println(); - System.out.println(rb.getString("Warning.")); - warningAppeared = true; - } - - if (weakAlg != 0) { - // In fact, jarsigner verification did not catch this - // since it has not read the JarFile content itself. - // Everything is done with JarFile API. - } - - if (badKeyUsage) { - System.out.println( - rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.")); - } - - if (badExtendedKeyUsage) { - System.out.println( - rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.")); - } - - if (badNetscapeCertType) { - System.out.println( - rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.")); - } - - if (hasUnsignedEntry) { - System.out.println(rb.getString( - "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.")); - } - if (hasExpiredCert) { - System.out.println(rb.getString( - "This.jar.contains.entries.whose.signer.certificate.has.expired.")); - } - if (notYetValidCert) { - System.out.println(rb.getString( - "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.")); - } - - if (chainNotValidated) { - System.out.println(String.format( - rb.getString("This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1"), - chainNotValidatedReason.getLocalizedMessage())); - } - - if (tsaChainNotValidated) { - System.out.println(String.format( - rb.getString("This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1"), - tsaChainNotValidatedReason.getLocalizedMessage())); - } - - if (notSignedByAlias) { - System.out.println( - rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.")); - } - - if (aliasNotInStore) { - System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.")); - } - - if (signerSelfSigned) { - System.out.println(rb.getString( - "This.jar.contains.entries.whose.signer.certificate.is.self.signed.")); - } - } else { - System.out.println(rb.getString("jar.verified.")); - } - if (hasExpiringCert || noTimestamp) { - if (!warningAppeared) { - System.out.println(); - System.out.println(rb.getString("Warning.")); - warningAppeared = true; - } - if (hasExpiringCert) { - System.out.println(rb.getString( - "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.")); - } - if (noTimestamp) { - if (hasTimestampBlock) { - // JarSigner API has not seen the timestamp, - // might have ignored it due to weak alg, etc. - System.out.println( - String.format(rb.getString("bad.timestamp.verifying"), expireDate)); - } else { - System.out.println( - String.format(rb.getString("no.timestamp.verifying"), expireDate)); - } - } - } - if (warningAppeared || errorAppeared) { - if (! (verbose != null && showcerts)) { - System.out.println(); - System.out.println(rb.getString( - "Re.run.with.the.verbose.and.certs.options.for.more.details.")); - } - } + displayMessagesAndResult(false); } return; } catch (Exception e) { @@ -1060,6 +961,230 @@ System.exit(1); } + private void displayMessagesAndResult(boolean isSigning) { + String result; + List<String> errors = new ArrayList<>(); + List<String> warnings = new ArrayList<>(); + List<String> info = new ArrayList<>(); + + boolean signerNotExpired = expireDate == null + || expireDate.after(new Date()); + + if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || + notYetValidCert || chainNotValidated || hasExpiredCert || + hasUnsignedEntry || signerSelfSigned || (weakAlg != 0) || + aliasNotInStore || notSignedByAlias || + tsaChainNotValidated || + (hasExpiredTsaCert && !signerNotExpired)) { + + if (strict) { + result = rb.getString(isSigning + ? "jar.signed.with.signer.errors." + : "jar.verified.with.signer.errors."); + } else { + result = rb.getString(isSigning + ? "jar.signed." + : "jar.verified."); + } + + if (badKeyUsage) { + errors.add(rb.getString(isSigning + ? "The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing." + : "This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.")); + } + + if (badExtendedKeyUsage) { + errors.add(rb.getString(isSigning + ? "The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing." + : "This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.")); + } + + if (badNetscapeCertType) { + errors.add(rb.getString(isSigning + ? "The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing." + : "This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.")); + } + + // only in verifying + if (hasUnsignedEntry) { + errors.add(rb.getString( + "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.")); + } + if (hasExpiredCert) { + errors.add(rb.getString(isSigning + ? "The.signer.certificate.has.expired." + : "This.jar.contains.entries.whose.signer.certificate.has.expired.")); + } + if (notYetValidCert) { + errors.add(rb.getString(isSigning + ? "The.signer.certificate.is.not.yet.valid." + : "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.")); + } + + if (chainNotValidated) { + errors.add(String.format(rb.getString(isSigning + ? "The.signer.s.certificate.chain.is.invalid.reason.1" + : "This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1"), + chainNotValidatedReason.getLocalizedMessage())); + } + + if (hasExpiredTsaCert) { + errors.add(rb.getString("The.timestamp.has.expired.")); + } + if (tsaChainNotValidated) { + errors.add(String.format(rb.getString(isSigning + ? "The.tsa.certificate.chain.is.invalid.reason.1" + : "This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1"), + tsaChainNotValidatedReason.getLocalizedMessage())); + } + + // only in verifying + if (notSignedByAlias) { + errors.add( + rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.")); + } + + // only in verifying + if (aliasNotInStore) { + errors.add(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.")); + } + + if (signerSelfSigned) { + errors.add(rb.getString(isSigning + ? "The.signer.s.certificate.is.self.signed." + : "This.jar.contains.entries.whose.signer.certificate.is.self.signed.")); + } + + // weakAlg only detected in signing. The jar file is + // now simply treated unsigned in verifying. + if ((weakAlg & 1) == 1) { + errors.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), + digestalg, "-digestalg")); + } + + if ((weakAlg & 2) == 2) { + errors.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), + sigalg, "-sigalg")); + } + if ((weakAlg & 4) == 4) { + errors.add(String.format( + rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), + tSADigestAlg, "-tsadigestalg")); + } + if ((weakAlg & 8) == 8) { + errors.add(String.format( + rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk."), + privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey))); + } + } else { + result = rb.getString(isSigning ? "jar.signed." : "jar.verified."); + } + + if (hasExpiredTsaCert) { + // No need to warn about expiring if already expired + hasExpiringTsaCert = false; + } + + if (hasExpiringCert || + (hasExpiringTsaCert && expireDate != null) || + (noTimestamp && expireDate != null) || + (hasExpiredTsaCert && signerNotExpired)) { + + if (hasExpiredTsaCert && signerNotExpired) { + if (expireDate != null) { + warnings.add(String.format( + rb.getString("The.timestamp.expired.1.but.usable.2"), + tsaExpireDate, + expireDate)); + } + // Reset the flag so exit code is 0 + hasExpiredTsaCert = false; + } + if (hasExpiringCert) { + warnings.add(rb.getString(isSigning + ? "The.signer.certificate.will.expire.within.six.months." + : "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.")); + } + if (hasExpiringTsaCert && expireDate != null) { + if (expireDate.after(tsaExpireDate)) { + warnings.add(String.format(rb.getString( + "The.timestamp.will.expire.within.one.year.on.1.but.2"), tsaExpireDate, expireDate)); + } else { + warnings.add(String.format(rb.getString( + "The.timestamp.will.expire.within.one.year.on.1"), tsaExpireDate)); + } + } + if (noTimestamp && expireDate != null) { + if (hasTimestampBlock) { + warnings.add(String.format(rb.getString(isSigning + ? "invalid.timestamp.signing" + : "bad.timestamp.verifying"), expireDate)); + } else { + warnings.add(String.format(rb.getString(isSigning + ? "no.timestamp.signing" + : "no.timestamp.verifying"), expireDate)); + } + } + } + + System.out.println(result); + if (strict) { + if (!errors.isEmpty()) { + System.out.println(); + System.out.println(rb.getString("Error.")); + errors.forEach(System.out::println); + } + if (!warnings.isEmpty()) { + System.out.println(); + System.out.println(rb.getString("Warning.")); + warnings.forEach(System.out::println); + } + } else { + if (!errors.isEmpty() || !warnings.isEmpty()) { + System.out.println(); + System.out.println(rb.getString("Warning.")); + errors.forEach(System.out::println); + warnings.forEach(System.out::println); + } + } + if (!isSigning && (!errors.isEmpty() || !warnings.isEmpty())) { + if (! (verbose != null && showcerts)) { + System.out.println(); + System.out.println(rb.getString( + "Re.run.with.the.verbose.and.certs.options.for.more.details.")); + } + } + + if (isSigning || verbose != null) { + // Always print out expireDate, unless expired or expiring. + if (!hasExpiringCert && !hasExpiredCert + && expireDate != null && signerNotExpired) { + info.add(String.format(rb.getString( + "The.signer.certificate.will.expire.on.1."), expireDate)); + } + if (!noTimestamp) { + if (!hasExpiringTsaCert && !hasExpiredTsaCert && tsaExpireDate != null) { + if (signerNotExpired) { + info.add(String.format(rb.getString( + "The.timestamp.will.expire.on.1."), tsaExpireDate)); + } else { + info.add(String.format(rb.getString( + "signer.cert.expired.1.but.timestamp.good.2."), + expireDate, + tsaExpireDate)); + } + } + } + } + + if (!info.isEmpty()) { + System.out.println(); + info.forEach(System.out::println); + } + } + private String withWeak(String alg, Set<CryptoPrimitive> primitiveSet) { if (DISABLED_CHECK.permits(primitiveSet, alg, null)) { return alg; @@ -1094,8 +1219,9 @@ * * Note: no newline character at the end. * - * When isTsCert is true, this method sets global flags like hasExpiredCert, - * notYetValidCert, badKeyUsage, badExtendedKeyUsage, badNetscapeCertType. + * This method sets global flags like hasExpiringCert, hasExpiredCert, + * notYetValidCert, badKeyUsage, badExtendedKeyUsage, badNetscapeCertType, + * hasExpiringTsaCert, hasExpiredTsaCert. * * @param isTsCert true if c is in the TSA cert chain, false otherwise. * @param checkUsage true to check code signer keyUsage @@ -1124,55 +1250,75 @@ if (x509Cert != null) { certStr.append("\n").append(tab).append("["); - Date notAfter = x509Cert.getNotAfter(); - try { - boolean printValidity = true; - if (timestamp == null) { - if (expireDate.getTime() == 0 || expireDate.after(notAfter)) { - expireDate = notAfter; + + if (trustedCerts.contains(x509Cert)) { + certStr.append(rb.getString("trusted.certificate")); + } else { + Date notAfter = x509Cert.getNotAfter(); + try { + boolean printValidity = true; + if (isTsCert) { + if (tsaExpireDate == null || tsaExpireDate.after(notAfter)) { + tsaExpireDate = notAfter; + } + } else { + if (expireDate == null || expireDate.after(notAfter)) { + expireDate = notAfter; + } } - x509Cert.checkValidity(); - // test if cert will expire within six months - if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) { - if (!isTsCert) hasExpiringCert = true; - if (expiringTimeForm == null) { - expiringTimeForm = new MessageFormat( - rb.getString("certificate.will.expire.on")); + if (timestamp == null) { + x509Cert.checkValidity(); + // test if cert will expire within six months (or one year for tsa) + long age = isTsCert ? ONE_YEAR : SIX_MONTHS; + if (notAfter.getTime() < System.currentTimeMillis() + age) { + if (isTsCert) { + hasExpiringTsaCert = true; + } else { + hasExpiringCert = true; + } + if (expiringTimeForm == null) { + expiringTimeForm = new MessageFormat( + rb.getString("certificate.will.expire.on")); + } + Object[] source = {notAfter}; + certStr.append(expiringTimeForm.format(source)); + printValidity = false; + } + } else { + x509Cert.checkValidity(timestamp); + } + if (printValidity) { + if (validityTimeForm == null) { + validityTimeForm = new MessageFormat( + rb.getString("certificate.is.valid.from")); } - Object[] source = { notAfter }; - certStr.append(expiringTimeForm.format(source)); - printValidity = false; + Object[] source = {x509Cert.getNotBefore(), notAfter}; + certStr.append(validityTimeForm.format(source)); + } + } catch (CertificateExpiredException cee) { + if (isTsCert) { + hasExpiredTsaCert = true; + } else { + hasExpiredCert = true; } - } else { - x509Cert.checkValidity(timestamp); + + if (expiredTimeForm == null) { + expiredTimeForm = new MessageFormat( + rb.getString("certificate.expired.on")); + } + Object[] source = {notAfter}; + certStr.append(expiredTimeForm.format(source)); + + } catch (CertificateNotYetValidException cnyve) { + if (!isTsCert) notYetValidCert = true; + + if (notYetTimeForm == null) { + notYetTimeForm = new MessageFormat( + rb.getString("certificate.is.not.valid.until")); + } + Object[] source = {x509Cert.getNotBefore()}; + certStr.append(notYetTimeForm.format(source)); } - if (printValidity) { - if (validityTimeForm == null) { - validityTimeForm = new MessageFormat( - rb.getString("certificate.is.valid.from")); - } - Object[] source = { x509Cert.getNotBefore(), notAfter }; - certStr.append(validityTimeForm.format(source)); - } - } catch (CertificateExpiredException cee) { - if (!isTsCert) hasExpiredCert = true; - - if (expiredTimeForm == null) { - expiredTimeForm = new MessageFormat( - rb.getString("certificate.expired.on")); - } - Object[] source = { notAfter }; - certStr.append(expiredTimeForm.format(source)); - - } catch (CertificateNotYetValidException cnyve) { - if (!isTsCert) notYetValidCert = true; - - if (notYetTimeForm == null) { - notYetTimeForm = new MessageFormat( - rb.getString("certificate.is.not.valid.until")); - } - Object[] source = { x509Cert.getNotBefore() }; - certStr.append(notYetTimeForm.format(source)); } certStr.append("]"); @@ -1638,152 +1784,57 @@ // The JarSigner API always accepts the timestamp received. // We need to extract the certs from the signed jar to // validate it. - if (!noTimestamp) { - try (JarFile check = new JarFile(signedJarFile)) { - PKCS7 p7 = new PKCS7(check.getInputStream(check.getEntry( - "META-INF/" + sigfile + "." + privateKey.getAlgorithm()))); + try (JarFile check = new JarFile(signedJarFile)) { + PKCS7 p7 = new PKCS7(check.getInputStream(check.getEntry( + "META-INF/" + sigfile + "." + privateKey.getAlgorithm()))); + Timestamp ts = null; + try { SignerInfo si = p7.getSignerInfos()[0]; - PKCS7 tsToken = si.getTsToken(); - SignerInfo tsSi = tsToken.getSignerInfos()[0]; - try { - validateCertChain(Validator.VAR_TSA_SERVER, - tsSi.getCertificateChain(tsToken), null); - } catch (Exception e) { - tsaChainNotValidated = true; - tsaChainNotValidatedReason = e; + if (si.getTsToken() != null) { + hasTimestampBlock = true; } + ts = si.getTimestamp(); } catch (Exception e) { - if (debug) { - e.printStackTrace(); + tsaChainNotValidated = true; + tsaChainNotValidatedReason = e; + } + // Spaces before the ">>> Signer" and other lines are different + String result = certsAndTSInfo("", " ", Arrays.asList(certChain), ts); + if (verbose != null) { + System.out.println(result); + } + } catch (Exception e) { + if (debug) { + e.printStackTrace(); + } + } + + if (signedjar == null) { + // attempt an atomic rename. If that fails, + // rename the original jar file, then the signed + // one, then delete the original. + if (!signedJarFile.renameTo(jarFile)) { + File origJar = new File(jarName+".orig"); + + if (jarFile.renameTo(origJar)) { + if (signedJarFile.renameTo(jarFile)) { + origJar.delete(); + } else { + MessageFormat form = new MessageFormat(rb.getString + ("attempt.to.rename.signedJarFile.to.jarFile.failed")); + Object[] source = {signedJarFile, jarFile}; + error(form.format(source)); + } + } else { + MessageFormat form = new MessageFormat(rb.getString + ("attempt.to.rename.jarFile.to.origJar.failed")); + Object[] source = {jarFile, origJar}; + error(form.format(source)); } } } - // no IOException thrown in the follow try clause, so disable - // the try clause. - // try { - if (signedjar == null) { - // attempt an atomic rename. If that fails, - // rename the original jar file, then the signed - // one, then delete the original. - if (!signedJarFile.renameTo(jarFile)) { - File origJar = new File(jarName+".orig"); - - if (jarFile.renameTo(origJar)) { - if (signedJarFile.renameTo(jarFile)) { - origJar.delete(); - } else { - MessageFormat form = new MessageFormat(rb.getString - ("attempt.to.rename.signedJarFile.to.jarFile.failed")); - Object[] source = {signedJarFile, jarFile}; - error(form.format(source)); - } - } else { - MessageFormat form = new MessageFormat(rb.getString - ("attempt.to.rename.jarFile.to.origJar.failed")); - Object[] source = {jarFile, origJar}; - error(form.format(source)); - } - } - } - - boolean warningAppeared = false; - if (weakAlg != 0 || badKeyUsage || badExtendedKeyUsage - || badNetscapeCertType || notYetValidCert - || chainNotValidated || tsaChainNotValidated - || hasExpiredCert || signerSelfSigned) { - if (strict) { - System.out.println(rb.getString("jar.signed.with.signer.errors.")); - System.out.println(); - System.out.println(rb.getString("Error.")); - } else { - System.out.println(rb.getString("jar.signed.")); - System.out.println(); - System.out.println(rb.getString("Warning.")); - warningAppeared = true; - } - - if (badKeyUsage) { - System.out.println( - rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.")); - } - - if (badExtendedKeyUsage) { - System.out.println( - rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.")); - } - - if (badNetscapeCertType) { - System.out.println( - rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.")); - } - - if (hasExpiredCert) { - System.out.println( - rb.getString("The.signer.certificate.has.expired.")); - } else if (notYetValidCert) { - System.out.println( - rb.getString("The.signer.certificate.is.not.yet.valid.")); - } - - if (chainNotValidated) { - System.out.println(String.format( - rb.getString("The.signer.s.certificate.chain.is.invalid.reason.1"), - chainNotValidatedReason.getLocalizedMessage())); - } - - if (tsaChainNotValidated) { - System.out.println(String.format( - rb.getString("The.tsa.certificate.chain.is.invalid.reason.1"), - tsaChainNotValidatedReason.getLocalizedMessage())); - } - - if (signerSelfSigned) { - System.out.println( - rb.getString("The.signer.s.certificate.is.self.signed.")); - } - - if ((weakAlg & 1) == 1) { - System.out.println(String.format( - rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), - digestalg, "-digestalg")); - } - - if ((weakAlg & 2) == 2) { - System.out.println(String.format( - rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), - sigalg, "-sigalg")); - } - if ((weakAlg & 4) == 4) { - System.out.println(String.format( - rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."), - tSADigestAlg, "-tsadigestalg")); - } - } else { - System.out.println(rb.getString("jar.signed.")); - } - if (hasExpiringCert || noTimestamp) { - if (!warningAppeared) { - System.out.println(); - System.out.println(rb.getString("Warning.")); - } - - if (hasExpiringCert) { - System.out.println( - rb.getString("The.signer.certificate.will.expire.within.six.months.")); - } - - if (noTimestamp) { - System.out.println( - String.format(rb.getString("no.timestamp.signing"), expireDate)); - } - } - - // no IOException thrown in the above try clause, so disable - // the catch clause. - // } catch(IOException ioe) { - // error(rb.getString("unable.to.sign.jar.")+ioe, ioe); - // } + displayMessagesAndResult(true); } /** @@ -1831,31 +1882,57 @@ Map<CodeSigner,String> cacheForSignerInfo = new IdentityHashMap<>(); /** - * Returns a string of singer info, with a newline at the end + * Returns a string of signer info, with a newline at the end. + * Called by verifyJar(). */ private String signerInfo(CodeSigner signer, String tab) throws Exception { if (cacheForSignerInfo.containsKey(signer)) { return cacheForSignerInfo.get(signer); } - StringBuilder sb = new StringBuilder(); List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates(); - // display the signature timestamp, if present - Date timestamp; + // signing time is only displayed on verification Timestamp ts = signer.getTimestamp(); + String tsLine = ""; if (ts != null) { - sb.append(printTimestamp(tab, ts)); - sb.append('\n'); + tsLine = printTimestamp(tab, ts) + "\n"; + } + // Spaces before the ">>> Signer" and other lines are the same. + + String result = certsAndTSInfo(tab, tab, certs, ts); + cacheForSignerInfo.put(signer, tsLine + result); + return result; + } + + /** + * Fills info on certs and timestamp into a StringBuilder, sets + * warning flags (through printCert) and validates cert chains. + * + * @param tab1 spaces before the ">>> Signer" line + * @param tab2 spaces before the other lines + * @param certs the signer cert + * @param ts the timestamp, can be null + * @return the info as a string + */ + private String certsAndTSInfo( + String tab1, + String tab2, + List<? extends Certificate> certs, Timestamp ts) + throws Exception { + + Date timestamp; + if (ts != null) { timestamp = ts.getTimestamp(); + noTimestamp = false; } else { timestamp = null; - noTimestamp = true; } // display the certificate(s). The first one is end-entity cert and // its KeyUsage should be checked. boolean first = true; - sb.append(tab).append(rb.getString("...Signer")).append('\n'); + StringBuilder sb = new StringBuilder(); + sb.append(tab1).append(rb.getString("...Signer")).append('\n'); for (Certificate c : certs) { - sb.append(printCert(false, tab, c, timestamp, first)); + sb.append(printCert(false, tab2, c, timestamp, first)); sb.append('\n'); first = false; } @@ -1864,13 +1941,13 @@ } catch (Exception e) { chainNotValidated = true; chainNotValidatedReason = e; - sb.append(tab).append(rb.getString(".Invalid.certificate.chain.")) + sb.append(tab2).append(rb.getString(".Invalid.certificate.chain.")) .append(e.getLocalizedMessage()).append("]\n"); } if (ts != null) { - sb.append(tab).append(rb.getString("...TSA")).append('\n'); + sb.append(tab1).append(rb.getString("...TSA")).append('\n'); for (Certificate c : ts.getSignerCertPath().getCertificates()) { - sb.append(printCert(true, tab, c, timestamp, false)); + sb.append(printCert(true, tab2, c, null, false)); sb.append('\n'); } try { @@ -1879,7 +1956,7 @@ } catch (Exception e) { tsaChainNotValidated = true; tsaChainNotValidatedReason = e; - sb.append(tab).append(rb.getString(".Invalid.TSA.certificate.chain.")) + sb.append(tab2).append(rb.getString(".Invalid.TSA.certificate.chain.")) .append(e.getLocalizedMessage()).append("]\n"); } } @@ -1887,9 +1964,8 @@ && KeyStoreUtil.isSelfSigned((X509Certificate)certs.get(0))) { signerSelfSigned = true; } - String result = sb.toString(); - cacheForSignerInfo.put(signer, result); - return result; + + return sb.toString(); } private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze) @@ -1939,7 +2015,6 @@ } try { - Set<TrustAnchor> tas = new HashSet<>(); try { KeyStore caks = KeyStoreUtil.getCacertsKeyStore(); if (caks != null) { @@ -1947,7 +2022,7 @@ while (aliases.hasMoreElements()) { String a = aliases.nextElement(); try { - tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null)); + trustedCerts.add((X509Certificate)caks.getCertificate(a)); } catch (Exception e2) { // ignore, when a SecretkeyEntry does not include a cert } @@ -2006,7 +2081,7 @@ // PrivateKeyEntry if (store.isCertificateEntry(a) || c.getSubjectDN().equals(c.getIssuerDN())) { - tas.add(new TrustAnchor(c, null)); + trustedCerts.add(c); } } catch (Exception e2) { // ignore, when a SecretkeyEntry does not include a cert @@ -2014,7 +2089,11 @@ } } finally { try { - pkixParameters = new PKIXBuilderParameters(tas, null); + pkixParameters = new PKIXBuilderParameters( + trustedCerts.stream() + .map(c -> new TrustAnchor(c, null)) + .collect(Collectors.toSet()), + null); pkixParameters.setRevocationEnabled(false); } catch (InvalidAlgorithmParameterException ex) { // Only if tas is empty @@ -2130,6 +2209,7 @@ } } + // Called by signJar(). void getAliasInfo(String alias) throws Exception { Key key = null; @@ -2174,22 +2254,6 @@ certChain[i] = (X509Certificate)cs[i]; } - // We don't meant to print anything, the next call - // checks validity and keyUsage etc - printCert(false, "", certChain[0], null, true); - - try { - validateCertChain(Validator.VAR_CODE_SIGNING, - Arrays.asList(certChain), null); - } catch (Exception e) { - chainNotValidated = true; - chainNotValidatedReason = e; - } - - if (KeyStoreUtil.isSelfSigned(certChain[0])) { - signerSelfSigned = true; - } - try { if (!token && keypass == null) key = store.getKey(alias, storepass); @@ -2247,7 +2311,7 @@ * @param parameter this might be a timestamp */ void validateCertChain(String variant, List<? extends Certificate> certs, - Object parameter) + Timestamp parameter) throws Exception { try { Validator.getInstance(Validator.TYPE_PKIX, @@ -2261,8 +2325,22 @@ } // Exception might be dismissed if another warning flag - // is already set by printCert. This is only done for - // code signing certs. + // is already set by printCert. + + if (variant.equals(Validator.VAR_TSA_SERVER) && + e instanceof ValidatorException) { + // Throw cause if it's CertPathValidatorException, + if (e.getCause() != null && + e.getCause() instanceof CertPathValidatorException) { + e = (Exception) e.getCause(); + Throwable t = e.getCause(); + if ((t instanceof CertificateExpiredException && + hasExpiredTsaCert)) { + // we already have hasExpiredTsaCert + return; + } + } + } if (variant.equals(Validator.VAR_CODE_SIGNING) && e instanceof ValidatorException) {
