diff -Nru junit4-4.12/debian/changelog junit4-4.12/debian/changelog
--- junit4-4.12/debian/changelog	2017-11-23 21:47:37.000000000 +0000
+++ junit4-4.12/debian/changelog	2021-02-10 15:17:35.000000000 +0000
@@ -1,3 +1,40 @@
+junit4 (4.12-8~18.04.1) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: Exposure of Sensitive Information
+    - debian/patches/CVE-2020-15250.patch: fix local information disclosure
+      vulnerability.
+    - CVE-2020-15250
+  * Other fixes
+    - debian/patches/maven2-compatibility.patch: Remove the prerequisite on
+      Maven 3.
+
+ -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Wed, 10 Feb 2021 15:17:35 +0000
+
+junit4 (4.12-8~18.04) bionic; urgency=medium
+
+  * Backport for OpenJDK 11. LP: #1814133.
+
+ -- Matthias Klose <doko@ubuntu.com>  Tue, 26 Feb 2019 17:39:32 +0100
+
+junit4 (4.12-8) unstable; urgency=medium
+
+  * Fixed the build failure with Java 11 (Closes: #912474)
+  * Standards-Version updated to 4.2.1
+
+ -- Emmanuel Bourg <ebourg@apache.org>  Thu, 01 Nov 2018 12:14:37 +0100
+
+junit4 (4.12-7) unstable; urgency=medium
+
+  * Team upload.
+  * Fixed the build failure with Java 10 (Closes: #898146)
+  * Removed Damien Raude-Morvan from the uploaders (Closes: #889389)
+  * Standards-Version updated to 4.1.4
+  * Use salsa.debian.org Vcs-* URLs
+  * Switch to debhelper level 11
+  * Use a secure URL in debian/watch
+
+ -- Emmanuel Bourg <ebourg@apache.org>  Tue, 08 May 2018 22:24:28 +0200
+
 junit4 (4.12-6) unstable; urgency=medium
 
   * Team upload.
diff -Nru junit4-4.12/debian/compat junit4-4.12/debian/compat
--- junit4-4.12/debian/compat	2017-07-25 21:56:22.000000000 +0000
+++ junit4-4.12/debian/compat	2018-05-08 20:24:03.000000000 +0000
@@ -1 +1 @@
-10
+11
diff -Nru junit4-4.12/debian/control junit4-4.12/debian/control
--- junit4-4.12/debian/control	2017-11-23 21:47:05.000000000 +0000
+++ junit4-4.12/debian/control	2018-11-01 11:10:03.000000000 +0000
@@ -1,22 +1,25 @@
 Source: junit4
 Section: java
 Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
-Uploaders: Florian Weimer <fw@deneb.enyo.de>,
-           Varun Hiremath <varun@debian.org>,
-           Damien Raude-Morvan <drazzib@debian.org>,
-           Ludovic Claude <ludovic.claude@laposte.net>,
-           Jakub Adam <jakub.adam@ktknet.cz>,
-           Emmanuel Bourg <ebourg@apache.org>
+Uploaders:
+ Florian Weimer <fw@deneb.enyo.de>,
+ Varun Hiremath <varun@debian.org>,
+ Ludovic Claude <ludovic.claude@laposte.net>,
+ Jakub Adam <jakub.adam@ktknet.cz>,
+ Emmanuel Bourg <ebourg@apache.org>
 Priority: optional
-Build-Depends: debhelper (>= 10), default-jdk, javahelper
-Build-Depends-Indep: default-jdk-doc,
-                     libhamcrest-java (>= 1.3),
-                     libhamcrest-java-doc,
-                     libmaven-javadoc-plugin-java,
-                     maven-debian-helper (>= 2.2)
-Standards-Version: 4.1.1
-Vcs-Git: https://anonscm.debian.org/git/pkg-java/junit4.git
-Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/junit4.git
+Build-Depends:
+ debhelper (>= 11),
+ default-jdk,
+ default-jdk-doc,
+ javahelper,
+ libhamcrest-java (>= 1.3),
+ libhamcrest-java-doc,
+ libmaven-javadoc-plugin-java,
+ maven-debian-helper (>= 2.2)
+Standards-Version: 4.2.1
+Vcs-Git: https://salsa.debian.org/java-team/junit4.git
+Vcs-Browser: https://salsa.debian.org/java-team/junit4
 Homepage: http://www.junit.org
 
 Package: junit4
diff -Nru junit4-4.12/debian/junit4-doc.doc-base.2 junit4-4.12/debian/junit4-doc.doc-base.2
