From a1792dbd660d283595fdca8d05828ada1017b5cc Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 06 2014 00:42:17 +0000
Subject: import resteasy-base-2.3.5-3.el7_0


---

diff --git a/SOURCES/resteasy-2.3.5.Final-resteasy-1073.patch b/SOURCES/resteasy-2.3.5.Final-resteasy-1073.patch
new file mode 100644
index 0000000..3fa8b63
--- /dev/null
+++ b/SOURCES/resteasy-2.3.5.Final-resteasy-1073.patch
@@ -0,0 +1,497 @@
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/pom.xml resteasy-2.3.5.Final/arquillian/pom.xml
+--- resteasy-2.3.5.Final.orig/arquillian/pom.xml	2014-07-25 15:36:38.637079327 -0400
++++ resteasy-2.3.5.Final/arquillian/pom.xml	2014-07-25 15:52:17.575397163 -0400
+@@ -15,6 +15,7 @@
+         <!--module>RESTEASY-736-as71</module-->
+         <module>RESTEASY-752-jetty</module>
+         <module>RESTEASY-760-jetty</module>
++        <module>RESTEASY-1073-WF8</module>
+     </modules>
+     
+     <artifactId>arquillian</artifactId>
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/pom.xml resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/pom.xml
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/pom.xml	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/pom.xml	2014-07-25 15:38:04.783298392 -0400
+@@ -0,0 +1,189 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
++  <modelVersion>4.0.0</modelVersion>
++
++  <parent>
++    <groupId>org.jboss.resteasy</groupId>
++    <artifactId>resteasy-jaxrs-all</artifactId>
++    <version>3.0.8.Final</version>
++    <relativePath>../../pom.xml</relativePath>
++  </parent>
++
++  <artifactId>RESTEASY-1073-WF8</artifactId>
++  <packaging>jar</packaging>
++  <name>RESTEASY-1073-WF8</name>
++  <url>http://maven.apache.org</url>
++
++  <properties>
++    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
++    <as-version>8.0.0.Final</as-version>
++  </properties>
++
++  <build>
++    <plugins>
++      <plugin>
++        <groupId>org.apache.maven.plugins</groupId>
++        <artifactId>maven-compiler-plugin</artifactId>
++        <version>2.3.2</version>
++        <configuration>
++          <source>1.6</source>
++          <target>1.6</target>
++        </configuration>
++      </plugin>
++      <plugin>
++        <artifactId>maven-surefire-plugin</artifactId>
++        <version>2.12</version>
++      </plugin>
++        <plugin>
++            <artifactId>maven-dependency-plugin</artifactId>
++            <executions>
++                <execution>
++                    <id>unpack</id>
++                    <phase>process-test-classes</phase>
++                    <goals>
++                        <goal>unpack</goal>
++                    </goals>
++                    <configuration>
++                        <artifactItems>
++                            <artifactItem>
++                                <groupId>org.wildfly</groupId>
++                                <artifactId>wildfly-dist</artifactId>
++                                <version>${as-version}</version>
++                                <type>zip</type>
++                                <overWrite>false</overWrite>
++                                <outputDirectory>target</outputDirectory>
++                            </artifactItem>
++                        </artifactItems>
++                    </configuration>
++                </execution>
++            </executions>
++        </plugin>
++      <plugin>
++        <groupId>org.apache.maven.plugins</groupId>
++        <artifactId>maven-antrun-plugin</artifactId>
++        <version>1.6</version>
++        <executions>
++          <execution>
++            <id>unpack resteasy</id>
++            <phase>process-test-classes</phase>
++            <configuration>
++              <target>
++                <unzip src="../../jboss-modules/target/resteasy-jboss-modules-wf8-${project.version}.zip"
++                       dest="${project.build.directory}/wildfly-${as-version}/modules/system/layers/base"
++                       overwrite="true" />
++              </target>
++            </configuration>
++            <goals>
++              <goal>run</goal>
++            </goals>
++          </execution>
++        </executions>
++      </plugin>
++      
++     <plugin>
++       <groupId>org.apache.maven.plugins</groupId>
++       <artifactId>maven-war-plugin</artifactId>