--- a/src/share/classes/sun/security/tools/jarsigner/Resources.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Resources.java Wed Feb 06 04:09:08 2019 +0000 @@ -219,6 +219,7 @@ {"Error.", "Error: "}, {"...Signer", ">>> Signer"}, {"...TSA", ">>> TSA"}, + {"trusted.certificate", "trusted certificate"}, {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", "This jar contains unsigned entries which have not been integrity-checked. "}, {"This.jar.contains.entries.whose.signer.certificate.has.expired.", @@ -235,8 +236,16 @@ "Re-run with the -verbose and -certs options for more details."}, {"The.signer.certificate.has.expired.", "The signer certificate has expired."}, + {"The.timestamp.expired.1.but.usable.2", + "The timestamp expired on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the signer certificate expires on %2$tY-%2$tm-%2$td."}, + {"The.timestamp.has.expired.", + "The timestamp has expired."}, {"The.signer.certificate.will.expire.within.six.months.", "The signer certificate will expire within six months."}, + {"The.timestamp.will.expire.within.one.year.on.1", + "The timestamp will expire within one year on %1$tY-%1$tm-%1$td."}, + {"The.timestamp.will.expire.within.one.year.on.1.but.2", + "The timestamp will expire within one year on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the signer certificate expires on %2$tY-%2$tm-%2$td."}, {"The.signer.certificate.is.not.yet.valid.", "The signer certificate is not yet valid."}, {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", @@ -267,10 +276,18 @@ "This jar contains entries whose TSA certificate chain is invalid. Reason: %s"}, {"no.timestamp.signing", "No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."}, + {"invalid.timestamp.signing", + "The timestamp is invalid. Without a valid timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td)."}, {"no.timestamp.verifying", - "This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."}, + "This jar contains signatures that do not include a timestamp. Without a timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as %1$tY-%1$tm-%1$td)."}, {"bad.timestamp.verifying", "This jar contains signatures that include an invalid timestamp. Without a valid timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as %1$tY-%1$tm-%1$td).\nRerun jarsigner with -J-Djava.security.debug=jar for more information."}, + {"The.signer.certificate.will.expire.on.1.", + "The signer certificate will expire on %1$tY-%1$tm-%1$td."}, + {"The.timestamp.will.expire.on.1.", + "The timestamp will expire on %1$tY-%1$tm-%1$td."}, + {"signer.cert.expired.1.but.timestamp.good.2.", + "The signer certificate expired on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the timestamp expires on %2$tY-%2$tm-%2$td."}, {"Unknown.password.type.", "Unknown password type: "}, {"Cannot.find.environment.variable.", "Cannot find environment variable: "},
--- a/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Resources_ja.java Wed Feb 06 04:09:08 2019 +0000 @@ -217,6 +217,7 @@ {"Error.", "\u30A8\u30E9\u30FC: "}, {"...Signer", ">>> \u7F72\u540D\u8005"}, {"...TSA", ">>> TSA"}, + {"trusted.certificate", "\u4FE1\u983C\u3067\u304D\u308B\u8A3C\u660E\u66F8"}, {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", "\u3053\u306Ejar\u306B\u306F\u3001\u6574\u5408\u6027\u30C1\u30A7\u30C3\u30AF\u3092\u3057\u3066\u3044\u306A\u3044\u7F72\u540D\u306A\u3057\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "}, {"This.jar.contains.entries.whose.signer.certificate.has.expired.", @@ -233,8 +234,16 @@ "\u8A73\u7D30\u306F\u3001-verbose\u304A\u3088\u3073-certs\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, {"The.signer.certificate.has.expired.", "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u671F\u9650\u5207\u308C\u3067\u3059\u3002"}, + {"The.timestamp.expired.1.but.usable.2", + "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"}, + {"The.timestamp.has.expired.", + "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3057\u305F\u3002"}, {"The.signer.certificate.will.expire.within.six.months.", "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"}, + {"The.timestamp.will.expire.within.one.year.on.1", + "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F1\u5E74\u4EE5\u5185\u306E%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"}, + {"The.timestamp.will.expire.within.one.year.on.1.but.2", + "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F1\u5E74\u4EE5\u5185\u306E%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"}, {"The.signer.certificate.is.not.yet.valid.", "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u307E\u305B\u3093\u3002"}, {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", @@ -265,10 +274,18 @@ "\u3053\u306Ejar\u306B\u306F\u3001TSA\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u7121\u52B9\u306A\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u7406\u7531: %s"}, {"no.timestamp.signing", "-tsa\u307E\u305F\u306F-tsacert\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u306A\u3044\u305F\u3081\u3001\u3053\u306Ejar\u306B\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u4ED8\u52A0\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"}, + {"invalid.timestamp.signing", + "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u7121\u52B9\u3067\u3059\u3002\u6709\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"}, {"no.timestamp.verifying", - "\u3053\u306Ejar\u306B\u306F\u3001\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650(%1$tY-%1$tm-%1$td)\u5F8C\u307E\u305F\u306F\u5C06\u6765\u306E\u5931\u52B9\u65E5\u5F8C\u306B\u3001\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"}, + "\u3053\u306Ejar\u306B\u306F\u3001\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u3044\u305A\u308C\u304B\u306E\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650\u5F8C\u306B(\u65E9\u3051\u308C\u3070%1$tY-%1$tm-%1$td)\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002"}, {"bad.timestamp.verifying", "\u3053\u306Ejar\u306B\u306F\u3001\u7121\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u3042\u308B\u7F72\u540D\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002\u6709\u52B9\u306A\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C\u306A\u3044\u3068\u3001\u3044\u305A\u308C\u304B\u306E\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306E\u6709\u52B9\u671F\u9650\u5F8C\u306B(\u65E9\u3051\u308C\u3070%1$tY-%1$tm-%1$td)\u30E6\u30FC\u30B6\u30FC\u306F\u3053\u306Ejar\u3092\u691C\u8A3C\u3067\u304D\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002\n\u8A73\u7D30\u306F\u3001-J-Djava.security.debug=jar\u3092\u6307\u5B9A\u3057\u3066jarsigner\u3092\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"}, + {"The.signer.certificate.will.expire.on.1.", + "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"}, + {"The.timestamp.will.expire.on.1.", + "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"}, + {"signer.cert.expired.1.but.timestamp.good.2.", + "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F%1$tY-%1$tm-%1$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002\u305F\u3060\u3057\u3001JAR\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u304C%2$tY-%2$tm-%2$td\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308B\u307E\u3067\u6709\u52B9\u3067\u3059\u3002"}, {"Unknown.password.type.", "\u4E0D\u660E\u306A\u30D1\u30B9\u30EF\u30FC\u30C9\u30FB\u30BF\u30A4\u30D7: "}, {"Cannot.find.environment.variable.", "\u74B0\u5883\u5909\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "},
--- a/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java Wed Feb 06 04:09:08 2019 +0000 @@ -217,6 +217,7 @@ {"Error.", "\u9519\u8BEF: "}, {"...Signer", ">>> \u7B7E\u540D\u8005"}, {"...TSA", ">>> TSA"}, + {"trusted.certificate", "\u53EF\u4FE1\u8BC1\u4E66"}, {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.", "\u6B64 jar \u5305\u542B\u5C1A\u672A\u8FDB\u884C\u5B8C\u6574\u6027\u68C0\u67E5\u7684\u672A\u7B7E\u540D\u6761\u76EE\u3002 "}, {"This.jar.contains.entries.whose.signer.certificate.has.expired.", @@ -233,8 +234,16 @@ "\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u548C -certs \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"}, {"The.signer.certificate.has.expired.", "\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u3002"}, + {"The.timestamp.expired.1.but.usable.2", + "\u65F6\u95F4\u6233\u5230\u671F\u65E5\u671F\u4E3A %1$tY-%1$tm-%1$td\u3002\u4E0D\u8FC7\uFF0C\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"}, + {"The.timestamp.has.expired.", + "\u65F6\u95F4\u6233\u5DF2\u5230\u671F\u3002"}, {"The.signer.certificate.will.expire.within.six.months.", "\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u3002"}, + {"The.timestamp.will.expire.within.one.year.on.1", + "\u65F6\u95F4\u6233\u5C06\u5728\u4E00\u5E74\u5185\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"}, + {"The.timestamp.will.expire.within.one.year.on.1.but.2", + "\u65F6\u95F4\u6233\u5C06\u5728\u4E00\u5E74\u5185\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002\u4E0D\u8FC7\uFF0C\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"}, {"The.signer.certificate.is.not.yet.valid.", "\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u3002"}, {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.", @@ -265,10 +274,18 @@ "\u6B64 jar \u5305\u542B\u5176 TSA \u8BC1\u4E66\u94FE\u65E0\u6548\u7684\u6761\u76EE\u3002\u539F\u56E0: %s"}, {"no.timestamp.signing", "\u672A\u63D0\u4F9B -tsa \u6216 -tsacert, \u6B64 jar \u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"}, + {"invalid.timestamp.signing", + "\u65F6\u95F4\u6233\u65E0\u6548\u3002\u5982\u679C\u6CA1\u6709\u6709\u6548\u7684\u65F6\u95F4\u6233\uFF0C\u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u4E4B\u540E\uFF0C\u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"}, {"no.timestamp.verifying", - "\u6B64 jar \u5305\u542B\u7684\u7B7E\u540D\u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u7B7E\u540D\u8005\u8BC1\u4E66\u7684\u5230\u671F\u65E5\u671F (%1$tY-%1$tm-%1$td) \u6216\u4EE5\u540E\u7684\u4EFB\u4F55\u64A4\u9500\u65E5\u671F\u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"}, + "\u6B64 jar \u5305\u542B\u7684\u7B7E\u540D\u6CA1\u6709\u65F6\u95F4\u6233\u3002\u5982\u679C\u6CA1\u6709\u65F6\u95F4\u6233, \u5219\u5728\u5176\u4E2D\u4EFB\u4E00\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F (\u6700\u65E9\u4E3A %1$tY-%1$tm-%1$td) \u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002"}, {"bad.timestamp.verifying", "\u6B64 jar \u5305\u542B\u5E26\u6709\u65E0\u6548\u65F6\u95F4\u6233\u7684\u7B7E\u540D\u3002\u5982\u679C\u6CA1\u6709\u6709\u6548\u65F6\u95F4\u6233, \u5219\u5728\u5176\u4E2D\u4EFB\u4E00\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F (\u6700\u65E9\u4E3A %1$tY-%1$tm-%1$td) \u4E4B\u540E, \u7528\u6237\u53EF\u80FD\u65E0\u6CD5\u9A8C\u8BC1\u6B64 jar\u3002\n\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -J-Djava.security.debug=jar \u91CD\u65B0\u8FD0\u884C jarsigner\u3002"}, + {"The.signer.certificate.will.expire.on.1.", + "\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"}, + {"The.timestamp.will.expire.on.1.", + "\u65F6\u95F4\u6233\u5C06\u4E8E %1$tY-%1$tm-%1$td \u5230\u671F\u3002"}, + {"signer.cert.expired.1.but.timestamp.good.2.", + "\u7B7E\u540D\u8005\u8BC1\u4E66\u5230\u671F\u65E5\u671F\u4E3A %1$tY-%1$tm-%1$td\u3002\u4E0D\u8FC7\uFF0C\u5728\u65F6\u95F4\u6233\u4E8E %2$tY-%2$tm-%2$td \u5230\u671F\u4E4B\u524D\uFF0CJAR \u5C06\u6709\u6548\u3002"}, {"Unknown.password.type.", "\u672A\u77E5\u53E3\u4EE4\u7C7B\u578B: "}, {"Cannot.find.environment.variable.", "\u627E\u4E0D\u5230\u73AF\u5883\u53D8\u91CF: "},
--- a/src/share/classes/sun/security/util/Resources_sv.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/security/util/Resources_sv.java Wed Feb 06 04:09:08 2019 +0000 @@ -67,10 +67,10 @@ {".Principal.", "\tIdentitetshavare: "}, {".Public.Credential.", "\tOffentlig inloggning: "}, {".Private.Credentials.inaccessible.", - "\tPrivat inloggning \u00E4r inte tillg\u00E4nglig\n"}, + "\tPrivat inloggning \u00E4r inte m\u00F6jlig\n"}, {".Private.Credential.", "\tPrivat inloggning: "}, {".Private.Credential.inaccessible.", - "\tPrivat inloggning \u00E4r inte tillg\u00E4nglig\n"}, + "\tPrivat inloggning \u00E4r inte m\u00F6jlig\n"}, {"Subject.is.read.only", "Innehavare \u00E4r skrivskyddad"}, {"attempting.to.add.an.object.which.is.not.an.instance.of.java.security.Principal.to.a.Subject.s.Principal.Set", "f\u00F6rs\u00F6k att l\u00E4gga till ett objekt som inte \u00E4r en instans av java.security.Principal till ett subjekts upps\u00E4ttning av identitetshavare"},
--- a/src/share/classes/sun/util/resources/TimeZoneNames.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/TimeZoneNames.java Wed Feb 06 04:09:08 2019 +0000 @@ -666,9 +666,9 @@ "Magadan Summer Time", "MAGST", "Magadan Time", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"Philippines Time", "PHT", - "Philippines Summer Time", "PHST", - "Philippines Time", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "Magadanische Sommerzeit", "MAGST", "Magadanische Zeit", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"Philippinische Zeit", "PHT", - "Philippinische Sommerzeit", "PHST", - "Philippinische Zeit", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "Hora de verano de Magad\u00e1n", "MAGST", "Hora de Magad\u00E1n", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"Hora de Filipinas", "PHT", - "Hora de verano de Filipinas", "PHST", - "Hora de Filipinas", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "Heure d'\u00e9t\u00e9 de Magadan", "MAGST", "Heure de Magadan", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"Heure des Philippines", "PHT", - "Heure d'\u00e9t\u00e9 des Philippines", "PHST", - "Heure des Philippines", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "Ora estiva di Magadan", "MAGST", "Ora di Magadan", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"Ora delle Filippine", "PHT", - "Ora estiva delle Filippine", "PHST", - "Ora delle Filippine", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "\u30de\u30ac\u30c0\u30f3\u590f\u6642\u9593", "MAGST", "\u30DE\u30AC\u30C0\u30F3\u6642\u9593", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"\u30d5\u30a3\u30ea\u30d4\u30f3\u6642\u9593", "PHT", - "\u30d5\u30a3\u30ea\u30d4\u30f3\u590f\u6642\u9593", "PHST", - "\u30D5\u30A3\u30EA\u30D4\u30F3\u6642\u9593", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "\ub9c8\uac00\ub2e8 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "MAGST", "\uB9C8\uAC00\uB2E8 \uD45C\uC900\uC2DC", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"\ud544\ub9ac\ud540 \uc2dc\uac04", "PHT", - "\ud544\ub9ac\ud540 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "PHST", - "\uD544\uB9AC\uD540 \uD45C\uC900\uC2DC", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "Fuso hor\u00e1rio de ver\u00e3o de Magadan", "MAGST", "Hor\u00E1rio de Magadan", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"Fuso hor\u00e1rio das Filipinas", "PHT", - "Fuso hor\u00e1rio de ver\u00e3o das Filipinas", "PHST", - "Hor\u00E1rio das Filipinas", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "Magadan, sommartid", "MAGST", "Magadan-tid", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"Filippinerna, normaltid", "PHT", - "Filippinerna, sommartid", "PHST", - "Filippinsk tid", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "Magadan \u590f\u4ee4\u65f6", "MAGST", "Magadan \u65F6\u95F4", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"\u83f2\u5f8b\u5bbe\u65f6\u95f4", "PHT", - "\u83f2\u5f8b\u5bbe\u590f\u4ee4\u65f6", "PHST", - "\u83F2\u5F8B\u5BBE\u65F6\u95F4", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java Wed Feb 06 04:09:08 2019 +0000 @@ -667,9 +667,9 @@ "Magadan \u590f\u4ee4\u6642\u9593", "MAGST", "\u99AC\u52A0\u4E39\u6642\u9593", "MAGT"}}, {"Asia/Makassar", CIT}, - {"Asia/Manila", new String[] {"\u83f2\u5f8b\u8cd3\u6642\u9593", "PHT", - "\u83f2\u5f8b\u8cd3\u590f\u4ee4\u6642\u9593", "PHST", - "\u83F2\u5F8B\u8CD3\u6642\u9593", "PHT"}}, + {"Asia/Manila", new String[] {"Philippines Standard Time", "PST", + "Philippines Daylight Time", "PDT", + "Philippines Time", "PT"}}, {"Asia/Muscat", GST}, {"Asia/Nicosia", EET}, {"Asia/Novokuznetsk", KRAT},
--- a/src/share/lib/net.properties Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/lib/net.properties Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ ############################################################ -# Default Networking Configuration File +# Default Networking Configuration File # # This file may contain default values for the networking system properties. # These values are only used when the system properties are not specified @@ -14,7 +14,7 @@ # Note that the system properties that do explicitely set proxies # (like http.proxyHost) do take precedence over the system settings # even if java.net.useSystemProxies is set to true. - + java.net.useSystemProxies=false #------------------------------------------------------------------------ @@ -66,8 +66,8 @@ # socksProxyPort=1080 # # HTTP Keep Alive settings. remainingData is the maximum amount of data -# in kilobytes that will be cleaned off the underlying socket so that it -# can be reused (default value is 512K), queuedConnections is the maximum +# in kilobytes that will be cleaned off the underlying socket so that it +# can be reused (default value is 512K), queuedConnections is the maximum # number of Keep Alive connections to be on the queue for clean up (default # value is 10). # http.KeepAlive.remainingData=512 @@ -99,3 +99,23 @@ #jdk.http.auth.proxying.disabledSchemes= jdk.http.auth.tunneling.disabledSchemes=Basic +# +# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication +# can be used for the NTLM scheme, where the security credentials based on the +# currently logged in user's name and password can be obtained directly from the +# operating system, without prompting the user. This property has three possible +# values which regulate the behavior as shown below. Other unrecognized values +# are handled the same as 'disabled'. Note, that NTLM is not considered to be a +# strongly secure authentication scheme and care should be taken before enabling +# this mechanism. +# +# Transparent authentication never used. +#jdk.http.ntlm.transparentAuth=disabled +# +# Enabled for all hosts. +#jdk.http.ntlm.transparentAuth=allHosts +# +# Enabled for hosts that are trusted in Windows Internet settings +#jdk.http.ntlm.transparentAuth=trustedHosts +# +jdk.http.ntlm.transparentAuth=disabled
