diff --git a/0002-Jar-paths.patch b/0001-Jar-paths.patch
similarity index 55%
rename from 0002-Jar-paths.patch
rename to 0001-Jar-paths.patch
index 9895ec0..437885a 100644
--- a/0002-Jar-paths.patch
+++ b/0001-Jar-paths.patch
@@ -1,26 +1,26 @@
-From 03b255b50250861a630cd72cb3fae30c7f0f5987 Mon Sep 17 00:00:00 2001
+From c4e8813644a76df380965d2b6de02d280af76bbf Mon Sep 17 00:00:00 2001
 From: Michael Simacek <msimacek@redhat.com>
 Date: Tue, 14 Jul 2015 11:20:59 +0200
-Subject: [PATCH 2/3] Jar paths
+Subject: [PATCH 1/2] Jar paths
 
 ---
- build.xml | 20 +++++++++++---------
- 1 file changed, 11 insertions(+), 9 deletions(-)
+ build.xml | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
 
 diff --git a/build.xml b/build.xml
-index d36f42b..1f00059 100644
+index 73e064f..36b922b 100644
 --- a/build.xml
 +++ b/build.xml
-@@ -54,7 +54,7 @@
+@@ -49,7 +49,7 @@
   <property name="maven-staging-repository-url" value="https://oss.sonatype.org/service/local/staging/deploy/maven2/" />
  
   <!-- DEPENDENCIES -->
 - <available property='bcel.available' file='${lib.dir}/bcel-5.2.jar' />
 + <available property='bcel.available' file='${lib.dir}/bcel.jar' />
  
-  <property name="xerces.version" value="2.9.1"/>
+  <property name="xerces.version" value="2.12.2"/>
  
-@@ -83,7 +83,7 @@
+@@ -78,7 +78,7 @@
  			source='${compile.source}' target='${compile.target}'
  			includeAntRuntime='false'>
  			<classpath>
@@ -29,7 +29,7 @@ index d36f42b..1f00059 100644
  			</classpath>
  			<src path='${src.dir}' />
  			<src path='${build.src.dir}' />
-@@ -94,7 +94,7 @@
+@@ -89,7 +89,7 @@
  			source='${compile.source}' target='${compile.target}'
  			includeAntRuntime='false'>
  			<classpath>
@@ -38,66 +38,45 @@ index d36f42b..1f00059 100644
  			</classpath>
  			<src path='${src.dir}' />
  			<src path='${build.src.dir}' />
-@@ -108,12 +108,14 @@
- 		unless="compile.skip">
- 	<mkdir dir="${build.classes.dir}"/>
- 	
-+        <!--
- 	<compileWith xercesVersion="2.0.2" bridge="2_0"/>
- 	<compileWith xercesVersion="2.1.0" bridge="2_1"/>
- 	<compileWith xercesVersion="2.2.1" bridge="2_2"/>
- 	<compileWith xercesVersion="2.3.0" bridge="2_3"/>
- 	<compileWith xercesVersion="2.8.1" bridge="2_3"/>
- 	<compileWith xercesVersion="2.9.1" bridge="2_3"/>
-+        -->
- 	<compileWith xercesVersion="2.10.0" bridge="2_3"/>
- 
- 	<copy todir="${build.classes.dir}">
-@@ -236,7 +238,7 @@ public class Version {
+@@ -174,7 +174,7 @@
+            doctitle="${Name}" encoding="ISO-8859-1"
+            bottom="${copyright}">
+ 			<classpath>
+-				<fileset dir='${lib.dir}/xerces-${xerces.version}' includes='*.jar' />
++				<fileset dir='${lib.dir}' includes='*.jar' />
+ 			</classpath>
+   </javadoc>
+  </target>
+@@ -224,7 +224,7 @@ public class Version {
   	<java classname='org.apache.tools.ant.Main'>
   		<classpath>
   			<pathelement path='${java.class.path}' />
 - 			<pathelement location='${lib.dir}/bcel-5.2.jar' />
-+ 			<pathelement location='${lib.dir}/bcel.jar' />
++			<pathelement location='${lib.dir}/bcel.jar' />
   		</classpath>
   		<arg value='x-minimal' />
   	</java>
-@@ -277,7 +279,7 @@ public class Version {
- 	  		 source='${compile.source}' target='${compile.target}'
+@@ -266,7 +266,7 @@ public class Version {
  	  		 includeAntRuntime='true'>
  	  	<classpath>
--	  		<fileset dir='${lib.dir}' includes='xml-apis.jar,xerces*.jar, junit*.jar' />
-+	  		<fileset dir='${lib.dir}' includes='xml-commons-apis.jar,xerces-j2.jar, junit.jar' />
+ 				<fileset dir='${lib.dir}' includes='junit*.jar' />
+-				<fileset dir='${lib.dir}/xerces-${xerces.version}' includes='xml-apis*.jar,xerces*.jar' />
++				<fileset dir='${lib.dir}' includes='xml-apis*.jar,xerces*.jar' />
  		    <pathelement location='${build.classes.dir}' />
  	  	</classpath>
  	    <src path='${src.test.dir}' />
-@@ -298,8 +300,8 @@ public class Version {
+@@ -287,8 +287,8 @@ public class Version {
  				<classpath>
  				    <pathelement path='${build.test-classes.dir}'/>
  				    <pathelement location='${build.classes.dir}' />
 -			  		<fileset dir='${lib.dir}' includes='junit*.jar' />
 -		  	  		<fileset dir='${lib.dir}/xerces-@{xercesVersion}' includes='*.jar' />
 +			  		<fileset dir='${lib.dir}' includes='junit.jar' />
-+		  	  		<fileset dir='${lib.dir}' includes='xerces-j2.jar' />
++			  		<fileset dir='${lib.dir}' includes='xerces-j2.jar' />
  				</classpath>
  	
