diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3be2f6a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/xalan-j_2_7_1-src.tar.gz
diff --git a/.xalan-j2.metadata b/.xalan-j2.metadata
new file mode 100644
index 0000000..d44aae0
--- /dev/null
+++ b/.xalan-j2.metadata
@@ -0,0 +1 @@
+dfaac3bd3e18a8961c27b3d07b7405bd8a15d64a SOURCES/xalan-j_2_7_1-src.tar.gz
diff --git a/SOURCES/serializer-2.7.1.pom b/SOURCES/serializer-2.7.1.pom
new file mode 100644
index 0000000..79b0027
--- /dev/null
+++ b/SOURCES/serializer-2.7.1.pom
@@ -0,0 +1,39 @@
+
+
+
+ 4.0.0
+
+ org.apache
+ apache
+ 4
+
+
+ xalan
+ serializer
+ 2.7.1
+
+ Xalan Java Serializer
+
+ Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
+ SAX events.
+
+ http://xml.apache.org/xalan-j/
+
+
+
+ xml-apis
+ xml-apis
+ 1.3.04
+
+
+ xerces
+ xercesImpl
+ 2.9.0
+ true
+
+
+
+
\ No newline at end of file
diff --git a/SOURCES/xalan-2.7.1.pom b/SOURCES/xalan-2.7.1.pom
new file mode 100644
index 0000000..b4a56e9
--- /dev/null
+++ b/SOURCES/xalan-2.7.1.pom
@@ -0,0 +1,41 @@
+
+
+
+ 4.0.0
+
+ org.apache
+ apache
+ 4
+
+
+ xalan
+ xalan
+ 2.7.1
+
+ Xalan Java
+
+ Xalan-Java is an XSLT processor for transforming XML documents into HTML,
+ text, or other XML document types. It implements XSL Transformations (XSLT)
+ Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
+ the command line, in an applet or a servlet, or as a module in other program.
+
+ http://xml.apache.org/xalan-j/
+
+
+
+ xalan
+ serializer
+ 2.7.1
+
+
+ xerces
+ xercesImpl
+ 2.9.0
+ true
+
+
+
+
\ No newline at end of file
diff --git a/SOURCES/xalan-j2-CVE-2014-0107.patch b/SOURCES/xalan-j2-CVE-2014-0107.patch
new file mode 100644
index 0000000..3358f60
--- /dev/null
+++ b/SOURCES/xalan-j2-CVE-2014-0107.patch
@@ -0,0 +1,148 @@
+diff --git a/src/org/apache/xalan/processor/TransformerFactoryImpl.java b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
+index 1298943..96a5e58 100644
+--- a/src/org/apache/xalan/processor/TransformerFactoryImpl.java
++++ b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
+@@ -335,6 +335,10 @@ public class TransformerFactoryImpl extends SAXTransformerFactory
+ reader = XMLReaderFactory.createXMLReader();
+ }
+
++ if(m_isSecureProcessing)
++ {
++ reader.setFeature("http://xml.org/sax/features/external-general-entities",false);
++ }
+ // Need to set options!
+ reader.setContentHandler(handler);
+ reader.parse(isource);
+diff --git a/src/org/apache/xalan/processor/XSLTElementProcessor.java b/src/org/apache/xalan/processor/XSLTElementProcessor.java
+index b946743..17b7395 100644
+--- a/src/org/apache/xalan/processor/XSLTElementProcessor.java
++++ b/src/org/apache/xalan/processor/XSLTElementProcessor.java
+@@ -338,17 +338,31 @@ public class XSLTElementProcessor extends ElemTemplateElement
+ }
+ else
+ {
+- // Can we switch the order here:
+-
+- boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
+- attributes.getQName(i), attributes.getValue(i),
+- target);
+-
+- // Now we only add the element if it passed a validation check
+- if (success)
+- processedDefs.add(attrDef);
+- else
+- errorDefs.add(attrDef);
++ //handle secure processing
++ if(handler.getStylesheetProcessor()==null)
++ System.out.println("stylesheet processor null");
++ if(attrDef.getName().compareTo("*")==0 && handler.getStylesheetProcessor().isSecureProcessing())
++ {
++ //foreign attributes are not allowed in secure processing mode
++ // Then barf, because this element does not allow this attribute.