--- a/src/share/lib/security/java.security-aix Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/lib/security/java.security-aix Wed Feb 06 04:09:08 2019 +0000 @@ -620,7 +620,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC + EC keySize < 224, 3DES_EDE_CBC, anon, NULL # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-linux Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/lib/security/java.security-linux Wed Feb 06 04:09:08 2019 +0000 @@ -620,7 +620,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC + EC keySize < 224, 3DES_EDE_CBC, anon, NULL # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-macosx Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/lib/security/java.security-macosx Wed Feb 06 04:09:08 2019 +0000 @@ -623,7 +623,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC + EC keySize < 224, 3DES_EDE_CBC, anon, NULL # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-solaris Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/lib/security/java.security-solaris Wed Feb 06 04:09:08 2019 +0000 @@ -622,7 +622,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC + EC keySize < 224, 3DES_EDE_CBC, anon, NULL # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-windows Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/lib/security/java.security-windows Wed Feb 06 04:09:08 2019 +0000 @@ -623,7 +623,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, 3DES_EDE_CBC + EC keySize < 224, 3DES_EDE_CBC, anon, NULL # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/native/sun/awt/image/jpeg/jmemmgr.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/native/sun/awt/image/jpeg/jmemmgr.c Wed Feb 06 04:09:08 2019 +0000 @@ -406,6 +406,9 @@ JDIMENSION rowsperchunk, currow, i; long ltemp; + if (samplesperrow == 0) { + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + } /* Calculate max # of rows allowed in one allocation chunk */ ltemp = (MAX_ALLOC_CHUNK-SIZEOF(large_pool_hdr)) / ((long) samplesperrow * SIZEOF(JSAMPLE)); @@ -454,6 +457,10 @@ JDIMENSION rowsperchunk, currow, i; long ltemp; + if (blocksperrow == 0) { + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + } + /* Calculate max # of rows allowed in one allocation chunk */ ltemp = (MAX_ALLOC_CHUNK-SIZEOF(large_pool_hdr)) / ((long) blocksperrow * SIZEOF(JBLOCK));
--- a/src/share/native/sun/java2d/cmm/lcms/cmscgats.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/share/native/sun/java2d/cmm/lcms/cmscgats.c Wed Feb 06 04:09:08 2019 +0000 @@ -1535,10 +1535,16 @@ t-> nSamples = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS")); t-> nPatches = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS")); - t-> Data = (char**)AllocChunk (it8, ((cmsUInt32Number) t->nSamples + 1) * ((cmsUInt32Number) t->nPatches + 1) *sizeof (char*)); - if (t->Data == NULL) { - - SynError(it8, "AllocateDataSet: Unable to allocate data array"); + if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe) + { + SynError(it8, "AllocateDataSet: too much data"); + } + else { + t->Data = (char**)AllocChunk(it8, ((cmsUInt32Number)t->nSamples + 1) * ((cmsUInt32Number)t->nPatches + 1) * sizeof(char*)); + if (t->Data == NULL) { + + SynError(it8, "AllocateDataSet: Unable to allocate data array"); + } } }
--- a/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Wed Feb 06 04:09:08 2019 +0000 @@ -90,10 +90,13 @@ /** * Returns true if the given site is trusted, i.e. we can try - * transparent Authentication. + * transparent Authentication. Shouldn't be called since + * capability not supported on Unix */ public static boolean isTrustedSite(URL url) { - return NTLMAuthCallback.isTrustedSite(url); + if (NTLMAuthCallback != null) + return NTLMAuthCallback.isTrustedSite(url); + return false; } private void init0() {
--- a/src/solaris/instrument/FileSystemSupport_md.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/solaris/instrument/FileSystemSupport_md.c Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,6 +23,7 @@ * questions. */ +#include <stdio.h> #include <stdlib.h> #include <string.h> @@ -50,6 +51,10 @@ } else { int len = last - path; char* str = (char*)malloc(len+1); + if (str == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; + } if (len > 0) { memcpy(str, path, len); } @@ -80,6 +85,10 @@ if (n == 0) return strdup("/"); sb = (char*)malloc(strlen(pathname)+1); + if (sb == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; + } sbLen = 0; if (off > 0) { @@ -128,6 +137,10 @@ len = parentEnd + cn - childStart; if (child[0] == slash) { theChars = (char*)malloc(len+1); + if (theChars == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; + } if (parentEnd > 0) memcpy(theChars, parent, parentEnd); if (cn > 0) @@ -135,6 +148,10 @@ theChars[len] = '\0'; } else { theChars = (char*)malloc(len+2); + if (theChars == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; + } if (parentEnd > 0) memcpy(theChars, parent, parentEnd); theChars[parentEnd] = slash; @@ -150,10 +167,13 @@ if (len > 1 && path[len-1] == slash) { // "/foo/" --> "/foo", but "/" --> "/" char* str = (char*)malloc(len); - if (str != NULL) { - memcpy(str, path, len-1); - str[len-1] = '\0'; + if (str == NULL) + { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; } + memcpy(str, path, len-1); + str[len-1] = '\0'; return str; } else { return (char*)path;
--- a/src/solaris/native/java/net/net_util_md.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/solaris/native/java/net/net_util_md.c Wed Feb 06 04:09:08 2019 +0000 @@ -608,6 +608,8 @@ if (loRoutesTemp == 0) { free(loRoutes); + loRoutes = NULL; + nRoutes = 0; fclose (f); return; }
--- a/src/solaris/native/sun/awt/awt_UNIXToolkit.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/solaris/native/sun/awt/awt_UNIXToolkit.c Wed Feb 06 04:09:08 2019 +0000 @@ -184,6 +184,7 @@ detail_str = (char *)SAFE_SIZE_ARRAY_ALLOC(malloc, sizeof(char), len + 1); if (detail_str == NULL) { + free(stock_id_str); JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError"); return JNI_FALSE; }
--- a/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Wed Feb 06 04:09:08 2019 +0000 @@ -30,6 +30,7 @@ import java.net.PasswordAuthentication; import java.net.UnknownHostException; import java.net.URL; +import sun.net.NetProperties; import sun.net.www.HeaderParser; import sun.net.www.protocol.http.AuthenticationInfo; import sun.net.www.protocol.http.AuthScheme; @@ -52,6 +53,14 @@ private static String defaultDomain; /* Domain to use if not specified by user */ private static final boolean ntlmCache; /* Whether cache is enabled for NTLM */ + enum TransparentAuth { + DISABLED, // disable for all hosts (default) + TRUSTED_HOSTS, // use Windows trusted hosts settings + ALL_HOSTS // attempt for all hosts + } + + private static final TransparentAuth authMode; + static { defaultDomain = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("http.auth.ntlm.domain", @@ -59,6 +68,19 @@ String ntlmCacheProp = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("jdk.ntlm.cache", "true")); ntlmCache = Boolean.parseBoolean(ntlmCacheProp); + String modeProp = java.security.AccessController.doPrivileged( + new java.security.PrivilegedAction<String>() { + public String run() { + return NetProperties.get("jdk.http.ntlm.transparentAuth"); + } + }); + + if ("trustedHosts".equalsIgnoreCase(modeProp)) + authMode = TransparentAuth.TRUSTED_HOSTS; + else if ("allHosts".equalsIgnoreCase(modeProp)) + authMode = TransparentAuth.ALL_HOSTS; + else + authMode = TransparentAuth.DISABLED; }; private void init0() { @@ -159,9 +181,21 @@ * transparent Authentication. */ public static boolean isTrustedSite(URL url) { - return NTLMAuthCallback.isTrustedSite(url); + if (NTLMAuthCallback != null) + return NTLMAuthCallback.isTrustedSite(url); + + switch (authMode) { + case TRUSTED_HOSTS: + return isTrustedSite(url.toString()); + case ALL_HOSTS: + return true; + default: + return false; + } } + static native boolean isTrustedSite(String url); + /** * Not supported. Must use the setHeaders() method */ @@ -211,5 +245,4 @@ return false; } } - }
--- a/src/windows/classes/sun/security/mscapi/KeyStore.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/classes/sun/security/mscapi/KeyStore.java Wed Feb 06 04:09:08 2019 +0000 @@ -753,6 +753,7 @@ /** * Generates a certificate chain from the collection of * certificates and stores the result into a key entry. + * This method is called by native code in libsunmscapi. */ private void generateCertificateChain(String alias, Collection<? extends Certificate> certCollection) @@ -775,13 +776,15 @@ catch (Throwable e) { // Ignore the exception and skip this entry - // TODO - throw CertificateException? + // If e is thrown, remember to deal with it in + // native code. } } /** * Generates RSA key and certificate chain from the private key handle, * collection of certificates and stores the result into key entries. + * This method is called by native code in libsunmscapi. */ private void generateRSAKeyAndCertificateChain(String alias, long hCryptProv, long hCryptKey, int keyLength, @@ -807,12 +810,14 @@ catch (Throwable e) { // Ignore the exception and skip this entry - // TODO - throw CertificateException? + // If e is thrown, remember to deal with it in + // native code. } } /** * Generates certificates from byte data and stores into cert collection. + * This method is called by native code in libsunmscapi. * * @param data Byte data. * @param certCollection Collection of certificates. @@ -836,12 +841,14 @@ catch (CertificateException e) { // Ignore the exception and skip this certificate - // TODO - throw CertificateException? + // If e is thrown, remember to deal with it in + // native code. } catch (Throwable te) { // Ignore the exception and skip this certificate - // TODO - throw CertificateException? + // If e is thrown, remember to deal with it in + // native code. } }
--- a/src/windows/classes/sun/security/mscapi/RSASignature.java Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/classes/sun/security/mscapi/RSASignature.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -132,7 +132,7 @@ @Override protected void engineUpdate(byte[] b, int off, int len) throws SignatureException { - if (offset + len > precomputedDigest.length) { + if (len > (precomputedDigest.length - offset)) { offset = RAW_RSA_MAX + 1; return; } @@ -147,7 +147,7 @@ if (len <= 0) { return; } - if (offset + len > precomputedDigest.length) { + if (len > (precomputedDigest.length - offset)) { offset = RAW_RSA_MAX + 1; return; }
--- a/src/windows/instrument/FileSystemSupport_md.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/instrument/FileSystemSupport_md.c Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,6 +23,7 @@ * questions. */ +#include <stdio.h> #include <stdlib.h> #include <string.h> #include <malloc.h> @@ -66,6 +67,10 @@ } else { int len = (int)(last - path); char* str = (char*)malloc(len+1); + if (str == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; + } if (len > 0) { memcpy(str, path, len); } @@ -135,6 +140,10 @@ if (off < 3) off = 0; /* Avoid fencepost cases with UNC pathnames */ sb = (char*)malloc(len+1); + if (sb == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; + } sbLen = 0; if (off == 0) { @@ -261,11 +270,19 @@ if (child[childStart] == slash) { theChars = (char*)malloc(len+1); + if (theChars == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; + } memcpy(theChars, parent, parentEnd); memcpy(theChars+parentEnd, child+childStart, (cn-childStart)); theChars[len] = '\0'; } else { theChars = (char*)malloc(len+2); + if (theChars == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; + } memcpy(theChars, parent, parentEnd); theChars[parentEnd] = slash; memcpy(theChars+parentEnd+1, child+childStart, (cn-childStart)); @@ -320,10 +337,12 @@ return (char*)path; } else { char* p = (char*)malloc(len+1); - if (p != NULL) { - memcpy(p, path+start, len); - p[len] = '\0'; + if (p == NULL) { + fprintf(stderr, "OOM error in native tmp buffer allocation"); + return NULL; } + memcpy(p, path+start, len); + p[len] = '\0'; return p; } }
--- a/src/windows/native/java/net/NetworkInterface.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/native/java/net/NetworkInterface.c Wed Feb 06 04:09:08 2019 +0000 @@ -279,7 +279,7 @@ // But in rare case it fails, we allow 'char' to be displayed curr->displayName = (char *)malloc(ifrowP->dwDescrLen + 1); } else { - curr->displayName = (wchar_t *)malloc(wlen*(sizeof(wchar_t))+1); + curr->displayName = (wchar_t *)malloc((wlen+1)*sizeof(wchar_t)); } curr->name = (char *)malloc(strlen(dev_name) + 1); @@ -322,7 +322,7 @@ free(curr); return -1; } else { - curr->displayName[wlen*(sizeof(wchar_t))] = '\0'; + ((wchar_t *)curr->displayName)[wlen] = L'\0'; curr->dNameIsUnicode = TRUE; } } @@ -861,6 +861,7 @@ /* allocate a NetworkInterface array */ netIFArr = (*env)->NewObjectArray(env, count, cls, NULL); if (netIFArr == NULL) { + free_netif(ifList); return NULL; } @@ -875,6 +876,7 @@ netifObj = createNetworkInterface(env, curr, -1, NULL); if (netifObj == NULL) { + free_netif(ifList); return NULL; }
--- a/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/native/sun/bridge/AccessBridgeMessageQueue.cpp Wed Feb 06 04:09:08 2019 +0000 @@ -32,6 +32,7 @@ #include "AccessBridgePackages.h" // for debugging only #include <windows.h> #include <malloc.h> +#include <new> DEBUG_CODE(extern HWND theDialogWindow); extern "C" { @@ -46,6 +47,9 @@ next = (AccessBridgeQueueElement *) 0; previous = (AccessBridgeQueueElement *) 0; buffer = (char *) malloc(bufsize); + if (buffer == NULL) { + throw std::bad_alloc(); + } memcpy(buffer, buf, bufsize); }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthentication.c Wed Feb 06 04:09:08 2019 +0000 @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +#include <jni.h> +#include <windows.h> +#include "jni_util.h" +#include <urlmon.h> + +JNIEXPORT jboolean JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthentication_isTrustedSite(JNIEnv *env, jclass clazz, jstring url ) +{ + + HRESULT hr; + DWORD dwZone; + DWORD pPolicy = 0; + IInternetSecurityManager *spSecurityManager; + jboolean ret; + LPCWSTR bstrURL; + + // Create IInternetSecurityManager + hr = CoInternetCreateSecurityManager(NULL, &spSecurityManager, (DWORD)0); + if (FAILED(hr)) { + return JNI_FALSE; + } + + bstrURL = (LPCWSTR)((*env)->GetStringChars(env, url, NULL)); + if (bstrURL == NULL) { + if (!(*env)->ExceptionCheck(env)) + JNU_ThrowOutOfMemoryError(env, NULL); + spSecurityManager->lpVtbl->Release(spSecurityManager); + return JNI_FALSE; + } + + // Determines the policy for the URLACTION_CREDENTIALS_USE action and display + // a user interface, if the policy indicates that the user should be queried + hr = spSecurityManager->lpVtbl->ProcessUrlAction( + spSecurityManager, + bstrURL, + URLACTION_CREDENTIALS_USE, + (LPBYTE)&pPolicy, + sizeof(DWORD), 0, 0, 0, 0); + + if (FAILED(hr)) { + ret = JNI_FALSE; + goto cleanupAndReturn; + } + + // If these two User Authentication Logon options is selected + // Anonymous logon + // Prompt for user name and password + if (pPolicy == URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY || + pPolicy == URLPOLICY_CREDENTIALS_MUST_PROMPT_USER) { + ret = JNI_FALSE; + goto cleanupAndReturn; + } + + // Option "Automatic logon with current user name and password" is selected + if (pPolicy == URLPOLICY_CREDENTIALS_SILENT_LOGON_OK) { + ret = JNI_TRUE; + goto cleanupAndReturn; + } + + // Option "Automatic logon only in intranet zone" is selected + if (pPolicy == URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT) { + + // Gets the zone index from the specified URL + hr = spSecurityManager->lpVtbl->MapUrlToZone( + spSecurityManager, bstrURL, &dwZone, 0); + if (FAILED(hr)) { + ret = JNI_FALSE; + goto cleanupAndReturn; + } + + // Check if the URL is in Local or Intranet zone + if (dwZone == URLZONE_INTRANET || dwZone == URLZONE_LOCAL_MACHINE) { + ret = JNI_TRUE; + goto cleanupAndReturn; + } + } + ret = JNI_FALSE; + +cleanupAndReturn: + (*env)->ReleaseStringChars(env, url, bstrURL); + spSecurityManager->lpVtbl->Release(spSecurityManager); + return ret; +}
--- a/src/windows/native/sun/nio/ch/DatagramDispatcher.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/native/sun/nio/ch/DatagramDispatcher.c Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -95,6 +95,10 @@ jint fd = fdval(env, fdo); struct iovec *iovp = (struct iovec *)address; WSABUF *bufs = malloc(len * sizeof(WSABUF)); + if (bufs == NULL) { + JNU_ThrowOutOfMemoryError(env, NULL); + return IOS_THROWN; + } /* copy iovec into WSABUF */ for(i=0; i<len; i++) { @@ -182,6 +186,10 @@ jint fd = fdval(env, fdo); struct iovec *iovp = (struct iovec *)address; WSABUF *bufs = malloc(len * sizeof(WSABUF)); + if (bufs == NULL) { + JNU_ThrowOutOfMemoryError(env, NULL); + return IOS_THROWN; + } /* copy iovec into WSABUF */ for(i=0; i<len; i++) {
--- a/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -208,6 +208,10 @@ /* Prepare corresponding buffer if needed, and then read */ if (bytesToRead > WAKEUP_SOCKET_BUF_SIZE) { char* buf = (char*)malloc(bytesToRead); + if (buf == NULL) { + JNU_ThrowOutOfMemoryError(env, NULL); + return; + } recv(scinFd, buf, bytesToRead, 0); free(buf); } else {
--- a/src/windows/native/sun/security/krb5/NativeCreds.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/native/sun/security/krb5/NativeCreds.c Wed Feb 06 04:09:08 2019 +0000 @@ -76,7 +76,8 @@ BOOL PackageConnectLookup(PHANDLE,PULONG); -NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName, +NTSTATUS ConstructTicketRequest(JNIEnv *env, + UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize); @@ -102,6 +103,8 @@ jobject BuildTicketFlags(JNIEnv *env, PULONG flags); jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime); +void ThrowOOME(JNIEnv *env, const char *szMessage); + /* * Class: sun_security_krb5_KrbCreds * Method: JNI_OnLoad @@ -495,7 +498,7 @@ } // use domain to request Ticket - Status = ConstructTicketRequest(msticket->TargetDomainName, + Status = ConstructTicketRequest(env, msticket->TargetDomainName, &pTicketRequest, &requestSize); if (!LSA_SUCCESS(Status)) { ShowNTError("ConstructTicketRequest status", Status); @@ -689,7 +692,7 @@ } static NTSTATUS -ConstructTicketRequest(UNICODE_STRING DomainName, +ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize) { NTSTATUS Status; @@ -736,8 +739,10 @@ pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize); - if (!pTicketRequest) + if (!pTicketRequest) { + ThrowOOME(env, "Can't allocate memory for ticket"); return GetLastError(); + } // // Concatenate the target prefix with the previous response's @@ -894,7 +899,7 @@ jbyteArray ary; ary = (*env)->NewByteArray(env,encodedTicketSize); - if ((*env)->ExceptionOccurred(env)) { + if (ary == NULL) { return (jobject) NULL; } @@ -940,6 +945,10 @@ realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); + if (realm == NULL) { + ThrowOOME(env, "Can't allocate memory for realm"); + return NULL; + } wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); if (native_debug) { @@ -1014,6 +1023,9 @@ } ary = (*env)->NewByteArray(env,cryptoKey->Length); + if (ary == NULL) { + return (jobject) NULL; + } (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, (jbyte *)cryptoKey->Value); if ((*env)->ExceptionOccurred(env)) { @@ -1036,6 +1048,9 @@ ULONG nlflags = htonl(*flags); ary = (*env)->NewByteArray(env, sizeof(*flags)); + if (ary == NULL) { + return (jobject) NULL; + } (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), (jbyte *)&nlflags); if ((*env)->ExceptionOccurred(env)) { @@ -1088,3 +1103,10 @@ } return kerberosTime; } + +void ThrowOOME(JNIEnv *env, const char *szMessage) { + jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError"); + if (exceptionClazz != NULL) { + (*env)->ThrowNew(env, exceptionClazz, szMessage); + } +}
--- a/src/windows/native/sun/security/mscapi/security.cpp Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/native/sun/security/mscapi/security.cpp Wed Feb 06 04:09:08 2019 +0000 @@ -425,6 +425,15 @@ // Create ArrayList to store certs in each chain jobject jArrayList = env->NewObject(clazzArrayList, mNewArrayList); + if (jArrayList == NULL) { + __leave; + } + + // Cleanup the previous allocated name + if (pszNameString) { + delete [] pszNameString; + pszNameString = NULL; + } for (unsigned int j=0; j < rgpChain->cElement; j++) { @@ -463,6 +472,9 @@ // Allocate and populate byte array jbyteArray byteArray = env->NewByteArray(cbCertEncoded); + if (byteArray == NULL) { + __leave; + } env->SetByteArrayRegion(byteArray, 0, cbCertEncoded, (jbyte*) pbCertEncoded); @@ -471,30 +483,44 @@ env->CallVoidMethod(obj, mGenCert, byteArray, jArrayList); } - if (bHasNoPrivateKey) - { - // Generate certificate chain and store into cert chain - // collection - env->CallVoidMethod(obj, mGenCertChain, - env->NewStringUTF(pszNameString), - jArrayList); - } - else + // Usually pszNameString should be non-NULL. It's either + // the friendly name or an element from the subject name + // or SAN. + if (pszNameString) { - // Determine key type: RSA or DSA - DWORD dwData = CALG_RSA_KEYX; - DWORD dwSize = sizeof(DWORD); - ::CryptGetKeyParam(hUserKey, KP_ALGID, (BYTE*)&dwData, - &dwSize, NULL); + if (bHasNoPrivateKey) + { + // Generate certificate chain and store into cert chain + // collection + jstring name = env->NewStringUTF(pszNameString); + if (name == NULL) { + __leave; + } + env->CallVoidMethod(obj, mGenCertChain, + name, + jArrayList); + } + else + { + // Determine key type: RSA or DSA + DWORD dwData = CALG_RSA_KEYX; + DWORD dwSize = sizeof(DWORD); + ::CryptGetKeyParam(hUserKey, KP_ALGID, (BYTE*)&dwData, + &dwSize, NULL); - if ((dwData & ALG_TYPE_RSA) == ALG_TYPE_RSA) - { - // Generate RSA certificate chain and store into cert - // chain collection - env->CallVoidMethod(obj, mGenRSAKeyAndCertChain, - env->NewStringUTF(pszNameString), - (jlong) hCryptProv, (jlong) hUserKey, - dwPublicKeyLength, jArrayList); + if ((dwData & ALG_TYPE_RSA) == ALG_TYPE_RSA) + { + // Generate RSA certificate chain and store into cert + // chain collection + jstring name = env->NewStringUTF(pszNameString); + if (name == NULL) { + __leave; + } + env->CallVoidMethod(obj, mGenRSAKeyAndCertChain, + name, + (jlong) hCryptProv, (jlong) hUserKey, + dwPublicKeyLength, jArrayList); + } } } } @@ -641,6 +667,9 @@ // Create new byte array jbyteArray temp = env->NewByteArray(dwBufLen); + if (temp == NULL) { + __leave; + } // Copy data from native buffer env->SetByteArrayRegion(temp, 0, dwBufLen, pSignedHashBuffer); @@ -964,6 +993,9 @@ } jCertAliasChars = env->GetStringChars(jCertAliasName, NULL); + if (jCertAliasChars == NULL) { + __leave; + } memcpy(pszCertAliasName, jCertAliasChars, size * sizeof(WCHAR)); pszCertAliasName[size] = 0; // append the string terminator @@ -1600,7 +1632,9 @@ } // Create new byte array - result = env->NewByteArray(dwBufLen); + if ((result = env->NewByteArray(dwBufLen)) == NULL) { + __leave; + } // Copy data from native buffer to Java buffer env->SetByteArrayRegion(result, 0, dwBufLen, (jbyte*) pData); @@ -1651,7 +1685,9 @@ } // Create new byte array - blob = env->NewByteArray(dwBlobLen); + if ((blob = env->NewByteArray(dwBlobLen)) == NULL) { + __leave; + } // Copy data from native buffer to Java buffer env->SetByteArrayRegion(blob, 0, dwBlobLen, (jbyte*) pbKeyBlob); @@ -1680,6 +1716,13 @@ __try { jsize length = env->GetArrayLength(jKeyBlob); + jsize headerLength = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY); + + if (length < headerLength) { + ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid BLOB"); + __leave; + } + if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) { __leave; } @@ -1706,7 +1749,9 @@ exponentBytes[i] = ((BYTE*) &pRsaPubKey->pubexp)[j]; } - exponent = env->NewByteArray(len); + if ((exponent = env->NewByteArray(len)) == NULL) { + __leave; + } env->SetByteArrayRegion(exponent, 0, len, exponentBytes); } __finally @@ -1736,6 +1781,13 @@ __try { jsize length = env->GetArrayLength(jKeyBlob); + jsize headerLength = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY); + + if (length < headerLength) { + ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid BLOB"); + __leave; + } + if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) { __leave; } @@ -1752,19 +1804,25 @@ (RSAPUBKEY *) (keyBlob + sizeof(PUBLICKEYSTRUC)); int len = pRsaPubKey->bitlen / 8; + if (len < 0 || len > length - headerLength) { + ThrowExceptionWithMessage(env, KEY_EXCEPTION, "Invalid key length"); + __leave; + } + modulusBytes = new (env) jbyte[len]; if (modulusBytes == NULL) { __leave; } - BYTE * pbModulus = - (BYTE *) (keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)); + BYTE * pbModulus = (BYTE *) (keyBlob + headerLength); // convert from little-endian while copying from blob for (int i = 0, j = len - 1; i < len; i++, j--) { modulusBytes[i] = pbModulus[j]; } - modulus = env->NewByteArray(len); + if ((modulus = env->NewByteArray(len)) == NULL) { + __leave; + } env->SetByteArrayRegion(modulus, 0, len, modulusBytes); } __finally @@ -1972,7 +2030,9 @@ } } - jBlob = env->NewByteArray(jBlobLength); + if ((jBlob = env->NewByteArray(jBlobLength)) == NULL) { + __leave; + } env->SetByteArrayRegion(jBlob, 0, jBlobLength, jBlobBytes); }
