diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..90c8acf
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/apache-xmlrpc-3.1.3-src.tar.bz2
diff --git a/.xmlrpc.metadata b/.xmlrpc.metadata
new file mode 100644
index 0000000..309f012
--- /dev/null
+++ b/.xmlrpc.metadata
@@ -0,0 +1 @@
+43b99531366c6e1ce5275e13930bafc62aacd5ae SOURCES/apache-xmlrpc-3.1.3-src.tar.bz2
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/xmlrpc-client-addosgimanifest.patch b/SOURCES/xmlrpc-client-addosgimanifest.patch
new file mode 100644
index 0000000..1b39a19
--- /dev/null
+++ b/SOURCES/xmlrpc-client-addosgimanifest.patch
@@ -0,0 +1,20 @@
+--- pom.xml.sav 2010-02-06 17:44:57.000000000 +0200
++++ pom.xml 2010-09-29 09:27:06.194857352 +0300
+@@ -48,6 +48,17 @@
+ org.apache
+ Apache Software Foundation
+ ${project.version}
++ 2
++ %Bundle-Name
++ plugin
++ org.apache.xmlrpc
++ ${project.version}
++ org.apache.xmlrpc.common
++ org.apache.xmlrpc.client, org.apache.xmlrpc.client.util
++ javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers
++ J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3
++ dependent
++ %Bundle-Vendor.0
+
+
+
diff --git a/SOURCES/xmlrpc-common-addosgimanifest.patch b/SOURCES/xmlrpc-common-addosgimanifest.patch
new file mode 100644
index 0000000..4d4aeca
--- /dev/null
+++ b/SOURCES/xmlrpc-common-addosgimanifest.patch
@@ -0,0 +1,19 @@
+--- pom.xml.sav 2010-02-06 17:44:50.000000000 +0200
++++ pom.xml 2010-09-29 09:30:38.857857644 +0300
+@@ -48,6 +48,16 @@
+ org.apache
+ Apache Software Foundation
+ ${project.version}
++ 2
++ %Bundle-Name
++ plugin
++ org.apache.xmlrpc.common
++ ${project.version}
++ org.apache.xmlrpc, org.apache.xmlrpc.common, org.apache.xmlrpc.jaxb, org.apache.xmlrpc.parser, org.apache.xmlrpc.serializer, org.apache.xmlrpc.util
++ javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers
++ J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3
++ dependent
++ %Bundle-Vendor.0
+
+
+
diff --git a/SOURCES/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch b/SOURCES/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
new file mode 100644
index 0000000..d11490e
--- /dev/null
+++ b/SOURCES/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
@@ -0,0 +1,35 @@
+From 5d6fe1e8c071bd56cf08f86e337f617fc9895b30 Mon Sep 17 00:00:00 2001
+From: Michael Simacek
+Date: Fri, 18 May 2018 15:22:49 +0200
+Subject: [PATCH] Disallow deserialization of tags
+
+Can be reenabled by setting JVM property
+org.apache.xmlrpc.allowInsecureDeserialization to 1.
+
+- Resolves CVE-2016-5003
+---
+ .../java/org/apache/xmlrpc/parser/SerializableParser.java | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+index 18f25ac..c8bb7ed 100644
+--- a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
++++ b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+@@ -29,6 +29,14 @@ import org.apache.xmlrpc.XmlRpcException;
+ */
+ public class SerializableParser extends ByteArrayParser {
+ public Object getResult() throws XmlRpcException {
++ if (!"1".equals(System.getProperty("org.apache.xmlrpc.allowInsecureDeserialization"))) {
++ throw new UnsupportedOperationException(
++ "Deserialization of ex:serializable objects is vulnerable to " +
++ "remote execution attacks and is disabled by default. " +
++ "If you are sure the source data is trusted, you can enable " +
++ "it by setting org.apache.xmlrpc.allowInsecureDeserialization " +
++ "JVM property to 1");
++ }
+ try {
+ byte[] res = (byte[]) super.getResult();
+ ByteArrayInputStream bais = new ByteArrayInputStream(res);
+--
+2.17.0
+
diff --git a/SOURCES/xmlrpc-javax-methods.patch b/SOURCES/xmlrpc-javax-methods.patch
new file mode 100644
index 0000000..2a99d9f
--- /dev/null
+++ b/SOURCES/xmlrpc-javax-methods.patch
@@ -0,0 +1,128 @@
+diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java.fix ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+--- ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java.fix 2012-07-24 14:49:54.000000000 -0400
++++ ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java 2012-07-24 18:20:17.000000000 -0400
+@@ -31,6 +31,7 @@ import java.net.URLDecoder;
+ import java.security.Principal;
+ import java.util.ArrayList;
+ import java.util.Collections;
++import java.util.Collection;
+ import java.util.Enumeration;
+ import java.util.HashMap;
+ import java.util.Iterator;
+@@ -41,8 +42,15 @@ import java.util.StringTokenizer;
+
+ import javax.servlet.RequestDispatcher;
+ import javax.servlet.ServletInputStream;
++import javax.servlet.DispatcherType;
++import javax.servlet.AsyncContext;
++import javax.servlet.ServletContext;
++import javax.servlet.ServletRequest;
++import javax.servlet.ServletResponse;
+ import javax.servlet.http.Cookie;
++import javax.servlet.http.Part;
+ import javax.servlet.http.HttpServletRequest;
++import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpSession;