++       <configuration>
++          <archive>
++             <manifestEntries>
++                <Dependencies>
++                javax.xml.bind.api
++                </Dependencies>
++             </manifestEntries>
++          </archive>
++       </configuration>
++     </plugin>
++     
++    </plugins>
++  </build>
++  
++<dependencyManagement>
++    <dependencies>
++        <dependency>
++            <groupId>org.jboss.arquillian</groupId>
++            <artifactId>arquillian-bom</artifactId>
++            <version>1.0.3.Final</version>
++            <scope>import</scope>
++            <type>pom</type>
++        </dependency>
++    </dependencies>
++</dependencyManagement>
++  
++  <dependencies>
++    <dependency>
++        <groupId>org.jboss.spec</groupId>
++        <artifactId>jboss-javaee-6.0</artifactId>
++        <version>1.0.0.Final</version>
++        <type>pom</type>
++        <scope>provided</scope>
++    </dependency>
++    <dependency>
++        <groupId>junit</groupId>
++        <artifactId>junit</artifactId>
++        <version>4.8.1</version>
++        <scope>test</scope>
++    </dependency>
++    <dependency>
++        <groupId>org.jboss.arquillian.junit</groupId>
++        <artifactId>arquillian-junit-container</artifactId>
++        <scope>test</scope>
++    </dependency>
++    <dependency>
++        <groupId>org.wildfly</groupId>
++        <artifactId>wildfly-arquillian-container-managed</artifactId>
++        <version>8.0.0.Alpha1</version>
++        <scope>test</scope>
++    </dependency>
++    <dependency>
++        <groupId>org.jboss.arquillian.protocol</groupId>
++        <artifactId>arquillian-protocol-servlet</artifactId>
++        <scope>test</scope>
++    </dependency>
++    <dependency>
++        <groupId>org.jboss.resteasy</groupId>
++        <artifactId>jaxrs-api</artifactId>
++        <version>${project.version}</version>
++    </dependency>
++    <dependency>
++        <groupId>org.jboss.resteasy</groupId>
++        <artifactId>resteasy-jaxrs</artifactId>
++        <version>${project.version}</version>
++    </dependency>
++    <dependency>
++        <groupId>org.jboss.resteasy</groupId>
++        <artifactId>resteasy-validator-provider-11</artifactId>
++        <version>${project.version}</version>
++    </dependency>
++    <dependency>
++        <groupId>javax.validation</groupId>
++        <artifactId>validation-api</artifactId>
++        <version>1.1.0.Final</version>
++    </dependency>
++    <dependency>
++        <groupId>org.hibernate</groupId>
++        <artifactId>hibernate-validator</artifactId>
++        <version>5.0.1.Final</version>
++    </dependency>
++    <dependency>
++        <groupId>javax.el</groupId>
++        <artifactId>javax.el-api</artifactId>
++        <version>2.2.4</version>
++    </dependency>
++    <dependency>
++        <groupId>org.glassfish.web</groupId>
++        <artifactId>javax.el</artifactId>
++        <version>2.2.4</version>
++    </dependency>
++<dependency>
++  <groupId>org.jboss.spec.javax.xml.bind</groupId>
++  <artifactId>jboss-jaxb-api_2.2_spec</artifactId>
++  <version>1.0.4.Final</version>
++</dependency>
++    <dependency>
++        <groupId>org.jboss.resteasy</groupId>
++        <artifactId>resteasy-jaxb-provider</artifactId>
++        <version>${project.version}</version>
++        <scope>test</scope>
++    </dependency>
++  </dependencies>
++</project>
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestApplication.java resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestApplication.java
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestApplication.java	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestApplication.java	2014-07-25 15:40:28.833658314 -0400
+@@ -0,0 +1,16 @@
++package org.jboss.resteasy.resteasy1073;
++
++import java.util.HashSet;
++import java.util.Set;
++
++import javax.ws.rs.core.Application;
++
++public class TestApplication extends Application
++{
++   @Override
++   public Set<Class<?>> getClasses() {
++      HashSet<Class<?>> set = new HashSet<Class<?>>();
++      set.add(TestResource.class);
++      return set;
++   }
++}
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestResource.java resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestResource.java