--- junit4-4.12/debian/junit4-doc.doc-base.2	2015-04-28 14:31:53.000000000 +0000
+++ junit4-4.12/debian/junit4-doc.doc-base.2	2018-05-08 20:24:06.000000000 +0000
@@ -6,6 +6,5 @@
 Section: Programming
 
 Format: HTML
-Index: /usr/share/doc/junit4-doc/homepage.html
-Files: /usr/share/doc/junit4-doc/*
-
+Index: /usr/share/doc/junit4/homepage.html
+Files: /usr/share/doc/junit4/*
diff -Nru junit4-4.12/debian/junit4-doc.docs junit4-4.12/debian/junit4-doc.docs
--- junit4-4.12/debian/junit4-doc.docs	2015-04-28 14:31:53.000000000 +0000
+++ junit4-4.12/debian/junit4-doc.docs	2018-11-01 11:10:03.000000000 +0000
@@ -1,6 +1,5 @@
 doc
 doc/homepage.html
 *.txt
-*.css
 *.html
 
diff -Nru junit4-4.12/debian/maven.properties junit4-4.12/debian/maven.properties
--- junit4-4.12/debian/maven.properties	1970-01-01 00:00:00.000000000 +0000
+++ junit4-4.12/debian/maven.properties	2018-11-01 11:06:07.000000000 +0000
@@ -0,0 +1 @@
+maven.compiler.release=8
diff -Nru junit4-4.12/debian/patches/CVE-2020-15250.patch junit4-4.12/debian/patches/CVE-2020-15250.patch
--- junit4-4.12/debian/patches/CVE-2020-15250.patch	1970-01-01 00:00:00.000000000 +0000
+++ junit4-4.12/debian/patches/CVE-2020-15250.patch	2021-02-10 15:14:47.000000000 +0000
@@ -0,0 +1,136 @@
+Description: CVE-2020-15250
+ local information disclosure vulnerability
+---
+
+Origin: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
+Bug-Debian: https://bugs.debian.org/972231
+Last-Update: 2020-11-01
+
+--- junit4-4.12.orig/src/main/java/org/junit/rules/TemporaryFolder.java
++++ junit4-4.12/src/main/java/org/junit/rules/TemporaryFolder.java
+@@ -2,6 +2,9 @@ package org.junit.rules;
+ 
+ import java.io.File;
+ import java.io.IOException;
++import java.lang.reflect.Array;
++import java.lang.reflect.InvocationTargetException;
++import java.lang.reflect.Method;
+ 
+ import org.junit.Rule;
+ 
+@@ -130,7 +133,45 @@ public class TemporaryFolder extends Ext
+         return createTemporaryFolderIn(getRoot());
+     }
+ 
+-    private File createTemporaryFolderIn(File parentFolder) throws IOException {
++        private static File createTemporaryFolderIn(File parentFolder) throws IOException {
++        try {
++            return createTemporaryFolderWithNioApi(parentFolder);
++        } catch (ClassNotFoundException ignore) {
++            // Fallback for Java 5 and 6
++            return createTemporaryFolderWithFileApi(parentFolder);
++        } catch (InvocationTargetException e) {
++            Throwable cause = e.getCause();
++            if (cause instanceof IOException) {
++                throw (IOException) cause;
++            }
++            if (cause instanceof RuntimeException) {
++                throw (RuntimeException) cause;
++            }
++            IOException exception = new IOException("Failed to create temporary folder in " + parentFolder);
++            exception.initCause(cause);
++            throw exception;
++        } catch (Exception e) {
++            throw new RuntimeException("Failed to create temporary folder in " + parentFolder, e);
++        }
++    }
++
++    private static File createTemporaryFolderWithNioApi(File parentFolder) throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, IllegalAccessException {
++        Class<?> filesClass = Class.forName("java.nio.file.Files");
++        Object fileAttributeArray = Array.newInstance(Class.forName("java.nio.file.attribute.FileAttribute"), 0);
