Repository: tomee Updated Branches: refs/heads/tomee-1.7.x 248ef7fd7 -> 45e33d766
Pull in and patch JSTL for CVE-2015-0254 Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/45e33d76 Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/45e33d76 Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/45e33d76 Branch: refs/heads/tomee-1.7.x Commit: 45e33d766175ba3437da60a8a88c12fdea9df71c Parents: 248ef7f Author: Jonathan Gallimore <[email protected]> Authored: Mon Sep 18 18:41:56 2017 +0100 Committer: Jonathan Gallimore <[email protected]> Committed: Mon Sep 18 22:26:18 2017 +0100 ---------------------------------------------------------------------- deps/jstl-patched/pom.xml | 82 +++ .../standard/tag/common/xml/ParseSupport.java | 347 +++++++++++ .../tag/common/xml/TransformSupport.java | 369 ++++++++++++ .../src/main/resources/META-INF/LICENSE | 589 +++++++++++++++++++ tomee/tomee-webapp/pom.xml | 2 +- 5 files changed, 1388 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/deps/jstl-patched/pom.xml ---------------------------------------------------------------------- diff --git a/deps/jstl-patched/pom.xml b/deps/jstl-patched/pom.xml new file mode 100644 index 0000000..432da9b --- /dev/null +++ b/deps/jstl-patched/pom.xml @@ -0,0 +1,82 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + <modelVersion>4.0.0</modelVersion> + + <parent> + <artifactId>deps</artifactId> + <groupId>org.apache.openejb</groupId> + <version>4.6.0.3-TT.9-SNAPSHOT</version> + </parent> + + <groupId>org.apache.openejb.patch</groupId> + <artifactId>openejb-jstl</artifactId> + <name>Apache OpenEJB Patch :: JSTL</name> + + <dependencies> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>jstl</artifactId> + <version>1.2</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>jsp-api</artifactId> + <version>2.0</version> + <scope>provided</scope> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-dependency-plugin</artifactId> + <version>2.3</version> + <executions> + <execution> + <id>patch</id> + <phase>process-classes</phase> + <goals> + <goal>unpack</goal> + </goals> + <configuration> + <excludes>org/apache/taglibs/standard/tag/common/xml/TransformSupport.class</excludes> + <excludes>org/apache/taglibs/standard/tag/common/xml/ParseSupport.class</excludes> + <excludes>**/LICENSE*</excludes> + <artifactItems> + <artifactItem> + <groupId>javax.servlet</groupId> + <artifactId>jstl</artifactId> + <version>1.2</version> + <overWrite>false</overWrite> + <outputDirectory>${project.build.outputDirectory}</outputDirectory> + </artifactItem> + </artifactItems> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> +</project> http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java ---------------------------------------------------------------------- diff --git a/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java b/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java new file mode 100644 index 0000000..f8f22aa --- /dev/null +++ b/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java @@ -0,0 +1,347 @@ +/* + * The contents of this file are subject to the terms + * of the Common Development and Distribution License + * (the "License"). You may not use this file except + * in compliance with the License. + * + * You can obtain a copy of the license at + * glassfish/bootstrap/legal/CDDLv1.0.txt or + * https://glassfish.dev.java.net/public/CDDLv1.0.html. + * See the License for the specific language governing + * permissions and limitations under the License. + * + * When distributing Covered Code, include this CDDL + * HEADER in each file and include the License file at + * glassfish/bootstrap/legal/CDDLv1.0.txt. If applicable, + * add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your + * own identifying information: Portions Copyright [yyyy] + * [name of copyright owner] + * + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * + * Portions Copyright Apache Software Foundation. + */ + +package org.apache.taglibs.standard.tag.common.xml; + +import org.apache.taglibs.standard.resources.Resources; +import org.apache.taglibs.standard.tag.common.core.ImportSupport; +import org.apache.taglibs.standard.tag.common.core.Util; +import org.w3c.dom.Document; +import org.xml.sax.*; +import org.xml.sax.helpers.XMLReaderFactory; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.jsp.JspException; +import javax.servlet.jsp.JspTagException; +import javax.servlet.jsp.PageContext; +import javax.servlet.jsp.tagext.BodyTagSupport; +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMResult; +import javax.xml.transform.sax.SAXTransformerFactory; +import javax.xml.transform.sax.TransformerHandler; +import java.io.*; + +/** + * <p>Support for tag handlers for <parse>, the XML parsing tag.