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestResource.java	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestResource.java	2014-07-25 15:41:14.393770993 -0400
+@@ -0,0 +1,26 @@
++package org.jboss.resteasy.resteasy1073;
++
++import javax.ws.rs.Consumes;
++import javax.ws.rs.POST;
++import javax.ws.rs.Path;
++import javax.ws.rs.core.MediaType;
++
++/**
++* RESTEASY-1073
++*
++* @author <a href="ron.sigal@jboss.com">Ron Sigal</a>
++* @version $Revision: 1.1 $
++*
++* Copyright July 19, 2014
++*/
++@Path("")
++public class TestResource
++{
++   @POST
++   @Path("test")
++   @Consumes(MediaType.APPLICATION_XML)
++   public String post(TestWrapper wrapper)
++   {
++      return wrapper.getName();
++   }
++}
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestWrapper.java resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestWrapper.java
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestWrapper.java	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/main/java/org/jboss/resteasy/resteasy1073/TestWrapper.java	2014-07-25 15:41:52.762865571 -0400
+@@ -0,0 +1,17 @@
++package org.jboss.resteasy.resteasy1073;
++
++import javax.xml.bind.annotation.XmlRootElement;
++
++@XmlRootElement
++public class TestWrapper
++{
++   private String name;
++   public String getName()
++   {
++      return name;
++   }
++   public void setName(String name)
++   {
++      this.name = name;
++   }
++}
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/java/org/jboss/resteasy/test/resteasy1073/TestExternalParameterEntity.java resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/java/org/jboss/resteasy/test/resteasy1073/TestExternalParameterEntity.java
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/java/org/jboss/resteasy/test/resteasy1073/TestExternalParameterEntity.java	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/java/org/jboss/resteasy/test/resteasy1073/TestExternalParameterEntity.java	2014-07-25 15:43:11.465058832 -0400
+@@ -0,0 +1,96 @@
++package org.jboss.resteasy.test.resteasy1073;
++
++import java.io.File;
++
++import javax.ws.rs.core.MediaType;
++
++import junit.framework.Assert;
++
++import org.jboss.arquillian.container.test.api.Deployment;
++import org.jboss.arquillian.junit.Arquillian;
++import org.jboss.resteasy.client.ClientRequest;
++import org.jboss.resteasy.client.ClientResponse;
++import org.jboss.resteasy.resteasy1073.TestApplication;
++import org.jboss.resteasy.resteasy1073.TestResource;
++import org.jboss.resteasy.resteasy1073.TestWrapper;
++import org.jboss.shrinkwrap.api.Archive;
++import org.jboss.shrinkwrap.api.ShrinkWrap;
++import org.jboss.shrinkwrap.api.spec.WebArchive;
++import org.junit.Test;
++import org.junit.runner.RunWith;
++
++/**
++ * RESTEASY-1073.
++ * 
++ * @author <a href="ron.sigal@jboss.com">Ron Sigal</a>
++ * @version $Revision: 1.1 $
++ *
++ * Created July 19, 2014
++ */
++@RunWith(Arquillian.class)
++public class TestExternalParameterEntity
++{  
++   @Deployment(name="war_expand", order=1)
++   public static Archive<?> createTestArchive1()
++   {
++      WebArchive war = ShrinkWrap.create(WebArchive.class, "RESTEASY-1073-expand.war")
++            .addClasses(TestApplication.class)
++            .addClasses(TestResource.class, TestWrapper.class)
++            .addAsWebInfResource("web_expand.xml", "web.xml")
++            ;
++      System.out.println(war.toString(true));
++      return war;
++   }
++
++   @Deployment(name="war_no_expand", order=2)
++   public static Archive<?> createTestArchive2()
++   {
++      WebArchive war = ShrinkWrap.create(WebArchive.class, "RESTEASY-1073-no-expand.war")
++            .addClasses(TestApplication.class)
++            .addClasses(TestResource.class, TestWrapper.class)
++            .addAsWebInfResource("web_no_expand.xml", "web.xml")
++            ;
++      System.out.println(war.toString(true));
++      return war;
++   }
++   
++   private String passwdFile = new File("src/test/resources/passwd").getAbsolutePath();
++   private String dtdFile = new File("src/test/resources/test.dtd").getAbsolutePath();
++      
++   private String text =
++"<!DOCTYPE foo [\r" +
++"  <!ENTITY % file SYSTEM \"" + passwdFile + "\">\r" +
++"  <!ENTITY % start \"<![CDATA[\">\r" + 
++"  <!ENTITY % end \"]]>\">\r" +
++"  <!ENTITY % dtd SYSTEM \"" + dtdFile + "\">\r" +
++"%dtd;\r" +
++"]>\r" +
++"<testWrapper><name>&xxe;</name></testWrapper>";