+
+ import org.apache.xmlrpc.common.XmlRpcStreamConfig;
+@@ -66,6 +74,7 @@ public class HttpServletRequestImpl impl
+ private String queryString;
+ private String httpVersion;
+ private final Map headers = new HashMap();
++ private final Map parts = new HashMap();
+ private final Map attributes = new HashMap();
+ private Map parameters;
+ private String characterEncoding;
+@@ -227,6 +236,12 @@ public class HttpServletRequestImpl impl
+ return Collections.enumeration(list);
+ }
+
++ public Part getPart(String name) { throw new IllegalStateException("Not implemented"); }
++
++ public Collection getParts() { throw new IllegalStateException("Not implemented"); }
++
++ public boolean authenticate (HttpServletResponse response) { throw new IllegalStateException("Not implemented"); }
++
+ public int getIntHeader(String pHeader) {
+ String s = getHeader(pHeader);
+ return s == null ? -1 : Integer.parseInt(s);
+@@ -242,6 +257,10 @@ public class HttpServletRequestImpl impl
+
+ public String getRemoteUser() { throw new IllegalStateException("Not implemented"); }
+
++ public void login(String username, String password) { throw new IllegalStateException("Not implemented"); }
++
++ public void logout() { throw new IllegalStateException("Not implemented"); }
++
+ public String getRequestURI() { return uri; }
+
+ public StringBuffer getRequestURL() {
+@@ -280,6 +299,20 @@ public class HttpServletRequestImpl impl
+ return sb;
+ }
+
++ public AsyncContext getAsyncContext() { throw new IllegalStateException("Not implemented"); }
++
++ public boolean isAsyncSupported() { return false; }
++
++ public boolean isAsyncStarted() { return false; }
++
++ public ServletContext getServletContext() { throw new IllegalStateException("Not implemented"); }
++
++ public AsyncContext startAsync(ServletRequest req, ServletResponse resp) { throw new IllegalStateException("Not implemented"); }
++
++ public AsyncContext startAsync() { throw new IllegalStateException("Not implemented"); }
++
++ public DispatcherType getDispatcherType() { throw new IllegalStateException("Not implemented"); }
++
+ public String getRequestedSessionId() { throw new IllegalStateException("Not implemented"); }
+
+ public String getServletPath() { return uri; }
+diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java.fix ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+--- ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java.fix 2012-07-24 14:49:46.000000000 -0400
++++ ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java 2012-07-24 15:22:31.000000000 -0400
+@@ -29,6 +29,8 @@ import java.util.Iterator;
+ import java.util.List;
+ import java.util.Locale;
+ import java.util.Map;
++import java.util.Collection;
++import java.util.Collections;
+ import java.util.StringTokenizer;
+
+ import javax.servlet.ServletOutputStream;
+@@ -84,7 +86,7 @@ public class HttpServletResponseImpl imp
+ }
+ }
+
+- private String getHeader(String pHeader) {
++ public String getHeader(String pHeader) {
+ String key = pHeader.toLowerCase();
+ Object o = headers.get(key);
+ if (o == null) {
+@@ -101,6 +103,26 @@ public class HttpServletResponseImpl imp
+ }
+ }
+
++ public Collection getHeaderNames() {
++ return headers.keySet();
++ }
++
++ public Collection getHeaders(String pHeader) {
++ String key = pHeader.toLowerCase();
++ Object o = headers.get(key);
++ List list;
++ if (o instanceof List) {
++ list = (List) o;
++ } else {
++ list = Collections.singletonList(o);
++ }
++ return list;
++ }
++
++ public int getStatus() {
++ return status;
++ }
++
+ public void addIntHeader(String pHeader, int pValue) {
+ addHeader(pHeader, Integer.toString(pValue));
+ }
diff --git a/SPECS/xmlrpc.spec b/SPECS/xmlrpc.spec
new file mode 100644
index 0000000..bbb465f
--- /dev/null
+++ b/SPECS/xmlrpc.spec
@@ -0,0 +1,145 @@
+Name: xmlrpc
+Version: 3.1.3
+Release: 9%{?dist}
+Epoch: 1
+Summary: Java XML-RPC implementation
+License: ASL 2.0
+URL: http://ws.apache.org/xmlrpc/
+Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src.tar.bz2
+# Add OSGi MANIFEST information
+Patch0: %{name}-client-addosgimanifest.patch
+Patch1: %{name}-common-addosgimanifest.patch
+Patch2: %{name}-javax-methods.patch
+Patch3: %{name}-disallow-deserialization-of-ex-serializable-tags.patch
+
+BuildRequires: maven-local
+BuildRequires: maven-resources-plugin
+BuildRequires: maven-assembly-plugin
+BuildRequires: maven-source-plugin
+BuildRequires: maven-site-plugin
+BuildRequires: ws-commons-util
+BuildRequires: jpackage-utils >= 0:1.6
+BuildRequires: tomcat-servlet-3.0-api
+BuildRequires: junit
+BuildRequires: jakarta-commons-httpclient
+BuildRequires: apache-commons-logging
+
+BuildArch: noarch
+
+%description
+Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
+that uses XML over HTTP to implement remote procedure calls.
