diff -Nru jabref-3.8.2+ds/debian/changelog jabref-3.8.2+ds/debian/changelog --- jabref-3.8.2+ds/debian/changelog 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/changelog 2019-02-26 12:28:54.000000000 +0000 @@ -1,3 +1,97 @@ +jabref (3.8.2+ds-12~18.04) bionic; urgency=medium + + * Backport for OpenJDK 11. LP: #1814133. + + -- Matthias Klose Tue, 26 Feb 2019 13:28:54 +0100 + +jabref (3.8.2+ds-12) unstable; urgency=high + + * Add patch from upstream commit to fix CVE-2018-1000652: XML External + Entity attack. + Thanks to Moritz Muehlenhoff for the bug report. (Closes: #921772) + + -- gregor herrmann Sat, 09 Feb 2019 00:54:59 +0100 + +jabref (3.8.2+ds-11) unstable; urgency=medium + + * Add build dependency on libicu4j-java. + Thanks to Santiago Vila for the bug report. (Closes: #918440) + * Update years of packaging copyright. + * Declare compliance with Debian Policy 4.3.0. + + -- gregor herrmann Sun, 06 Jan 2019 02:59:35 +0100 + +jabref (3.8.2+ds-10) unstable; urgency=medium + + * Build depend on librelaxng-datatype-java and add its jar to the + classpath in debian/xjc.sh. (Closes: #915806) + * Remove trailing whitespace from debian/*. + * Add a lintian override (empty directory in source tree). + * Add minimal headers to two patches. + + -- gregor herrmann Sat, 08 Dec 2018 15:45:44 +0100 + +jabref (3.8.2+ds-9) unstable; urgency=medium + + * Invoke xjc from jaxb-xjc and drop build-dep on openjdk-8 + * Add build-dep on libxml-commons-resolver1.1-java + * Replace mysql-connector JDBC driver with mariadb-client-java + + -- tony mancill Wed, 07 Nov 2018 18:27:39 -0800 + +jabref (3.8.2+ds-8) unstable; urgency=medium + + * Add runtime dep on jaxb and update wrapper script for openjdk 11 + (Closes: #912221, LP: #1799106) + * Include openjdk-8-jdk as a build-dep for the xjc binary (removed + in openjdk-11) and patch build.gradle to compile using jaxb-api. + Note that this package still uses default-jdk for the compilation + itself. It cannot depend solely on openjdk-8-jdk, as Debian's + gradle fails to run on that JDK. (Addresses FTBFS) + * Bump Standards-Version to 4.2.1. + + -- tony mancill Wed, 31 Oct 2018 17:30:24 -0700 + +jabref (3.8.2+ds-7) unstable; urgency=medium + + * Add build-dep on libjsonp-java to builds against antlr4 version 4.6 + to address FTBFS (Closes: #906367) + * Flesh-out CC-BY-3.0 license in debian/copyright + + -- tony mancill Sun, 26 Aug 2018 14:50:27 -0700 + +jabref (3.8.2+ds-6) unstable; urgency=medium + + * Wrapper will skip Java 9+ options when Java 8 runtime is detected + (Closes: #900356) + + -- tony mancill Tue, 19 Jun 2018 21:20:06 -0700 + +jabref (3.8.2+ds-5) unstable; urgency=medium + + * Use workaround to start with JREs newer than Java8 (Closes: #893138) + - Drop the runtime dependency on openjdk-8-jre + - Set JABREF_JAVA_OPTS as per workaround documented by upstream + (https://github.com/JabRef/jabref/issues/2594). + - If this causes problems on a particular JRE, unset using: + JABREF_JAVA_OPTS="" jabref ... + * Use debhelper 11 + + -- tony mancill Wed, 23 May 2018 19:25:44 -0700 + +jabref (3.8.2+ds-4) unstable; urgency=medium + + * Apply upstream patch for file perms (Closes: #857351) + * Build with default-jdk + - This resolves the build-time part of #893138 + - openjdk-8 is still required at runtime + * Convert TR9401 catalog file to XML format for xjc/saxb 2.3 + * Add build-dep on libscram-java (needed by postgresql) + * Add JDK9 swing patch + * Update Vcs fields for migration from Alioth -> Salsa + + -- tony mancill Sun, 20 May 2018 10:59:57 -0700 + jabref (3.8.2+ds-3) unstable; urgency=medium * Force openjdk-8 at buildtime and runtime. @@ -376,7 +470,7 @@ * Edit jabref wrapper script to resolve libjgoodies-common-java jar. Add libjgoodies-common-java to Depends. (Closes: #614506) - * Change "looks" in wrapper script to "jgoodies-looks" + * Change "looks" in wrapper script to "jgoodies-looks" -- tony mancill Mon, 21 Feb 2011 20:04:55 -0800 @@ -405,10 +499,10 @@ * Set Standards-Version to 3.9.1 (no changes). [ tony mancill ] - * delete 05_antlr.patch + * delete 05_antlr.patch * add 05_antlrv32.patch: include new BstParser/Lexer classes generated by antlr 3.2. (Closes: #591124) - * Update README.source with information regarding regeneration of + * Update README.source with information regarding regeneration of BstParser and BstLexer classes. -- tony mancill Tue, 03 Aug 2010 19:41:44 -0700 @@ -480,7 +574,7 @@ get re-generated on each build. * Install reportbug presubj file via dh_bugfiles. * debian/copyright: update formatting and list of third-party copyright - holders. + holders. [ tony mancill ] * Add PreviewPanel patch to remove dependency on DocumentPrinter class. @@ -768,7 +862,7 @@ jabref (2.1-3) unstable; urgency=low * Change menu section to "Apps/Databases" and remove lintian override. - "Apps/Data Management" was premature, thanks to Frank Küster and + "Apps/Data Management" was premature, thanks to Frank Küster and Bill Allombert for pointing this out (cf. #386320). -- gregor herrmann Mon, 11 Sep 2006 21:12:37 +0200 @@ -812,7 +906,7 @@ * Add icon to menu entry, thanks to LI Daobing for the idea (closes: #380604). * Remove references to the libraries Commons Logging and Commons HTTP Client - from debian/copyright, as they are not included in the upstream tarball + from debian/copyright, as they are not included in the upstream tarball any more. -- gregor herrmann Mon, 31 Jul 2006 16:37:47 +0200 @@ -877,7 +971,7 @@ jabref (2.0.1-2) unstable; urgency=low * Update to Standards-Version: 3.7.0 (no changes required). - * Moved debhelper from Build-Depends-Indep to Build-Depends + * Moved debhelper from Build-Depends-Indep to Build-Depends in debian/control. -- gregor herrmann Mon, 1 May 2006 14:44:02 +0200 @@ -925,4 +1019,3 @@ * Initial release Closes: #205392 -- gregor herrmann Thu, 1 Sep 2005 23:18:00 +0200 - diff -Nru jabref-3.8.2+ds/debian/compat jabref-3.8.2+ds/debian/compat --- jabref-3.8.2+ds/debian/compat 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/compat 2019-02-08 23:54:59.000000000 +0000 @@ -1 +1 @@ -10 +11 diff -Nru jabref-3.8.2+ds/debian/control jabref-3.8.2+ds/debian/control --- jabref-3.8.2+ds/debian/control 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/control 2019-02-08 23:54:59.000000000 +0000 @@ -4,7 +4,7 @@ gregor herrmann Section: tex Priority: optional -Build-Depends: debhelper (>= 10), +Build-Depends: debhelper (>= 11), gradle-debian-helper Build-Depends-Indep: ant, antlr, @@ -18,6 +18,7 @@ libcommons-lang3-java, libcommons-logging-java, libglazedlists-java, + libicu4j-java, libjava-string-similarity-java, libjaxb-api-java, libjaxb-java, @@ -26,20 +27,24 @@ libjgoodies-forms-java (>= 1.9.0), libjgoodies-looks-java (>= 2.7.0), libjgraph-java, + libjsonp-java, liblog4j2-java (>= 2.10.0-2) | liblog4j2-java (<< 2.10), libmicroba-java, - libmysql-java, - libpdfbox-java (<< 1:2), + libmariadb-java, + libpdfbox-java, libpostgresql-jdbc-java (>= 9.4.1212), + librelaxng-datatype-java, libreoffice-java-common, + libscram-java, libspin-java, - libswingx-java (<< 1:1.6.4), + libswingx-java, libunirest-java-java, - openjdk-8-jdk, + libxml-commons-resolver1.1-java, + default-jdk, ure (>= 5.0~) -Standards-Version: 4.1.4 -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/jabref.git -Vcs-Git: https://anonscm.debian.org/git/pkg-java/jabref.git +Standards-Version: 4.3.0 +Vcs-Browser: https://salsa.debian.org/java-team/jabref +Vcs-Git: https://salsa.debian.org/java-team/jabref.git Homepage: https://www.jabref.org/ Package: jabref @@ -59,6 +64,7 @@ libhttpclient-java, libhttpmime-java, libjava-string-similarity-java, + libjaxb-java, libjempbox-java, libjgoodies-common-java (>= 1.8.1), libjgoodies-forms-java (>= 1.9.0), @@ -72,11 +78,10 @@ libspin-java, libswing-layout-java, libswingx-java (<< 1:1.6.4), - libunirest-java-java, - openjdk-8-jre + libunirest-java-java Recommends: xdg-utils, libreoffice-writer, - libmysql-java, + libmariadb-java, libpostgresql-jdbc-java (>= 9.4.1212) Suggests: gv | postscript-viewer, xpdf | pdf-viewer diff -Nru jabref-3.8.2+ds/debian/copyright jabref-3.8.2+ds/debian/copyright --- jabref-3.8.2+ds/debian/copyright 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/copyright 2019-02-08 23:54:59.000000000 +0000 @@ -48,8 +48,8 @@ License: GPL-2+ Files: debian/* -Copyright: 2005-2018, gregor herrmann - 2005-2018, tony mancill +Copyright: 2005-2019, gregor herrmann + 2005-2019, tony mancill License: Expat Files: debian/patches/001_koppor_debian.patch @@ -100,6 +100,15 @@ . Attribution 3.0 Unported . + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. + . + License + . THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS @@ -111,217 +120,204 @@ CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. . - *1. Definitions* + 1. Definitions . - 1. *"Adaptation"* means a work based upon the Work, or upon the Work - and other pre-existing works, such as a translation, adaptation, - derivative work, arrangement of music or other alterations of a - literary or artistic work, or phonogram or performance and - includes cinematographic adaptations or any other form in which - the Work may be recast, transformed, or adapted including in any - form recognizably derived from the original, except that a work - that constitutes a Collection will not be considered an Adaptation - for the purpose of this License. For the avoidance of doubt, where - the Work is a musical work, performance or phonogram, the - synchronization of the Work in timed-relation with a moving image - ("synching") will be considered an Adaptation for the purpose of - this License. - 2. *"Collection"* means a collection of literary or artistic works, - such as encyclopedias and anthologies, or performances, phonograms - or broadcasts, or other works or subject matter other than works - listed in Section 1(f) below, which, by reason of the selection - and arrangement of their contents, constitute intellectual - creations, in which the Work is included in its entirety in - unmodified form along with one or more other contributions, each - constituting separate and independent works in themselves, which - together are assembled into a collective whole. A work that - constitutes a Collection will not be considered an Adaptation (as - defined above) for the purposes of this License. - 3. *"Distribute"* means to make available to the public the original - and copies of the Work or Adaptation, as appropriate, through sale - or other transfer of ownership. - 4. *"Licensor"* means the individual, individuals, entity or entities - that offer(s) the Work under the terms of this License. - 5. *"Original Author"* means, in the case of a literary or artistic - work, the individual, individuals, entity or entities who created - the Work or if no individual or entity can be identified, the - publisher; and in addition (i) in the case of a performance the - actors, singers, musicians, dancers, and other persons who act, - sing, deliver, declaim, play in, interpret or otherwise perform - literary or artistic works or expressions of folklore; (ii) in the - case of a phonogram the producer being the person or legal entity - who first fixes the sounds of a performance or other sounds; and, - (iii) in the case of broadcasts, the organization that transmits - the broadcast. - 6. *"Work"* means the literary and/or artistic work offered under the - terms of this License including without limitation any production - in the literary, scientific and artistic domain, whatever may be - the mode or form of its expression including digital form, such as - a book, pamphlet and other writing; a lecture, address, sermon or - other work of the same nature; a dramatic or dramatico-musical - work; a choreographic work or entertainment in dumb show; a - musical composition with or without words; a cinematographic work - to which are assimilated works expressed by a process analogous to - cinematography; a work of drawing, painting, architecture, - sculpture, engraving or lithography; a photographic work to which - are assimilated works expressed by a process analogous to - photography; a work of applied art; an illustration, map, plan, - sketch or three-dimensional work relative to geography, - topography, architecture or science; a performance; a broadcast; a - phonogram; a compilation of data to the extent it is protected as - a copyrightable work; or a work performed by a variety or circus - performer to the extent it is not otherwise considered a literary - or artistic work. - 7. *"You"* means an individual or entity exercising rights under this - License who has not previously violated the terms of this License - with respect to the Work, or who has received express permission - from the Licensor to exercise rights under this License despite a - previous violation. - 8. *"Publicly Perform"* means to perform public recitations of the - Work and to communicate to the public those public recitations, by - any means or process, including by wire or wireless means or - public digital performances; to make available to the public Works - in such a way that members of the public may access these Works - from a place and at a place individually chosen by them; to - perform the Work to the public by any means or process and the - communication to the public of the performances of the Work, - including by public digital performance; to broadcast and - rebroadcast the Work by any means including signs, sounds or images. - 9. *"Reproduce"* means to make copies of the Work by any means - including without limitation by sound or visual recordings and the - right of fixation and reproducing fixations of the Work, including - storage of a protected performance or phonogram in digital form or - other electronic medium. + a. "Adaptation" means a work based upon the Work, or upon the Work and + other pre-existing works, such as a translation, adaptation, + derivative work, arrangement of music or other alterations of a + literary or artistic work, or phonogram or performance and includes + cinematographic adaptations or any other form in which the Work may be + recast, transformed, or adapted including in any form recognizably + derived from the original, except that a work that constitutes a + Collection will not be considered an Adaptation for the purpose of + this License. For