</p> + * + * @author Shawn Bayern + */ +public abstract class ParseSupport extends BodyTagSupport { + + //********************************************************************* + // Protected state + + protected Object xml; // 'xml' attribute + protected String systemId; // 'systemId' attribute + protected XMLFilter filter; // 'filter' attribute + + //********************************************************************* + // Private state + + private String var; // 'var' attribute + private String varDom; // 'varDom' attribute + private int scope; // processed 'scope' attr + private int scopeDom; // processed 'scopeDom' attr + + // state in support of XML parsing... + private DocumentBuilderFactory dbf; + private DocumentBuilder db; + private TransformerFactory tf; + private TransformerHandler th; + + + //********************************************************************* + // Constructor and initialization + + public ParseSupport() { + super(); + init(); + } + + private void init() { + var = varDom = null; + xml = null; + systemId = null; + filter = null; + dbf = null; + db = null; + tf = null; + th = null; + scope = PageContext.PAGE_SCOPE; + scopeDom = PageContext.PAGE_SCOPE; + } + + + //********************************************************************* + // Tag logic + + // parse 'source' or body, storing result in 'var' + public int doEndTag() throws JspException { + try { + + // set up our DocumentBuilder + if (dbf == null) { + dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + dbf.setValidating(false); + try { + dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + } catch (ParserConfigurationException e) { + throw new AssertionError("Parser does not support secure processing"); + } + } + db = dbf.newDocumentBuilder(); + + // if we've gotten a filter, set up a transformer to support it + if (filter != null) { + if (tf == null) + tf = TransformerFactory.newInstance(); + if (!tf.getFeature(SAXTransformerFactory.FEATURE)) + throw new JspTagException( + Resources.getMessage("PARSE_NO_SAXTRANSFORMER")); + try { + tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + } catch (TransformerConfigurationException e) { + throw new AssertionError( + "TransformerFactory does not support secure processing"); + } + + SAXTransformerFactory stf = (SAXTransformerFactory) tf; + th = stf.newTransformerHandler(); + } + + // produce a Document by parsing whatever the attributes tell us to use + Document d; + Object xmlText = this.xml; + if (xmlText == null) { + // if the attribute was specified, use the body as 'xml' + if (bodyContent != null && bodyContent.getString() != null) + xmlText = bodyContent.getString().trim(); + else + xmlText = ""; + } + if (xmlText instanceof String) + d = parseStringWithFilter((String) xmlText, filter); + else if (xmlText instanceof Reader) + d = parseReaderWithFilter((Reader) xmlText, filter); + else + throw new JspTagException( + Resources.getMessage("PARSE_INVALID_SOURCE")); + + // we've got a Document object; store it out as appropriate + // (let any exclusivity or other constraints be enforced by TEI/TLV) + if (var != null) + pageContext.setAttribute(var, d, scope); + if (varDom != null) + pageContext.setAttribute(varDom, d, scopeDom); + + return EVAL_PAGE; + } catch (SAXException ex) { + throw new JspException(ex); + } catch (IOException ex) { + throw new JspException(ex); + } catch (ParserConfigurationException ex) { + throw new JspException(ex); + } catch (TransformerConfigurationException ex) { + throw new JspException(ex); + } + } + + // Releases any resources we may have (or inherit) + public void release() { + init(); + } + + + //********************************************************************* + // Private utility methods + + /** + * Parses the given InputSource after, applying the given XMLFilter. + */ + private Document parseInputSourceWithFilter(InputSource s, XMLFilter f) + throws SAXException, IOException { + if (f != null) { + // prepare an output Document + Document o = db.newDocument(); + + // use TrAX to adapt SAX events to a Document object + th.setResult(new DOMResult(o)); + XMLReader xr = XMLReaderFactory.createXMLReader(); + xr.setEntityResolver(new JstlEntityResolver(pageContext)); + // (note that we overwrite the filter's parent. this seems + // to be expected usage. we could cache and reset the old + // parent, but you can't setParent(null), so this wouldn't + // be perfect.) + f.setParent(xr); + f.setContentHandler(th); + f.parse(s); + return o; + } else + return parseInputSource(s); + } + + /** + * Parses the given Reader after applying the given XMLFilter. + */ + private Document parseReaderWithFilter(Reader r, XMLFilter f) + throws SAXException, IOException { + return parseInputSourceWithFilter(new InputSource(r), f); + } + + /** + * Parses the given String after applying the given XMLFilter. + */ + private Document parseStringWithFilter(String s, XMLFilter f) + throws SAXException, IOException { + StringReader r = new StringReader(s); + return parseReaderWithFilter(r, f); + } + + /** + * Parses the given