--- a/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -75,18 +75,20 @@ * Signature: (Ljava/lang/String;)V */ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_connect - (JNIEnv *env, jobject obj, jstring jPkcs11ModulePath, jstring jGetFunctionList) + (JNIEnv *env, jobject obj, jstring jPkcs11ModulePath, + jstring jGetFunctionList) { HINSTANCE hModule; CK_C_GetFunctionList C_GetFunctionList; - CK_RV rv; + CK_RV rv = CK_ASSERT_OK; ModuleData *moduleData; jobject globalPKCS11ImplementationReference; - LPVOID lpMsgBuf; - char *exceptionMessage; + LPVOID lpMsgBuf = NULL; + char *exceptionMessage = NULL; const char *getFunctionListStr; - const char *libraryNameStr = (*env)->GetStringUTFChars(env, jPkcs11ModulePath, 0); + const char *libraryNameStr = (*env)->GetStringUTFChars(env, + jPkcs11ModulePath, 0); TRACE1("DEBUG: connect to PKCS#11 module: %s ... ", libraryNameStr); @@ -106,21 +108,24 @@ 0, NULL ); - exceptionMessage = (char *) malloc(sizeof(char) * (strlen((LPTSTR) lpMsgBuf) + strlen(libraryNameStr) + 1)); + exceptionMessage = (char *) malloc(sizeof(char) * + (strlen((LPTSTR) lpMsgBuf) + strlen(libraryNameStr) + 1)); + if (exceptionMessage == NULL) { + throwOutOfMemoryError(env, 0); + goto cleanup; + } strcpy(exceptionMessage, (LPTSTR) lpMsgBuf); strcat(exceptionMessage, libraryNameStr); throwIOException(env, (LPTSTR) exceptionMessage); - /* Free the buffer. */ - free(exceptionMessage); - LocalFree(lpMsgBuf); - return; + goto cleanup; } /* * Get function pointer to C_GetFunctionList */ getFunctionListStr = (*env)->GetStringUTFChars(env, jGetFunctionList, 0); - C_GetFunctionList = (CK_C_GetFunctionList) GetProcAddress(hModule, getFunctionListStr); + C_GetFunctionList = (CK_C_GetFunctionList) GetProcAddress(hModule, + getFunctionListStr); (*env)->ReleaseStringUTFChars(env, jGetFunctionList, getFunctionListStr); if (C_GetFunctionList == NULL) { FormatMessage( @@ -135,24 +140,37 @@ NULL ); throwIOException(env, (LPTSTR) lpMsgBuf); - /* Free the buffer. */ - LocalFree( lpMsgBuf ); - return; + goto cleanup; } /* * Get function pointers to all PKCS #11 functions */ moduleData = (ModuleData *) malloc(sizeof(ModuleData)); + if (moduleData == NULL) { + throwOutOfMemoryError(env, 0); + goto cleanup; + } moduleData->hModule = hModule; moduleData->applicationMutexHandler = NULL; rv = (C_GetFunctionList)(&(moduleData->ckFunctionListPtr)); globalPKCS11ImplementationReference = (*env)->NewGlobalRef(env, obj); putModuleEntry(env, globalPKCS11ImplementationReference, moduleData); - (*env)->ReleaseStringUTFChars(env, jPkcs11ModulePath, libraryNameStr); TRACE0("FINISHED\n"); +cleanup: + /* Free up allocated buffers we no longer need */ + if (lpMsgBuf != NULL) { + LocalFree( lpMsgBuf ); + } + if (libraryNameStr != NULL) { + (*env)->ReleaseStringUTFChars(env, jPkcs11ModulePath, libraryNameStr); + } + if (exceptionMessage != NULL) { + free(exceptionMessage); + } + if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } }
--- a/src/windows/native/sun/windows/WPrinterJob.cpp Tue Jan 29 22:38:26 2019 +0000 +++ b/src/windows/native/sun/windows/WPrinterJob.cpp Wed Feb 06 04:09:08 2019 +0000 @@ -886,10 +886,12 @@ if (!present) { defIndices[0] = papers[0]; } - if (papers != NULL) { - free((char*)papers); - } } + // If DeviceCapabilities fails, then also free paper allocation + if (papers != NULL) { + free((char*)papers); + } + } RESTORE_CONTROLWORD }
--- a/test/java/math/BigDecimal/AddTests.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/java/math/BigDecimal/AddTests.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 6362557 + * @bug 6362557 8200698 * @summary Some tests of add(BigDecimal, mc) * @author Joseph D. Darcy */ @@ -290,12 +290,35 @@ return failures; } + private static int arithmeticExceptionTest() { + int failures = 0; + BigDecimal x; + try { + // + // The string representation "1e2147483647", which is equivalent + // to 10^Integer.MAX_VALUE, is used to create an augend with an + // unscaled value of 1 and a scale of -Integer.MAX_VALUE. The + // addend "1" has an unscaled value of 1 with a scale of 0. The + // addition is performed exactly and is specified to have a + // preferred scale of max(-Integer.MAX_VALUE, 0). As the scale + // of the result is 0, a value with Integer.MAX_VALUE + 1 digits + // would need to be created. Therefore the next statement is + // expected to overflow with an ArithmeticException. + // + x = new BigDecimal("1e2147483647").add(new BigDecimal(1)); + failures++; + } catch (ArithmeticException ae) { + } + return failures; + } + public static void main(String argv[]) { int failures = 0; failures += extremaTests(); failures += roundingGradationTests(); failures += precisionConsistencyTest(); + failures += arithmeticExceptionTest(); if (failures > 0) { throw new RuntimeException("Incurred " + failures +
--- a/test/java/math/BigDecimal/Constructor.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/java/math/BigDecimal/Constructor.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,20 +23,48 @@ /* * @test - * @bug 4259453 - * @summary Test string constructor of BigDecimal + * @bug 4259453 8200698 + * @summary Test constructors of BigDecimal + * @library .. + * @run testng Constructor */ + import java.math.BigDecimal; +import org.testng.annotations.Test; public class Constructor { - public static void main(String[] args) throws Exception { - boolean nfe = false; + @Test(expectedExceptions=NumberFormatException.class) + public void stringConstructor() { + BigDecimal bd = new BigDecimal("1.2e"); + } + + @Test(expectedExceptions=NumberFormatException.class) + public void charArrayConstructorNegativeOffset() { + BigDecimal bd = new BigDecimal(new char[5], -1, 4, null); + } + + @Test(expectedExceptions=NumberFormatException.class) + public void charArrayConstructorNegativeLength() { + BigDecimal bd = new BigDecimal(new char[5], 0, -1, null); + } + + @Test(expectedExceptions=NumberFormatException.class) + public void charArrayConstructorIntegerOverflow() { try { - BigDecimal bd = new BigDecimal("1.2e"); - } catch (NumberFormatException e) { - nfe = true; + BigDecimal bd = new BigDecimal(new char[5], Integer.MAX_VALUE - 5, + 6, null); + } catch (NumberFormatException nfe) { + if (nfe.getCause() instanceof IndexOutOfBoundsException) { + throw new RuntimeException + ("NumberFormatException should not have a cause"); + } else { + throw nfe; + } } - if (!nfe) - throw new Exception("Didn't throw NumberFormatException"); + } + + @Test(expectedExceptions=NumberFormatException.class) + public void charArrayConstructorIndexOutOfBounds() { + BigDecimal bd = new BigDecimal(new char[5], 1, 5, null); } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/math/BigInteger/LargeValueExceptions.java Wed Feb 06 04:09:08 2019 +0000 @@ -0,0 +1,192 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8200698 + * @summary Tests that exceptions are thrown for ops which would overflow + * @requires (sun.arch.data.model == "64" & os.maxMemory > 4g) + * @run testng/othervm -Xmx4g LargeValueExceptions + */ +import java.math.BigInteger; +import static java.math.BigInteger.ONE; +import org.testng.annotations.Test; + +// +// The intent of this test is to probe the boundaries between overflow and +// non-overflow, principally for multiplication and squaring, specifically +// the largest values which should not overflow and the smallest values which +// should. The transition values used are not necessarily at the exact +// boundaries but should be "close." Quite a few different values were used +// experimentally before settling on the ones in this test. For multiplication +// and squaring all cases are exercised: definite overflow and non-overflow +// which can be detected "up front," and "indefinite" overflow, i.e., overflow +// which cannot be detected up front so further calculations are required. +// +// Testing negative values is unnecessary. For both multiplication and squaring +// the paths lead to the Toom-Cook algorithm where the signum is used only to +// determine the sign of the result and not in the intermediate calculations. +// This is also true for exponentiation. +// +// @Test annotations with optional element "enabled" set to "false" should +// succeed when "enabled" is set to "true" but they take too to run in the +// course of the typical regression test execution scenario. +// +public class LargeValueExceptions { + // BigInteger.MAX_MAG_LENGTH + private static final int MAX_INTS = 1 << 26; + + // Number of bits corresponding to MAX_INTS + private static final long MAX_BITS = (0xffffffffL & MAX_INTS) << 5L; + + // Half BigInteger.MAX_MAG_LENGTH + private static final int MAX_INTS_HALF = MAX_INTS / 2; + + // --- squaring --- + + // Largest no overflow determined by examining data lengths alone. + @Test(enabled=false) + public void squareNoOverflow() { + BigInteger x = ONE.shiftLeft(16*MAX_INTS - 1).subtract(ONE); + BigInteger y = x.multiply(x); + } + + // Smallest no overflow determined by extra calculations. + @Test(enabled=false) + public void squareIndefiniteOverflowSuccess() { + BigInteger x = ONE.shiftLeft(16*MAX_INTS - 1); + BigInteger y = x.multiply(x); + } + + // Largest overflow detected by extra calculations. + @Test(expectedExceptions=ArithmeticException.class,enabled=false) + public void squareIndefiniteOverflowFailure() { + BigInteger x = ONE.shiftLeft(16*MAX_INTS).subtract(ONE); + BigInteger y = x.multiply(x); + } + + // Smallest overflow detected by examining data lengths alone. + @Test(expectedExceptions=ArithmeticException.class) + public void squareDefiniteOverflow() { + BigInteger x = ONE.shiftLeft(16*MAX_INTS); + BigInteger y = x.multiply(x); + } + + // --- multiplication --- + + // Largest no overflow determined by examining data lengths alone. + @Test(enabled=false) + public void multiplyNoOverflow() { + final int halfMaxBits = MAX_INTS_HALF << 5; + + BigInteger x = ONE.shiftLeft(halfMaxBits).subtract(ONE); + BigInteger y = ONE.shiftLeft(halfMaxBits - 1).subtract(ONE); + BigInteger z = x.multiply(y); + } + + // Smallest no overflow determined by extra calculations. + @Test(enabled=false) + public void multiplyIndefiniteOverflowSuccess() { + BigInteger x = ONE.shiftLeft((int)(MAX_BITS/2) - 1); + long m = MAX_BITS - x.bitLength(); + + BigInteger y = ONE.shiftLeft((int)(MAX_BITS/2) - 1); + long n = MAX_BITS - y.bitLength(); + + if (m + n != MAX_BITS) { + throw new RuntimeException("Unexpected leading zero sum"); + } + + BigInteger z = x.multiply(y); + } + + // Largest overflow detected by extra calculations. + @Test(expectedExceptions=ArithmeticException.class,enabled=false) + public void multiplyIndefiniteOverflowFailure() { + BigInteger x = ONE.shiftLeft((int)(MAX_BITS/2)).subtract(ONE); + long m = MAX_BITS - x.bitLength(); + + BigInteger y = ONE.shiftLeft((int)(MAX_BITS/2)).subtract(ONE); + long n = MAX_BITS - y.bitLength(); + + if (m + n != MAX_BITS) { + throw new RuntimeException("Unexpected leading zero sum"); + } + + BigInteger z = x.multiply(y); + } + + // Smallest overflow detected by examining data lengths alone. + @Test(expectedExceptions=ArithmeticException.class) + public void multiplyDefiniteOverflow() { + // multiply by 4 as MAX_INTS_HALF refers to ints + byte[] xmag = new byte[4*MAX_INTS_HALF]; + xmag[0] = (byte)0xff; + BigInteger x = new BigInteger(1, xmag); + + byte[] ymag = new byte[4*MAX_INTS_HALF + 1]; + ymag[0] = (byte)0xff; + BigInteger y = new BigInteger(1, ymag); + + BigInteger z = x.multiply(y); + } + + // --- exponentiation --- + + @Test(expectedExceptions=ArithmeticException.class) + public void powOverflow() { + BigInteger.TEN.pow(Integer.MAX_VALUE); + } + + @Test(expectedExceptions=ArithmeticException.class) + public void powOverflow1() { + int shift = 20; + int exponent = 1 << shift; + BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)); + BigInteger y = x.pow(exponent); + } + + @Test(expectedExceptions=ArithmeticException.class) + public void powOverflow2() { + int shift = 20; + int exponent = 1 << shift; + BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)).add(ONE); + BigInteger y = x.pow(exponent); + } + + @Test(expectedExceptions=ArithmeticException.class,enabled=false) + public void powOverflow3() { + int shift = 20; + int exponent = 1 << shift; + BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent)).subtract(ONE); + BigInteger y = x.pow(exponent); + } + + @Test(enabled=false) + public void powOverflow4() { + int shift = 20; + int exponent = 1 << shift; + BigInteger x = ONE.shiftLeft((int)(MAX_BITS / exponent - 1)).add(ONE); + BigInteger y = x.pow(exponent); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/time/test/java/time/chrono/TestEraDisplayName.java Wed Feb 06 04:09:08 2019 +0000 @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package test.java.time.chrono; + +import java.time.*; +import java.time.chrono.*; +import java.time.format.*; +import java.util.Locale; + +import org.testng.annotations.DataProvider; +import org.testng.annotations.Test; +import static org.testng.Assert.assertEquals; + +/** + * Tests Era.getDisplayName() correctly returns the name based on each + * chrono implementation. + * Note: The exact result may depend on locale data provider's implementation. + * + * @bug 8171049 8215377 + * @run testng/othervm -Djava.locale.providers=CLDR TestEraDisplayName + */ +@Test +public class TestEraDisplayName { + private static final Locale THAI = Locale.forLanguageTag("th-TH"); + private static final Locale EGYPT = Locale.forLanguageTag("ar-EG"); + + @DataProvider(name="eraDisplayName") + Object[][] eraDisplayName() { + return new Object[][] { + // Era, text style, displyay locale, expected name + // IsoEra + { IsoEra.BCE, TextStyle.FULL, Locale.US, "Before Christ" }, + { IsoEra.CE, TextStyle.FULL, Locale.US, "Anno Domini" }, + { IsoEra.BCE, TextStyle.FULL, Locale.JAPAN, "\u7d00\u5143\u524d" }, + { IsoEra.CE, TextStyle.FULL, Locale.JAPAN, "\u897f\u66a6" }, + { IsoEra.BCE, TextStyle.SHORT, Locale.US, "BC" }, + { IsoEra.CE, TextStyle.SHORT, Locale.US, "AD" }, + { IsoEra.BCE, TextStyle.SHORT, Locale.JAPAN, "\u7d00\u5143\u524d" }, + { IsoEra.CE, TextStyle.SHORT, Locale.JAPAN, "\u897f\u66a6" }, + { IsoEra.BCE, TextStyle.NARROW, Locale.US, "B" }, + { IsoEra.CE, TextStyle.NARROW, Locale.US, "A" }, + { IsoEra.BCE, TextStyle.NARROW, Locale.JAPAN, "B" }, + { IsoEra.CE, TextStyle.NARROW, Locale.JAPAN, "A" }, + + // JapaneseEra + { JapaneseEra.MEIJI, TextStyle.FULL, Locale.US, "Meiji" }, + { JapaneseEra.TAISHO, TextStyle.FULL, Locale.US, "Taisho" }, + { JapaneseEra.SHOWA, TextStyle.FULL, Locale.US, "Showa" }, + { JapaneseEra.HEISEI, TextStyle.FULL, Locale.US, "Heisei" }, + { JapaneseEra.MEIJI, TextStyle.FULL, Locale.JAPAN, "\u660e\u6cbb" }, + { JapaneseEra.TAISHO, TextStyle.FULL, Locale.JAPAN, "\u5927\u6b63" }, + { JapaneseEra.SHOWA, TextStyle.FULL, Locale.JAPAN, "\u662d\u548c" }, + { JapaneseEra.HEISEI, TextStyle.FULL, Locale.JAPAN, "\u5e73\u6210" }, + { JapaneseEra.MEIJI, TextStyle.SHORT, Locale.US, "Meiji" }, + { JapaneseEra.TAISHO, TextStyle.SHORT, Locale.US, "Taisho" }, + { JapaneseEra.SHOWA, TextStyle.SHORT, Locale.US, "Showa" }, + { JapaneseEra.HEISEI, TextStyle.SHORT, Locale.US, "Heisei" }, + { JapaneseEra.MEIJI, TextStyle.SHORT, Locale.JAPAN, "\u660e\u6cbb" }, + { JapaneseEra.TAISHO, TextStyle.SHORT, Locale.JAPAN, "\u5927\u6b63" }, + { JapaneseEra.SHOWA, TextStyle.SHORT, Locale.JAPAN, "\u662d\u548c" }, + { JapaneseEra.HEISEI, TextStyle.SHORT, Locale.JAPAN, "\u5e73\u6210" }, + { JapaneseEra.MEIJI, TextStyle.NARROW, Locale.US, "M" }, + { JapaneseEra.TAISHO, TextStyle.NARROW, Locale.US, "T" }, + { JapaneseEra.SHOWA, TextStyle.NARROW, Locale.US, "S" }, + { JapaneseEra.HEISEI, TextStyle.NARROW, Locale.US, "H" }, + { JapaneseEra.MEIJI, TextStyle.NARROW, Locale.JAPAN, "M" }, + { JapaneseEra.TAISHO, TextStyle.NARROW, Locale.JAPAN, "T" }, + { JapaneseEra.SHOWA, TextStyle.NARROW, Locale.JAPAN, "S" }, + { JapaneseEra.HEISEI, TextStyle.NARROW, Locale.JAPAN, "H" }, + }; + } + + @Test(dataProvider="eraDisplayName") + public void test_eraDisplayName(Era era, TextStyle style, Locale locale, String expected) { + assertEquals(era.getDisplayName(style, locale), expected); + } +}
--- a/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,7 +38,7 @@ /** * @test - * @bug 8076221 8157035 + * @bug 8076221 8157035 8211883 * @summary Check if weak cipher suites are disabled * @run main/othervm DisabledAlgorithms default * @run main/othervm DisabledAlgorithms empty @@ -59,9 +59,9 @@ System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - // supported RC4 cipher suites + // supported RC4, NULL, and anon cipher suites // it does not contain KRB5 cipher suites because they need a KDC - private static final String[] rc4_ciphersuites = new String[] { + private static final String[] rc4_null_anon_ciphersuites = new String[] { "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_SHA", @@ -69,7 +69,31 @@ "TLS_ECDH_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5", "TLS_ECDH_anon_WITH_RC4_128_SHA", - "SSL_DH_anon_WITH_RC4_128_MD5" + "SSL_DH_anon_WITH_RC4_128_MD5", + "SSL_RSA_WITH_NULL_MD5", + "SSL_RSA_WITH_NULL_SHA", + "TLS_RSA_WITH_NULL_SHA256", + "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "TLS_ECDH_RSA_WITH_NULL_SHA", + "TLS_ECDHE_RSA_WITH_NULL_SHA", + "TLS_ECDH_anon_WITH_NULL_SHA", + "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", + "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", + "SSL_DH_anon_WITH_DES_CBC_SHA", + "SSL_DH_anon_WITH_RC4_128_MD5", + "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "TLS_ECDH_anon_WITH_NULL_SHA", + "TLS_ECDH_anon_WITH_RC4_128_SHA" }; public static void main(String[] args) throws Exception { @@ -88,8 +112,9 @@ System.out.println("jdk.tls.disabledAlgorithms = " + Security.getProperty("jdk.tls.disabledAlgorithms")); - // check if RC4 cipher suites can't be used by default - checkFailure(rc4_ciphersuites); + // check if RC4, NULL, and anon cipher suites + // can't be used by default + checkFailure(rc4_null_anon_ciphersuites); break; case "empty": // reset jdk.tls.disabledAlgorithms @@ -97,9 +122,9 @@ System.out.println("jdk.tls.disabledAlgorithms = " + Security.getProperty("jdk.tls.disabledAlgorithms")); - // check if RC4 cipher suites can be used + // check if RC4, NULL, and anon cipher suites can be used // if jdk.tls.disabledAlgorithms is empty - checkSuccess(rc4_ciphersuites); + checkSuccess(rc4_null_anon_ciphersuites); break; default: throw new RuntimeException("Wrong parameter: " + args[0]);
--- a/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java Wed Feb 06 04:09:08 2019 +0000 @@ -74,6 +74,7 @@ * TLS_ECDH_anon_WITH_AES_128_CBC_SHA */ +import java.security.Security; import javax.net.ssl.*; /** @@ -90,14 +91,18 @@ private static boolean isClientMode; private static String enabledCipherSuite; - private static String disabledCipherSuite; + private static String notEnabledCipherSuite; public static void main(String[] args) throws Exception { + // reset the security property to make sure the cipher suites + // used in this test are not disabled + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + contextProtocol = trimQuotes(args[0]); isClientMode = Boolean.parseBoolean(args[1]); enabledCipherSuite = trimQuotes(args[2]); - disabledCipherSuite = trimQuotes(args[3]); + notEnabledCipherSuite = trimQuotes(args[3]); // // Create instance of SSLContext with the specified protocol. @@ -206,8 +211,8 @@ isMatch = true; } - if (!disabledCipherSuite.isEmpty() && - cipher.equals(disabledCipherSuite)) { + if (!notEnabledCipherSuite.isEmpty() && + cipher.equals(notEnabledCipherSuite)) { isBroken = true; } } @@ -219,7 +224,7 @@ if (isBroken) { throw new Exception( - "Cipher suite " + disabledCipherSuite + " should be disabled"); + "Cipher suite " + notEnabledCipherSuite + " should not be enabled"); } } @@ -231,7 +236,7 @@ } boolean hasEnabledCipherSuite = enabledCipherSuite.isEmpty(); - boolean hasDisabledCipherSuite = disabledCipherSuite.isEmpty(); + boolean hasNotEnabledCipherSuite = notEnabledCipherSuite.isEmpty(); for (String cipher : ciphers) { System.out.println("\tsupported cipher suite " + cipher); if (!enabledCipherSuite.isEmpty() && @@ -239,9 +244,9 @@ hasEnabledCipherSuite = true; } - if (!disabledCipherSuite.isEmpty() && - cipher.equals(disabledCipherSuite)) { - hasDisabledCipherSuite = true; + if (!notEnabledCipherSuite.isEmpty() && + cipher.equals(notEnabledCipherSuite)) { + hasNotEnabledCipherSuite = true; } } @@ -250,9 +255,9 @@ "Cipher suite " + enabledCipherSuite + " should be supported"); } - if (!hasDisabledCipherSuite) { + if (!hasNotEnabledCipherSuite) { throw new Exception( - "Cipher suite " + disabledCipherSuite + " should be supported"); + "Cipher suite " + notEnabledCipherSuite + " should not be enabled"); } }
--- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,7 @@ import java.io.*; import java.net.*; +import java.security.Security; import javax.net.ssl.*; public class JSSERenegotiate { @@ -190,6 +191,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // reset the security property to make sure that the cipher suites + // used in this test are not disabled + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/tools/jarsigner/TimestampCheck.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/TimestampCheck.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -75,6 +75,7 @@ * java.base/sun.security.util * java.base/sun.security.tools.keytool * @library /lib/testlibrary + * @compile -XDignore.symbol.file TimestampCheck.java * @run main/othervm/timeout=600 TimestampCheck */ public class TimestampCheck { @@ -121,12 +122,12 @@ */ byte[] sign(byte[] input, String path) throws Exception { DerValue value = new DerValue(input); - System.out.println("\nIncoming Request\n==================="); - System.out.println("Version: " + value.data.getInteger()); + System.out.println("#\n# Incoming Request\n==================="); + System.out.println("# Version: " + value.data.getInteger()); DerValue messageImprint = value.data.getDerValue(); AlgorithmId aid = AlgorithmId.parse( messageImprint.data.getDerValue()); - System.out.println("AlgorithmId: " + aid); + System.out.println("# AlgorithmId: " + aid); ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId); BigInteger nonce = null; @@ -134,16 +135,16 @@ DerValue v = value.data.getDerValue(); if (v.tag == DerValue.tag_Integer) { nonce = v.getBigInteger(); - System.out.println("nonce: " + nonce); + System.out.println("# nonce: " + nonce); } else if (v.tag == DerValue.tag_Boolean) { - System.out.println("certReq: " + v.getBoolean()); + System.out.println("# certReq: " + v.getBoolean()); } else if (v.tag == DerValue.tag_ObjectId) { policyId = v.getOID(); - System.out.println("PolicyID: " + policyId); + System.out.println("# PolicyID: " + policyId); } } - System.out.println("\nResponse\n==================="); + System.out.println("#\n# Response\n==================="); FileInputStream is = new FileInputStream(keystore); KeyStore ks = KeyStore.getInstance("JCEKS"); ks.load(is, "changeit".toCharArray()); @@ -229,10 +230,10 @@ "1.2.840.113549.1.9.16.1.4"), new DerValue(tstInfo2.toByteArray())); - System.out.println("Signing..."); - System.out.println(new X500Name(signer + System.out.println("# Signing..."); + System.out.println("# " + new X500Name(signer .getIssuerX500Principal().getName())); - System.out.println(signer.getSerialNumber()); + System.out.println("# " + signer.getSerialNumber()); SignerInfo signerInfo = new SignerInfo( new X500Name(signer.getIssuerX500Principal().getName()), @@ -303,8 +304,6 @@ public static void main(String[] args) throws Throwable { - prepare(); - try (Handler tsa = Handler.init(0, "ks");) { tsa.start(); int port = tsa.getPort(); @@ -313,62 +312,99 @@ if (args.length == 0) { // Run this test + prepare(); + sign("normal") .shouldNotContain("Warning") + .shouldContain("The signer certificate will expire on") + .shouldContain("The timestamp will expire on") .shouldHaveExitValue(0); verify("normal.jar") .shouldNotContain("Warning") .shouldHaveExitValue(0); + verify("normal.jar", "-verbose") + .shouldNotContain("Warning") + .shouldContain("The signer certificate will expire on") + .shouldContain("The timestamp will expire on") + .shouldHaveExitValue(0); + // Simulate signing at a previous date: // 1. tsold will create a timestamp of 20 days ago. // 2. oldsigner expired 10 days ago. - // jarsigner will show a warning at signing. signVerbose("tsold", "unsigned.jar", "tsold.jar", "oldsigner") - .shouldHaveExitValue(4); + .shouldNotContain("Warning") + .shouldMatch("signer certificate expired on .*. " + + "However, the JAR will be valid") + .shouldHaveExitValue(0); // It verifies perfectly. verify("tsold.jar", "-verbose", "-certs") .shouldNotContain("Warning") + .shouldMatch("signer certificate expired on .*. " + + "However, the JAR will be valid") .shouldHaveExitValue(0); + // No timestamp signVerbose(null, "unsigned.jar", "none.jar", "signer") .shouldContain("is not timestamped") + .shouldContain("The signer certificate will expire on") .shouldHaveExitValue(0); + verify("none.jar", "-verbose") + .shouldContain("do not include a timestamp") + .shouldContain("The signer certificate will expire on") + .shouldHaveExitValue(0); + + // Error cases + signVerbose(null, "unsigned.jar", "badku.jar", "badku") + .shouldContain("KeyUsage extension doesn't allow code signing") .shouldHaveExitValue(8); checkBadKU("badku.jar"); // 8180289: unvalidated TSA cert chain sign("tsnoca") - .shouldContain("TSA certificate chain is invalid") + .shouldContain("The TSA certificate chain is invalid. " + + "Reason: Path does not chain with any of the trust anchors") .shouldHaveExitValue(64); verify("tsnoca.jar", "-verbose", "-certs") .shouldHaveExitValue(64) .shouldContain("jar verified") - .shouldContain("Invalid TSA certificate chain") - .shouldContain("TSA certificate chain is invalid"); + .shouldContain("Invalid TSA certificate chain: " + + "Path does not chain with any of the trust anchors") + .shouldContain("TSA certificate chain is invalid." + + " Reason: Path does not chain with any of the trust anchors"); sign("nononce") + .shouldContain("Nonce missing in timestamp token") .shouldHaveExitValue(1); sign("diffnonce") + .shouldContain("Nonce changed in timestamp token") .shouldHaveExitValue(1); sign("baddigest") + .shouldContain("Digest octets changed in timestamp token") .shouldHaveExitValue(1); sign("diffalg") + .shouldContain("Digest algorithm not") .shouldHaveExitValue(1); + sign("fullchain") .shouldHaveExitValue(0); // Success, 6543440 solved. + sign("tsbad1") + .shouldContain("Certificate is not valid for timestamping") .shouldHaveExitValue(1); sign("tsbad2") + .shouldContain("Certificate is not valid for timestamping") .shouldHaveExitValue(1); sign("tsbad3") + .shouldContain("Certificate is not valid for timestamping") .shouldHaveExitValue(1); sign("nocert") + .shouldContain("Certificate not included in timestamp token") .shouldHaveExitValue(1); sign("policy", "-tsapolicyid", "1.2.3") @@ -376,6 +412,7 @@ checkTimestamp("policy.jar", "1.2.3", "SHA-256"); sign("diffpolicy", "-tsapolicyid", "1.2.3") + .shouldContain("TSAPolicyID changed in timestamp token") .shouldHaveExitValue(1); sign("sha1alg", "-tsadigestalg", "SHA") @@ -384,11 +421,13 @@ sign("tsweak", "-digestalg", "MD5", "-sigalg", "MD5withRSA", "-tsadigestalg", "MD5") - .shouldHaveExitValue(68); + .shouldHaveExitValue(68) + .shouldContain("The timestamp is invalid. Without a valid timestamp"); checkWeak("tsweak.jar"); signVerbose("tsweak", "unsigned.jar", "tsweak2.jar", "signer") .shouldHaveExitValue(64) + .shouldContain("The timestamp is invalid. Without a valid timestamp") .shouldContain("TSA certificate chain is invalid"); // Weak timestamp is an error and jar treated unsigned @@ -397,19 +436,26 @@ .shouldContain("treated as unsigned") .shouldMatch("Timestamp.*512.*weak"); + // Algorithm used in signing is weak signVerbose("normal", "unsigned.jar", "halfWeak.jar", "signer", "-digestalg", "MD5") + .shouldContain("-digestalg option is considered a security risk") .shouldHaveExitValue(4); checkHalfWeak("halfWeak.jar"); // sign with DSA key signVerbose("normal", "unsigned.jar", "sign1.jar", "dsakey") .shouldHaveExitValue(0); + // sign with RSAkeysize < 1024 signVerbose("normal", "sign1.jar", "sign2.jar", "weakkeysize") + .shouldContain("Algorithm constraints check failed on keysize") .shouldHaveExitValue(4); checkMultiple("sign2.jar"); + // 8191438: jarsigner should print when a timestamp will expire + checkExpiration(); + // When .SF or .RSA is missing or invalid checkMissingOrInvalidFiles("normal.jar"); @@ -417,12 +463,118 @@ checkInvalidTsaCertKeyUsage(); } } else { // Run as a standalone server - System.out.println("Press Enter to quit server"); + System.out.println("TSA started at " + host + + ". Press Enter to quit server"); System.in.read(); } } } + private static void checkExpiration() throws Exception { + + // Warning when expired or expiring + signVerbose(null, "unsigned.jar", "expired.jar", "expired") + .shouldContain("signer certificate has expired") + .shouldHaveExitValue(4); + verify("expired.jar") + .shouldContain("signer certificate has expired") + .shouldHaveExitValue(4); + signVerbose(null, "unsigned.jar", "expiring.jar", "expiring") + .shouldContain("signer certificate will expire within") + .shouldHaveExitValue(0); + verify("expiring.jar") + .shouldContain("signer certificate will expire within") + .shouldHaveExitValue(0); + // Info for long + signVerbose(null, "unsigned.jar", "long.jar", "long") + .shouldNotContain("signer certificate has expired") + .shouldNotContain("signer certificate will expire within") + .shouldContain("signer certificate will expire on") + .shouldHaveExitValue(0); + verify("long.jar") + .shouldNotContain("signer certificate has expired") + .shouldNotContain("signer certificate will expire within") + .shouldNotContain("The signer certificate will expire") + .shouldHaveExitValue(0); + verify("long.jar", "-verbose") + .shouldContain("The signer certificate will expire") + .shouldHaveExitValue(0); + + // Both expired + signVerbose("tsexpired", "unsigned.jar", + "tsexpired-expired.jar", "expired") + .shouldContain("The signer certificate has expired.") + .shouldContain("The timestamp has expired.") + .shouldHaveExitValue(4); + verify("tsexpired-expired.jar") + .shouldContain("signer certificate has expired") + .shouldContain("timestamp has expired.") + .shouldHaveExitValue(4); + + // TS expired but signer still good + signVerbose("tsexpired", "unsigned.jar", + "tsexpired-long.jar", "long") + .shouldContain("The timestamp expired on") + .shouldHaveExitValue(0); + verify("tsexpired-long.jar") + .shouldMatch("timestamp expired on.*However, the JAR will be valid") + .shouldNotContain("Error") + .shouldHaveExitValue(0); + + signVerbose("tsexpired", "unsigned.jar", + "tsexpired-ca.jar", "ca") + .shouldContain("The timestamp has expired.") + .shouldHaveExitValue(4); + verify("tsexpired-ca.jar") + .shouldNotContain("timestamp has expired") + .shouldNotContain("Error") + .shouldHaveExitValue(0); + + // Warning when expiring + sign("tsexpiring") + .shouldContain("timestamp will expire within") + .shouldHaveExitValue(0); + verify("tsexpiring.jar") + .shouldContain("timestamp will expire within") + .shouldNotContain("still valid") + .shouldHaveExitValue(0); + + signVerbose("tsexpiring", "unsigned.jar", + "tsexpiring-ca.jar", "ca") + .shouldContain("self-signed") + .stderrShouldNotMatch("The.*expir") + .shouldHaveExitValue(4); // self-signed + verify("tsexpiring-ca.jar") + .stderrShouldNotMatch("The.*expir") + .shouldHaveExitValue(0); + + signVerbose("tsexpiringsoon", "unsigned.jar", + "tsexpiringsoon-long.jar", "long") + .shouldContain("The timestamp will expire") + .shouldHaveExitValue(0); + verify("tsexpiringsoon-long.jar") + .shouldMatch("timestamp will expire.*However, the JAR will be valid until") + .shouldHaveExitValue(0); + + // Info for long + sign("tslong") + .shouldNotContain("timestamp has expired") + .shouldNotContain("timestamp will expire within") + .shouldContain("timestamp will expire on") + .shouldContain("signer certificate will expire on") + .shouldHaveExitValue(0); + verify("tslong.jar") + .shouldNotContain("timestamp has expired") + .shouldNotContain("timestamp will expire within") + .shouldNotContain("timestamp will expire on") + .shouldNotContain("signer certificate will expire on") + .shouldHaveExitValue(0); + verify("tslong.jar", "-verbose") + .shouldContain("timestamp will expire on") + .shouldContain("signer certificate will expire on") + .shouldHaveExitValue(0); + } + private static void checkInvalidTsaCertKeyUsage() throws Exception { // Hack: Rewrite the TSA cert inside normal.jar into ts2.jar. @@ -670,6 +822,14 @@ keytool("-alias tsbad3 -genkeypair -dname CN=tsbad3"); keytool("-alias tsnoca -genkeypair -dname CN=tsnoca"); + keytool("-alias expired -genkeypair -dname CN=expired"); + keytool("-alias expiring -genkeypair -dname CN=expiring"); + keytool("-alias long -genkeypair -dname CN=long"); + keytool("-alias tsexpired -genkeypair -dname CN=tsexpired"); + keytool("-alias tsexpiring -genkeypair -dname CN=tsexpiring"); + keytool("-alias tsexpiringsoon -genkeypair -dname CN=tsexpiringsoon"); + keytool("-alias tslong -genkeypair -dname CN=tslong"); + // tsnoca's issuer will be removed from keystore later keytool("-alias ca -genkeypair -ext bc -dname CN=CA"); gencert("tsnoca", "-ext eku:critical=ts"); @@ -681,7 +841,15 @@ gencert("dsakey"); gencert("weakkeysize"); gencert("badku", "-ext ku:critical=keyAgreement"); - gencert("ts", "-ext eku:critical=ts"); + gencert("ts", "-ext eku:critical=ts -validity 500"); + + gencert("expired", "-validity 10 -startdate -12d"); + gencert("expiring", "-validity 178"); + gencert("long", "-validity 182"); + gencert("tsexpired", "-ext eku:critical=ts -validity 10 -startdate -12d"); + gencert("tsexpiring", "-ext eku:critical=ts -validity 364"); + gencert("tsexpiringsoon", "-ext eku:critical=ts -validity 170"); // earlier than expiring + gencert("tslong", "-ext eku:critical=ts -validity 367"); for (int i = 0; i < 5; i++) { @@ -701,7 +869,7 @@ } } - gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 45"); + gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 500"); gencert("tsweak", "-ext eku:critical=ts"); gencert("tsbad1");
--- a/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -51,32 +51,12 @@ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create first key pair for signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", FIRST_KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", BOTH_KEYS_KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=First", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); - - // create second key pair for signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", SECOND_KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", BOTH_KEYS_KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Second", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + createAlias(FIRST_KEY_ALIAS); + createAlias(SECOND_KEY_ALIAS); // sign jar with first key OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, - "-keystore", BOTH_KEYS_KEYSTORE, + "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, @@ -93,7 +73,7 @@ // sign jar with second key analyzer = ProcessTools.executeCommand(JARSIGNER, - "-keystore", BOTH_KEYS_KEYSTORE, + "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, @@ -104,7 +84,7 @@ // create keystore that contains only first key ProcessTools.executeCommand(KEYTOOL, "-importkeystore", - "-srckeystore", BOTH_KEYS_KEYSTORE, + "-srckeystore", KEYSTORE, "-srcalias", FIRST_KEY_ALIAS, "-srcstorepass", PASSWORD, "-srckeypass", PASSWORD, @@ -113,7 +93,7 @@ "-deststorepass", PASSWORD, "-destkeypass", PASSWORD).shouldHaveExitValue(0); - // verify jar with keystore that contains only first key in strict mode, + // verify jar with keystore that contains only first key, // so there is signed entry (FirstClass.class) that is not signed // by any alias in the keystore analyzer = ProcessTools.executeCommand(JARSIGNER,
--- a/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/BadExtendedKeyUsageTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,17 +52,14 @@ // create a certificate whose signer certificate's // ExtendedKeyUsage extension doesn't allow code signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Test", + // create key pair for jar signing + createAlias(CA_KEY_ALIAS); + createAlias(KEY_ALIAS); + + issueCert( + KEY_ALIAS, "-ext", "ExtendedkeyUsage=serverAuth", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + "-validity", Integer.toString(VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
--- a/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,17 +53,13 @@ // create a certificate whose signer certificate's KeyUsage extension // doesn't allow code signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Test", + createAlias(CA_KEY_ALIAS); + createAlias(KEY_ALIAS); + + issueCert( + KEY_ALIAS, "-ext", "KeyUsage=keyAgreement", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + "-validity", Integer.toString(VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
--- a/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/BadNetscapeCertTypeTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,10 +25,6 @@ import jdk.testlibrary.ProcessTools; import jdk.testlibrary.JarUtils; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.util.Base64; - /** * @test * @bug 8024302 8026037 @@ -38,25 +34,14 @@ */ public class BadNetscapeCertTypeTest extends Test { - private static final String NETSCAPE_KEYSTORE_BASE64 = TEST_SOURCES + FS - + "bad_netscape_cert_type.jks.base64"; - - private static final String NETSCAPE_KEYSTORE - = "bad_netscape_cert_type.jks"; - /** * The test signs and verifies a jar that contains entries * whose signer certificate's NetscapeCertType extension * doesn't allow code signing (badNetscapeCertType). * Warning message is expected. - * Run bad_netscape_cert_type.sh script to create bad_netscape_cert_type.jks */ public static void main(String[] args) throws Throwable { - Files.write(Paths.get(NETSCAPE_KEYSTORE), - Base64.getMimeDecoder().decode( - Files.readAllBytes(Paths.get(NETSCAPE_KEYSTORE_BASE64)))); - BadNetscapeCertTypeTest test = new BadNetscapeCertTypeTest(); test.start(); } @@ -66,10 +51,22 @@ Utils.createFiles(FIRST_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + // create a certificate whose signer certificate's + // NetscapeCertType extension doesn't allow code signing + // create key pair for jar signing + createAlias(CA_KEY_ALIAS); + createAlias(KEY_ALIAS); + + issueCert( + KEY_ALIAS, + // NetscapeCertType [ SSL client ] + "-ext", "2.16.840.1.113730.1.1=03020780", + "-validity", Integer.toString(VALIDITY)); + // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", - "-keystore", NETSCAPE_KEYSTORE, + "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, @@ -82,7 +79,7 @@ analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", - "-keystore", NETSCAPE_KEYSTORE, + "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE); @@ -94,7 +91,7 @@ "-verify", "-verbose", "-strict", - "-keystore", NETSCAPE_KEYSTORE, + "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE);
--- a/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,117 +21,52 @@ * questions. */ -import java.io.File; import jdk.testlibrary.OutputAnalyzer; import jdk.testlibrary.ProcessTools; import jdk.testlibrary.JarUtils; +import java.nio.file.Files; +import java.nio.file.Paths; + /** * @test * @bug 8024302 8026037 * @summary Test for chainNotValidated warning * @library /lib/testlibrary ../ - * @run main ChainNotValidatedTest + * @run main ChainNotValidatedTest ca2yes + * @run main ChainNotValidatedTest ca2no */ public class ChainNotValidatedTest extends Test { - private static final String CHAIN = "chain"; - - /** - * The test signs and verifies a jar that contains entries - * whose cert chain can't be correctly validated (chainNotValidated). - * Warning message is expected. - */ public static void main(String[] args) throws Throwable { ChainNotValidatedTest test = new ChainNotValidatedTest(); - test.start(); + test.start(args[0].equals("ca2yes")); } - private void start() throws Throwable { + private void start(boolean ca2yes) throws Throwable { // create a jar file that contains one class file Utils.createFiles(FIRST_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); - // create self-signed certificate whose BasicConstraints extension - // is set to false, so the certificate may not be used - // as a parent certificate (certpath validation should fail) - ProcessTools.executeCommand(KEYTOOL, - "-genkeypair", - "-alias", CA_KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=CA", - "-ext", "BasicConstraints:critical=ca:false", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); - - // create a certificate that is signed by self-signed certificate - // despite of it may not be used as a parent certificate - // (certpath validation should fail) - ProcessTools.executeCommand(KEYTOOL, - "-genkeypair", - "-alias", KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Test", - "-ext", "BasicConstraints:critical=ca:false", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); - - ProcessTools.executeCommand(KEYTOOL, - "-certreq", - "-alias", KEY_ALIAS, - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-file", CERT_REQUEST_FILENAME).shouldHaveExitValue(0); + // We have 2 @run. Need cleanup. + Files.deleteIfExists(Paths.get(KEYSTORE)); - ProcessTools.executeCommand(KEYTOOL, - "-gencert", - "-alias", CA_KEY_ALIAS, - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-infile", CERT_REQUEST_FILENAME, - "-validity", Integer.toString(VALIDITY), - "-outfile", CERT_FILENAME).shouldHaveExitValue(0); - - ProcessTools.executeCommand(KEYTOOL, - "-importcert", - "-alias", KEY_ALIAS, - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-file", CERT_FILENAME).shouldHaveExitValue(0); + // Root CA is not checked at all. If the intermediate CA has + // BasicConstraints extension set to true, it will be valid. + // Otherwise, chain validation will fail. + createAlias(CA_KEY_ALIAS); + createAlias(CA2_KEY_ALIAS); + issueCert(CA2_KEY_ALIAS, + "-ext", + "bc=ca:" + ca2yes); - ProcessBuilder pb = new ProcessBuilder(KEYTOOL, - "-export", - "-rfc", - "-alias", KEY_ALIAS, - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD); - pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN))); - ProcessTools.executeCommand(pb).shouldHaveExitValue(0); + createAlias(KEY_ALIAS); + issueCert(KEY_ALIAS, "-alias", CA2_KEY_ALIAS); - pb = new ProcessBuilder(KEYTOOL, - "-export", - "-rfc", - "-alias", CA_KEY_ALIAS, - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD); - pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN))); - ProcessTools.executeCommand(pb).shouldHaveExitValue(0); - - // remove CA certificate + // remove CA2 certificate so it's not trusted ProcessTools.executeCommand(KEYTOOL, "-delete", - "-alias", CA_KEY_ALIAS, + "-alias", CA2_KEY_ALIAS, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD).shouldHaveExitValue(0); @@ -141,12 +76,15 @@ "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, - "-certchain", CHAIN, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS); - checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING); + if (ca2yes) { + checkSigning(analyzer, "!" + CHAIN_NOT_VALIDATED_SIGNING_WARNING); + } else { + checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING); + } // verify signed jar analyzer = ProcessTools.executeCommand(JARSIGNER, @@ -155,10 +93,13 @@ "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, - "-certchain", CHAIN, SIGNED_JARFILE); - checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING); + if (ca2yes) { + checkVerifying(analyzer, 0, "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING); + } else { + checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING); + } // verify signed jar in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, @@ -168,11 +109,15 @@ "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, - "-certchain", CHAIN, SIGNED_JARFILE); - checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE, - CHAIN_NOT_VALIDATED_VERIFYING_WARNING); + if (ca2yes) { + checkVerifying(analyzer, 0, + "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING); + } else { + checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE, + CHAIN_NOT_VALIDATED_VERIFYING_WARNING); + } System.out.println("Test passed"); }