the avoidance of doubt, where the Work is a musical + work, performance or phonogram, the synchronization of the Work in + timed-relation with a moving image ("synching") will be considered an + Adaptation for the purpose of this License. + b. "Collection" means a collection of literary or artistic works, such as + encyclopedias and anthologies, or performances, phonograms or + broadcasts, or other works or subject matter other than works listed + in Section 1(f) below, which, by reason of the selection and + arrangement of their contents, constitute intellectual creations, in + which the Work is included in its entirety in unmodified form along + with one or more other contributions, each constituting separate and + independent works in themselves, which together are assembled into a + collective whole. A work that constitutes a Collection will not be + considered an Adaptation (as defined above) for the purposes of this + License. + c. "Distribute" means to make available to the public the original and + copies of the Work or Adaptation, as appropriate, through sale or + other transfer of ownership. + d. "Licensor" means the individual, individuals, entity or entities that + offer(s) the Work under the terms of this License. + e. "Original Author" means, in the case of a literary or artistic work, + the individual, individuals, entity or entities who created the Work + or if no individual or entity can be identified, the publisher; and in + addition (i) in the case of a performance the actors, singers, + musicians, dancers, and other persons who act, sing, deliver, declaim, + play in, interpret or otherwise perform literary or artistic works or + expressions of folklore; (ii) in the case of a phonogram the producer + being the person or legal entity who first fixes the sounds of a + performance or other sounds; and, (iii) in the case of broadcasts, the + organization that transmits the broadcast. + f. "Work" means the literary and/or artistic work offered under the terms + of this License including without limitation any production in the + literary, scientific and artistic domain, whatever may be the mode or + form of its expression including digital form, such as a book, + pamphlet and other writing; a lecture, address, sermon or other work + of the same nature; a dramatic or dramatico-musical work; a + choreographic work or entertainment in dumb show; a musical + composition with or without words; a cinematographic work to which are + assimilated works expressed by a process analogous to cinematography; + a work of drawing, painting, architecture, sculpture, engraving or + lithography; a photographic work to which are assimilated works + expressed by a process analogous to photography; a work of applied + art; an illustration, map, plan, sketch or three-dimensional work + relative to geography, topography, architecture or science; a + performance; a broadcast; a phonogram; a compilation of data to the + extent it is protected as a copyrightable work; or a work performed by + a variety or circus performer to the extent it is not otherwise + considered a literary or artistic work. + g. "You" means an individual or entity exercising rights under this + License who has not previously violated the terms of this License with + respect to the Work, or who has received express permission from the + Licensor to exercise rights under this License despite a previous + violation. + h. "Publicly Perform" means to perform public recitations of the Work and + to communicate to the public those public recitations, by any means or + process, including by wire or wireless means or public digital + performances; to make available to the public Works in such a way that + members of the public may access these Works from a place and at a + place individually chosen by them; to perform the Work to the public + by any means or process and the communication to the public of the + performances of the Work, including by public digital performance; to + broadcast and rebroadcast the Work by any means including signs, + sounds or images. + i. "Reproduce" means to make copies of the Work by any means including + without limitation by sound or visual recordings and the right of + fixation and reproducing fixations of the Work, including storage of a + protected performance or phonogram in digital form or other electronic + medium. . - *2. Fair Dealing Rights.* Nothing in this License is intended to reduce, + 2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws. . - *3. License Grant.* Subject to the terms and conditions of this License, + 3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: . - 1. to Reproduce the Work, to incorporate the Work into one or more - Collections, and to Reproduce the Work as incorporated in the - Collections; - 2. to create and Reproduce Adaptations provided that any such - Adaptation, including any translation in any medium, takes - reasonable steps to clearly label, demarcate or otherwise identify - that changes were made to the original Work. For example, a - translation could be marked "The original work was translated from - English to Spanish," or a modification could indicate "The - original work has been modified."; - 3. to Distribute and Publicly Perform the Work including as - incorporated in Collections; and, - 4. to Distribute and Publicly Perform Adaptations. - 5. - . - For the avoidance of doubt: - . - 1. *Non-waivable Compulsory License Schemes*. In those - jurisdictions in which the right to collect royalties - through any statutory or compulsory licensing scheme cannot - be waived, the Licensor reserves the exclusive right to - collect such royalties for any exercise by You of the rights - granted under this License; - 2. *Waivable Compulsory License Schemes*. In those - jurisdictions in which the right to collect royalties - through any statutory or compulsory licensing scheme can be - waived, the Licensor waives the exclusive right to collect - such royalties for any exercise by You of the rights granted - under this License; and, - 3. *Voluntary License Schemes*. The Licensor waives the right - to collect royalties, whether individually or, in the event - that the Licensor is a member of a collecting society that - administers voluntary licensing schemes, via that society, - from any exercise by You of the rights granted under this - License. + a. to Reproduce the Work, to incorporate the Work into one or more + Collections, and to Reproduce the Work as incorporated in the + Collections; + b. to create and Reproduce Adaptations provided that any such Adaptation, + including any translation in any medium, takes reasonable steps to + clearly label, demarcate or otherwise identify that changes were made + to the original Work. For example, a translation could be marked "The + original work was translated from English to Spanish," or a + modification could indicate "The original work has been modified."; + c. to Distribute and Publicly Perform the Work including as incorporated + in Collections; and, + d. to Distribute and Publicly Perform Adaptations. + e. For the avoidance of doubt: + . + i. Non-waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme cannot be waived, the Licensor + reserves the exclusive right to collect such royalties for any + exercise by You of the rights granted under this License; + ii. Waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme can be waived, the Licensor waives the + exclusive right to collect such royalties for any exercise by You + of the rights granted under this License; and, + iii. Voluntary License Schemes. The Licensor waives the right to + collect royalties, whether individually or, in the event that the + Licensor is a member of a collecting society that administers + voluntary licensing schemes, via that society, from any exercise + by You of the rights granted under this License. . The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make - such modifications as are technically necessary to exercise the rights - in other media and formats. Subject to Section 8(f), all rights not - expressly granted by Licensor are hereby reserved. - . - *4. Restrictions.