File _service:tar_scm:CVE-2020-11987.patch of Package batik

From 0ef5b661a1f77772d1110877ea9e0287987098f6 Mon Sep 17 00:00:00 2001
From: Simon Steiner <ssteiner@apache.org>
Date: Tue, 2 Jun 2020 13:59:37 +0000
Subject: [PATCH] BATIK-1284: Dont load DTDs in NodePickerPanel

git-svn-id: https://svn.apache.org/repos/asf/xmlgraphics/batik/trunk@1878396 13f79535-47bb-0310-9956-ffa450edef68
---
 .../org/apache/batik/apps/svgbrowser/NodePickerPanel.java   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/batik-svgbrowser/src/main/java/org/apache/batik/apps/svgbrowser/NodePickerPanel.java b/batik-svgbrowser/src/main/java/org/apache/batik/apps/svgbrowser/NodePickerPanel.java
index 2a93e95a43..a5ad8e8b11 100644
--- a/batik-svgbrowser/src/main/java/org/apache/batik/apps/svgbrowser/NodePickerPanel.java
+++ b/batik-svgbrowser/src/main/java/org/apache/batik/apps/svgbrowser/NodePickerPanel.java
@@ -847,8 +847,10 @@ private Element parseXml(String xmlString) {
         Document doc = null;
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
         try {
-            javax.xml.parsers.DocumentBuilder parser = factory
-                    .newDocumentBuilder();
+            factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            javax.xml.parsers.DocumentBuilder parser = factory.newDocumentBuilder();
             parser.setErrorHandler(new ErrorHandler() {
                 public void error(SAXParseException exception)
                         throws SAXException {