--- a/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/HasExpiredCertTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,18 +52,13 @@ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for jar signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Test", + createAlias(CA_KEY_ALIAS); + createAlias(KEY_ALIAS); + + issueCert( + KEY_ALIAS, "-startdate", "-" + SHORT_VALIDITY * 2 + "d", - "-validity", Integer.toString(SHORT_VALIDITY)) - .shouldHaveExitValue(0); + "-validity", Integer.toString(SHORT_VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
--- a/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/HasExpiringCertTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,17 +52,12 @@ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for jar signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Test", - "-validity", Integer.toString(SHORT_VALIDITY)) - .shouldHaveExitValue(0); + createAlias(CA_KEY_ALIAS); + createAlias(KEY_ALIAS); + + issueCert( + KEY_ALIAS, + "-validity", Integer.toString(SHORT_VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
--- a/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/HasUnsignedEntryTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -51,16 +51,11 @@ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Test", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + createAlias(CA_KEY_ALIAS); + createAlias(KEY_ALIAS); + issueCert( + KEY_ALIAS, + "-validity", Integer.toString(VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
--- a/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/MultipleWarningsTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -54,35 +54,25 @@ // create a jar file that contains one class file JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); + createAlias(CA_KEY_ALIAS); + // create first expired certificate // whose ExtendedKeyUsage extension does not allow code signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", FIRST_KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=First", + createAlias(FIRST_KEY_ALIAS); + issueCert( + FIRST_KEY_ALIAS, "-ext", "ExtendedkeyUsage=serverAuth", "-startdate", "-" + VALIDITY * 2 + "d", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + "-validity", Integer.toString(VALIDITY)); // create second expired certificate // whose KeyUsage extension does not allow code signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", SECOND_KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Second", + createAlias(SECOND_KEY_ALIAS); + issueCert( + SECOND_KEY_ALIAS, "-ext", "ExtendedkeyUsage=serverAuth", "-startdate", "-" + VALIDITY * 2 + "d", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + "-validity", Integer.toString(VALIDITY)); // sign jar with first key OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
--- a/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/NoTimestampTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,15 +57,9 @@ * 24 * 60 * 60 * 1000L); // create key pair - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Test", + createAlias(CA_KEY_ALIAS); + createAlias(KEY_ALIAS); + issueCert(KEY_ALIAS, "-validity", Integer.toString(VALIDITY)); // sign jar file
--- a/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/NotSignedByAliasTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -49,29 +49,19 @@ Utils.createFiles(FIRST_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); - // create first key pair for signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", FIRST_KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=First", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + createAlias(CA_KEY_ALIAS); // create first key pair for signing - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", SECOND_KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Second", - "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); + createAlias(FIRST_KEY_ALIAS); + issueCert( + FIRST_KEY_ALIAS, + "-validity", Integer.toString(VALIDITY)); + + // create first key pair for signing + createAlias(SECOND_KEY_ALIAS); + issueCert( + SECOND_KEY_ALIAS, + "-validity", Integer.toString(VALIDITY)); // sign jar with first key OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
--- a/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/NotYetValidCertTest.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,15 +50,11 @@ JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create certificate that will be valid only tomorrow - ProcessTools.executeCommand(KEYTOOL, - "-genkey", - "-alias", KEY_ALIAS, - "-keyalg", KEY_ALG, - "-keysize", Integer.toString(KEY_SIZE), - "-keystore", KEYSTORE, - "-storepass", PASSWORD, - "-keypass", PASSWORD, - "-dname", "CN=Test", + createAlias(CA_KEY_ALIAS); + createAlias(KEY_ALIAS); + + issueCert( + KEY_ALIAS, "-startdate", "+1d", "-validity", Integer.toString(VALIDITY));
--- a/test/sun/security/tools/jarsigner/warnings/Test.java Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/security/tools/jarsigner/warnings/Test.java Wed Feb 06 04:09:08 2019 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,6 @@ static final String FIRST_FILE = "first.txt"; static final String SECOND_FILE = "second.txt"; static final String PASSWORD = "password"; - static final String BOTH_KEYS_KEYSTORE = "both_keys.jks"; static final String FIRST_KEY_KEYSTORE = "first_key.jks"; static final String KEYSTORE = "keystore.jks"; static final String FIRST_KEY_ALIAS = "first"; @@ -55,11 +54,13 @@ static final String CERT_REQUEST_FILENAME = "test.req"; static final String CERT_FILENAME = "test.crt"; static final String CA_KEY_ALIAS = "ca"; + static final String CA2_KEY_ALIAS = "ca2"; static final int KEY_SIZE = 2048; static final int TIMEOUT = 6 * 60 * 1000; // in millis static final int VALIDITY = 365; static final String WARNING = "Warning:"; + static final String WARNING_OR_ERROR = "(Warning|Error):"; static final String CHAIN_NOT_VALIDATED_VERIFYING_WARNING = "This jar contains entries " @@ -126,10 +127,10 @@ + "(%1$tY-%1$tm-%1$td) or after any future revocation date."; static final String NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE - = "This jar contains signatures that does not include a timestamp. " + = "This jar contains signatures that do not include a timestamp. " + "Without a timestamp, users may not be able to validate this jar " - + "after the signer certificate's expiration date " - + "(%1$tY-%1$tm-%1$td) or after any future revocation date."; + + "after any of the signer certificates expire " + + "(as early as %1$tY-%1$tm-%1$td)."; static final String NOT_YET_VALID_CERT_SIGNING_WARNING = "The signer certificate is not yet valid."; @@ -154,14 +155,72 @@ static final int ALIAS_NOT_IN_STORE_EXIT_CODE = 32; static final int NOT_SIGNED_BY_ALIAS_EXIT_CODE = 32; + protected void createAlias(String alias, String ... options) + throws Throwable { + List<String> cmd = new ArrayList<>(); + cmd.addAll(Arrays.asList( + "-genkeypair", + "-alias", alias, + "-keyalg", KEY_ALG, + "-keysize", Integer.toString(KEY_SIZE), + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-dname", "CN=" + alias)); + cmd.addAll(Arrays.asList(options)); + + keytool(cmd.toArray(new String[cmd.size()])) + .shouldHaveExitValue(0); + } + + protected void issueCert(String alias, String ... options) + throws Throwable { + keytool("-certreq", + "-alias", alias, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-file", alias + ".req") + .shouldHaveExitValue(0); + + List<String> cmd = new ArrayList<>(); + cmd.addAll(Arrays.asList( + "-gencert", + "-alias", CA_KEY_ALIAS, + "-infile", alias + ".req", + "-outfile", alias + ".cert", + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-file", alias + ".req")); + cmd.addAll(Arrays.asList(options)); + + keytool(cmd.toArray(new String[cmd.size()])) + .shouldHaveExitValue(0); + + keytool("-importcert", + "-alias", alias, + "-keystore", KEYSTORE, + "-storepass", PASSWORD, + "-keypass", PASSWORD, + "-file", alias + ".cert") + .shouldHaveExitValue(0); + } + protected void checkVerifying(OutputAnalyzer analyzer, int expectedExitCode, String... warnings) { analyzer.shouldHaveExitValue(expectedExitCode); + int count = 0; for (String warning : warnings) { - analyzer.shouldContain(warning); + if (warning.startsWith("!")) { + analyzer.shouldNotContain(warning.substring(1)); + } else { + count++; + analyzer.shouldContain(warning); + } } - if (warnings.length > 0) { - analyzer.shouldContain(WARNING); + if (count > 0) { + analyzer.shouldMatch(WARNING_OR_ERROR); } if (expectedExitCode == 0) { analyzer.shouldContain(JAR_VERIFIED); @@ -172,11 +231,17 @@ protected void checkSigning(OutputAnalyzer analyzer, String... warnings) { analyzer.shouldHaveExitValue(0); + int count = 0; for (String warning : warnings) { - analyzer.shouldContain(warning); + if (warning.startsWith("!")) { + analyzer.shouldNotContain(warning.substring(1)); + } else { + count++; + analyzer.shouldContain(warning); + } } - if (warnings.length > 0) { - analyzer.shouldContain(WARNING); + if (count > 0) { + analyzer.shouldMatch(WARNING_OR_ERROR); } analyzer.shouldContain(JAR_SIGNED); }
--- a/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.jks.base64 Tue Jan 29 22:38:26 2019 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,26 +0,0 @@ -/u3+7QAAAAIAAAABAAAAAQAFYWxpYXMAAAFBpkwW0gAAAr0wggK5MA4GCisGAQQB -KgIRAQEFAASCAqWkGJ3PPjYmWNKrV23Y1u413RMAkrRZ+1OLWYRcQt4jtxtIyEH5 -Ho5b9dy9XN9FBKlTOD4c2Pc1T43BLKXeuLu3uLLeIxgXFt0z9CLyGwdYZZ751kXr -DQ99qY6aNQUO6SeE4Wdty0KPAqid6ZJ8bF7T6wsTZSvNhaBRzyFydEfG7bbUYjOl -mWC44nlsu6VEU3o9RQpcm1gIMwradOaIVT/HoB2bKmAv8gHqI6kreiEZwTdZkSAI -IRi2vt1RPllXt5hgjDxUfZe8XOYYweR4Vt2/jVuKLJ80DNTu/9SeUD88zQAz53k4 -r3nRhv6TRcPm6tV/Fh92XLHiskL+TAzTfm+bUAudPCCVxN+yRtxvAgA+UhdV/SuM -Zn5F6nrmP+YJG1hmprgCJIJJaCEXa9RXYC+vIVpO0WVNRuGlGm+/1afnOuQC8Wss -ShXwjkaqTwAhqBFq7eYmmP8BK3gflYrt2zDLXvhl4ndVvMhMthFJ3ZvLh2LWpqLI -/n8EMCf8US3lIEFk9DTHBZjffiHkqK2e7+FXEpG3xrgE6ZYLMdbd5Pb3YjZfhQx+ -ZTtiEFzYSaEGhacek/m7dRq1qmwgFsytng2OdWZe2ln8LJY0odr1dGUfJHfgafvi -tlfbkg/rgjONtwliChDggbkUwnerrj/D/zrdEufUvfyltSshhHXRNDD3fH6spmEk -hHKgxEc4yvxqJxzdMGtuib355aSfNegyl+GsnsKzXQCVEK2h3BLTQObzaD+8NZ12 -LQHvbrCiaS34vxJ3rEC+a+SW7itZp0aCdXMWdMJNkRKqyLBD3vG3zN05sN3XrhEM -8BRT020TWY00tbVFbbBFheYLQRgTjrQtr0Yt6UHWBZc4N20crDLcSH5gqcCOVpla -1Y2uqFEn8yqrGRwn/kgfNgAAAAEABVguNTA5AAABtTCCAbEwggEaoAMCAQICCQDH -cEuVvzCuqzANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDDARUZXN0MB4XDTEzMTAx -MTA2NTUwNloXDTIzMTAwOTA2NTUwNlowDzENMAsGA1UEAwwEVGVzdDCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEA8hOfp2Dcnvt//ZZQAja9TRiwKqXVS+TiYE3S -gngCBjIi+YYdo0DsUeO5MBfE6uvCWOr5lwAR/u1iaJOhIoGJDiGoPasZlt+yIgtR -LzA7j2q+1q6kcwiVxfikI3aUgHV/QsybTriT4Bf7TQNKtJG23MQa4sD7+PjtCWD7 -p3cHTfkCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBBQUA -A4GBAKoDlTJ8wLRA7G8XdGm4gv733n1cSQzlkcsjfOO6/mA5Jvu8tyFNq9HTf9AT -VXbrbGcUYJjhzSSY3w5apXK1kXyqTB1LUNEJ45WnmciqSSecVTpJz9TuegyoX0Zf -HScSgqfDmjqoiiFiNCgn3ZEJ85ykGvoFYGH+php+BVi3S0bj5E/jRpyV3vNnii/S -wJDSAXF6bYU=
--- a/test/sun/security/tools/jarsigner/warnings/bad_netscape_cert_type.sh Tue Jan 29 22:38:26 2019 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,48 +0,0 @@ -# -# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -#!/bin/sh - -# This script creates JKS keystore with a certificate -# that contains Netscape Certificate Type extension -# that does not allow code signing -# The keystore is used by BadNetscapeCertTypeTest.java test - -rm -rf keystore.jks -echo "nsCertType = client" > ext.cfg - -openssl req -new -out cert.req -keyout key.pem -days 3650 \ - -passin pass:password -passout pass:password -subj "/CN=Test" -openssl x509 -in cert.req -out cert.pem -req -signkey key.pem -days 3650 \ - -passin pass:password -extfile ext.cfg -openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 \ - -passin pass:password -passout pass:password -name alias - -${JAVA_HOME}/bin/keytool -importkeystore \ - -srckeystore keystore.p12 -srcstoretype pkcs12 \ - -srcstorepass password -alias alias \ - -destkeystore bad_netscape_cert_type.jks -deststoretype jks \ - -deststorepass password -destalias alias \ - -openssl base64 < bad_netscape_cert_type.jks > bad_netscape_cert_type.jks.base64 -rm -rf cert.req key.pem cert.pem keystore.p12 ext.cfg bad_netscape_cert_type.jks
--- a/test/sun/util/calendar/zi/tzdata/VERSION Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/VERSION Wed Feb 06 04:09:08 2019 +0000 @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2018e +tzdata2018g
--- a/test/sun/util/calendar/zi/tzdata/africa Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/africa Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Africa and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -29,7 +31,7 @@ # tz@iana.org for general use in the future). For more, please see # the file CONTRIBUTING in the tz distribution. -# From Paul Eggert (2017-04-09): +# From Paul Eggert (2018-05-27): # # Unless otherwise specified, the source for data through 1990 is: # Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition), @@ -74,13 +76,15 @@ # I vaguely recall 'WAT' also being used for -01 in the past but # cannot now come up with solid citations. # -# I invented the following abbreviations; corrections are welcome! -# +02 WAST West Africa Summer Time (no longer used) -# +03 CAST Central Africa Summer Time (no longer used) -# +03 SAST South Africa Summer Time (no longer used) +# I invented the following abbreviations in the 1990s: +# +02 WAST West Africa Summer Time +# +03 CAST Central Africa Summer Time +# +03 SAST South Africa Summer Time # +03 EAT East Africa Time -# 'EAT' also seems to have caught on; the others are rare but are paired -# with better-attested non-DST abbreviations. +# 'EAT' seems to have caught on and is in current timestamps, and though +# the other abbreviations are rarer and are only in past timestamps, +# they are paired with better-attested non-DST abbreviations. +# Corrections are welcome. # Algeria # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S @@ -385,6 +389,13 @@ # Eritrea # Ethiopia # See Africa/Nairobi. +# +# Unfortunately tzdb records only Western clock time in use in Ethiopia, +# as the tzdb format is not up to properly recording a common Ethiopian +# timekeeping practice that is based on solar time. See: +# Mortada D. If you have a meeting in Ethiopia, you'd better double +# check the time. PRI's The World. 2015-01-30 15:15 -05. +# https://www.pri.org/stories/2015-01-30/if-you-have-meeting-ethiopia-you-better-double-check-time # Gabon # See Africa/Lagos. @@ -856,94 +867,61 @@ # <https://lnt.ma/le-maroc-reculera-dune-heure-le-dimanche-14-juin/> agrees # with the patch. -# From Paul Eggert (2015-06-08): -# For now, guess that later spring and fall transitions will use 2015's rules, -# and guess that Morocco will switch to standard time at 03:00 the last -# Sunday before Ramadan, and back to DST at 02:00 the first Sunday after -# Ramadan. To implement this, transition dates for 2016 through 2037 were -# determined by running the following program under GNU Emacs 24.3, with the -# results integrated by hand into the table below. -# (let ((islamic-year 1437)) -# (require 'cal-islam) -# (while (< islamic-year 1460) -# (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year))) -# (b (calendar-islamic-to-absolute (list 10 1 islamic-year))) -# (sunday 0)) -# (while (/= sunday (mod (setq a (1- a)) 7))) -# (while (/= sunday (mod b 7)) -# (setq b (1+ b))) -# (setq a (calendar-gregorian-from-absolute a)) -# (setq b (calendar-gregorian-from-absolute b)) -# (insert -# (format -# (concat "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 3:00\t0\t-\n" -# "Rule\tMorocco\t%d\tonly\t-\t%s\t%2d\t 2:00\t1:00\tS\n") -# (car (cdr (cdr a))) (calendar-month-name (car a) t) (car (cdr a)) -# (car (cdr (cdr b))) (calendar-month-name (car b) t) (car (cdr b))))) -# (setq islamic-year (+ 1 islamic-year)))) +# From Mohamed Essedik Najd (2018-10-26): +# Today, a Moroccan government council approved the perpetual addition +# of 60 minutes to the regular Moroccan timezone. +# From Brian Inglis (2018-10-26): +# http://www.maroc.ma/fr/actualites/le-conseil-de-gouvernement-adopte-un-projet-de-decret-relatif-lheure-legale-stipulant-le # RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S - -Rule Morocco 1939 only - Sep 12 0:00 1:00 S +Rule Morocco 1939 only - Sep 12 0:00 1:00 - Rule Morocco 1939 only - Nov 19 0:00 0 - -Rule Morocco 1940 only - Feb 25 0:00 1:00 S +Rule Morocco 1940 only - Feb 25 0:00 1:00 - Rule Morocco 1945 only - Nov 18 0:00 0 - -Rule Morocco 1950 only - Jun 11 0:00 1:00 S +Rule Morocco 1950 only - Jun 11 0:00 1:00 - Rule Morocco 1950 only - Oct 29 0:00 0 - -Rule Morocco 1967 only - Jun 3 12:00 1:00 S +Rule Morocco 1967 only - Jun 3 12:00 1:00 - Rule Morocco 1967 only - Oct 1 0:00 0 - -Rule Morocco 1974 only - Jun 24 0:00 1:00 S +Rule Morocco 1974 only - Jun 24 0:00 1:00 - Rule Morocco 1974 only - Sep 1 0:00 0 - -Rule Morocco 1976 1977 - May 1 0:00 1:00 S +Rule Morocco 1976 1977 - May 1 0:00 1:00 - Rule Morocco 1976 only - Aug 1 0:00 0 - Rule Morocco 1977 only - Sep 28 0:00 0 - -Rule Morocco 1978 only - Jun 1 0:00 1:00 S +Rule Morocco 1978 only - Jun 1 0:00 1:00 - Rule Morocco 1978 only - Aug 4 0:00 0 - -Rule Morocco 2008 only - Jun 1 0:00 1:00 S +Rule Morocco 2008 only - Jun 1 0:00 1:00 - Rule Morocco 2008 only - Sep 1 0:00 0 - -Rule Morocco 2009 only - Jun 1 0:00 1:00 S +Rule Morocco 2009 only - Jun 1 0:00 1:00 - Rule Morocco 2009 only - Aug 21 0:00 0 - -Rule Morocco 2010 only - May 2 0:00 1:00 S +Rule Morocco 2010 only - May 2 0:00 1:00 - Rule Morocco 2010 only - Aug 8 0:00 0 - -Rule Morocco 2011 only - Apr 3 0:00 1:00 S +Rule Morocco 2011 only - Apr 3 0:00 1:00 - Rule Morocco 2011 only - Jul 31 0:00 0 - -Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 S +Rule Morocco 2012 2013 - Apr lastSun 2:00 1:00 - Rule Morocco 2012 only - Jul 20 3:00 0 - -Rule Morocco 2012 only - Aug 20 2:00 1:00 S +Rule Morocco 2012 only - Aug 20 2:00 1:00 - Rule Morocco 2012 only - Sep 30 3:00 0 - Rule Morocco 2013 only - Jul 7 3:00 0 - -Rule Morocco 2013 only - Aug 10 2:00 1:00 S -Rule Morocco 2013 max - Oct lastSun 3:00 0 - -Rule Morocco 2014 2021 - Mar lastSun 2:00 1:00 S +Rule Morocco 2013 only - Aug 10 2:00 1:00 - +Rule Morocco 2013 2018 - Oct lastSun 3:00 0 - +Rule Morocco 2014 2018 - Mar lastSun 2:00 1:00 - Rule Morocco 2014 only - Jun 28 3:00 0 - -Rule Morocco 2014 only - Aug 2 2:00 1:00 S +Rule Morocco 2014 only - Aug 2 2:00 1:00 - Rule Morocco 2015 only - Jun 14 3:00 0 - -Rule Morocco 2015 only - Jul 19 2:00 1:00 S +Rule Morocco 2015 only - Jul 19 2:00 1:00 - Rule Morocco 2016 only - Jun 5 3:00 0 - -Rule Morocco 2016 only - Jul 10 2:00 1:00 S +Rule Morocco 2016 only - Jul 10 2:00 1:00 - Rule Morocco 2017 only - May 21 3:00 0 - -Rule Morocco 2017 only - Jul 2 2:00 1:00 S +Rule Morocco 2017 only - Jul 2 2:00 1:00 - Rule Morocco 2018 only - May 13 3:00 0 - -Rule Morocco 2018 only - Jun 17 2:00 1:00 S -Rule Morocco 2019 only - May 5 3:00 0 - -Rule Morocco 2019 only - Jun 9 2:00 1:00 S -Rule Morocco 2020 only - Apr 19 3:00 0 - -Rule Morocco 2020 only - May 24 2:00 1:00 S -Rule Morocco 2021 only - Apr 11 3:00 0 - -Rule Morocco 2021 only - May 16 2:00 1:00 S -Rule Morocco 2022 only - May 8 2:00 1:00 S -Rule Morocco 2023 only - Apr 23 2:00 1:00 S -Rule Morocco 2024 only - Apr 14 2:00 1:00 S -Rule Morocco 2025 only - Apr 6 2:00 1:00 S -Rule Morocco 2026 max - Mar lastSun 2:00 1:00 S -Rule Morocco 2036 only - Oct 19 3:00 0 - -Rule Morocco 2037 only - Oct 4 3:00 0 - +Rule Morocco 2018 only - Jun 17 2:00 1:00 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26 - 0:00 Morocco WE%sT 1984 Mar 16 - 1:00 - CET 1986 - 0:00 Morocco WE%sT + 0:00 Morocco +00/+01 1984 Mar 16 + 1:00 - +01 1986 + 0:00 Morocco +00/+01 2018 Oct 27 + 1:00 - +01 # Western Sahara # @@ -958,7 +936,8 @@ Zone Africa/El_Aaiun -0:52:48 - LMT 1934 Jan # El Aaiún -1:00 - -01 1976 Apr 14 - 0:00 Morocco WE%sT + 0:00 Morocco +00/+01 2018 Oct 27 + 1:00 - +01 # Mozambique #
--- a/test/sun/util/calendar/zi/tzdata/antarctica Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/antarctica Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Antarctica and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson.