* The license granted in Section 3 above is expressly - made subject to and limited by the following restrictions: - . - 1. You may Distribute or Publicly Perform the Work only under the - terms of this License. You must include a copy of, or the Uniform - Resource Identifier (URI) for, this License with every copy of the - Work You Distribute or Publicly Perform. You may not offer or - impose any terms on the Work that restrict the terms of this - License or the ability of the recipient of the Work to exercise - the rights granted to that recipient under the terms of the - License. You may not sublicense the Work. You must keep intact all - notices that refer to this License and to the disclaimer of - warranties with every copy of the Work You Distribute or Publicly - Perform. When You Distribute or Publicly Perform the Work, You may - not impose any effective technological measures on the Work that - restrict the ability of a recipient of the Work from You to - exercise the rights granted to that recipient under the terms of - the License. This Section 4(a) applies to the Work as incorporated - in a Collection, but this does not require the Collection apart - from the Work itself to be made subject to the terms of this - License. If You create a Collection, upon notice from any Licensor - You must, to the extent practicable, remove from the Collection - any credit as required by Section 4(b), as requested. If You - create an Adaptation, upon notice from any Licensor You must, to - the extent practicable, remove from the Adaptation any credit as - required by Section 4(b), as requested. - 2. If You Distribute, or Publicly Perform the Work or any Adaptations - or Collections, You must, unless a request has been made pursuant - to Section 4(a), keep intact all copyright notices for the Work - and provide, reasonable to the medium or means You are utilizing: - (i) the name of the Original Author (or pseudonym, if applicable) - if supplied, and/or if the Original Author and/or Licensor - designate another party or parties (e.g., a sponsor institute, - publishing entity, journal) for attribution ("Attribution - Parties") in Licensor's copyright notice, terms of service or by - other reasonable means, the name of such party or parties; (ii) - the title of the Work if supplied; (iii) to the extent reasonably - practicable, the URI, if any, that Licensor specifies to be - associated with the Work, unless such URI does not refer to the - copyright notice or licensing information for the Work; and (iv) , - consistent with Section 3(b), in the case of an Adaptation, a - credit identifying the use of the Work in the Adaptation (e.g., - "French translation of the Work by Original Author," or - "Screenplay based on original Work by Original Author"). The - credit required by this Section 4 (b) may be implemented in any - reasonable manner; provided, however, that in the case of a - Adaptation or Collection, at a minimum such credit will appear, if - a credit for all contributing authors of the Adaptation or - Collection appears, then as part of these credits and in a manner - at least as prominent as the credits for the other contributing - authors. For the avoidance of doubt, You may only use the credit - required by this Section for the purpose of attribution in the - manner set out above and, by exercising Your rights under this - License, You may not implicitly or explicitly assert or imply any - connection with, sponsorship or endorsement by the Original - Author, Licensor and/or Attribution Parties, as appropriate, of - You or Your use of the Work, without the separate, express prior - written permission of the Original Author, Licensor and/or - Attribution Parties. - 3. Except as otherwise agreed in writing by the Licensor or as may be - otherwise permitted by applicable law, if You Reproduce, - Distribute or Publicly Perform the Work either by itself or as - part of any Adaptations or Collections, You must not distort, - mutilate, modify or take other derogatory action in relation to - the Work which would be prejudicial to the Original Author's honor - or reputation. Licensor agrees that in those jurisdictions (e.g. - Japan), in which any exercise of the right granted in Section 3(b) - of this License (the right to make Adaptations) would be deemed to - be a distortion, mutilation, modification or other derogatory - action prejudicial to the Original Author's honor and reputation, - the Licensor will waive or not assert, as appropriate, this - Section, to the fullest extent permitted by the applicable - national law, to enable You to reasonably exercise Your right - under Section 3(b) of this License (right to make Adaptations) but - not otherwise. + such modifications as are technically necessary to exercise the rights in + other media and formats. Subject to Section 8(f), all rights not expressly + granted by Licensor are hereby reserved. + . + 4. Restrictions. The license granted in Section 3 above is expressly made + subject to and limited by the following restrictions: + . + a. You may Distribute or Publicly Perform the Work only under the terms + of this License. You must include a copy of, or the Uniform Resource + Identifier (URI) for, this License with every copy of the Work You + Distribute or Publicly Perform. You may not offer or impose any terms + on the Work that restrict the terms of this License or the ability of + the recipient of the Work to exercise the rights granted to that + recipient under the terms of the License. You may not sublicense the + Work. You must keep intact all notices that refer to this License and + to the disclaimer of warranties with every copy of the Work You + Distribute or Publicly Perform. When You Distribute or Publicly + Perform the Work, You may not impose any effective technological + measures on the Work that restrict the ability of a recipient of the + Work from You to exercise the rights granted to that recipient under + the terms of the License. This Section 4(a) applies to the Work as + incorporated in a Collection, but this does not require the Collection + apart from the Work itself to be made subject