Reader after applying the given XMLFilter. + */ + private Document parseURLWithFilter(String url, XMLFilter f) + throws SAXException, IOException { + return parseInputSourceWithFilter(new InputSource(url), f); + } + + /** + * Parses the given InputSource into a Document. + */ + private Document parseInputSource(InputSource s) + throws SAXException, IOException { + db.setEntityResolver(new JstlEntityResolver(pageContext)); + + // normalize URIs so they can be processed consistently by resolver + if (systemId == null) + s.setSystemId("jstl:"); + else if (ImportSupport.isAbsoluteUrl(systemId)) + s.setSystemId(systemId); + else + s.setSystemId("jstl:" + systemId); + return db.parse(s); + } + + /** + * Parses the given Reader into a Document. + */ + private Document parseReader(Reader r) throws SAXException, IOException { + return parseInputSource(new InputSource(r)); + } + + /** + * Parses the given String into a Document. + */ + private Document parseString(String s) throws SAXException, IOException { + StringReader r = new StringReader(s); + return parseReader(r); + } + + /** + * Parses the URL (passed as a String) into a Document. + */ + private Document parseURL(String url) throws SAXException, IOException { + return parseInputSource(new InputSource(url)); + } + + //********************************************************************* + // JSTL-specific EntityResolver class + + /** + * Lets us resolve relative external entities. + */ + public static class JstlEntityResolver implements EntityResolver { + private final PageContext ctx; + + public JstlEntityResolver(PageContext ctx) { + this.ctx = ctx; + } + + public InputSource resolveEntity(String publicId, String systemId) + throws FileNotFoundException { + + // pass if we don't have a systemId + if (systemId == null) + return null; + + // strip leading "jstl:" off URL if applicable + if (systemId.startsWith("jstl:")) + systemId = systemId.substring(5); + + // we're only concerned with relative URLs + if (ImportSupport.isAbsoluteUrl(systemId)) + return null; + + // for relative URLs, load and wrap the resource. + // don't bother checking for 'null' since we specifically want + // the parser to fail if the resource doesn't exist + InputStream s; + if (systemId.startsWith("/")) { + s = ctx.getServletContext().getResourceAsStream(systemId); + if (s == null) + throw new FileNotFoundException( + Resources.getMessage("UNABLE_TO_RESOLVE_ENTITY", + systemId)); + } else { + String pagePath = + ((HttpServletRequest) ctx.getRequest()).getServletPath(); + String basePath = + pagePath.substring(0, pagePath.lastIndexOf("/")); + s = ctx.getServletContext().getResourceAsStream( + basePath + "/" + systemId); + if (s == null) + throw new FileNotFoundException( + Resources.getMessage("UNABLE_TO_RESOLVE_ENTITY", + systemId)); + } + return new InputSource(s); + } + } + + //********************************************************************* + // Tag attributes + + public void setVar(String var) { + this.var = var; + } + + public void setVarDom(String varDom) { + this.varDom = varDom; + } + + public void setScope(String scope) { + this.scope = Util.getScope(scope); + } + + public void setScopeDom(String scopeDom) { + this.scopeDom = Util.getScope(scopeDom); + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java ---------------------------------------------------------------------- diff --git a/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java b/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java new file mode 100644 index 0000000..11975b6 --- /dev/null +++ b/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java @@ -0,0 +1,369 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.taglibs.standard.tag.common.xml; + +import org.apache.taglibs.standard.resources.Resources; +import org.apache.taglibs.standard.tag.common.core.ImportSupport; +import org.apache.taglibs.standard.tag.common.core.Util; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; +import org.xml.sax.XMLReader; +import org.xml.sax.helpers.XMLReaderFactory; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.jsp.JspException; +import javax.servlet.jsp.JspTagException; +import javax.servlet.jsp.PageContext; +import javax.servlet.jsp.tagext.BodyTagSupport; +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.URIResolver; +import javax.xml.transform.dom.DOMResult; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.sax.SAXSource; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; +import java.io.IOException; +import java.io.InputStream; +import java.io.Reader; +import java.io.StringReader; +import java.io.Writer; +import java.util.List; +import java.util.MissingResourceException; + +public abstract class TransformSupport extends BodyTagSupport { + + protected Object xml; + + protected String xmlSystemId; + + protected Object xslt; + + protected String xsltSystemId; + + protected Result result; + + private