  				<formatter type="xml"/>
-@@ -318,13 +320,13 @@ public class Version {
- 		<mkdir dir="${build.dir}/junit"/>
- 
- 		<testWith xercesVersion="2.11.0"/>
-+                <!--
- 		<testWith xercesVersion="2.10.0"/>
- 		<testWith xercesVersion="2.9.1"/>
- 		<testWith xercesVersion="2.8.1"/>
- 		<testWith xercesVersion="2.3.0"/>
- 		<testWith xercesVersion="2.2.1"/>
- 		<testWith xercesVersion="minimal"/>
--		<!--
- 		<testWith xercesVersion="2.1.0"/>
- 		<testWith xercesVersion="2.0.2"/>
- 		-->
-@@ -397,7 +399,7 @@ public class Version {
+@@ -376,7 +376,7 @@ public class Version {
  	</target>
  
  	<target name="-defineMavenAntTasks">
@@ -107,5 +86,5 @@ index d36f42b..1f00059 100644
  			classpathref="maven-ant-tasks.classpath" />
  		<artifact:pom id="maven.project" file="pom.xml" />
 -- 
-2.1.0
+2.36.0
 
diff --git a/0003-Add-OSGi-attributes.patch b/0002-Add-OSGi-attributes.patch
similarity index 85%
rename from 0003-Add-OSGi-attributes.patch
rename to 0002-Add-OSGi-attributes.patch
index 7fe8045..53019be 100644
--- a/0003-Add-OSGi-attributes.patch
+++ b/0002-Add-OSGi-attributes.patch
@@ -1,17 +1,17 @@
-From 1cbc54dc98b762c4ba3b1daffc2cf5a1116732ef Mon Sep 17 00:00:00 2001
+From 93df8b4732f0fe801db62f268da4de0e3a87f993 Mon Sep 17 00:00:00 2001
 From: Michael Simacek <msimacek@redhat.com>
 Date: Tue, 14 Jul 2015 11:21:21 +0200
-Subject: [PATCH 3/3] Add OSGi attributes
+Subject: [PATCH 2/2] Add OSGi attributes
 
 ---
  build.xml | 4 ++++
  1 file changed, 4 insertions(+)
 
 diff --git a/build.xml b/build.xml
-index 1f00059..194b0bf 100644
+index 36b922b..ba0585f 100644
 --- a/build.xml
 +++ b/build.xml
-@@ -129,6 +129,10 @@
+@@ -116,6 +116,10 @@
    <jar jarfile='${jar.file}'>
  	<manifest>
      	<attribute name="Built-By" value="${author}"/>
@@ -23,5 +23,5 @@ index 1f00059..194b0bf 100644
  		  <attribute name="Specification-Title" value="Hyper-Text Markup Language (HTML)" />
      	  <attribute name="Specification-Version" value="4.01" />
 -- 
-2.1.0
+2.36.0
 
