File _service:tar_scm:CVE-2019-10172-2.patch of Package jackson

From 2361ec46b5fbf940bafe8247e421e64f9cb7f7b1 Mon Sep 17 00:00:00 2001
From: PJ Fanning <pj.fanning@workday.com>
Date: Fri, 1 Jul 2016 22:57:06 +0100
Subject: [PATCH] setExpandEntityReferences(false)

---
 .../java/org/codehaus/jackson/map/ext/DOMDeserializer.java     | 1 +
 .../org/codehaus/jackson/xc/DomElementJsonDeserializer.java    | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java b/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java
index 3a486b9e4..97f76af97 100644
--- a/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java
+++ b/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java
@@ -24,6 +24,7 @@
         _parserFactory = DocumentBuilderFactory.newInstance();
         // yup, only cave men do XML without recognizing namespaces...
         _parserFactory.setNamespaceAware(true);
+        _parserFactory.setExpandEntityReferences(false);
         try {
             _parserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
         } catch(ParserConfigurationException pce) {
diff --git a/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java b/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java
index ccd631aa3..8b1de578a 100644
--- a/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java
+++ b/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java
@@ -30,10 +30,11 @@ public DomElementJsonDeserializer()
         try {
             DocumentBuilderFactory bf = DocumentBuilderFactory.newInstance();
             bf.setNamespaceAware(true);
+            bf.setExpandEntityReferences(false);
             bf.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
             builder = bf.newDocumentBuilder();
         } catch (ParserConfigurationException e) {
-            throw new RuntimeException();
+            throw new RuntimeException("Problem creating DocumentBuilder: " + e.toString());
         }
     }