++ handler.error(XSLTErrorResources.ER_ATTR_NOT_ALLOWED, new Object[]{attributes.getQName(i), rawName}, null);//"\""+attributes.getQName(i)+"\""
++ //+ " attribute is not allowed on the " + rawName
++ // + " element!", null);
++ }
++ else
++ {
++
++
++ boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
++ attributes.getQName(i), attributes.getValue(i),
++ target);
++
++ // Now we only add the element if it passed a validation check
++ if (success)
++ processedDefs.add(attrDef);
++ else
++ errorDefs.add(attrDef);
++ }
+ }
+ }
+
+diff --git a/src/org/apache/xalan/transformer/TransformerImpl.java b/src/org/apache/xalan/transformer/TransformerImpl.java
+index dd0d4d9..0906d24 100644
+--- a/src/org/apache/xalan/transformer/TransformerImpl.java
++++ b/src/org/apache/xalan/transformer/TransformerImpl.java
+@@ -438,7 +438,9 @@ public class TransformerImpl extends Transformer
+ try
+ {
+ if (sroot.getExtensions() != null)
+- m_extensionsTable = new ExtensionsTable(sroot);
++ //only load extensions if secureProcessing is disabled
++ if(!sroot.isSecureProcessing())
++ m_extensionsTable = new ExtensionsTable(sroot);
+ }
+ catch (javax.xml.transform.TransformerException te)
+ {te.printStackTrace();}
+diff --git a/src/org/apache/xpath/functions/FuncSystemProperty.java b/src/org/apache/xpath/functions/FuncSystemProperty.java
+index 4bea356..78ac980 100644
+--- a/src/org/apache/xpath/functions/FuncSystemProperty.java
++++ b/src/org/apache/xpath/functions/FuncSystemProperty.java
+@@ -58,7 +58,7 @@ public class FuncSystemProperty extends FunctionOneArg
+
+ String fullName = m_arg0.execute(xctxt).str();
+ int indexOfNSSep = fullName.indexOf(':');
+- String result;
++ String result = null;
+ String propName = "";
+
+ // List of properties where the name of the
+@@ -98,14 +98,20 @@ public class FuncSystemProperty extends FunctionOneArg
+
+ try
+ {
+- result = System.getProperty(propName);
+-
+- if (null == result)
+- {
+-
+- // result = System.getenv(propName);
+- return XString.EMPTYSTRING;
+- }
++ //if secure procession is enabled only handle required properties do not not map any valid system property
++ if(!xctxt.isSecureProcessing())
++ {
++ result = System.getProperty(propName);
++ }
++ else
++ {
++ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
++ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
++ }
++ if (null == result)
++ {
++ return XString.EMPTYSTRING;
++ }
+ }
+ catch (SecurityException se)
+ {
+@@ -120,14 +126,20 @@ public class FuncSystemProperty extends FunctionOneArg
+ {
+ try
+ {
+- result = System.getProperty(fullName);
+-
+- if (null == result)
+- {
+-
+- // result = System.getenv(fullName);
+- return XString.EMPTYSTRING;
+- }
++ //if secure procession is enabled only handle required properties do not not map any valid system property
++ if(!xctxt.isSecureProcessing())
++ {
++ result = System.getProperty(fullName);
++ }
++ else
++ {
++ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
++ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
++ }
++ if (null == result)
++ {
++ return XString.EMPTYSTRING;
++ }
+ }
+ catch (SecurityException se)
+ {
diff --git a/SOURCES/xalan-j2-MANIFEST.MF b/SOURCES/xalan-j2-MANIFEST.MF
new file mode 100644
index 0000000..f545333
--- /dev/null
+++ b/SOURCES/xalan-j2-MANIFEST.MF
@@ -0,0 +1,38 @@
+Manifest-Version: 1.0
+Ant-Version: Apache Ant 1.8.2
+Created-By: 1.7.0_b147-icedtea (Oracle Corporation)
+Main-Class: org.apache.xalan.xslt.Process
+Bundle-ManifestVersion: 2
+Bundle-Name: %Bundle-Name.0
+Bundle-SymbolicName: org.apache.xalan
+Bundle-Version: 2.7.1
+Bundle-Vendor: %Bundle-Vendor.0
+Export-Package: org.apache.xalan,
+ org.apache.xml,
+ org.apache.xpath
+Require-Bundle: org.apache.xerces
+Eclipse-BuddyPolicy: registered
+
+Name: org/apache/xalan/
+Comment: Main Xalan engine implementing TrAX/JAXP
+Specification-Title: Java API for XML Processing
+Specification-Vendor: Sun Microsystems Inc.
