File _service:tar_scm:CVE-2016-9606.patch of Package resteasy

From 7ae52d2322169295a18570892d7596af69d41545 Mon Sep 17 00:00:00 2001
From: Petr Jurak <pjurak@redhat.com>
Date: Tue, 28 Feb 2017 15:45:58 +0100
Subject: [PATCH] [RESTEASY-1618] Yaml unmarshalling vulnerable to RCE

---
 .../org/jboss/resteasy/resteasy1223/TestResteasy1223.java     | 3 ++-
 .../resources/META-INF/services/javax.ws.rs.ext.Providers     | 1 +
 .../jboss/resteasy/test/providers/yaml/TestYamlProvider.java  | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)
 rename jaxrs/{providers/yaml/src/main => arquillian/RESTEASY-1223-WF8/src/test}/resources/META-INF/services/javax.ws.rs.ext.Providers (98%)

diff --git a/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
index 301ddd6535..b6805d30bf 100644
--- a/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
+++ b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
@@ -31,7 +31,8 @@
     public static Archive<?> createTestArchive() {
         WebArchive war = ShrinkWrap.create(WebArchive.class, "resteasy1223.war")
                 .addClasses(TestApplication.class, YamlResource.class, MyNestedObject.class, MyObject.class)
-                .addAsWebInfResource("web.xml").addAsManifestResource("MANIFEST.MF");
+                .addAsWebInfResource("web.xml").addAsManifestResource("MANIFEST.MF")
+                .addAsResource("META-INF/services/javax.ws.rs.ext.Providers");
         return war;
     }
 
diff --git a/jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
similarity index 98%
rename from jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers
rename to jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
index 9a6782a638..c854fd6d9a 100644
--- a/jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers
+++ b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
@@ -1 +1,2 @@
 org.jboss.resteasy.plugins.providers.YamlProvider
+
diff --git a/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java b/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
index 05be1b26c6..5cf75aacf8 100644
--- a/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
+++ b/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
@@ -3,6 +3,7 @@
 import junit.framework.Assert;
 import org.jboss.resteasy.client.ClientRequest;
 import org.jboss.resteasy.client.ClientResponse;
+import org.jboss.resteasy.plugins.providers.YamlProvider;
 import org.jboss.resteasy.test.BaseResourceTest;
 import org.junit.Before;
 import org.junit.Test;
@@ -19,9 +20,8 @@
 
     @Before
     public void setUp() {
-
         addPerRequestResource(YamlResource.class);
-
+        getProviderFactory().registerProvider(YamlProvider.class);
     }
 
     @Test