++        Class<?> pathClass = Class.forName("java.nio.file.Path");
++        Object tempDir;
++        if (parentFolder != null) {
++            Method createTempDirectoryMethod = filesClass.getDeclaredMethod("createTempDirectory", pathClass, String.class, fileAttributeArray.getClass());
++            Object parentPath = File.class.getDeclaredMethod("toPath").invoke(parentFolder);
++            tempDir = createTempDirectoryMethod.invoke(null, parentPath, "junit", fileAttributeArray);
++        } else {
++            Method createTempDirectoryMethod = filesClass.getDeclaredMethod("createTempDirectory", String.class, fileAttributeArray.getClass());
++            tempDir = createTempDirectoryMethod.invoke(null, "junit", fileAttributeArray);
++        }
++        return (File) pathClass.getDeclaredMethod("toFile").invoke(tempDir);
++    }
++
++    private static File createTemporaryFolderWithFileApi(File parentFolder) throws IOException {
+         File createdFolder = File.createTempFile("junit", "", parentFolder);
+         createdFolder.delete();
+         createdFolder.mkdir();
+--- junit4-4.12.orig/src/test/java/org/junit/tests/experimental/rules/TempFolderRuleTest.java
++++ junit4-4.12/src/test/java/org/junit/tests/experimental/rules/TempFolderRuleTest.java
+@@ -2,22 +2,30 @@ package org.junit.tests.experimental.rul
+ 
+ import static org.hamcrest.CoreMatchers.hasItem;
+ import static org.hamcrest.core.IsNot.not;
++import static org.junit.Assert.assertEquals;
+ import static org.junit.Assert.assertFalse;
+ import static org.junit.Assert.assertThat;
+ import static org.junit.Assert.assertTrue;
++import static org.junit.Assume.assumeTrue;
+ import static org.junit.experimental.results.PrintableResult.testResult;
+ import static org.junit.experimental.results.ResultMatchers.failureCountIs;
+ import static org.junit.experimental.results.ResultMatchers.isSuccessful;
+ 
+ import java.io.File;
+ import java.io.IOException;
++import java.lang.reflect.Array;
++import java.lang.reflect.InvocationTargetException;
+ import java.lang.reflect.Method;
+ import java.util.Arrays;
++import java.util.Set;
++import java.util.SortedSet;
++import java.util.TreeSet;
++import org.junit.rules.TemporaryFolder;
+ 
+ import org.junit.After;
++import org.junit.AssumptionViolatedException;
+ import org.junit.Rule;
+ import org.junit.Test;
+-import org.junit.rules.TemporaryFolder;
+ 
+ public class TempFolderRuleTest {
+     private static File[] createdFiles = new File[20];
+@@ -175,6 +183,34 @@ public class TempFolderRuleTest {
+         assertFalse(folder.getRoot().exists());
+     }
+ 
++    @Test
++    public void tempFolderIsOnlyAccessibleByOwner() throws IOException {
++        TemporaryFolder folder = new TemporaryFolder();
++        folder.create();
++
++        Set<String> expectedPermissions = new TreeSet<String>(Arrays.asList("OWNER_READ", "OWNER_WRITE", "OWNER_EXECUTE"));
++        Set<String> actualPermissions = getPosixFilePermissions(folder.getRoot());
++        assertEquals(expectedPermissions, actualPermissions);
++    }
++
++    private Set<String> getPosixFilePermissions(File root) {
++        try {
++            Class<?> pathClass = Class.forName("java.nio.file.Path");
++            Object linkOptionArray = Array.newInstance(Class.forName("java.nio.file.LinkOption"), 0);
++            Class<?> filesClass = Class.forName("java.nio.file.Files");
++            Object path = File.class.getDeclaredMethod("toPath").invoke(root);