String var; + + private int scope; + + private Transformer t; + + private final TransformerFactory tf; + + private final DocumentBuilder db; + + public TransformSupport() { + super(); + try { + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + dbf.setValidating(false); + db = dbf.newDocumentBuilder(); + tf = TransformerFactory.newInstance(); + } catch (ParserConfigurationException e) { + throw (AssertionError) new AssertionError("Unable to create DocumentBuilder").initCause(e); + } + + init(); + } + + private void init() { + xml = xslt = null; + xmlSystemId = xsltSystemId = null; + var = null; + result = null; + tf.setURIResolver(null); + scope = PageContext.PAGE_SCOPE; + } + + @Override + public int doStartTag() + throws JspException { + + t = getTransformer(xslt, xsltSystemId); + return EVAL_BODY_BUFFERED; + } + + @Override + public int doEndTag() + throws JspException { + try { + + Object xml = this.xml; + if (xml == null) { + if (bodyContent != null && bodyContent.getString() != null) { + xml = bodyContent.getString().trim(); + } else { + xml = ""; + } + } + + if (isNullOrEmpty(xml)) { + throw new JspTagException("xml is null"); + } + + Source source = getSource(xml, xmlSystemId); + + if (result != null) { + t.transform(source, result); + } else if (var != null) { + + Document d = db.newDocument(); + Result doc = new DOMResult(d); + t.transform(source, doc); + pageContext.setAttribute(var, d, scope); + } else { + Result page = new StreamResult(new SafeWriter(pageContext.getOut())); + t.transform(source, page); + } + + return EVAL_PAGE; + } catch (SAXException ex) { + throw new JspException(ex); + } catch (ParserConfigurationException ex) { + throw new JspException(ex); + } catch (IOException ex) { + throw new JspException(ex); + } catch (TransformerException ex) { + throw new JspException(ex); + } + } + + + @Override + public void release() { + super.release(); + init(); + } + + @Override + public void setPageContext(PageContext pageContext) { + super.setPageContext(pageContext); + tf.setURIResolver(pageContext == null ? null : new JstlUriResolver(pageContext)); + } + + + public void addParameter(String name, Object value) { + t.setParameter(name, value); + } + + private static String wrapSystemId(String systemId) { + if (systemId == null) { + return "jstl:"; + } else if (ImportSupport.isAbsoluteUrl(systemId)) { + return systemId; + } else { + return ("jstl:" + systemId); + } + } + + Transformer getTransformer(final Object xslt, final String systemId) + throws JspException { + if (isNullOrEmpty(xslt)) { + String name = "TRANSFORM_XSLT_IS_NULL"; + throw new JspTagException(getMessage(name)); + } + + try { + + final Source s = getSource(xslt, systemId); + + tf.setURIResolver(new JstlUriResolver(pageContext)); + tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + return tf.newTransformer(s); + + } catch (SAXException ex) { + throw new JspException(ex); + } catch (ParserConfigurationException ex) { + throw new JspException(ex); + } catch (IOException ex) { + throw new JspException(ex); + } catch (TransformerConfigurationException ex) { + throw new JspException(ex); + } + } + + private String getMessage(String name) { + try { + return Resources.getMessage(name); + } catch (MissingResourceException e) { + return name; + } + } + + protected boolean isNullOrEmpty(Object value) { + if (value == null) { + return true; + } + + if (!(value instanceof String)) { + return false; + } + + String str = (String) value; + str = str.trim(); + return str.isEmpty(); + } + + private Source getSource(Object o, String systemId) + throws SAXException, ParserConfigurationException, IOException, JspTagException { + if (o == null) { + throw new JspTagException(getMessage("TRANSFORM_XML_IS_NULL")); + } + + if (o instanceof List) { + + List<?> list = (List<?>) o; + if (list.size() != 1) { + throw new JspTagException(getMessage("TRANSFORM_XML_LIST_SIZE")); + } + return getSource(list.get(0), systemId); + } + + if (o instanceof Source) { + return (Source) o; + } + + if (o instanceof String) { + String s = (String) o; + s = s.trim(); + if (s.length() == 0) { + throw new JspTagException(getMessage("TRANSFORM_XML_IS_EMPTY")); + } + return getSource(new StringReader(s), systemId); + } + + if (o instanceof Reader) { + return getSource((Reader) o, systemId); + } + + if (o instanceof Node) { + return new DOMSource((Node) o, systemId); + } + throw new JspTagException(Resources.getMessage("TRANSFORM_XML_UNSUPPORTED_TYPE", o.getClass())); + } + + Source getSource(Reader reader, String systemId) + throws JspTagException { + try { + XMLReader xr = XMLReaderFactory.createXMLReader(); + xr.setEntityResolver(new ParseSupport.JstlEntityResolver(pageContext)); + xr.