++   
++   @Test
++   public void testExternalParameterEntityExpand() throws Exception
++   {
++      ClientRequest request = new ClientRequest("http://localhost:8080/RESTEASY-1073-expand/test");
++      System.out.println(text);
++      request.body(MediaType.APPLICATION_XML, text);
++      ClientResponse<?> response = request.post();
++      Assert.assertEquals(200, response.getStatus());
++      String entity = response.getEntity(String.class);
++      System.out.println("Result: " + entity);
++      Assert.assertEquals("root:x:0:0:root:/root:/bin/bash", entity.trim());
++   }
++   
++   @Test
++   public void testExternalParameterEntityNoExpand() throws Exception
++   {
++      ClientRequest request = new ClientRequest("http://localhost:8080/RESTEASY-1073-no-expand/test");
++      System.out.println(text);
++      request.body(MediaType.APPLICATION_XML, text);
++      ClientResponse<?> response = request.post();
++      Assert.assertEquals(200, response.getStatus());
++      String entity = response.getEntity(String.class);
++      System.out.println("Result: " + entity);
++      Assert.assertEquals("", entity.trim());
++   }
++}
++
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/arquillian.xml resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/arquillian.xml
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/arquillian.xml	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/arquillian.xml	2014-07-25 15:44:43.551284000 -0400
+@@ -0,0 +1,23 @@
++<arquillian xmlns="http://jboss.org/schema/arquillian"
++    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
++    xsi:schemaLocation="
++http://jboss.org/schema/arquillian
++http://jboss.org/schema/arquillian/arquillian_1_0.xsd">
++    
++   <!-- Force the use of the Servlet 3.0 protocol with all containers, as it is the most mature -->
++   <defaultProtocol type="Servlet 3.0" />
++   
++    <engine>
++        <property name="deploymentExportPath">target/deployments</property>
++    </engine>
++   
++   <container qualifier="jbossas-managed" default="true">
++     <configuration>
++       <property name="jbossHome">target/wildfly-8.0.0.Final</property>
++       <!--property name="javaHome">/opt/local/java/jdk1.7.0_21</property-->
++       <property name="serverConfig">standalone-full.xml</property>
++       <!-- Uncomment next line to run server in debug mode. -->
++       <!--property name="javaVmArguments">-Xmx512m -XX:MaxPermSize=128m -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y</property-->
++     </configuration>
++   </container>
++</arquillian>
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/passwd resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/passwd
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/passwd	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/passwd	2014-07-25 15:49:38.648001614 -0400
+@@ -0,0 +1 @@
++root:x:0:0:root:/root:/bin/bash
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/test.dtd resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/test.dtd
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/test.dtd	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/test.dtd	2014-07-25 15:50:14.822089344 -0400
+@@ -0,0 +1 @@
++<!ENTITY xxe "%start; %file; %end;">
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/web_expand.xml resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/web_expand.xml
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/web_expand.xml	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/web_expand.xml	2014-07-25 15:50:50.589177751 -0400
+@@ -0,0 +1,29 @@
++<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
++        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
++        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
++
++    <display-name>RESTEASY-1073-Expand</display-name>
++
++    <context-param>
++       <param-name>resteasy.document.expand.entity.references</param-name>
++       <param-value>true</param-value>
++    </context-param>
++    
++    <servlet>
++        <servlet-name>Resteasy</servlet-name>
++
++        <servlet-class>
++            org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
++        </servlet-class>
++        <init-param>
++            <param-name>javax.ws.rs.Application</param-name>
++            <param-value>org.jboss.resteasy.resteasy1073.TestApplication</param-value>