diff --git a/_service b/_service
new file mode 100644
index 0000000..dc05100
--- /dev/null
+++ b/_service
@@ -0,0 +1,13 @@
+<services>
+	<service name="tar_scm" mode="disabled">
+		<param name="scm">git</param>
+		<param name="url">https://github.com/sparklemotion/nekohtml.git</param>
+		<param name="revision">1.9.22.noko2</param>
+		<param name="versionformat">@PARENT_TAG@</param>
+	</service>
+	<service name="recompress" mode="disabled">
+		<param name="file">*.tar</param>
+		<param name="compression">xz</param>
+	</service>
+	<service name="set_version" mode="disabled"/>
+</services>
diff --git a/nekohtml-1.9.22.noko2.tar.xz b/nekohtml-1.9.22.noko2.tar.xz
new file mode 100644
index 0000000..cf6d947
--- /dev/null
+++ b/nekohtml-1.9.22.noko2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2d52eb0f5a6d2f53c73e82b85fcb3bfcf0da3d2f84dc9aab252e9140bd34b45d
+size 3277280
diff --git a/nekohtml-1.9.22.pom b/nekohtml-1.9.22.pom
deleted file mode 100644
index 6538693..0000000
--- a/nekohtml-1.9.22.pom
+++ /dev/null
@@ -1,45 +0,0 @@
-<project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>net.sourceforge.nekohtml</groupId>
-  <artifactId>nekohtml</artifactId>
-  <name>Neko HTML</name>
-  <description>An HTML parser and tag balancer.</description>
-  <version>1.9.22</version>
-  <url>http://nekohtml.sourceforge.net/</url>
-  <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
-  </licenses>
-  <scm>
-    <url>http://nekohtml.svn.sourceforge.net/viewvc/nekohtml/</url>
-  </scm>
-  <dependencies>
-    <dependency>
-      <groupId>xerces</groupId>
-      <artifactId>xercesImpl</artifactId>
-      <version>2.11.0</version>
-    </dependency>
-  </dependencies>
-    <developers>
-        <developer>
-            <name>Andy Clark</name>
-        </developer>
-        <developer>
-            <name>Marc Guillemot</name>
-            <id>mguillem</id>
-            <email>mguillem@users.sourceforge.net</email>
-            <url>http://mguillem.wordpress.com/</url>
-            <timezone>+1</timezone>
-        </developer>
-    </developers>
-    <distributionManagement>
-        <repository>
-            <id>nexus-releases</id>
-            <name>Nexus Release Repository</name>
-            <url>http://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-        </repository>
-    </distributionManagement> 
-</project>
diff --git a/nekohtml-1.9.22.tar.xz b/nekohtml-1.9.22.tar.xz
deleted file mode 100644
index 99171b2..0000000
--- a/nekohtml-1.9.22.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5e4e704d801d38d1407b415d3ed0a75e5b4f5f676e1e17c1e1248b226de9507f
-size 129868
diff --git a/nekohtml.changes b/nekohtml.changes
index f13e7f8..15cf835 100644
--- a/nekohtml.changes
+++ b/nekohtml.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Apr 25 07:38:49 UTC 2022 - Fridrich Strba <fstrba@suse.com>
+
+- Use the security patched fork at
+  https://github.com/sparklemotion/nekohtml
+- Upgrade to version 1.9.22.neko2
+  * fixes bsc#1198739, CVE-2022-28366
+- Fetch tarball using source service
+- Modified patches:
+  * 0002-Jar-paths.patch -> 0001-Jar-paths.patch
+  * 0003-Add-OSGi-attributes.patch -> 0002-Add-OSGi-attributes.patch
+    + rebase to changed context
+
 -------------------------------------------------------------------
 Wed Mar 23 07:42:14 UTC 2022 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/nekohtml.spec b/nekohtml.spec
index fc16e2e..e9797c6 100644
--- a/nekohtml.spec
+++ b/nekohtml.spec
@@ -18,33 +18,26 @@
 