++            Method posixFilePermissionsMethod = filesClass.getDeclaredMethod("getPosixFilePermissions", pathClass, linkOptionArray.getClass());
++            Set<?> permissions = (Set<?>) posixFilePermissionsMethod.invoke(null, path, linkOptionArray);
++            SortedSet<String> convertedPermissions = new TreeSet<String>();
++            for (Object item : permissions) {
++                convertedPermissions.add(item.toString());
++            }
++            return convertedPermissions;
++        } catch (Exception e) {
++            throw new AssumptionViolatedException("Test requires at least Java 1.7", e);
++        }
++    }
++
+     public static class NameClashes {
+         @Rule
+         public TemporaryFolder folder = new TemporaryFolder();
diff -Nru junit4-4.12/debian/patches/java10-compatibility.patch junit4-4.12/debian/patches/java10-compatibility.patch
--- junit4-4.12/debian/patches/java10-compatibility.patch	1970-01-01 00:00:00.000000000 +0000
+++ junit4-4.12/debian/patches/java10-compatibility.patch	2018-05-07 22:34:12.000000000 +0000
@@ -0,0 +1,17 @@
+Description: Fixes the errors with Java 10
+Author: Emmanuel Bourg <ebourg@apache.org>
+Forwarded: no
+--- a/src/test/java/org/junit/tests/running/core/MainRunner.java
++++ b/src/test/java/org/junit/tests/running/core/MainRunner.java
+@@ -40,11 +40,6 @@
+         }
+ 
+         @Override
+-        public boolean getInCheck() {
+-            return (originalSecurityManager != null) && originalSecurityManager.getInCheck();
+-        }
+-
+-        @Override
+         public Object getSecurityContext() {
+             return (originalSecurityManager == null) ? super.getSecurityContext() : originalSecurityManager.getSecurityContext();
+         }
diff -Nru junit4-4.12/debian/patches/maven2-compatibility.patch junit4-4.12/debian/patches/maven2-compatibility.patch
--- junit4-4.12/debian/patches/maven2-compatibility.patch	1970-01-01 00:00:00.000000000 +0000
+++ junit4-4.12/debian/patches/maven2-compatibility.patch	2021-02-10 15:14:46.000000000 +0000
@@ -0,0 +1,14 @@
+Description: Remove the prerequisite on Maven 3
+Author: Emmanuel Bourg <ebourg@apache.org>
+Forwarded: not-needed
+--- junit4-4.12.orig/pom.xml
++++ junit4-4.12/pom.xml
+@@ -65,7 +65,7 @@
+     </mailingLists>
+ 
+     <prerequisites>
+-        <maven>3.0.4</maven>
++        <maven>2.2.1</maven>
+     </prerequisites>
+ 
+     <scm>
diff -Nru junit4-4.12/debian/patches/series junit4-4.12/debian/patches/series
--- junit4-4.12/debian/patches/series	2017-11-23 20:00:46.000000000 +0000
+++ junit4-4.12/debian/patches/series	2021-02-10 15:14:47.000000000 +0000
@@ -2,3 +2,6 @@
 Version.java.patch
 privacy-breach-logo.patch
 java9-compatibility.patch
+java10-compatibility.patch
+maven2-compatibility.patch
+CVE-2020-15250.patch
diff -Nru junit4-4.12/debian/rules junit4-4.12/debian/rules
--- junit4-4.12/debian/rules	2017-11-23 21:46:15.000000000 +0000
+++ junit4-4.12/debian/rules	2018-05-07 22:34:14.000000000 +0000
@@ -2,6 +2,3 @@
 
 %:
 	dh $@ --with javahelper
-
-get-orig-source:
-	-uscan --upstream-version 0 --rename
diff -Nru junit4-4.12/debian/watch junit4-4.12/debian/watch
--- junit4-4.12/debian/watch	2015-04-28 14:31:53.000000000 +0000
+++ junit4-4.12/debian/watch	2018-05-08 20:24:15.000000000 +0000
@@ -1,2 +1,2 @@
 version=3
-http://github.com/junit-team/junit/tags/ .*/r(\d[\d\.]+)\.tar\.gz debian debian/orig-tar.sh
+https://github.com/junit-team/junit/tags/ .*/r(\d[\d\.]+)\.tar\.gz debian debian/orig-tar.sh