to the terms of this + License. If You create a Collection, upon notice from any Licensor You + must, to the extent practicable, remove from the Collection any credit + as required by Section 4(b), as requested. If You create an + Adaptation, upon notice from any Licensor You must, to the extent + practicable, remove from the Adaptation any credit as required by + Section 4(b), as requested. + b. If You Distribute, or Publicly Perform the Work or any Adaptations or + Collections, You must, unless a request has been made pursuant to + Section 4(a), keep intact all copyright notices for the Work and + provide, reasonable to the medium or means You are utilizing: (i) the + name of the Original Author (or pseudonym, if applicable) if supplied, + and/or if the Original Author and/or Licensor designate another party + or parties (e.g., a sponsor institute, publishing entity, journal) for + attribution ("Attribution Parties") in Licensor's copyright notice, + terms of service or by other reasonable means, the name of such party + or parties; (ii) the title of the Work if supplied; (iii) to the + extent reasonably practicable, the URI, if any, that Licensor + specifies to be associated with the Work, unless such URI does not + refer to the copyright notice or licensing information for the Work; + and (iv) , consistent with Section 3(b), in the case of an Adaptation, + a credit identifying the use of the Work in the Adaptation (e.g., + "French translation of the Work by Original Author," or "Screenplay + based on original Work by Original Author"). The credit required by + this Section 4 (b) may be implemented in any reasonable manner; + provided, however, that in the case of a Adaptation or Collection, at + a minimum such credit will appear, if a credit for all contributing + authors of the Adaptation or Collection appears, then as part of these + credits and in a manner at least as prominent as the credits for the + other contributing authors. For the avoidance of doubt, You may only + use the credit required by this Section for the purpose of attribution + in the manner set out above and, by exercising Your rights under this + License, You may not implicitly or explicitly assert or imply any + connection with, sponsorship or endorsement by the Original Author, + Licensor and/or Attribution Parties, as appropriate, of You or Your + use of the Work, without the separate, express prior written + permission of the Original Author, Licensor and/or Attribution + Parties. + c. Except as otherwise agreed in writing by the Licensor or as may be + otherwise permitted by applicable law, if You Reproduce, Distribute or + Publicly Perform the Work either by itself or as part of any + Adaptations or Collections, You must not distort, mutilate, modify or + take other derogatory action in relation to the Work which would be + prejudicial to the Original Author's honor or reputation. Licensor + agrees that in those jurisdictions (e.g. Japan), in which any exercise + of the right granted in Section 3(b) of this License (the right to + make Adaptations) would be deemed to be a distortion, mutilation, + modification or other derogatory action prejudicial to the Original + Author's honor and reputation, the Licensor will waive or not assert, + as appropriate, this Section, to the fullest extent permitted by the + applicable national law, to enable You to reasonably exercise Your + right under Section 3(b) of this License (right to make Adaptations) + but not otherwise. . - *5. Representations, Warranties and Disclaimer* + 5. Representations, Warranties and Disclaimer . UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY @@ -329,76 +325,96 @@ INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, - WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE - EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION + OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + . + 6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE + LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR + ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES + ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS + BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + . + 7. Termination + . + a. This License and the rights granted hereunder will terminate + automatically upon any breach by You of the terms of this License. + Individuals or entities who have received Adaptations or Collections + from You under this License, however, will not have their licenses + terminated provided such individuals or entities remain in full + compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will + survive any termination of this License. + b. Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the + Work under different license terms or to stop distributing the Work at + any time; provided, however that any such election will not serve to + withdraw this License (or any other license that has been, or is + required to be, granted under the terms of this License), and this + License will continue in full force and effect unless terminated as + stated above. + . + 8. Miscellaneous + . + a. Each time You Distribute or Publicly Perform the Work or a Collection, + the Licensor offers to the recipient a license to the Work on the same + terms and conditions as the license granted to You under this License. + b. Each time You Distribute or Publicly Perform an Adaptation, Licensor + offers to the recipient a license to the original Work on the same + terms and conditions as the license granted to You under this License. + c. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this License, and without further action + by the parties to this agreement, such provision shall be reformed to + the minimum extent necessary to make such provision valid and + enforceable. + d. No term or provision of this License shall be deemed waived and no + breach consented to unless such waiver or consent shall be in writing + and signed by the party to be charged with such waiver or consent. + e. This License constitutes the entire agreement between the parties with + respect to the Work licensed here. There are no understandings, + agreements or representations with respect to the Work not specified + here. Licensor shall not be bound by any additional provisions that + may appear in any communication from You. This License may not be + modified without the mutual written agreement of the Licensor and You. + f. The rights granted under, and the subject matter referenced, in this + License were drafted utilizing the terminology of the Berne Convention + for the Protection of Literary and Artistic Works (as amended on + September 28, 1979), the Rome Convention of 1961, the WIPO Copyright + Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 + and the Universal Copyright Convention (as revised on July 24, 1971). + These rights and subject matter take effect in the relevant + jurisdiction in which the License terms are sought to be enforced + according to the corresponding provisions of the implementation of + those treaty provisions in the applicable national law. If the + standard suite of rights granted under applicable copyright law + includes additional rights not granted under this License, such + additional rights are deemed to be included in the License; this + License is not intended to restrict the license of any rights under + applicable law. + . + . + Creative Commons Notice + . + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + . + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, Creative Commons does not authorize + the use by either party of the trademark "Creative Commons" or any + related trademark or logo of Creative Commons without the prior + written consent of Creative Commons. Any permitted use will be in + compliance with Creative Commons' then-current trademark usage + guidelines, as may be published on its website or otherwise made + available upon request from time to time. For the avoidance of doubt, + this trademark restriction does not form part of this License. . - *6. Limitation on Liability.