 
 Name:           nekohtml
-Version:        1.9.22
+Version:        1.9.22.noko2
 Release:        0
 Summary:        HTML scanner and tag balancer
 License:        Apache-2.0
 Group:          Development/Libraries/Java
-URL:            http://nekohtml.sourceforge.net/
-# No upstream tarball for this release
-# svn export svn://svn.code.sf.net/p/nekohtml/code/branches/nekohtml-1.9.22 nekohtml-1.9.22
-# find nekohtml-1.9.22 -name '*.jar' -delete
-# tar cJf nekohtml-1.9.22.tar.xz nekohtml-1.9.22/
+URL:            https://github.com/sparklemotion/nekohtml
 Source0:        %{name}-%{version}.tar.xz
 Source2:        nekohtml-component-info.xml
-Source3:        https://repo1.maven.org/maven2/net/sourceforge/%{name}/%{name}/%{version}/%{name}-%{version}.pom
-Patch1:         0002-Jar-paths.patch
+Patch1:         0001-Jar-paths.patch
 # Add proper attributes to MANIFEST.MF file so bundle can be used by other OSGI bundles.
-Patch2:         0003-Add-OSGi-attributes.patch
+Patch2:         0002-Add-OSGi-attributes.patch
 BuildRequires:  ant
-BuildRequires:  ant-junit
 BuildRequires:  bcel
 BuildRequires:  fdupes
 BuildRequires:  java-devel >= 1.8
 BuildRequires:  javapackages-local
 BuildRequires:  xerces-j2 >= 2.7.1
 BuildRequires:  xml-apis
-BuildRequires:  xmvn-install
-BuildRequires:  xmvn-resolve
 Requires:       bcel
+Requires:       javapackages-tools
 Requires:       xerces-j2 >= 2.7.1
 Requires:       xml-apis
 BuildArch:      noarch
@@ -88,44 +81,48 @@ sed -i 's/\r$//g' *.txt doc/*.html
 # cannonization test fails on some whitespace, TODO investigate
 rm data/meta/test-meta-encoding3.html
 
-%{mvn_alias} net.sourceforge.%{name}:%{name} %{name}:%{name}
-%{mvn_package} net.sourceforge.%{name}:%{name}-samples demo
-%{mvn_file} ':{*}' @1
-
 %build
-export CLASSPATH=$(build-classpath bcel xerces-j2 xml-apis)
+mkdir -p lib
+build-jar-repository -p -s lib bcel xerces-j2 xml-apis
 %{ant} \
     -Dcompile.source=1.8 -Dcompile.target=1.8 \
-    -Dbuild.sysclasspath=first \
-    -Dlib.dir=%{_javadir} \
     -Djar.file=%{name}.jar \
     -Djar.xni.file=%{name}-xni.jar \
     -Djar.samples.file=%{name}-samples.jar \
-    -Dbcel.javadoc=%{_javadocdir}/bcel \
-    -Dj2se.javadoc=%{_javadocdir}/java \
-    -Dxni.javadoc=%{_javadocdir}/xerces-j2-xni \
-    -Dxerces.javadoc=%{_javadocdir}/xerces-j2-impl \
     clean jar jar-xni doc
-# test - disabled because it makes the build failing
 
-%{mvn_artifact} %{SOURCE3} %{name}.jar
+%{mvn_artifact} pom.xml %{name}.jar
 %{mvn_artifact} net.sourceforge.%{name}:%{name}-xni:%{version} %{name}-xni.jar
 %{mvn_artifact} net.sourceforge.%{name}:%{name}-samples:%{version} %{name}-samples.jar
 
 %install
-%mvn_install -J build/doc/javadoc
+# jar
+install -dm 0755 %{buildroot}%{_javadir}
+install -pm 0644 %{name}.jar %{buildroot}%{_javadir}/%{name}.jar
+install -pm 0644 %{name}-xni.jar %{buildroot}%{_javadir}/%{name}-xni.jar
+install -pm 0644 %{name}-samples.jar %{buildroot}%{_javadir}/%{name}-samples.jar
+# pom
+install -dm 0755 %{buildroot}%{_mavenpomdir}/
+install -pm 0644 pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom
+%add_maven_depmap %{name}.pom %{name}.jar -a %{name}:%{name}
+%add_maven_depmap net.sourceforge.%{name}:%{name}-xni:%{version} %{name}-xni.jar
+%add_maven_depmap net.sourceforge.%{name}:%{name}-samples:%{version} %{name}-samples.jar -f demo
+# javadoc
+install -dm 0755 %{buildroot}%{_javadocdir}/%{name}
+cp -pr build/doc/javadoc/* %{buildroot}%{_javadocdir}/%{name}/
 %fdupes -s %{buildroot}%{_javadocdir}
 
 # Scripts
-%jpackage_script org.cyberneko.html.filters.Writer "" "" "nekohtml:xerces-j2" nekohtml-filter true
+%jpackage_script org.cyberneko.html.filters.Writer "" "" "nekohtml:xerces-j2" %{name}-filter true
 
 %files -f .mfiles
 %license LICENSE.txt
 %doc README.txt doc/*.html
 %{_bindir}/%{name}-filter
 
-%files javadoc -f .mfiles-javadoc
-
 %files demo -f .mfiles-demo
 
+%files javadoc
+%{_javadocdir}/%{name}
+
 %changelog