++        </init-param>
++    </servlet>
++
++    <servlet-mapping>
++        <servlet-name>Resteasy</servlet-name>
++        <url-pattern>/*</url-pattern>
++    </servlet-mapping>
++
++</web-app>
+diff -Nurb resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/web_no_expand.xml resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/web_no_expand.xml
+--- resteasy-2.3.5.Final.orig/arquillian/RESTEASY-1073-WF8/src/test/resources/web_no_expand.xml	1969-12-31 19:00:00.000000000 -0500
++++ resteasy-2.3.5.Final/arquillian/RESTEASY-1073-WF8/src/test/resources/web_no_expand.xml	2014-07-25 15:51:27.218270317 -0400
+@@ -0,0 +1,29 @@
++<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
++        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
++        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
++
++    <display-name>RESTEASY-1073-NoExpand</display-name>
++
++    <context-param>
++       <param-name>resteasy.document.expand.entity.references</param-name>
++       <param-value>false</param-value>
++    </context-param>
++     
++    <servlet>
++        <servlet-name>Resteasy</servlet-name>
++
++        <servlet-class>
++            org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
++        </servlet-class>
++        <init-param>
++            <param-name>javax.ws.rs.Application</param-name>
++            <param-value>org.jboss.resteasy.resteasy1073.TestApplication</param-value>
++        </init-param>
++    </servlet>
++
++    <servlet-mapping>
++        <servlet-name>Resteasy</servlet-name>
++        <url-pattern>/*</url-pattern>
++    </servlet-mapping>
++
++</web-app>
+diff -Nurb resteasy-2.3.5.Final.orig/providers/jaxb/src/main/java/org/jboss/resteasy/plugins/providers/jaxb/ExternalEntityUnmarshaller.java resteasy-2.3.5.Final/providers/jaxb/src/main/java/org/jboss/resteasy/plugins/providers/jaxb/ExternalEntityUnmarshaller.java
+--- resteasy-2.3.5.Final.orig/providers/jaxb/src/main/java/org/jboss/resteasy/plugins/providers/jaxb/ExternalEntityUnmarshaller.java	2014-07-25 15:36:38.989080230 -0400
++++ resteasy-2.3.5.Final/providers/jaxb/src/main/java/org/jboss/resteasy/plugins/providers/jaxb/ExternalEntityUnmarshaller.java	2014-07-25 15:54:25.056716412 -0400
+@@ -150,6 +150,7 @@
+           XMLReader xmlReader = XMLReaderFactory.createXMLReader();
+           xmlReader.setFeature("http://xml.org/sax/features/validation", false);
+           xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
++          xmlReader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+           SAXSource saxSource = new SAXSource(xmlReader, source);
+           return delegate.unmarshal(saxSource);
+       }
+@@ -188,6 +189,7 @@
+             XMLReader xmlReader = XMLReaderFactory.createXMLReader();
+             xmlReader.setFeature("http://xml.org/sax/features/validation", false);
+             xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
++            xmlReader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+             ((SAXSource) source).setXMLReader(xmlReader);
+             return delegate.unmarshal(source, declaredType);
+          }
diff --git a/SPECS/resteasy-base.spec b/SPECS/resteasy-base.spec
index ec531ec..8ccb5cc 100644
--- a/SPECS/resteasy-base.spec
+++ b/SPECS/resteasy-base.spec
@@ -4,7 +4,7 @@
 
 Name:           resteasy-base
 Version:        2.3.5
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Framework for RESTful Web services and Java applications
 License:        ASL 2.0 and CDDL
 URL:            http://www.jboss.org/resteasy
@@ -13,6 +13,7 @@ URL:            http://www.jboss.org/resteasy
 # cd Resteasy
 # git archive --prefix=resteasy-2.3.5.Final/ --output=resteasy-2.3.5.Final.tgz 2.3.5.Final
 Source0:        %{prodname}-%{namedversion}.tgz
+Patch0:		%{prodname}-%{namedversion}-resteasy-1073.patch
 
 BuildArch: noarch
 
@@ -123,6 +124,7 @@ Summary:        Module tjws for %{name}
 
 %prep
 %setup -q -n %{prodname}-%{namedversion}
+%patch0 -p1
 
 # remove unneeded modules
 %pom_disable_module resteasy-jaxrs-war
@@ -236,6 +238,9 @@ tjws tjws
 
 
 %changelog
+* Fri Jul 25 2014 Ade Lee <alee@redhat.com> - 2.3.5-3
+- Resolves: rhbz1121917 -  CVE-2014-3490: XXE via parameter entities
+
 * Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.3.5-2
 - Mass rebuild 2013-12-27