projects/build-spring-framework/build.xml | 1 0 + 1 - 0 !
projects/org.springframework.aop/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.beans/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.context/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.context/src/main/java/org/springframework/scripting/support/ScriptFactoryPostProcessor.java | 2 1 + 1 - 0 !
projects/org.springframework.core/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/LocalVariableTableParameterNameDiscoverer.java | 14 7 + 7 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/AnnotationAttributesReadingVisitor.java | 6 3 + 3 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/AnnotationMetadataReadingVisitor.java | 6 3 + 3 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/ClassMetadataReadingVisitor.java | 14 7 + 7 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/MethodMetadataReadingVisitor.java | 12 6 + 6 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/SimpleMetadataReader.java | 6 3 + 3 - 0 !
projects/org.springframework.integration-tests/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.spring-library/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.web.portlet/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.web.servlet/ivy.xml | 4 2 + 2 - 0 !
16 files changed, 39 insertions(+), 40 deletions(-)

 use asm 3.x debian package instead of cglib-nodep:
 - change imports to org.objectweb.*
 - small fix to API usage
 - disable build of org.springframework.asm module

projects/org.springframework.aop/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.aspects/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.beans/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.context.support/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.context/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.core/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.expression/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.instrument.tomcat/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.integration-tests/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.jdbc/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.jms/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.orm/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.oxm/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.spring-library/ivy.xml | 2 1 + 1 - 0 !
projects/org.springframework.test/ivy.xml | 4 4 + 0 - 0 !
projects/org.springframework.transaction/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.web.portlet/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.web.servlet/ivy.xml | 4 3 + 1 - 0 !
projects/org.springframework.web.struts/ivy.xml | 2 2 + 0 - 0 !
projects/org.springframework.web/ivy.xml | 2 2 + 0 - 0 !
20 files changed, 50 insertions(+), 2 deletions(-)

 don't use ivy for dependencies resolution
 as not enough debian packages provide Maven/Ivy metadata.

projects/org.springframework.transaction/build.xml | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 ibm websphere is non-free (remove it from source)

projects/org.springframework.jdbc/build.xml | 11 11 + 0 - 0 !
projects/org.springframework.jdbc/src/main/java/org/springframework/jdbc/datasource/embedded/EmbeddedDatabaseConfigurerFactory.java | 4 2 + 2 - 0 !
2 files changed, 13 insertions(+), 2 deletions(-)

 there is no package for derby db in debian.
 Don't compile EmbeddedDatabaseConfigurerFactory.

projects/org.springframework.context.support/src/main/java/org/springframework/scheduling/commonj/WorkManagerTaskExecutor.java | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 compatibility with commonj api provided by geronimo project
 The references to the Work related exceptions are disabled because the
 build fails and the compiler emit messages like this:
 "Unreachable catch block for WorkException. This exception is never thrown
 from the try statement body".

projects/org.springframework.aspects/build.xml | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

 fix iajc (aspectj compiler) classpath:
 - include JPA API

projects/org.springframework.context/src/main/java/org/springframework/scheduling/backportconcurrent/ConcurrentTaskExecutor.java | 6 3 + 3 - 0 !
projects/org.springframework.context/src/main/java/org/springframework/scheduling/backportconcurrent/CustomizableThreadFactory.java | 2 1 + 1 - 0 !
projects/org.springframework.context/src/main/java/org/springframework/scheduling/backportconcurrent/ThreadPoolTaskExecutor.java | 18 9 + 9 - 0 !
3 files changed, 13 insertions(+), 13 deletions(-)

 removes the dependency on backport-util-concurrent.
 The dependency has been dropped upstream in the recent releases

projects/org.springframework.orm/src/main/java/org/springframework/orm/jpa/persistenceunit/MutablePersistenceUnitInfo.java | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 jpa 2.0 compatibility patch

projects/org.springframework.context/src/main/java/org/springframework/validation/beanvalidation/LocalValidatorFactoryBean.java | 8 4 + 4 - 0 !
projects/org.springframework.context/src/main/java/org/springframework/validation/beanvalidation/MessageSourceResourceBundleLocator.java | 55 0 + 55 - 0 !
2 files changed, 4 insertions(+), 59 deletions(-)

 remove some code which only compile with hibernate validator 4.1
 This should be re-enabled when Hibernate Validator 4.1 enter Debian.

projects/org.springframework.context.support/src/main/java/org/springframework/ui/velocity/VelocityEngineFactory.java | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 compatibility with velocity 1.7 api

projects/org.springframework.jdbc/src/main/java/org/springframework/jdbc/datasource/DelegatingDataSource.java | 8 8 + 0 - 0 !
projects/org.springframework.jdbc/src/main/java/org/springframework/jdbc/datasource/DriverManagerDataSource.java | 9 9 + 0 - 0 !
projects/org.springframework.jdbc/src/main/java/org/springframework/jdbc/datasource/SimpleDriverDataSource.java | 9 9 + 0 - 0 !
projects/org.springframework.jdbc/src/main/java/org/springframework/jdbc/datasource/embedded/DerbyEmbeddedDatabaseConfigurer.java | 9 9 + 0 - 0 !
projects/org.springframework.jdbc/src/main/java/org/springframework/jdbc/datasource/embedded/EmbeddedDatabaseFactory.java | 9 9 + 0 - 0 !
projects/org.springframework.jdbc/src/main/java/org/springframework/jdbc/datasource/lookup/IsolationLevelDataSourceRouter.java | 10 10 + 0 - 0 !
6 files changed, 54 insertions(+)

 compatibility patch for jdbc 4.1 api in java 7
 Drop with 3.1 release of spring.

projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java | 56 56 + 0 - 0 !
1 file changed, 56 insertions(+)

 add 'processexternalentities to jaxb2marshaller

Added 'processExternalEntities' property to the JAXB2Marshaller, which
indicates whether external XML entities are processed when
unmarshalling.

Default is false, meaning that external entities are not resolved.
Processing of external entities will only be enabled/disabled when the
Source} passed to #unmarshal(Source) is a SAXSource or StreamSource. It
has no effect for DOMSource or StAXSource instances.

Original patch by Arjen Poutsma.

Bug: http://bugs.debian.org/720902

projects/org.springframework.core/src/main/java/org/springframework/util/StreamUtils.java | 183 183 + 0 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/util/xml/StaxUtils.java | 15 14 + 1 - 0 !
projects/org.springframework.web/src/main/java/org/springframework/http/converter/xml/SourceHttpMessageConverter.java | 190 154 + 36 - 0 !
projects/org.springframework.web/src/test/java/org/springframework/http/converter/xml/SourceHttpMessageConverterTests.java | 145 126 + 19 - 0 !
projects/org.springframework.web/src/test/resources/org/springframework/http/converter/xml/external.txt | 1 1 + 0 - 0 !
5 files changed, 478 insertions(+), 56 deletions(-)

 cve-2013-6429

Bug: http://bugs.debian.org/735420

projects/org.springframework.web/src/main/java/org/springframework/web/util/JavaScriptUtils.java | 35 28 + 7 - 0 !
projects/org.springframework.web/src/test/java/org/springframework/web/util/JavaScriptUtilsTests.java | 67 67 + 0 - 0 !
2 files changed, 95 insertions(+), 7 deletions(-)

 cve-2013-6430

Bug: http://bugs.debian.org/735420

projects/org.springframework.oxm/src/main/java/org/springframework/oxm/castor/CastorMarshaller.java | 5 5 + 0 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java | 7 7 + 0 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jibx/JibxMarshaller.java | 21 15 + 6 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/support/AbstractMarshaller.java | 70 67 + 3 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/xmlbeans/XmlBeansMarshaller.java | 6 5 + 1 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/xstream/XStreamMarshaller.java | 20 15 + 5 - 0 !
projects/org.springframework.web/src/main/java/org/springframework/http/converter/xml/SourceHttpMessageConverter.java | 9 8 + 1 - 0 !
7 files changed, 122 insertions(+), 16 deletions(-)

 cve-2014-0054

Bug: http://bugs.debian.org/741604

projects/org.springframework.web.servlet/src/main/java/org/springframework/web/servlet/tags/form/FormTag.java | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 cve-2014-1904

Bug: http://bugs.debian.org/741604

projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java | 16 14 + 2 - 0 !
projects/org.springframework.oxm/src/main/java/org/springframework/oxm/support/AbstractMarshaller.java | 12 12 + 0 - 0 !
projects/org.springframework.web/src/main/java/org/springframework/http/converter/xml/Jaxb2RootElementHttpMessageConverter.java | 54 54 + 0 - 0 !
projects/org.springframework.web/src/main/java/org/springframework/http/converter/xml/SourceHttpMessageConverter.java | 26 24 + 2 - 0 !
projects/org.springframework.web/src/test/java/org/springframework/http/converter/xml/Jaxb2RootElementHttpMessageConverterTest.java | 27 27 + 0 - 0 !
projects/org.springframework.web/src/test/java/org/springframework/http/converter/xml/SourceHttpMessageConverterTests.java | 7 4 + 3 - 0 !
6 files changed, 135 insertions(+), 7 deletions(-)

---

projects/org.springframework.core/src/main/java/org/springframework/asm/SpringAsmInfo.java | 38 38 + 0 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/LocalVariableTableParameterNameDiscoverer.java | 11 7 + 4 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/ParameterNameDiscoverer.java | 2 1 + 1 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/AnnotationAttributesReadingVisitor.java | 13 6 + 7 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/ClassMetadataReadingVisitor.java | 51 46 + 5 - 0 !
projects/org.springframework.core/src/main/java/org/springframework/core/type/classreading/MethodMetadataReadingVisitor.java | 8 4 + 4 - 0 !
6 files changed, 102 insertions(+), 21 deletions(-)

 upgrade from asm 3 to asm 4. this patch can be dropped after upgrading to spring 3.2 or later

projects/build-spring-framework/build.xml | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 do not build the struts bundle