--- a/test/sun/util/calendar/zi/tzdata/asia Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/asia Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Asia and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -29,7 +31,7 @@ # tz@iana.org for general use in the future). For more, please see # the file CONTRIBUTING in the tz distribution. -# From Paul Eggert (2017-01-13): +# From Paul Eggert (2018-06-19): # # Unless otherwise specified, the source for data through 1990 is: # Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition), @@ -58,7 +60,8 @@ # A reliable and entertaining source about time zones is # Derek Howse, Greenwich time and longitude, Philip Wilson Publishers (1997). # -# The following alphabetic abbreviations appear in these tables: +# The following alphabetic abbreviations appear in these tables +# (corrections are welcome): # std dst # LMT Local Mean Time # 2:00 EET EEST Eastern European Time @@ -67,11 +70,13 @@ # 7:00 WIB west Indonesia (Waktu Indonesia Barat) # 8:00 WITA central Indonesia (Waktu Indonesia Tengah) # 8:00 CST China +# 8:00 PST PDT* Philippine Standard Time # 8:30 KST KDT Korea when at +0830 # 9:00 WIT east Indonesia (Waktu Indonesia Timur) # 9:00 JST JDT Japan # 9:00 KST KDT Korea when at +09 # 9:30 ACST Australian Central Standard Time +# *I invented the abbreviation PDT; see "Philippines" below. # Otherwise, these tables typically use numeric abbreviations like +03 # and +0330 for integer hour and minute UT offsets. Although earlier # editions invented alphabetic time zone abbreviations for every @@ -304,6 +309,29 @@ # China +# From Paul Eggert (2018-10-02): +# The following comes from Table 1 of: +# Li Yu. Research on the daylight saving movement in 1940s Shanghai. +# Nanjing Journal of Social Sciences. 2014;(2):144-50. +# http://oversea.cnki.net/kns55/detail.aspx?dbname=CJFD2014&filename=NJSH201402020 +# The table lists dates only; I am guessing 00:00 and 24:00 transition times. +# Also, the table lists the planned end of DST in 1949, but the corresponding +# zone line cuts this off on May 28, when the Communists took power. +# +# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +Rule Shang 1940 only - Jun 1 0:00 1:00 D +Rule Shang 1940 only - Oct 12 24:00 0 S +Rule Shang 1941 only - Mar 15 0:00 1:00 D +Rule Shang 1941 only - Nov 1 24:00 0 S +Rule Shang 1942 only - Jan 31 0:00 1:00 D +Rule Shang 1945 only - Sep 1 24:00 0 S +Rule Shang 1946 only - May 15 0:00 1:00 D +Rule Shang 1946 only - Sep 30 24:00 0 S +Rule Shang 1947 only - Apr 15 0:00 1:00 D +Rule Shang 1947 only - Oct 31 24:00 0 S +Rule Shang 1948 1949 - May 1 0:00 1:00 D +Rule Shang 1948 1949 - Sep 30 24:00 0 S #plan + # From Guy Harris: # People's Republic of China. Yes, they really have only one time zone. @@ -330,18 +358,33 @@ # time - sort of", Los Angeles Times, 1986-05-05 ... [says] that China began # observing daylight saving time in 1986. -# From Paul Eggert (2014-06-30): -# Shanks & Pottenger have China switching to a single time zone in 1980, but -# this doesn't seem to be correct. They also write that China observed summer -# DST from 1986 through 1991, which seems to match the above commentary, so -# go with them for DST rules as follows: +# From P Chan (2018-05-07): +# The start and end time of DST in China [from 1986 on] should be 2:00 +# (i.e. 2:00 to 3:00 at the start and 2:00 to 1:00 at the end).... +# Government notices about summer time: +# +# 1986-04-12 http://www.zj.gov.cn/attach/zfgb/198608.pdf p.21-22 +# (To establish summer time from 1986. On 4 May, set the clocks ahead one hour +# at 2 am. On 14 September, set the clocks backward one hour at 2 am.) +# +# 1987-02-15 http://www.gov.cn/gongbao/shuju/1987/gwyb198703.pdf p.114 +# (Summer time in 1987 to start from 12 April until 13 September) +# +# 1987-09-09 http://www.gov.cn/gongbao/shuju/1987/gwyb198721.pdf p.709 +# (From 1988, summer time to start from 2 am of the first Sunday of mid-April +# until 2 am of the first Sunday of mid-September) +# +# 1992-03-03 http://www.gov.cn/gongbao/shuju/1992/gwyb199205.pdf p.152 +# (To suspend summer time from 1992) +# +# The first page of People's Daily on 12 April 1988 stating that summer time +# to begin on 17 April. +# http://data.people.com.cn/pic/101p/1988/04/1988041201.jpg + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Shang 1940 only - Jun 3 0:00 1:00 D -Rule Shang 1940 1941 - Oct 1 0:00 0 S -Rule Shang 1941 only - Mar 16 0:00 1:00 D -Rule PRC 1986 only - May 4 0:00 1:00 D -Rule PRC 1986 1991 - Sep Sun>=11 0:00 0 S -Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D +Rule PRC 1986 only - May 4 2:00 1:00 D +Rule PRC 1986 1991 - Sep Sun>=11 2:00 0 S +Rule PRC 1987 1991 - Apr Sun>=11 2:00 1:00 D # From Anthony Fok (2001-12-20): # BTW, I did some research on-line and found some info regarding these five @@ -363,10 +406,11 @@ # Alois Treindl kindly sent me translations of the following two sources: # # (1) -# Guo Qingsheng (National Time-Service Center, CAS, Xi'an 710600, China) +# Guo Qing-sheng (National Time-Service Center, CAS, Xi'an 710600, China) # Beijing Time at the Beginning of the PRC # China Historical Materials of Science and Technology -# (Zhongguo ke ji shi liao, 中国科技史料), Vol. 24, No. 1 (2003) +# (Zhongguo ke ji shi liao, 中国科技史料). 2003;24(1):5-9. +# http://oversea.cnki.net/kcms/detail/detail.aspx?filename=ZGKS200301000&dbname=CJFD2003 # It gives evidence that at the beginning of the PRC, Beijing time was # officially apparent solar time! However, Guo also says that the # evidence is dubious, as the relevant institute of astronomy had not @@ -543,7 +587,7 @@ # Zone NAME GMTOFF RULES FORMAT [UNTIL] # Beijing time, used throughout China; represented by Shanghai. Zone Asia/Shanghai 8:05:43 - LMT 1901 - 8:00 Shang C%sT 1949 + 8:00 Shang C%sT 1949 May 28 8:00 PRC C%sT # Xinjiang time, used by many in western China; represented by Ürümqi / Ürümchi # / Wulumuqi. (Please use Asia/Shanghai if you prefer Beijing time.) @@ -772,24 +816,140 @@ 8:00 Taiwan C%sT # Macau (Macao, Aomen) +# +# From P Chan (2018-05-10): +# * LegisMac +# http://legismac.safp.gov.mo/legismac/descqry/Descqry.jsf?lang=pt +# A database for searching titles of legal documents of Macau in +# Chinese and Portuguese. The term "HORÁRIO DE VERÃO" can be used for +# searching decrees about summer time. +# * Archives of Macao +# http://www.archives.gov.mo/en/bo/ +# It contains images of old official gazettes. +# * The Macao Meteorological and Geophysical Bureau have a page listing the +# summer time history. But it is not complete and has some mistakes. +# http://www.smg.gov.mo/smg/geophysics/e_t_Summer%20Time.htm +# Macau adopted GMT+8 on 30 Oct 1904 to follow Hong Kong. Clocks were +# advanced by 25 minutes and 50 seconds. Which means the LMT used was +# +7:34:10. As stated in the "Portaria No. 204" dated 21 October 1904 +# and published in the Official Gazette on 29 October 1904. +# http://igallery.icm.gov.mo/Images/Archives/BO/MO_AH_PUB_BO_1904_10/MO_AH_PUB_BO_1904_10_00025_Grey.JPG +# +# Therefore the 1911 decree of Portugal did not change time in Macau. +# +# From LegisMac, here is a list of decrees that changed the time ... +# [Decree Gazette-no. date; titles omitted in this quotation] +# DIL 732 BOCM 51 1941.12.20 +# DIL 764 BOCM 9S 1942.04.30 +# DIL 781 BOCM 21 1942.10.10 +# PT 3434 BOCM 8S 1943.04.17 +# PT 3504 BOCM 20 1943.09.25 +# PT 3843 BOCM 39 1945.09.29 +# PT 3961 BOCM 17 1946.04.27 +# PT 4026 BOCM 39 1946.09.28 +# PT 4153 BOCM 16 1947.04.10 +# PT 4271 BOCM 48 1947.11.29 +# PT 4374 BOCM 18 1948.05.01 +# PT 4465 BOCM 44 1948.10.30 +# PT 4590 BOCM 14 1949.04.02 +# PT 4666 BOCM 44 1949.10.29 +# PT 4771 BOCM 12 1950.03.25 +# PT 4838 BOCM 43 1950.10.28 +# PT 4946 BOCM 12 1951.03.24 +# PT 5025 BO 43 1951.10.27 +# PT 5149 BO 14 1952.04.05 +# PT 5251 BO 43 1952.10.25 +# PT 5366 BO 13 1953.03.28 +# PT 5444 BO 44 1953.10.31 +# PT 5540 BO 12 1954.03.20 +# PT 5589 BO 44 1954.10.30 +# PT 5676 BO 12 1955.03.19 +# PT 5739 BO 45 1955.11.05 +# PT 5823 BO 11 1956.03.17 +# PT 5891 BO 44 1956.11.03 +# PT 5981 BO 12 1957.03.23 +# PT 6064 BO 43 1957.10.26 +# PT 6172 BO 12 1958.03.22 +# PT 6243 BO 43 1958.10.25 +# PT 6341 BO 12 1959.03.21 +# PT 6411 BO 43 1959.10.24 +# PT 6514 BO 11 1960.03.12 +# PT 6584 BO 44 1960.10.29 +# PT 6721 BO 10 1961.03.11 +# PT 6815 BO 43 1961.10.28 +# PT 6947 BO 10 1962.03.10 +# PT 7080 BO 43 1962.10.27 +# PT 7218 BO 12 1963.03.23 +# PT 7340 BO 43 1963.10.26 +# PT 7491 BO 11 1964.03.14 +# PT 7664 BO 43 1964.10.24 +# PT 7846 BO 15 1965.04.10 +# PT 7979 BO 42 1965.10.16 +# PT 8146 BO 15 1966.04.09 +# PT 8252 BO 41 1966.10.08 +# PT 8429 BO 15 1967.04.15 +# PT 8540 BO 41 1967.10.14 +# PT 8735 BO 15 1968.04.13 +# PT 8860 BO 41 1968.10.12 +# PT 9035 BO 16 1969.04.19 +# PT 9156 BO 42 1969.10.18 +# PT 9328 BO 15 1970.04.11 +# PT 9418 BO 41 1970.10.10 +# PT 9587 BO 14 1971.04.03 +# PT 9702 BO 41 1971.10.09 +# PT 38-A/72 BO 14 1972.04.01 +# PT 126-A/72 BO 41 1972.10.07 +# PT 61/73 BO 14 1973.04.07 +# PT 182/73 BO 40 1973.10.06 +# PT 282/73 BO 51 1973.12.22 +# PT 177/74 BO 41 1974.10.12 +# PT 51/75 BO 15 1975.04.12 +# PT 173/75 BO 41 1975.10.11 +# PT 67/76/M BO 14 1976.04.03 +# PT 169/76/M BO 41 1976.10.09 +# PT 78/79/M BO 19 1979.05.12 +# PT 166/79/M BO 42 1979.10.20 +# Note that DIL 732 does not belong to "HORÁRIO DE VERÃO" according to +# LegisMac.... Note that between 1942 and 1945, the time switched +# between GMT+9 and GMT+10. Also in 1965 and 1965 the DST ended at 2:30am. + +# From Paul Eggert (2018-05-10): +# The 1904 decree says that Macau changed from the meridian of +# Fortaleza do Monte, presumably the basis for the 7:34:10 for LMT. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Macau 1961 1962 - Mar Sun>=16 3:30 1:00 D -Rule Macau 1961 1964 - Nov Sun>=1 3:30 0 S -Rule Macau 1963 only - Mar Sun>=16 0:00 1:00 D -Rule Macau 1964 only - Mar Sun>=16 3:30 1:00 D -Rule Macau 1965 only - Mar Sun>=16 0:00 1:00 D -Rule Macau 1965 only - Oct 31 0:00 0 S -Rule Macau 1966 1971 - Apr Sun>=16 3:30 1:00 D -Rule Macau 1966 1971 - Oct Sun>=16 3:30 0 S -Rule Macau 1972 1974 - Apr Sun>=15 0:00 1:00 D -Rule Macau 1972 1973 - Oct Sun>=15 0:00 0 S -Rule Macau 1974 1977 - Oct Sun>=15 3:30 0 S -Rule Macau 1975 1977 - Apr Sun>=15 3:30 1:00 D -Rule Macau 1978 1980 - Apr Sun>=15 0:00 1:00 D -Rule Macau 1978 1980 - Oct Sun>=15 0:00 0 S -# See Europe/Lisbon for info about the 1912 transition. +Rule Macau 1942 1943 - Apr 30 23:00 1:00 - +Rule Macau 1942 only - Nov 17 23:00 0 - +Rule Macau 1943 only - Sep 30 23:00 0 S +Rule Macau 1946 only - Apr 30 23:00s 1:00 D +Rule Macau 1946 only - Sep 30 23:00s 0 S +Rule Macau 1947 only - Apr 19 23:00s 1:00 D +Rule Macau 1947 only - Nov 30 23:00s 0 S +Rule Macau 1948 only - May 2 23:00s 1:00 D +Rule Macau 1948 only - Oct 31 23:00s 0 S +Rule Macau 1949 1950 - Apr Sat>=1 23:00s 1:00 D +Rule Macau 1949 1950 - Oct lastSat 23:00s 0 S +Rule Macau 1951 only - Mar 31 23:00s 1:00 D +Rule Macau 1951 only - Oct 28 23:00s 0 S +Rule Macau 1952 1953 - Apr Sat>=1 23:00s 1:00 D +Rule Macau 1952 only - Nov 1 23:00s 0 S +Rule Macau 1953 1954 - Oct lastSat 23:00s 0 S +Rule Macau 1954 1956 - Mar Sat>=17 23:00s 1:00 D +Rule Macau 1955 only - Nov 5 23:00s 0 S +Rule Macau 1956 1964 - Nov Sun>=1 03:30 0 S +Rule Macau 1957 1964 - Mar Sun>=18 03:30 1:00 D +Rule Macau 1965 1973 - Apr Sun>=16 03:30 1:00 D +Rule Macau 1965 1966 - Oct Sun>=16 02:30 0 S +Rule Macau 1967 1976 - Oct Sun>=16 03:30 0 S +Rule Macau 1973 only - Dec 30 03:30 1:00 D +Rule Macau 1975 1976 - Apr Sun>=16 03:30 1:00 D +Rule Macau 1979 only - May 13 03:30 1:00 D +Rule Macau 1979 only - Oct Sun>=16 03:30 0 S + # Zone NAME GMTOFF RULES FORMAT [UNTIL] -Zone Asia/Macau 7:34:20 - LMT 1911 Dec 31 16:00u +Zone Asia/Macau 7:34:10 - LMT 1904 Oct 30 + 8:00 - CST 1941 Dec 21 23:00 + 9:00 Macau +09/+10 1945 Sep 30 24:00 8:00 Macau C%sT @@ -1494,9 +1654,29 @@ # http://www.shugiin.go.jp/internet/itdb_housei.nsf/html/houritsu/00719500331039.htm # ... In summary, it is written as follows. From 24:00 on the first Saturday # in May, until 0:00 on the day after the second Saturday in September. + +# From Phake Nick (2018-09-27): +# [T]he webpage authored by National Astronomical Observatory of Japan +# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EF.html +# ... mentioned that using Showa 23 (year 1948) as example, 13pm of September +# 11 in summer time will equal to 0am of September 12 in standard time. +# It cited a document issued by the Liaison Office which briefly existed +# during the postwar period of Japan, where the detail on implementation +# of the summer time is described in the document. +# https://eco.mtk.nao.ac.jp/koyomi/wiki/BBFEB9EF2FB2C6BBFEB9EFB2C6BBFEB9EFA4CEBCC2BBDCA4CBA4C4A4A4A4C6.pdf +# The text in the document do instruct a fall back to occur at +# September 11, 13pm in summer time, while ordinary citizens can +# change the clock before they sleep. +# +# From Paul Eggert (2018-09-27): +# This instruction is equivalent to "Sat>=8 25:00", so use that. zic treats +# it like "Sun>=9 01:00", which is not quite the same but is the best we can +# do in any POSIX or C platform. The "25:00" assumes zic from 2007 or later, +# which should be safe now. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Japan 1948 only - May Sat>=1 24:00 1:00 D -Rule Japan 1948 1951 - Sep Sun>=9 0:00 0 S +Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D Rule Japan 1950 1951 - May Sat>=1 24:00 1:00 D @@ -1878,7 +2058,7 @@ 5:00 - +05 # Mangghystaū (KZ-MAN) # Aqtau was not founded until 1963, but it represents an inhabited region, -# so include time stamps before 1963. +# so include timestamps before 1963. Zone Asia/Aqtau 3:21:04 - LMT 1924 May 2 4:00 - +04 1930 Jun 21 5:00 - +05 1981 Oct 1 @@ -2018,6 +2198,10 @@ # Assembly, as published in Rodong Sinmun. # From Tim Parenti (2018-04-29): # It appears to be the front page story at the top in the right-most column. +# +# From Paul Eggert (2018-05-04): +# The BBC reported that the transition was from 23:30 to 24:00 today. +# https://www.bbc.com/news/world-asia-44010705 # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Seoul 8:27:52 - LMT 1908 Apr 1 @@ -2030,7 +2214,7 @@ 8:30 - KST 1912 Jan 1 9:00 - JST 1945 Aug 24 9:00 - KST 2015 Aug 15 00:00 - 8:30 - KST 2018 May 5 + 8:30 - KST 2018 May 4 23:30 9:00 - KST ############################################################################### @@ -2780,19 +2964,35 @@ # Philippine Star 2014-08-05 # http://www.philstar.com/headlines/2014/08/05/1354152/pnoy-urged-declare-use-daylight-saving-time +# From Paul Goyette (2018-06-15): +# In the Philippines, there is a national law, Republic Act No. 10535 +# which declares the official time here as "Philippine Standard Time". +# The act [1] even specifies use of PST as the abbreviation, although +# the FAQ provided by PAGASA [2] uses the "acronym PhST to distinguish +# it from the Pacific Standard Time (PST)." +# [1] http://www.officialgazette.gov.ph/2013/05/15/republic-act-no-10535/ +# [2] https://www1.pagasa.dost.gov.ph/index.php/astronomy/philippine-standard-time#republic-act-10535 +# +# From Paul Eggert (2018-06-19): +# I surveyed recent news reports, and my impression is that "PST" is +# more popular among reliable English-language news sources. This is +# not just a measure of Google hit counts: it's also the sizes and +# influence of the sources. There is no current abbreviation for DST, +# so use "PDT", the usual American style. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S -Rule Phil 1936 only - Nov 1 0:00 1:00 - -Rule Phil 1937 only - Feb 1 0:00 0 - -Rule Phil 1954 only - Apr 12 0:00 1:00 - -Rule Phil 1954 only - Jul 1 0:00 0 - -Rule Phil 1978 only - Mar 22 0:00 1:00 - -Rule Phil 1978 only - Sep 21 0:00 0 - +Rule Phil 1936 only - Nov 1 0:00 1:00 D +Rule Phil 1937 only - Feb 1 0:00 0 S +Rule Phil 1954 only - Apr 12 0:00 1:00 D +Rule Phil 1954 only - Jul 1 0:00 0 S +Rule Phil 1978 only - Mar 22 0:00 1:00 D +Rule Phil 1978 only - Sep 21 0:00 0 S # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Manila -15:56:00 - LMT 1844 Dec 31 8:04:00 - LMT 1899 May 11 - 8:00 Phil +08/+09 1942 May - 9:00 - +09 1944 Nov - 8:00 Phil +08/+09 + 8:00 Phil P%sT 1942 May + 9:00 - JST 1944 Nov + 8:00 Phil P%sT # Qatar # Zone NAME GMTOFF RULES FORMAT [UNTIL] @@ -2803,15 +3003,34 @@ # Saudi Arabia # -# From Paul Eggert (2014-07-15): +# From Paul Eggert (2018-08-29): # Time in Saudi Arabia and other countries in the Arabian peninsula was not -# standardized until relatively recently; we don't know when, and possibly it +# standardized until 1968 or so; we don't know exactly when, and possibly it # has never been made official. Richard P Hunt, in "Islam city yielding to # modern times", New York Times (1961-04-09), p 20, wrote that only airlines # observed standard time, and that people in Jeddah mostly observed quasi-solar # time, doing so by setting their watches at sunrise to 6 o'clock (or to 12 # o'clock for "Arab" time). # +# Timekeeping differed depending on who you were and which part of Saudi +# Arabia you were in. In 1969, Elias Antar wrote that although a common +# practice had been to set one's watch to 12:00 (i.e., midnight) at sunset - +# which meant that the time on one side of a mountain could differ greatly from +# the time on the other side - many foreigners set their watches to 6pm +# instead, while airlines instead used UTC +03 (except in Dhahran, where they +# used UTC +04), Aramco used UTC +03 with DST, and the Trans-Arabian Pipe Line +# Company used Aramco time in eastern Saudi Arabia and airline time in western. +# (The American Military Aid Advisory Group used plain UTC.) Antar writes, +# "A man named Higgins, so the story goes, used to run a local power +# station. One day, the whole thing became too much for Higgins and he +# assembled his staff and laid down the law. 'I've had enough of this,' he +# shrieked. 'It is now 12 o'clock Higgins Time, and from now on this station is +# going to run on Higgins Time.' And so, until last year, it did." See: +# Antar E. Dinner at When? Saudi Aramco World, 1969 March/April. 2-3. +# http://archive.aramcoworld.com/issue/196902/dinner.at.when.htm +# newspapers.com says a similar story about Higgins was published in the Port +# Angeles (WA) Evening News, 1965-03-10, page 5, but I lack access to the text. +# # The TZ database cannot represent quasi-solar time; airline time is the best # we can do. The 1946 foreign air news digest of the U.S. Civil Aeronautics # Board (OCLC 42299995) reported that the "... Arabian Government, inaugurated @@ -2821,7 +3040,8 @@ # # Shanks & Pottenger also state that until 1968-05-01 Saudi Arabia had two # time zones; the other zone, at UT +04, was in the far eastern part of -# the country. Ignore this, as it's before our 1970 cutoff. +# the country. Presumably this is documenting airline time. Ignore this, +# as it's before our 1970 cutoff. # # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Riyadh 3:06:52 - LMT 1947 Mar 14
--- a/test/sun/util/calendar/zi/tzdata/australasia Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/australasia Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Australasia and environs, and for much of the Pacific + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -384,8 +386,15 @@ # Dominic Fok writes (2017-08-20) that DST ends 2018-01-14, citing # Extraordinary Government of Fiji Gazette Supplement No. 21 (2017-08-27), # [Legal Notice No. 41] of an order of the previous day by J Usamate. + +# From Raymond Kumar (2018-07-13): +# http://www.fijitimes.com/government-approves-2018-daylight-saving/ +# ... The daylight saving period will end at 3am on Sunday January 13, 2019. +# +# From Paul Eggert (2018-07-15): # For now, guess DST from 02:00 the first Sunday in November to 03:00 -# the first Sunday on or after January 14. Although ad hoc, it matches +# the first Sunday on or after January 13. January transitions reportedly +# depend on when school terms start. Although the guess is ad hoc, it matches # transitions since late 2014 and seems more likely to match future # practice than guessing no DST. @@ -399,7 +408,7 @@ Rule Fiji 2012 2013 - Jan Sun>=18 3:00 0 - Rule Fiji 2014 only - Jan Sun>=18 2:00 0 - Rule Fiji 2014 max - Nov Sun>=1 2:00 1:00 - -Rule Fiji 2015 max - Jan Sun>=14 3:00 0 - +Rule Fiji 2015 max - Jan Sun>=13 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Pacific/Fiji 11:55:44 - LMT 1915 Oct 26 # Suva 12:00 Fiji +12/+13
--- a/test/sun/util/calendar/zi/tzdata/backward Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/backward Wed Feb 06 04:09:08 2019 +0000 @@ -21,10 +21,12 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb links for backward compatibility + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. -# This file provides links between current names for time zones +# This file provides links between current names for timezones # and their old names. Many names changed in late 1993. # Link TARGET LINK-NAME
--- a/test/sun/util/calendar/zi/tzdata/etcetera Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/etcetera Wed Feb 06 04:09:08 2019 +0000 @@ -21,12 +21,14 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for ships at sea and other miscellany + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. # These entries are mostly present for historical reasons, so that # people in areas not otherwise covered by the tz files could "zic -l" -# to a time zone that was right for their area. These days, the +# to a timezone that was right for their area. These days, the # tz files cover almost all the inhabited world, and the only practical # need now for the entries that are not on UTC are for ships at sea # that cannot use POSIX TZ settings.
