lucene/build.xml | 19 13 + 6 - 0 !
lucene/common-build.xml | 4 2 + 2 - 0 !
2 files changed, 15 insertions(+), 8 deletions(-)

 point javacc configuration at the jar files
 provided as part of the distribution.
 .
 Also fix javacc clean and generation which is broken upstream.

lucene/common-build.xml | 4 2 + 2 - 0 !
lucene/contrib/analyzers/kuromoji/build.xml | 2 1 + 1 - 0 !
lucene/contrib/analyzers/phonetic/build.xml | 2 1 + 1 - 0 !
lucene/contrib/benchmark/build.xml | 8 4 + 4 - 0 !
lucene/contrib/icu/build.xml | 2 1 + 1 - 0 !
lucene/contrib/queries/build.xml | 2 1 + 1 - 0 !
6 files changed, 10 insertions(+), 10 deletions(-)

 misc patches to build process to pickup
 unversioned jar files to support use of system libraries

lucene/common-build.xml | 2 1 + 1 - 0 !
solr/example/build.xml | 11 1 + 10 - 0 !
2 files changed, 2 insertions(+), 11 deletions(-)

 disable ivy resolution for offline builds.

lucene/contrib/icu/src/test/org/apache/lucene/collation/TestICUCollationKeyAnalyzer.java | 2 1 + 1 - 0 !
lucene/contrib/icu/src/test/org/apache/lucene/collation/TestICUCollationKeyFilter.java | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 update icu test as debian/ubuntu ship icu
 4.4 not 4.6/4.8 as used by upstream - this alters the
 collation key order slightly

lucene/contrib/queries/src/test/org/apache/lucene/search/regex/TestJakartaRegexpCapabilities.java | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 upstream ship with version 1.4 of j-regex - however
 Debian and Ubuntu ship with 1.5 which appears to have a bug in
 prefix processing see:
 .
   https://issues.apache.org/jira/browse/LUCENE-2072
 .
 As a result these tests do not pass - so marking as Ignore.

lucene/common-build.xml | 23 0 + 23 - 0 !
lucene/contrib/facet/src/java/org/apache/lucene/facet/doc-files/userguide.html | 7 0 + 7 - 0 !
2 files changed, 30 deletions(-)

 remove use of prettify in javadoc as it provided
 in non-preferrred compressed source and adds minimal value.

solr/contrib/velocity/src/java/org/apache/solr/response/VelocityResponseWriter.java | 2 1 + 1 - 0 !
solr/core/src/java/org/apache/solr/core/SolrResourceLoader.java | 46 33 + 13 - 0 !
solr/core/src/test/org/apache/solr/core/ResourceLoaderTest.java | 28 25 + 3 - 0 !
solr/core/src/test/org/apache/solr/schema/PrimitiveFieldTypeTest.java | 7 7 + 0 - 0 !
4 files changed, 66 insertions(+), 17 deletions(-)

 fix for cve-2013-6397

solr/CHANGES.txt | 11 11 + 0 - 0 !
solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/XPathRecordReader.java | 19 16 + 3 - 0 !
solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestXPathEntityProcessor.java | 8 6 + 2 - 0 !
solr/core/src/java/org/apache/solr/handler/DocumentAnalysisRequestHandler.java | 4 3 + 1 - 0 !
solr/core/src/java/org/apache/solr/handler/XmlUpdateRequestHandler.java | 4 3 + 1 - 0 !
solr/core/src/java/org/apache/solr/handler/XsltUpdateRequestHandler.java | 13 11 + 2 - 0 !
solr/core/src/java/org/apache/solr/handler/XsltXMLLoader.java | 14 12 + 2 - 0 !
solr/core/src/java/org/apache/solr/util/EmptyEntityResolver.java | 99 99 + 0 - 0 !
solr/core/src/test/org/apache/solr/handler/XmlUpdateRequestHandlerTest.java | 45 44 + 1 - 0 !
solr/core/src/test/org/apache/solr/handler/XsltUpdateRequestHandlerTest.java | 50 50 + 0 - 0 !
10 files changed, 255 insertions(+), 12 deletions(-)

 fixes for cve-2013-6407 and cve-2013-6408

solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java | 76 59 + 17 - 0 !
solr/solrj/src/test/org/apache/solr/client/solrj/StartSolrJetty.java | 14 7 + 7 - 0 !
solr/solrj/src/test/org/apache/solr/client/solrj/embedded/JettyWebappTest.java | 19 12 + 7 - 0 !
3 files changed, 78 insertions(+), 31 deletions(-)

 update to jetty 8

solr/core/src/test/org/apache/solr/analysis/TestBeiderMorseFilterFactory.java | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 fix the compatibility with commons codec 1.10
 This patch can be dropped after upgrading to lucene-solr 5

solr/core/src/test/org/apache/solr/handler/component/DummyCustomParamSpellChecker.java | 16 13 + 3 - 0 !
1 file changed, 13 insertions(+), 3 deletions(-)

 fix a test failure with java 8

lucene/contrib/xml-query-parser/src/java/org/apache/lucene/xmlparser/CoreParser.java | 77 59 + 18 - 0 !
1 file changed, 59 insertions(+), 18 deletions(-)

 cve-2017-12629

solr/core/src/java/org/apache/solr/core/RunExecutableListener.java | 122 0 + 122 - 0 !
1 file changed, 122 deletions(-)

 remove runexecutablelistener

solr/core/src/java/org/apache/solr/handler/ReplicationHandler.java | 21 19 + 2 - 0 !
1 file changed, 19 insertions(+), 2 deletions(-)

 validation of filename params in replicationhandler
 This is a backport of upstream patch available in commit
 ae789c252687dc8a18bfdb677f2e6cd14570e4db made by janhoy <janhoy@apache.org>

lucene/test-framework/src/java/org/apache/lucene/util/LuceneJUnitDividingSelector.java | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 ant 1.10

solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImporter.java | 13 11 + 2 - 0 !
solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestErrorHandling.java | 20 20 + 0 - 0 !
2 files changed, 31 insertions(+), 2 deletions(-)

 cve-2018-1308

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604

solr/webapp/web/WEB-INF/web.xml | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 web.xml

solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImportHandler.java | 10 10 + 0 - 0 !
solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/AbstractDataImportHandlerTestCase.java | 13 6 + 7 - 0 !
2 files changed, 16 insertions(+), 7 deletions(-)

 cve-2019-0193

Bug-Upstream: https://issues.apache.org/jira/browse/SOLR-13669

lucene/contrib/remote/build.xml | 3 0 + 3 - 0 !
1 file changed, 3 deletions(-)

 disable rmic

Bug-Debian: https://bugs.debian.org/982001