+Apache XML-RPC was previously known as Helma XML-RPC. If you have code
+using the Helma library, all you should have to do is change the import
+statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
+
+%package javadoc
+Summary: Javadoc for %{name}
+
+%description javadoc
+Javadoc for %{name}.
+
+%package common
+Summary: Common classes for XML-RPC client and server implementations
+# Provide xmlrpc is not here because it would be useless due to different jar names
+Obsoletes: %{name} < 3.1.3
+Obsoletes: %{name}3-common < 3.1.3-13
+Provides: %{name}3-common = 3.1.3-13
+# in OSGI manifest
+Requires: apache-commons-logging
+
+%description common
+%{summary}.
+
+%package client
+Summary: XML-RPC client implementation
+Obsoletes: %{name}3-client < 3.1.3-13
+Provides: %{name}3-client = 3.1.3-13
+# in OSGI manifest
+Requires: jakarta-commons-httpclient
+
+%description client
+%{summary}.
+
+%package server
+Summary: XML-RPC server implementation
+Obsoletes: %{name}3-server < 3.1.3-13
+Provides: %{name}3-server = 3.1.3-13
+
+%description server
+%{summary}.
+
+%prep
+%setup -q -n apache-%{name}-%{version}-src
+%patch2 -b .sav
+pushd client
+%patch0 -b .sav
+popd
+pushd common
+%patch1 -b .sav
+popd
+%patch3 -p1
+
+sed -i 's/\r//' LICENSE.txt
+
+%pom_remove_dep jaxme:jaxmeapi
+
+%pom_disable_module dist
+
+%mvn_package :xmlrpc common
+%mvn_package :xmlrpc-{common} @1
+%mvn_package :xmlrpc-{client} @1
+%mvn_package :xmlrpc-{server} @1
+
+%mvn_file :xmlrpc-{common} %{name}-@1 %{name}3-@1
+%mvn_file :xmlrpc-{client} %{name}-@1 %{name}3-@1
+%mvn_file :xmlrpc-{server} %{name}-@1 %{name}3-@1
+
+%build
+# ignore test failure because server part needs network
+%mvn_build -f
+
+%install
+%mvn_install
+
+%files common -f .mfiles-common
+%doc LICENSE.txt NOTICE.txt
+
+%files client -f .mfiles-client
+%files server -f .mfiles-server
+
+%files javadoc -f .mfiles-javadoc
+%doc LICENSE.txt NOTICE.txt
+
+
+%changelog
+* Wed May 23 2018 Michael Simacek - 1:3.1.3-9
+- Disallow deserialization of tags by default
+- Resolves: CVE-2016-5003
+
+* Fri Dec 27 2013 Daniel Mach - 1:3.1.3-8
+- Mass rebuild 2013-12-27
+
+* Mon Aug 19 2013 Stanislav Ochotnicky - 1:3.1.3-7
+- Migrate away from mvn-rpmbuild (#997460)
+
+* Fri Jun 28 2013 Mikolaj Izdebski - 1:3.1.3-6
+- Rebuild to regenerate API documentation
+- Resolves: CVE-2013-1571
+
+* Fri May 17 2013 Alexander Kurtakov 1:3.1.3-5
+- Remove javax.xml.bind from osgi imports - it's part of the JVM now.
+- Drop the ws-jaxme dependency for the same reason.
+
+* Fri Feb 15 2013 Fedora Release Engineering - 1:3.1.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Feb 06 2013 Java SIG - 1:3.1.3-3
+- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
+- Replace maven BuildRequires with maven-local
+
+* Sat Oct 20 2012 Peter Robinson 3.1.3-2
+- xmlrpc v2 had an Epoch so we need one here. Add it back
+
+* Fri Sep 14 2012 Alexander Kurtakov 3.1.3-1
+- First release of version 3.x package