+Specification-Version: 1.3
+Implementation-Title: org.apache.xalan
+Implementation-Version: 2.7.1
+Implementation-Vendor: Apache Software Foundation
+Implementation-URL: http://xml.apache.org/xalan-j/dist/
+
+Name: org/apache/xml/
+Comment: DTM implementation and utilities
+Implementation-Title: org.apache.xml
+Implementation-Version: 2.7.1
+Implementation-Vendor: Apache Software Foundation
+Implementation-URL: http://xml.apache.org/xalan-j/dist/
+
+Name: org/apache/xpath/
+Comment: XPath engine
+Implementation-Title: org.apache.xpath
+Implementation-Version: 2.7.1
+Implementation-Vendor: Apache Software Foundation
+Implementation-URL: http://xml.apache.org/xalan-j/dist/
diff --git a/SOURCES/xalan-j2-noxsltcdeps.patch b/SOURCES/xalan-j2-noxsltcdeps.patch
new file mode 100644
index 0000000..6840741
--- /dev/null
+++ b/SOURCES/xalan-j2-noxsltcdeps.patch
@@ -0,0 +1,11 @@
+--- build.xml.orig 2007-11-22 23:44:01.000000000 +0200
++++ build.xml 2010-04-07 13:32:31.878542610 +0300
+@@ -683,7 +683,7 @@ $Id: build.xml 563656 2007-08-07 21:12:1
+
+
+
+-
+
+
diff --git a/SOURCES/xalan-j2-serializer-MANIFEST.MF b/SOURCES/xalan-j2-serializer-MANIFEST.MF
new file mode 100644
index 0000000..436d24a
--- /dev/null
+++ b/SOURCES/xalan-j2-serializer-MANIFEST.MF
@@ -0,0 +1,10 @@
+Manifest-Version: 1.0
+Bundle-RequiredExecutionEnvironment: J2SE-1.2
+Bundle-SymbolicName: org.apache.xml.serializer
+Bundle-ManifestVersion: 2
+Bundle-Name: %Bundle-Name.0
+Bundle-Localization: plugin
+Bundle-Version: 2.7.1.v200806030322
+Bundle-Vendor: %Bundle-Vendor.0
+Export-Package: org.apache.xml.serializer,org.apache.xml.serializer.do
+ m3
diff --git a/SOURCES/xalan-j2-serializerJARname.patch b/SOURCES/xalan-j2-serializerJARname.patch
new file mode 100644
index 0000000..5f225a6
--- /dev/null
+++ b/SOURCES/xalan-j2-serializerJARname.patch
@@ -0,0 +1,11 @@
+--- src/manifest.xalan-interpretive 2011-08-10 12:38:23.892219017 -0400
++++ src/manifest.xalan-interpretive 2011-08-10 12:38:32.032219017 -0400
+@@ -1,7 +1,7 @@
+ Manifest-Version: 1.0
+ Created-By: @java.version@ (@java.vendor@)
+ Main-Class: org.apache.xalan.xslt.Process
+-Class-Path: xercesImpl.jar xml-apis.jar serializer.jar
++Class-Path: xercesImpl.jar xml-apis.jar xalan-j2-serializer.jar
+
+ Name: org/apache/xalan/
+ Comment: Main Xalan engine implementing TrAX/JAXP
diff --git a/SOURCES/xsltc-2.7.1.pom b/SOURCES/xsltc-2.7.1.pom
new file mode 100644
index 0000000..b32dbd0
--- /dev/null
+++ b/SOURCES/xsltc-2.7.1.pom
@@ -0,0 +1,13 @@
+
+ 4.0.0
+ xalan
+ xsltc
+ 2.7.1
+
+
+ xalan
+ xalan
+ 2.7.1
+
+
+
diff --git a/SPECS/xalan-j2.spec b/SPECS/xalan-j2.spec
new file mode 100644
index 0000000..0ef0f23
--- /dev/null
+++ b/SPECS/xalan-j2.spec
@@ -0,0 +1,595 @@
+# Copyright (c) 2000-2005, JPackage Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the JPackage Project nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+%global cvs_version 2_7_1
+
+Name: xalan-j2
+Version: 2.7.1
+Release: 23%{?dist}
+Epoch: 0