* EXCEPT TO THE EXTENT REQUIRED BY - APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL - THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY - DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF - LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - . - *7. Termination* - . - 1. This License and the rights granted hereunder will terminate - automatically upon any breach by You of the terms of this License. - Individuals or entities who have received Adaptations or - Collections from You under this License, however, will not have - their licenses terminated provided such individuals or entities - remain in full compliance with those licenses. Sections 1, 2, 5, - 6, 7, and 8 will survive any termination of this License. - 2. Subject to the above terms and conditions, the license granted - here is perpetual (for the duration of the applicable copyright in - the Work). Notwithstanding the above, Licensor reserves the right - to release the Work under different license terms or to stop - distributing the Work at any time; provided, however that any such - election will not serve to withdraw this License (or any other - license that has been, or is required to be, granted under the - terms of this License), and this License will continue in full - force and effect unless terminated as stated above. - . - *8. Miscellaneous* - . - 1. Each time You Distribute or Publicly Perform the Work or a - Collection, the Licensor offers to the recipient a license to the - Work on the same terms and conditions as the license granted to - You under this License. - 2. Each time You Distribute or Publicly Perform an Adaptation, - Licensor offers to the recipient a license to the original Work on - the same terms and conditions as the license granted to You under - this License. - 3. If any provision of this License is invalid or unenforceable under - applicable law, it shall not affect the validity or enforceability - of the remainder of the terms of this License, and without further - action by the parties to this agreement, such provision shall be - reformed to the minimum extent necessary to make such provision - valid and enforceable. - 4. No term or provision of this License shall be deemed waived and no - breach consented to unless such waiver or consent shall be in - writing and signed by the party to be charged with such waiver or - consent. - 5. This License constitutes the entire agreement between the parties - with respect to the Work licensed here. There are no - understandings, agreements or representations with respect to the - Work not specified here. Licensor shall not be bound by any - additional provisions that may appear in any communication from - You. This License may not be modified without the mutual written - agreement of the Licensor and You. - 6. The rights granted under, and the subject matter referenced, in - this License were drafted utilizing the terminology of the Berne - Convention for the Protection of Literary and Artistic Works (as - amended on September 28, 1979), the Rome Convention of 1961, the - WIPO Copyright Treaty of 1996, the WIPO Performances and - Phonograms Treaty of 1996 and the Universal Copyright Convention - (as revised on July 24, 1971). These rights and subject matter - take effect in the relevant jurisdiction in which the License - terms are sought to be enforced according to the corresponding - provisions of the implementation of those treaty provisions in the - applicable national law. If the standard suite of rights granted - under applicable copyright law includes additional rights not - granted under this License, such additional rights are deemed to - be included in the License; this License is not intended to - restrict the license of any rights under applicable law. + Creative Commons may be contacted at https://creativecommons.org/. License: GPL-1+ This program is free software; you can redistribute it and/or modify diff -Nru jabref-3.8.2+ds/debian/jabref-wrapper jabref-3.8.2+ds/debian/jabref-wrapper --- jabref-3.8.2+ds/debian/jabref-wrapper 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/jabref-wrapper 2019-02-08 23:54:59.000000000 +0000 @@ -3,9 +3,20 @@ # Include the wrappers utility script . /usr/lib/java-wrappers/java-wrappers.sh -# We need a java8 runtime -# as this is also provided by openjdk9, we hardcode openjdk8 here -find_java_runtime openjdk8 +# We need a java8 runtime (at least) +find_java_runtime java8 + +MAJOR_JAVA_VERSION=$(run_java -version 2>&1 | grep ' version ' | awk '{print $3}' | cut -f1 -d'.' | cut -c2-) +if ( test $MAJOR_JAVA_VERSION -ge 9 ) ; then + # We need some options to start this version on openjdk9 and later + # See http://discourse.jabref.org/t/cannot-start-jabref-3-7-3-6-using-java-9-on-ubuntu-16-04/361/8 + JABREF_JAVA_OPTS=${JABREF_JAVA_OPTS-"--add-opens=java.desktop/java.awt=ALL-UNNAMED"} + + # But java.se.ee only works for Java 9 and Java 10 + if ( test $MAJOR_JAVA_VERSION -lt 11 ) ; then + JABREF_JAVA_OPTS="${JABREF_JAVA_OPTS} --add-modules=java.se.ee" + fi +fi find_jars \ jabref \ @@ -26,6 +37,7 @@ httpcore-nio \ httpmime \ java-string-similarity \ + jaxb-runtime \ jempbox \ jgoodies-common \ jgoodies-forms \ @@ -38,7 +50,7 @@ log4j-core \ log4j-jcl \ microba \ - mysql-connector-java \ + mariadb-java-client \ pdfbox \ postgresql \ ridl \ @@ -48,4 +60,4 @@ unirest-java \ unoil -run_java net.sf.jabref.JabRefMain "$@" +run_java ${JABREF_JAVA_OPTS} net.sf.jabref.JabRefMain "$@" diff -Nru jabref-3.8.2+ds/debian/patches/010_gradle_build.patch jabref-3.8.2+ds/debian/patches/010_gradle_build.patch --- jabref-3.8.2+ds/debian/patches/010_gradle_build.patch 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/patches/010_gradle_build.patch 2019-02-08 23:54:59.000000000 +0000 @@ -64,7 +64,19 @@ compile 'com.jgoodies:jgoodies-common:1.8.1' compile 'com.jgoodies:jgoodies-forms:1.9.0' compile 'com.jgoodies:jgoodies-looks:2.7.0' -@@ -118,8 +127,8 @@ +@@ -97,9 +106,8 @@ + antlr4 'org.antlr:antlr4:4.6' + compile 'org.antlr:antlr4-runtime:4.6' + +- // VersionEye states that 6.0.5 is the most recent version, but http://dev.mysql.com/downloads/connector/j/ shows that as "Development Release" +- compile 'mysql:mysql-connector-java:5.1.40' +- ++ // debian would like to drop mysql-connector-java ++ compile 'org.mariadb.jdbc:mariadb-java-client:2.3.0' + compile 'org.postgresql:postgresql:9.4.1210' + + compile 'net.java.dev.glazedlists:glazedlists_java15:1.9.1' +@@ -118,8 +126,8 @@ compile 'org.apache.logging.log4j:log4j-jcl:2.7' compile 'org.apache.logging.log4j:log4j-api:2.7' compile 'org.apache.logging.log4j:log4j-core:2.7' @@ -75,7 +87,7 @@ testCompile 'junit:junit:4.12' testCompile 'org.mockito:mockito-core:2.6.2' -@@ -257,11 +266,12 @@ +@@ -257,11 +265,12 @@ tasks.withType(Test) { reports.html.destination = file("${reporting.baseDir}/${name}") @@ -91,7 +103,7 @@ jacocoTestReport { reports { xml.enabled = true // coveralls plugin depends on xml format report -@@ -299,6 +309,7 @@ +@@ -299,6 +308,7 @@ } }) } @@ -99,7 +111,7 @@ /* * Changes project.version to VERSION--snapshot--DATE--GIT_HASH -@@ -333,6 +344,7 @@ +@@ -333,6 +343,7 @@ project.version += "--snapshot--" + infoString } @@ -107,7 +119,7 @@ // has to be defined AFTER 'dev' things to have the correct project.version task media(type: com.install4j.gradle.Install4jTask, dependsOn: "releaseJar") { projectFile = file('jabref.install4j') -@@ -391,3 +403,4 @@ +@@ -391,3 +402,4 @@ // See https://github.com/andrewgaul/modernizer-maven-plugin for more information on modernizer failOnViolations = false } diff -Nru jabref-3.8.2+ds/debian/patches/030_xjc.patch jabref-3.8.2+ds/debian/patches/030_xjc.patch --- jabref-3.8.2+ds/debian/patches/030_xjc.patch 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/patches/030_xjc.patch 2019-02-08 23:54:59.000000000 +0000 @@ -269,6 +269,7 @@ + --- /dev/null +++ b/src/main/resources/xjc/mods/catalog.cat -@@ -0,0 +1,2 @@ -+-- local resources for Library Of Congress MODS -- -+REWRITE_SYSTEM "http://www.loc.gov" "loc" +@@ -0,0 +1,3 @@ ++ ++ ++ diff -Nru jabref-3.8.2+ds/debian/patches/060_0664_perms.patch jabref-3.8.2+ds/debian/patches/060_0664_perms.patch --- jabref-3.8.2+ds/debian/patches/060_0664_perms.patch 1970-01-01 00:00:00.000000000 +0000 +++ jabref-3.8.2+ds/debian/patches/060_0664_perms.patch 2019-02-08 23:54:59.000000000 +0000 @@ -0,0 +1,31 @@ +Description: newly created libraries are created with mode 664 +Author: Siedlerchr +Forwarded: not-needed +Source: https://patch-diff.githubusercontent.com/raw/JabRef/jabref/pull/2637.patch +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857351 + +--- a/src/main/java/net/sf/jabref/logic/exporter/FileSaveSession.java ++++ b/src/main/java/net/sf/jabref/logic/exporter/FileSaveSession.java +@@ -38,7 +38,6 @@ public class FileSaveSession extends Sav + private static final String TEMP_SUFFIX = "save.bib"; + private final Path temporaryFile; + +- + public FileSaveSession(Charset encoding, boolean backup) throws SaveException { + this(encoding, backup, createTemporaryFile()); + } +@@ -86,8 +85,12 @@ public class FileSaveSession extends Sav + LOGGER.error("Error when creating lock file.", ex); + } + +- // Try to save file permissions to restore them later (by default: allow everything) +- Set oldFilePermissions = EnumSet.allOf(PosixFilePermission.class); ++ // Try to save file permissions to restore them later (by default: 664) ++ Set oldFilePermissions = EnumSet.of(PosixFilePermission.OWNER_READ, ++ PosixFilePermission.OWNER_WRITE, ++ PosixFilePermission.GROUP_READ, ++ PosixFilePermission.GROUP_WRITE, ++ PosixFilePermission.OTHERS_READ); + if (FileUtil.isPosixCompilant && Files.exists(file)) { + try { + oldFilePermissions = Files.getPosixFilePermissions(file); diff -Nru jabref-3.8.2+ds/debian/patches/070_jdk9_swing.patch jabref-3.8.2+ds/debian/patches/070_jdk9_swing.patch --- jabref-3.8.2+ds/debian/patches/070_jdk9_swing.patch 1970-01-01 00:00:00.000000000 +0000 +++ jabref-3.8.2+ds/debian/patches/070_jdk9_swing.patch 2019-02-08 23:54:59.000000000 +0000 @@ -0,0 +1,73 @@ +Description: Add JDK9 swing patch +Origin: vendor +Author: tony mancill + +--- a/src/main/java/net/sf/jabref/gui/FindUnlinkedFilesDialog.java ++++ b/src/main/java/net/sf/jabref/gui/FindUnlinkedFilesDialog.java +@@ -398,8 +398,10 @@ public class FindUnlinkedFilesDialog ext + private void expandTree(JTree currentTree, TreePath parent, boolean expand) { + TreeNode node = (TreeNode) parent.getLastPathComponent(); + if (node.getChildCount() >= 0) { +- for (Enumeration e = node.children(); e.hasMoreElements();) { +- TreePath path = parent.pathByAddingChild(e.nextElement()); ++ final Enumeration e = node.children(); ++ while (e.hasMoreElements()) { ++ final TreeNode tNode = (TreeNode) e.nextElement(); ++ TreePath path = parent.pathByAddingChild(tNode); + expandTree(currentTree, path, expand); + } + } +@@ -637,9 +639,10 @@ public class FindUnlinkedFilesDialog ext + */ + private List getFileListFromNode(CheckableTreeNode node) { + List filesList = new ArrayList<>(); +- Enumeration children = node.depthFirstEnumeration(); ++ final Enumeration children = node.depthFirstEnumeration(); + List nodesToRemove = new ArrayList<>(); +- for (CheckableTreeNode child : Collections.list(children)) { ++ while (children.hasMoreElements()) { ++ final CheckableTreeNode child = (CheckableTreeNode) children.nextElement(); + if (child.isLeaf() && child.isSelected()) { + File nodeFile = ((FileNodeWrapper) child.getUserObject()).file; + if ((nodeFile != null) && nodeFile.isFile()) { +@@ -1081,8 +1084,9 @@ public class FindUnlinkedFilesDialog ext + + public void setSelected(boolean bSelected) { + isSelected = bSelected; +- Enumeration tmpChildren = this.children(); +- for (CheckableTreeNode child : Collections.list(tmpChildren)) { ++ final Enumeration tmpChildren = this.children(); ++ while (tmpChildren.hasMoreElements()) { ++ CheckableTreeNode child = (CheckableTreeNode) tmpChildren.nextElement(); + child.setSelected(bSelected); + } + +--- a/src/main/java/net/sf/jabref/collab/EntryChange.java ++++ b/src/main/java/net/sf/jabref/collab/EntryChange.java +@@ -74,8 +74,9 @@ class EntryChange extends Change { + public boolean makeChange(BasePanel panel, BibDatabase secondary, NamedCompound undoEdit) { + boolean allAccepted = true; + +- Enumeration e = children(); +- for (Change c : Collections.list(e)) { ++ Enumeration e = children(); ++ while (e.hasMoreElements()) { ++ final Change c = (Change) e.nextElement(); + if (c.isAcceptable() && c.isAccepted()) { + c.makeChange(panel, secondary, undoEdit); + } else { +--- a/src/main/java/net/sf/jabref/collab/ChangeDisplayDialog.java ++++ b/src/main/java/net/sf/jabref/collab/ChangeDisplayDialog.java +@@ -86,9 +86,10 @@ class ChangeDisplayDialog extends JDialo + // Perform all accepted changes: + // Store all edits in an Undoable object: + NamedCompound ce = new NamedCompound(Localization.lang("Merged external changes")); +- Enumeration enumer = root.children(); ++ Enumeration enumer = root.children(); + boolean anyDisabled = false; +- for (Change c : Collections.list(enumer)) { ++ while (enumer.hasMoreElements()) { ++ final Change c = (Change) enumer.nextElement(); + boolean allAccepted = false; + if (c.isAcceptable() && c.isAccepted()) { + allAccepted = c.makeChange(panel, localSecondary, ce); diff -Nru jabref-3.8.2+ds/debian/patches/080_jdk11_jaxb.patch