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + InputSource s = new InputSource(reader); + s.setSystemId(wrapSystemId(systemId)); + Source result = new SAXSource(xr, s); + result.setSystemId(wrapSystemId(systemId)); + return result; + } catch (SAXException e) { + throw new JspTagException(e); + } + } + + + public void setVar(String var) { + this.var = var; + } + + public void setScope(String scope) { + this.scope = Util.getScope(scope); + } + + private static class SafeWriter + extends Writer { + private final Writer w; + + public SafeWriter(Writer w) { + this.w = w; + } + + @Override + public void close() { + } + + @Override + public void flush() { + } + + @Override + public void write(char[] cbuf, int off, int len) + throws IOException { + w.write(cbuf, off, len); + } + } + + private static class JstlUriResolver + implements URIResolver { + private final PageContext ctx; + + public JstlUriResolver(PageContext ctx) { + this.ctx = ctx; + } + + public Source resolve(String href, String base) + throws TransformerException { + + if (href == null) { + return null; + } + + int index; + if (base != null && (index = base.indexOf("jstl:")) != -1) { + base = base.substring(index + 5); + } + + if (ImportSupport.isAbsoluteUrl(href) || (base != null && ImportSupport.isAbsoluteUrl(base))) { + return null; + } + + if (base == null || base.lastIndexOf("/") == -1) { + base = ""; + } else { + base = base.substring(0, base.lastIndexOf("/") + 1); + } + + String target = base + href; + + InputStream s; + if (target.startsWith("/")) { + s = ctx.getServletContext().getResourceAsStream(target); + if (s == null) { + throw new TransformerException(Resources.getMessage("UNABLE_TO_RESOLVE_ENTITY", href)); + } + } else { + String pagePath = ((HttpServletRequest) ctx.getRequest()).getServletPath(); + String basePath = pagePath.substring(0, pagePath.lastIndexOf("/")); + s = ctx.getServletContext().getResourceAsStream(basePath + "/" + target); + if (s == null) { + throw new TransformerException(Resources.getMessage("UNABLE_TO_RESOLVE_ENTITY", href)); + } + } + return new StreamSource(s); + } + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/deps/jstl-patched/src/main/resources/META-INF/LICENSE ---------------------------------------------------------------------- diff --git a/deps/jstl-patched/src/main/resources/META-INF/LICENSE b/deps/jstl-patched/src/main/resources/META-INF/LICENSE new file mode 100644 index 0000000..86ad814 --- /dev/null +++ b/deps/jstl-patched/src/main/resources/META-INF/LICENSE @@ -0,0 +1,589 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +========================================================================= + - JSTL & JSP + License: CDDL +------------------------------------------------------------------------- + +COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0 + +1. Definitions. + +1.1. "Contributor" means each individual or entity that +creates or contributes to the creation of Modifications. + +1.2. "Contributor Version" means the combination of the +Original Software, prior Modifications used by a +Contributor (if any), and the Modifications made by that +particular Contributor. + +1.3. "Covered Software" means (a) the Original Software, or +(b) Modifications, or (c) the combination of files +containing Original Software with files containing +Modifications, in each case including portions thereof. + +1.4. "Executable" means the Covered Software in any form +other than Source Code. + +1.5. "Initial Developer" means the individual or entity +that first makes Original Software available under this +License. + +1.6. "Larger Work" means a work which combines Covered +Software or portions thereof with code not governed by the +terms of this License. + +1.7. "License" means this document. + +1.8. "Licensable" means having the right to grant, to the +maximum extent possible, whether at the time of the initial +grant or subsequently acquired, any and all of the rights +conveyed herein. + +1.9. "Modifications" means the Source Code and Executable +form of any of the following: + +A. Any file that results from an addition to, +deletion from or modification of the contents of a +file containing Original Software or previous +Modifications; + +B. Any new file that contains any part of the +Original Software or previous Modification; or + +C. Any new file that is contributed or otherwise made +available under the terms of this License. + +1.10. "Original Software" means the Source Code and +Executable form of computer software code that is +originally released under this License. + +1.11. "Patent Claims" means any patent claim(s), now owned +or hereafter acquired, including without limitation, +method, process, and apparatus claims, in any patent +Licensable by grantor. + +1.12. "Source Code" means (a) the common form of computer +software code in which modifications are made and (b) +associated documentation included in or with such code. + +1.13. "You" (or "Your") means an individual or a legal +entity exercising rights under, and complying with all of +the terms of, this License. For legal