+Summary: Java XSLT processor
+# src/org/apache/xpath/domapi/XPathStylesheetDOM3Exception.java is W3C
+License: ASL 2.0 and W3C
+Source0: http://archive.apache.org/dist/xml/xalan-j/xalan-j_2_7_1-src.tar.gz
+Source1: %{name}-serializer-MANIFEST.MF
+Source2: http://repo1.maven.org/maven2/xalan/xalan/2.7.1/xalan-2.7.1.pom
+Source3: http://repo1.maven.org/maven2/xalan/serializer/2.7.1/serializer-2.7.1.pom
+Source4: xsltc-%{version}.pom
+Source5: %{name}-MANIFEST.MF
+Patch0: %{name}-noxsltcdeps.patch
+# Fix the serializer JAR filename in xalan-j2's MANIFEST.MF
+# https://bugzilla.redhat.com/show_bug.cgi?id=718738
+Patch1: %{name}-serializerJARname.patch
+# Fix CVE-2014-0107: insufficient constraints in secure processing
+# feature (oCERT-2014-002). Generated form upstream revisions 1581058
+# and 1581426.
+Patch2: %{name}-CVE-2014-0107.patch
+URL: http://xalan.apache.org/
+Group: Development/Libraries
+
+BuildArch: noarch
+Provides: jaxp_transform_impl
+Requires: xerces-j2
+Requires(post): chkconfig
+Requires(preun): chkconfig
+BuildRequires: jpackage-utils >= 0:1.6
+BuildRequires: java-devel
+BuildRequires: ant
+BuildRequires: bcel
+BuildRequires: java_cup
+BuildRequires: regexp
+BuildRequires: sed
+BuildRequires: tomcat-servlet-3.0-api
+BuildRequires: xerces-j2 >= 0:2.7.1
+BuildRequires: xml-commons-apis >= 0:1.3
+BuildRequires: xml-stylebook
+BuildRequires: zip
+
+%description
+Xalan is an XSLT processor for transforming XML documents into HTML,
+text, or other XML document types. It implements the W3C Recommendations
+for XSL Transformations (XSLT) and the XML Path Language (XPath). It can
+be used from the command line, in an applet or a servlet, or as a module
+in other program.
+
+%package xsltc
+Summary: XSLT compiler
+Group: Development/Tools
+Requires: java_cup
+Requires: bcel
+Requires: regexp
+Requires: xerces-j2
+
+%description xsltc
+The XSLT Compiler is a Java-based tool for compiling XSLT stylesheets into
+lightweight and portable Java byte codes called translets.
+
+%package manual
+Summary: Manual for %{name}
+Group: Documentation
+
+%description manual
+Documentation for %{name}.
+
+%package javadoc
+Summary: Javadoc for %{name}
+Group: Documentation
+Requires: jpackage-utils
+BuildRequires: java-javadoc
+
+%description javadoc
+Javadoc for %{name}.
+
+%package demo
+Summary: Demo for %{name}
+Group: Documentation
+Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: tomcat-servlet-3.0-api
+
+%description demo
+Demonstrations and samples for %{name}.
+
+%prep
+%setup -q -n xalan-j_%{cvs_version}
+%patch0 -p0
+%patch1 -p0
+%patch2 -p1
+# Remove all binary libs, except ones needed to build docs and N/A elsewhere.
+for j in $(find . -name "*.jar"); do
+ mv $j $j.no
+done
+
+# this tar.gz contains bundled software, some of which has unclear
+# licensing terms (W3C Software/Document license) . We could probably
+# replicate this with our jars but it's too much work so just generate
+# non-interlinked documentation
+rm src/*tar.gz
+sed -i '/