jabref-3.8.2+ds/debian/patches/080_jdk11_jaxb.patch --- jabref-3.8.2+ds/debian/patches/080_jdk11_jaxb.patch 1970-01-01 00:00:00.000000000 +0000 +++ jabref-3.8.2+ds/debian/patches/080_jdk11_jaxb.patch 2019-02-08 23:54:59.000000000 +0000 @@ -0,0 +1,14 @@ +Description: patch build.gradle to compile using jaxb-api +Origin: vendor +Author: tony mancill + +--- a/build.gradle ++++ b/build.gradle +@@ -128,6 +128,7 @@ + compile 'org.apache.logging.log4j:log4j-core:2.7' + //compile 'org.xmlunit:xmlunit-core:2.3.0' + //compile 'org.xmlunit:xmlunit-matchers:2.3.0' ++ compile 'javax.xml.bind:jaxb-api:2.3.0' + + testCompile 'junit:junit:4.12' + testCompile 'org.mockito:mockito-core:2.6.2' diff -Nru jabref-3.8.2+ds/debian/patches/090_mariadb.patch jabref-3.8.2+ds/debian/patches/090_mariadb.patch --- jabref-3.8.2+ds/debian/patches/090_mariadb.patch 1970-01-01 00:00:00.000000000 +0000 +++ jabref-3.8.2+ds/debian/patches/090_mariadb.patch 2019-02-08 23:54:59.000000000 +0000 @@ -0,0 +1,15 @@ +Description: update jabref to use mariadb driver for MySQL connections +Author: tony mancill +Forwarded: not-needed + +--- a/src/main/java/net/sf/jabref/shared/DBMSType.java ++++ b/src/main/java/net/sf/jabref/shared/DBMSType.java +@@ -10,7 +10,7 @@ + + MYSQL( + "MySQL", +- "com.mysql.jdbc.Driver", ++ "org.mariadb.jdbc.Driver", + "jdbc:mysql://%s:%d/%s", 3306), + ORACLE( + "Oracle", diff -Nru jabref-3.8.2+ds/debian/patches/100_CVE-2018-1000652_XXE-vulnerability.patch jabref-3.8.2+ds/debian/patches/100_CVE-2018-1000652_XXE-vulnerability.patch --- jabref-3.8.2+ds/debian/patches/100_CVE-2018-1000652_XXE-vulnerability.patch 1970-01-01 00:00:00.000000000 +0000 +++ jabref-3.8.2+ds/debian/patches/100_CVE-2018-1000652_XXE-vulnerability.patch 2019-02-08 23:54:59.000000000 +0000 @@ -0,0 +1,81 @@ +From 89f855d76713b4cd25ac0830c719cd61c511851e Mon Sep 17 00:00:00 2001 +From: Nick +Date: Mon, 30 Jul 2018 16:06:07 +0000 +Subject: [PATCH] Fix importer vulnerability (#4240) + +* Fix importer vulnerability +Fixed issue #4229 where importer was vulnerable to XXE attacks by +disabling DTDs along with adding warning to logger if features are +unavailable. fixes #4229 + +Bugs-Debian: https://bugs.debian.org/921772 +Bug: https://github.com/JabRef/jabref/issues/4229 + +--- a/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java ++++ b/src/main/java/net/sf/jabref/logic/importer/fileformat/MsBibImporter.java +@@ -6,12 +6,15 @@ + + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; ++import javax.xml.parsers.ParserConfigurationException; + + import net.sf.jabref.logic.importer.Importer; + import net.sf.jabref.logic.importer.ParserResult; + import net.sf.jabref.logic.msbib.MSBibDatabase; + import net.sf.jabref.logic.util.FileExtensions; + ++import org.apache.commons.logging.Log; ++import org.apache.commons.logging.LogFactory; + import org.w3c.dom.Document; + import org.xml.sax.InputSource; + +@@ -23,6 +26,10 @@ + */ + public class MsBibImporter extends Importer { + ++ private static final Log LOGGER = LogFactory.getLog(MsBibImporter.class); ++ private static final String DISABLEDTD = "http://apache.org/xml/features/disallow-doctype-decl"; ++ private static final String DISABLEEXTERNALDTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; ++ + @Override + public boolean isRecognizedFormat(BufferedReader reader) throws IOException { + Objects.requireNonNull(reader); +@@ -34,7 +41,7 @@ + */ + Document docin; + try { +- DocumentBuilder dbuild = DocumentBuilderFactory.newInstance().newDocumentBuilder(); ++ DocumentBuilder dbuild = makeSafeDocBuilderFactory(DocumentBuilderFactory.newInstance()).newDocumentBuilder(); + docin = dbuild.parse(new InputSource(reader)); + } catch (Exception e) { + return false; +@@ -65,4 +72,29 @@ + return "Importer for the MS Office 2007 XML bibliography format."; + } + ++ /** ++ * DocumentBuilderFactory makes a XXE safe Builder factory from dBuild. If not supported by current ++ * XML then returns original builder given and logs error. ++ * @param dBuild | DocumentBuilderFactory to be made XXE safe. ++ * @return If supported, XXE safe DocumentBuilderFactory. Else, returns original builder given ++ */ ++ private DocumentBuilderFactory makeSafeDocBuilderFactory(DocumentBuilderFactory dBuild) { ++ String feature = null; ++ ++ try { ++ feature = DISABLEDTD; ++ dBuild.setFeature(feature, true); ++ ++ feature = DISABLEEXTERNALDTD; ++ dBuild.setFeature(feature, false); ++ ++ dBuild.setXIncludeAware(false); ++ dBuild.setExpandEntityReferences(false); ++ ++ } catch (ParserConfigurationException e) { ++ LOGGER.warn("Builder not fully configured. Feature:'" + feature + "' is probably not supported by current XML processor.", e); ++ } ++ ++ return dBuild; ++ } + } diff -Nru jabref-3.8.2+ds/debian/patches/series jabref-3.8.2+ds/debian/patches/series --- jabref-3.8.2+ds/debian/patches/series 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/patches/series 2019-02-08 23:54:59.000000000 +0000 @@ -3,3 +3,8 @@ 020_disable_automatic_upgrade_check.patch 030_xjc.patch 050_unirest_json.patch +060_0664_perms.patch +070_jdk9_swing.patch +080_jdk11_jaxb.patch +090_mariadb.patch +100_CVE-2018-1000652_XXE-vulnerability.patch diff -Nru jabref-3.8.2+ds/debian/README.Debian jabref-3.8.2+ds/debian/README.Debian --- jabref-3.8.2+ds/debian/README.Debian 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/README.Debian 2019-02-08 23:54:59.000000000 +0000 @@ -11,7 +11,7 @@ The debian version of JabRef is close to the official version. The only differences are the following: - - The dialog for merging entries (https://help.jabref.org/en/MergeEntries) + - The dialog for merging entries (https://help.jabref.org/en/MergeEntries) does not support syntax highlighting - The Debian version uses the microba date picker - The live update functionality for PostgreSQL has been removed diff -Nru jabref-3.8.2+ds/debian/rules jabref-3.8.2+ds/debian/rules --- jabref-3.8.2+ds/debian/rules 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/rules 2019-02-08 23:54:59.000000000 +0000 @@ -2,10 +2,6 @@ export DH_VERBOSE=1 -# force build with openjdk-8, even if -9 is installed -include /usr/share/dpkg/architecture.mk -export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-$(DEB_HOST_ARCH) - %: dh $@ --buildsystem=gradle diff -Nru jabref-3.8.2+ds/debian/source/lintian-overrides jabref-3.8.2+ds/debian/source/lintian-overrides --- jabref-3.8.2+ds/debian/source/lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ jabref-3.8.2+ds/debian/source/lintian-overrides 2019-02-08 23:54:59.000000000 +0000 @@ -0,0 +1,2 @@ +# this is a side effect of creating the +ds version +jabref source: source-contains-empty-directory src/main/java/osx/macadapter/ diff -Nru jabref-3.8.2+ds/debian/xjc.sh jabref-3.8.2+ds/debian/xjc.sh --- jabref-3.8.2+ds/debian/xjc.sh 2018-04-06 17:54:48.000000000 +0000 +++ jabref-3.8.2+ds/debian/xjc.sh 2019-02-08 23:54:59.000000000 +0000 @@ -2,7 +2,7 @@ # # generate Java bindings for XML schemas used in JabRef -XJC=/usr/bin/xjc +XJC="java -cp /usr/share/java/jaxb-xjc.jar:/usr/share/java/jaxb-runtime.jar:/usr/share/java/xml-resolver.jar:/usr/share/java/relaxngDatatype.jar com.sun.tools.xjc.XJCFacade" DEST=src/main/gen $XJC -d $DEST \