entities, "You" +includes any entity which controls, is controlled by, or is +under common control with You. For purposes of this +definition, "control" means (a) the power, direct or +indirect, to cause the direction or management of such +entity, whether by contract or otherwise, or (b) ownership +of more than fifty percent (50%) of the outstanding shares +or beneficial ownership of such entity. + +2. License Grants. + +2.1. The Initial Developer Grant. + +Conditioned upon Your compliance with Section 3.1 below and +subject to third party intellectual property claims, the +Initial Developer hereby grants You a world-wide, +royalty-free, non-exclusive license: + +(a) under intellectual property rights (other than +patent or trademark) Licensable by Initial Developer, +to use, reproduce, modify, display, perform, +sublicense and distribute the Original Software (or +portions thereof), with or without Modifications, +and/or as part of a Larger Work; and + +(b) under Patent Claims infringed by the making, +using or selling of Original Software, to make, have +made, use, practice, sell, and offer for sale, and/or +otherwise dispose of the Original Software (or +portions thereof). + +(c) The licenses granted in Sections 2.1(a) and (b) +are effective on the date Initial Developer first +distributes or otherwise makes the Original Software +available to a third party under the terms of this +License. + +(d) Notwithstanding Section 2.1(b) above, no patent +license is granted: (1) for code that You delete from +the Original Software, or (2) for infringements +caused by: (i) the modification of the Original +Software, or (ii) the combination of the Original +Software with other software or devices. + +2.2. Contributor Grant. + +Conditioned upon Your compliance with Section 3.1 below and +subject to third party intellectual property claims, each +Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than +patent or trademark) Licensable by Contributor to +use, reproduce, modify, display, perform, sublicense +and distribute the Modifications created by such +Contributor (or portions thereof), either on an +unmodified basis, with other Modifications, as +Covered Software and/or as part of a Larger Work; and + +(b) under Patent Claims infringed by the making, +using, or selling of Modifications made by that +Contributor either alone and/or in combination with +its Contributor Version (or portions of such +combination), to make, use, sell, offer for sale, +have made, and/or otherwise dispose of: (1) +Modifications made by that Contributor (or portions +thereof); and (2) the combination of Modifications +made by that Contributor with its Contributor Version +(or portions of such combination). + +(c) The licenses granted in Sections 2.2(a) and +2.2(b) are effective on the date Contributor first +distributes or otherwise makes the Modifications +available to a third party. + +(d) Notwithstanding Section 2.2(b) above, no patent +license is granted: (1) for any code that Contributor +has deleted from the Contributor Version; (2) for +infringements caused by: (i) third party +modifications of Contributor Version, or (ii) the +combination of Modifications made by that Contributor +with other software (except as part of the +Contributor Version) or other devices; or (3) under +Patent Claims infringed by Covered Software in the +absence of Modifications made by that Contributor. + +3. Distribution Obligations. + +3.1. Availability of Source Code. + +Any Covered Software that You distribute or otherwise make +available in Executable form must also be made available in +Source Code form and that Source Code form must be +distributed only under the terms of this License. You must +include a copy of this License with every copy of the +Source Code form of the Covered Software You distribute or +otherwise make available. You must inform recipients of any +such Covered Software in Executable form as to how they can +obtain such Covered Software in Source Code form in a +reasonable manner on or through a medium customarily used +for software exchange. + +3.2. Modifications. + +The Modifications that You create or to which You +contribute are governed by the terms of this License. You +represent that You believe Your Modifications are Your +original creation(s) and/or You have sufficient rights to +grant the rights conveyed by this License. + +3.3. Required Notices. + +You must include a notice in each of Your Modifications +that identifies You as the Contributor of the Modification. +You may not remove or alter any copyright, patent or +trademark notices contained within the Covered Software, or +any notices of licensing or any descriptive text giving +attribution to any Contributor or the Initial Developer. + +3.4. Application of Additional Terms. + +You may not offer or impose any terms on any Covered +Software in Source Code form that alters or