--- a/test/sun/util/calendar/zi/tzdata/europe Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/europe Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for Europe and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -540,7 +542,7 @@ # # To work around this problem, the build procedure can translate the # following data into two forms, one with negative SAVE values and the -# other form with a traditional approximation for Irish time stamps +# other form with a traditional approximation for Irish timestamps # after 1971-10-31 02:00 UTC; although this approximation has tm_isdst # flags that are reversed, its UTC offsets are correct and this often # suffices. This source file currently uses only nonnegative SAVE @@ -2450,6 +2452,33 @@ # administratively part of Sakhalin oblast', they appear to have # remained on UTC+11 along with Magadan. +# From Marat Nigametzianov (2018-07-16): +# this is link to order from 1956 about timezone in USSR +# http://astro.uni-altai.ru/~orion/blog/2011/11/novyie-granitsyi-chasovyih-poyasov-v-sssr/ +# +# From Paul Eggert (2018-07-16): +# Perhaps someone could translate the above-mentioned link and use it +# to correct our data for the ex-Soviet Union. It cites the following: +# «Поясное время и новые границы часовых поясов» / сост. П.Н. Долгов, +# отв. ред. Г.Д. Бурдун - М: Комитет стандартов, мер и измерительных +# приборов при Совете Министров СССР, Междуведомственная комиссия +# единой службы времени, 1956 г. +# This book looks like it would be a helpful resource for the Soviet +# Union through 1956. Although a copy was in the Scientific Library +# of Tomsk State University, I have not been able to track down a copy nearby. +# +# From Stepan Golosunov (2018-07-21): +# http://astro.uni-altai.ru/~orion/blog/2015/05/center-reforma-ischisleniya-vremeni-br-na-territorii-sssr-v-1957-godu-center/ +# says that the 1956 decision to change time belts' borders was not +# implemented as planned in 1956 and the change happened in 1957. +# There is also the problem that actual time zones were different from +# the official time belts (and from many time belts' maps) as there were +# numerous exceptions to application of time belt rules. For example, +# https://ru.wikipedia.org/wiki/Московское_время#Перемещение_границы_применения_московского_времени_на_восток +# says that by 1962 there were many regions in the 3rd time belt that +# were on Moscow time, referring to a 1962 map. By 1989 number of such +# exceptions grew considerably. + # From Tim Parenti (2014-07-06): # The comments detailing the coverage of each Russian zone are meant to assist # with maintenance only and represent our best guesses as to which regions @@ -2460,9 +2489,6 @@ # future stability. ISO 3166-2:RU codes are also listed for first-level # divisions where available. -# Zone NAME GMTOFF RULES FORMAT [UNTIL] - - # From Tim Parenti (2014-07-03): # Europe/Kaliningrad covers... # 39 RU-KGD Kaliningrad Oblast @@ -2730,6 +2756,15 @@ # 34 RU-VGG Volgograd Oblast # The 1988 transition is from USSR act No. 5 (1988-01-04). +# From Alexander Fetisov (2018-09-20): +# Volgograd region in southern Russia (Europe/Volgograd) change +# timezone from UTC+3 to UTC+4 from 28oct2018. +# http://sozd.parliament.gov.ru/bill/452878-7 +# +# From Stepan Golosunov (2018-10-11): +# The law has been published today on +# http://publication.pravo.gov.ru/Document/View/0001201810110037 + Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3 3:00 - +03 1930 Jun 21 4:00 - +04 1961 Nov 11 @@ -2738,7 +2773,8 @@ 4:00 - +04 1992 Mar 29 2:00s 3:00 Russia +03/+04 2011 Mar 27 2:00s 4:00 - +04 2014 Oct 26 2:00s - 3:00 - +03 + 3:00 - +03 2018 Oct 28 2:00s + 4:00 - +04 # From Paul Eggert (2016-11-11): # Europe/Saratov covers: @@ -3427,7 +3463,8 @@ #Rule NatSpain 1937 only - May 22 23:00 1:00 S #Rule NatSpain 1937 1938 - Oct Sat>=1 24:00s 0 - #Rule NatSpain 1938 only - Mar 26 23:00 1:00 S -# The following rules are copied from Morocco from 1967 through 1978. +# The following rules are copied from Morocco from 1967 through 1978, +# except with "S" letters. Rule SpainAfrica 1967 only - Jun 3 12:00 1:00 S Rule SpainAfrica 1967 only - Oct 1 0:00 0 - Rule SpainAfrica 1974 only - Jun 24 0:00 1:00 S @@ -3447,6 +3484,7 @@ 0:00 1:00 WEST 1918 Oct 7 23:00 0:00 - WET 1924 0:00 Spain WE%sT 1929 + 0:00 - WET 1967 # Help zishrink.awk. 0:00 SpainAfrica WE%sT 1984 Mar 16 1:00 - CET 1986 1:00 EU CE%sT @@ -3632,7 +3670,7 @@ # http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2 - for 2001 # http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2 - for 2002-2006 # From Paul Eggert (2016-09-25): -# Prefer the above sources to Shanks & Pottenger for time stamps after 1985. +# Prefer the above sources to Shanks & Pottenger for timestamps after 1985. # From Steffen Thorsen (2007-03-09): # Starting 2007 though, it seems that they are adopting EU's 1:00 UTC @@ -3842,10 +3880,29 @@ # * Ukrainian Government's Resolution of 20.03.1992, No. 139. # http://www.uazakon.com/documents/date_8u/pg_grcasa.htm +# From Paul Eggert (2018-10-03): +# As is usual in tzdb, Ukrainian zones use the most common English spellings. +# For example, tzdb uses Europe/Kiev, as "Kiev" is the most common spelling in +# English for Ukraine's capital, even though it is certainly wrong as a +# transliteration of the Ukrainian "Київ". This is similar to tzdb's use of +# Europe/Prague, which is certainly wrong as a transliteration of the Czech +# "Praha". ("Kiev" came from old Slavic via Russian to English, and "Prague" +# came from old Slavic via French to English, so the two cases have something +# in common.) Admittedly English-language spelling of Ukrainian names is +# controversial, and some day "Kyiv" may become substantially more popular in +# English; in the meantime, stick with the traditional English "Kiev" as that +# means less disruption for our users. +# +# Anyway, none of the common English-language spellings (Kiev, Kyiv, Kieff, +# Kijeff, Kijev, Kiyef, Kiyeff) do justice to the common pronunciation in +# Ukrainian, namely [ˈkɪjiu̯] (IPA). This pronunciation has nothing like an +# English "v" or "f", and instead trails off with what an English-speaker +# would call a demure "oo" sound, and it would would be better anglicized as +# "Kuiyu". Here's a sound file, if you would like to do as the Kuiyuvians do: +# https://commons.wikimedia.org/wiki/File:Uk-Київ.ogg + # Zone NAME GMTOFF RULES FORMAT [UNTIL] -# Most of Ukraine since 1970 has been like Kiev. -# "Kyiv" is the transliteration of the Ukrainian name, but -# "Kiev" is more common in English. +# This represents most of Ukraine. See above for the spelling of "Kiev". Zone Europe/Kiev 2:02:04 - LMT 1880 2:02:04 - KMT 1924 May 2 # Kiev Mean Time 2:00 - EET 1930 Jun 21
--- a/test/sun/util/calendar/zi/tzdata/factory Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/factory Wed Feb 06 04:09:08 2019 +0000 @@ -21,11 +21,13 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for noncommittal factory settings + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. -# For distributors who don't want to put time zone specification in -# their installation procedures. Users that run 'date' will get the +# For distributors who don't want to specify a timezone in their +# installation procedures. Users who run 'date' will get the # time zone abbreviation "-00", indicating that the actual time zone # is unknown.
--- a/test/sun/util/calendar/zi/tzdata/leapseconds Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/leapseconds Wed Feb 06 04:09:08 2019 +0000 @@ -26,21 +26,25 @@ # This file is in the public domain. # This file is generated automatically from the data in the public-domain -# leap-seconds.list file, which is copied from: -# ftp://ftp.nist.gov/pub/time/leap-seconds.list +# leap-seconds.list file, which can be copied from +# <ftp://ftp.nist.gov/pub/time/leap-seconds.list> +# or <ftp://ftp.boulder.nist.gov/pub/time/leap-seconds.list> +# or <ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.list>. # For more about leap-seconds.list, please see # The NTP Timescale and Leap Seconds -# https://www.eecis.udel.edu/~mills/leap.html +# <https://www.eecis.udel.edu/~mills/leap.html>. # The International Earth Rotation and Reference Systems Service # periodically uses leap seconds to keep UTC to within 0.9 s of UT1 -# (which measures the true angular orientation of the earth in space); see -# Levine J. Coordinated Universal Time and the leap second. +# (which measures the true angular orientation of the earth in space) +# and publishes leap second data in a copyrighted file +# <https://hpiers.obspm.fr/iers/bul/bulc/Leap_Second.dat>. +# See: Levine J. Coordinated Universal Time and the leap second. # URSI Radio Sci Bull. 2016;89(4):30-6. doi:10.23919/URSIRSB.2016.7909995 -# http://ieeexplore.ieee.org/document/7909995/ +# <https://ieeexplore.ieee.org/document/7909995>. # There were no leap seconds before 1972, because the official mechanism # accounting for the discrepancy between atomic time and the earth's rotation -# did not exist until the early 1970s. +# did not exist. # The correction (+ or -) is made at the given time, so lines # will typically look like: @@ -48,10 +52,7 @@ # or # Leap YEAR MON DAY 23:59:59 - R/S -# If the leapsecond is Rolling (R) the given time is local time. -# If the leapsecond is Stationary (S) the given time is UTC. - -# Leap YEAR MONTH DAY HH:MM:SS CORR R/S +# If the leap second is Rolling (R) the given time is local time (unused here). Leap 1972 Jun 30 23:59:60 + S Leap 1972 Dec 31 23:59:60 + S Leap 1973 Dec 31 23:59:60 + S @@ -80,5 +81,9 @@ Leap 2015 Jun 30 23:59:60 + S Leap 2016 Dec 31 23:59:60 + S -# Updated through IERS Bulletin C55 -# File expires on: 28 December 2018 +# POSIX timestamps for the data in this file: +#updated 1467936000 +#expires 1561680000 + +# Updated through IERS Bulletin C56 +# File expires on: 28 June 2019
--- a/test/sun/util/calendar/zi/tzdata/northamerica Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/northamerica Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for North and Central America and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -71,7 +73,7 @@ # # Most of the US soon followed suit. See: # Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56. -# http://dx.doi.org/10.2307/3105430 +# https://dx.doi.org/10.2307/3105430 # From Paul Eggert (2005-04-16): # That 1883 transition occurred at 12:00 new time, not at 12:00 old time. @@ -460,6 +462,19 @@ # western South Dakota, far western Texas (El Paso County, Hudspeth County, # and Pine Springs and Nickel Creek in Culberson County), Utah, Wyoming # +# From Paul Eggert (2018-10-25): +# On 1921-03-04 federal law placed all of Texas into the central time zone. +# However, El Paso ignored the law for decades and continued to observe +# mountain time, on the grounds that that's what they had always done +# and they weren't about to let the federal government tell them what to do. +# Eventually the federal government gave in and changed the law on +# 1970-04-10 to match what El Paso was actually doing. Although +# that's slightly after our 1970 cutoff, there is no need to create a +# separate zone for El Paso since they were ignoring the law anyway. See: +# Long T. El Pasoans were time rebels, fought to stay in Mountain zone. +# El Paso Times. 2018-10-24 06:40 -06. +# https://www.elpasotimes.com/story/news/local/el-paso/2018/10/24/el-pasoans-were-time-rebels-fought-stay-mountain-zone/1744509002/ +# # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER Rule Denver 1920 1921 - Mar lastSun 2:00 1:00 D Rule Denver 1920 only - Oct lastSun 2:00 0 S @@ -729,9 +744,7 @@ Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00 -10:30 - HST 1933 Apr 30 2:00 -10:30 1:00 HDT 1933 May 21 12:00 - -10:30 - HST 1942 Feb 9 2:00 - -10:30 1:00 HDT 1945 Sep 30 2:00 - -10:30 - HST 1947 Jun 8 2:00 + -10:30 US H%sT 1947 Jun 8 2:00 -10:00 - HST # Now we turn to US areas that have diverged from the consensus since 1970.
--- a/test/sun/util/calendar/zi/tzdata/pacificnew Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/pacificnew Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for proposed US election time (this file is obsolete) + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson.
--- a/test/sun/util/calendar/zi/tzdata/southamerica Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/southamerica Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for South America and environs + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. @@ -415,7 +417,7 @@ # standard time, so let's do that here too. This does not change UTC # offsets, only tm_isdst and the time zone abbreviations. One minor # plus is that this silences a zic complaint that there's no POSIX TZ -# setting for time stamps past 2038. +# setting for timestamps past 2038. # Zone NAME GMTOFF RULES FORMAT [UNTIL] # @@ -948,6 +950,14 @@ # ... https://www.timeanddate.com/news/time/brazil-delays-dst-2018.html # From Steffen Thorsen (2017-12-20): # http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2017/decreto/D9242.htm +# +# From Fábio Gomes (2018-10-04): +# The Brazilian president just announced a new change on this year DST. +# It was scheduled to start on November 4th and it was changed to November 18th. +# From Rodrigo Brüning Wessler (2018-10-15): +# The Brazilian government just announced that the change in DST was +# canceled.... Maybe the president Michel Temer also woke up one hour +# earlier today. :) Rule Brazil 2018 max - Nov Sun>=1 0:00 1:00 - Rule Brazil 2023 only - Feb Sun>=22 0:00 0 - Rule Brazil 2024 2025 - Feb Sun>=15 0:00 0 - @@ -1254,6 +1264,24 @@ # they will switch from -03 to -04 one hour after Santiago does that day. # For now, assume that they will not revert. +# From Juan Correa (2018-08-13): +# As of moments ago, the Ministry of Energy in Chile has announced the new +# schema for DST. ... Announcement in video (in Spanish): +# https://twitter.com/MinEnergia/status/1029000399129374720 +# From Yonathan Dossow (2018-08-13): +# The video says "first Saturday of September", we all know it means Sunday at +# midnight. +# From Tim Parenti (2018-08-13): +# Translating the captions on the video at 0:44-0:55, "We want to announce as +# Government that from 2019, Winter Time will be increased to 5 months, between +# the first Saturday of April and the first Saturday of September." +# At 2:08-2:20, "The Magallanes region will maintain its current time, as +# decided by the citizens during 2017, but our Government will promote a +# regional dialogue table to gather their opinion on this matter." +# https://twitter.com/MinEnergia/status/1029009354001973248 +# "We will keep the new time policy unchanged for at least the next 4 years." +# So we extend the new rules on Saturdays at 24:00 mainland time indefinitely. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Chile 1927 1931 - Sep 1 0:00 1:00 - Rule Chile 1928 1932 - Apr 1 0:00 0 - @@ -1287,8 +1315,10 @@ Rule Chile 2011 only - Aug Sun>=16 4:00u 1:00 - Rule Chile 2012 2014 - Apr Sun>=23 3:00u 0 - Rule Chile 2012 2014 - Sep Sun>=2 4:00u 1:00 - -Rule Chile 2016 max - May Sun>=9 3:00u 0 - -Rule Chile 2016 max - Aug Sun>=9 4:00u 1:00 - +Rule Chile 2016 2018 - May Sun>=9 3:00u 0 - +Rule Chile 2016 2018 - Aug Sun>=9 4:00u 1:00 - +Rule Chile 2019 max - Apr Sun>=2 3:00u 0 - +Rule Chile 2019 max - Sep Sun>=2 4:00u 1:00 - # IATA SSIM anomalies: (1992-02) says 1992-03-14; # (1996-09) says 1998-03-08. Ignore these. # Zone NAME GMTOFF RULES FORMAT [UNTIL]
--- a/test/sun/util/calendar/zi/tzdata/systemv Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/systemv Wed Feb 06 04:09:08 2019 +0000 @@ -21,6 +21,8 @@ # or visit www.oracle.com if you need additional information or have any # questions. # +# tzdb data for System V rules (this file is obsolete) + # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson.
--- a/test/sun/util/calendar/zi/tzdata/zone.tab Tue Jan 29 22:38:26 2019 +0000 +++ b/test/sun/util/calendar/zi/tzdata/zone.tab Wed Feb 06 04:09:08 2019 +0000 @@ -21,12 +21,12 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -# tz zone descriptions (deprecated version) +# tzdb timezone descriptions (deprecated version) # # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. # -# From Paul Eggert (2014-07-31): +# From Paul Eggert (2018-06-27): # This file is intended as a backward-compatibility aid for older programs. # New programs should use zone1970.tab. This file is like zone1970.tab (see # zone1970.tab's comments), but with the following additional restrictions: @@ -35,13 +35,13 @@ # 2. The first data column contains exactly one country code. # # Because of (2), each row stands for an area that is the intersection -# of a region identified by a country code and of a zone where civil +# of a region identified by a country code and of a timezone where civil # clocks have agreed since 1970; this is a narrower definition than # that of zone1970.tab. # -# This table is intended as an aid for users, to help them select time -# zone data entries appropriate for their practical needs. It is not -# intended to take or endorse any position on legal or territorial claims. +# This table is intended as an aid for users, to help them select timezones +# appropriate for their practical needs. It is not intended to take or +# endorse any position on legal or territorial claims. # #country- #code coordinates TZ comments @@ -291,7 +291,7 @@ MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas) MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar -MO +2214+11335 Asia/Macau +MO +221150+1133230 Asia/Macau MP +1512+14545 Pacific/Saipan MQ +1436-06105 America/Martinique MR +1806-01557 Africa/Nouakchott