restricts the +applicable version of this License or the recipients' +rights hereunder. You may choose to offer, and to charge a +fee for, warranty, support, indemnity or liability +obligations to one or more recipients of Covered Software. +However, you may do so only on Your own behalf, and not on +behalf of the Initial Developer or any Contributor. You +must make it absolutely clear that any such warranty, +support, indemnity or liability obligation is offered by +You alone, and You hereby agree to indemnify the Initial +Developer and every Contributor for any liability incurred +by the Initial Developer or such Contributor as a result of +warranty, support, indemnity or liability terms You offer. + +3.5. Distribution of Executable Versions. + +You may distribute the Executable form of the Covered +Software under the terms of this License or under the terms +of a license of Your choice, which may contain terms +different from this License, provided that You are in +compliance with the terms of this License and that the +license for the Executable form does not attempt to limit +or alter the recipient's rights in the Source Code form +from the rights set forth in this License. If You +distribute the Covered Software in Executable form under a +different license, You must make it absolutely clear that +any terms which differ from this License are offered by You +alone, not by the Initial Developer or Contributor. You +hereby agree to indemnify the Initial Developer and every +Contributor for any liability incurred by the Initial +Developer or such Contributor as a result of any such terms +You offer. + +3.6. Larger Works. + +You may create a Larger Work by combining Covered Software +with other code not governed by the terms of this License +and distribute the Larger Work as a single product. In such +a case, You must make sure the requirements of this License +are fulfilled for the Covered Software. + +4. Versions of the License. + +4.1. New Versions. + +Sun Microsystems, Inc. is the initial license steward and +may publish revised and/or new versions of this License +from time to time. Each version will be given a +distinguishing version number. Except as provided in +Section 4.3, no one other than the license steward has the +right to modify this License. + +4.2. Effect of New Versions. + +You may always continue to use, distribute or otherwise +make the Covered Software available under the terms of the +version of the License under which You originally received +the Covered Software. If the Initial Developer includes a +notice in the Original Software prohibiting it from being +distributed or otherwise made available under any +subsequent version of the License, You must distribute and +make the Covered Software available under the terms of the +version of the License under which You originally received +the Covered Software. Otherwise, You may also choose to +use, distribute or otherwise make the Covered Software +available under the terms of any subsequent version of the +License published by the license steward. + +4.3. Modified Versions. + +When You are an Initial Developer and You want to create a +new license for Your Original Software, You may create and +use a modified version of this License if You: (a) rename +the license and remove any references to the name of the +license steward (except to note that the license differs +from this License); and (b) otherwise make it clear that +the license contains terms which differ from this License. + +5. DISCLAIMER OF WARRANTY. + +COVERED SOFTWARE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" +BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, +INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED +SOFTWARE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR +PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND +PERFORMANCE OF THE COVERED SOFTWARE IS WITH YOU. SHOULD ANY +COVERED SOFTWARE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE +INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF +ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF +WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF +ANY COVERED SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS +DISCLAIMER. + +6. TERMINATION. + +6.1. This License and the rights granted hereunder will +terminate automatically if You fail to comply with terms +herein and fail to cure such breach within 30 days of +becoming aware of the breach. Provisions which, by their +nature, must remain in effect beyond the termination of +this License shall survive. + +6.2. If You assert a patent infringement claim (excluding +declaratory judgment actions) against Initial Developer or +a Contributor (the Initial Developer or Contributor against +whom You assert such claim is referred to as "Participant") +alleging that the Participant Software (meaning the +Contributor Version where the Participant is a Contributor +or the Original Software where the Participant is the +Initial Developer) directly or indirectly infringes any +patent, then any and all rights granted directly or +indirectly to You by such Participant, the Initial +Developer (if the Initial Developer is not the Participant) +and all Contributors under Sections 2.1 and/or 2.2 of this +License shall, upon 60 days notice from Participant +terminate prospectively and automatically at the expiration +of such 60 day notice period, unless if within such 60 day +period You withdraw Your claim with respect to the +Participant Software against such Participant either +unilaterally or pursuant to a written agreement with +Participant. + +6.3. In the event of termination under Sections 6.1 or 6.2 +above, all end user licenses that have been validly granted +by You or any distributor hereunder prior to termination +(excluding licenses granted to You by any distributor) +shall survive termination. + +7. LIMITATION OF LIABILITY. + +UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT +(INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE +INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF +COVERED SOFTWARE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE +LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR +CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT +LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK +STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER +COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN +INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF +LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL +INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT +APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO +NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR +CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT +APPLY TO YOU. + +8. U.S. GOVERNMENT END USERS. + +The Covered Software is a "commercial item," as that term is +defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial +computer software" (as that term is defined at 48 C.F.R. ? +252.227-7014(a)(1)) and "commercial computer software +documentation" as such terms are used in 48 C.F.R. 12.212 (Sept. +1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 +through 227.7202-4 (June 1995), all U.S. Government End Users +acquire Covered Software with only those rights set forth herein. +This U.S. Government Rights clause is in lieu of, and supersedes, +any other FAR, DFAR, or other clause or provision that addresses +Government rights in computer software under this License. + +9. MISCELLANEOUS. + +This License represents the complete agreement concerning subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the +extent necessary to make it enforceable. This License shall be +governed by the law of the jurisdiction specified in a notice +contained within the Original Software (except to the extent +applicable law, if any, provides otherwise), excluding such +jurisdiction's conflict-of-law provisions. Any litigation +relating to this License shall be subject to the jurisdiction of +the courts located in the jurisdiction and venue specified in a +notice contained within the Original Software, with the losing +party responsible for costs, including, without limitation, court +costs and reasonable attorneys' fees and expenses. The +application of the United Nations Convention on Contracts for the +International Sale of Goods is expressly excluded. Any law or +regulation which provides that the language of a contract shall +be construed against the drafter shall not apply to this License. +You agree that You alone are responsible for compliance with the +United States export administration regulations (and the export +control laws and regulation of any other countries) when You use, +distribute or otherwise make available any Covered Software. + +10. RESPONSIBILITY FOR CLAIMS. + +As between Initial Developer and the Contributors, each party is +responsible for claims and damages arising, directly or +indirectly, out of its utilization of rights under this License +and You agree to work with Initial Developer and Contributors to +distribute such responsibility on an equitable basis. Nothing +herein is intended or shall be deemed to constitute any admission +of liability. http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/tomee/tomee-webapp/pom.xml ---------------------------------------------------------------------- diff --git a/tomee/tomee-webapp/pom.xml b/tomee/tomee-webapp/pom.xml index 40ebf3f..11b525a 100644 --- a/tomee/tomee-webapp/pom.xml +++ b/tomee/tomee-webapp/pom.xml @@ -165,7 +165,7 @@ <dependency> <groupId>org.apache.openejb.patch</groupId> <artifactId>openejb-jstl</artifactId> - <version>1.2</version> + <version>${openejb.version}</version> </dependency> <dependency> <groupId>org.apache.openejb</groupId>
