You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jg...@apache.org on 2017/09/18 21:41:05 UTC
tomee git commit: Pull in and patch JSTL for CVE-2015-0254
Repository: tomee
Updated Branches:
refs/heads/tomee-1.7.x 248ef7fd7 -> 45e33d766
Pull in and patch JSTL for CVE-2015-0254
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/45e33d76
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/45e33d76
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/45e33d76
Branch: refs/heads/tomee-1.7.x
Commit: 45e33d766175ba3437da60a8a88c12fdea9df71c
Parents: 248ef7f
Author: Jonathan Gallimore <jo...@jrg.me.uk>
Authored: Mon Sep 18 18:41:56 2017 +0100
Committer: Jonathan Gallimore <jo...@jrg.me.uk>
Committed: Mon Sep 18 22:26:18 2017 +0100
----------------------------------------------------------------------
deps/jstl-patched/pom.xml | 82 +++
.../standard/tag/common/xml/ParseSupport.java | 347 +++++++++++
.../tag/common/xml/TransformSupport.java | 369 ++++++++++++
.../src/main/resources/META-INF/LICENSE | 589 +++++++++++++++++++
tomee/tomee-webapp/pom.xml | 2 +-
5 files changed, 1388 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/deps/jstl-patched/pom.xml
----------------------------------------------------------------------
diff --git a/deps/jstl-patched/pom.xml b/deps/jstl-patched/pom.xml
new file mode 100644
index 0000000..432da9b
--- /dev/null
+++ b/deps/jstl-patched/pom.xml
@@ -0,0 +1,82 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <artifactId>deps</artifactId>
+ <groupId>org.apache.openejb</groupId>
+ <version>4.6.0.3-TT.9-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.apache.openejb.patch</groupId>
+ <artifactId>openejb-jstl</artifactId>
+ <name>Apache OpenEJB Patch :: JSTL</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>jstl</artifactId>
+ <version>1.2</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>jsp-api</artifactId>
+ <version>2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <version>2.3</version>
+ <executions>
+ <execution>
+ <id>patch</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <excludes>org/apache/taglibs/standard/tag/common/xml/TransformSupport.class</excludes>
+ <excludes>org/apache/taglibs/standard/tag/common/xml/ParseSupport.class</excludes>
+ <excludes>**/LICENSE*</excludes>
+ <artifactItems>
+ <artifactItem>
+ <groupId>javax.servlet</groupId>
+ <artifactId>jstl</artifactId>
+ <version>1.2</version>
+ <overWrite>false</overWrite>
+ <outputDirectory>${project.build.outputDirectory}</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+</project>
http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java
----------------------------------------------------------------------
diff --git a/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java b/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java
new file mode 100644
index 0000000..f8f22aa
--- /dev/null
+++ b/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java
@@ -0,0 +1,347 @@
+/*
+ * The contents of this file are subject to the terms
+ * of the Common Development and Distribution License
+ * (the "License"). You may not use this file except
+ * in compliance with the License.
+ *
+ * You can obtain a copy of the license at
+ * glassfish/bootstrap/legal/CDDLv1.0.txt or
+ * https://glassfish.dev.java.net/public/CDDLv1.0.html.
+ * See the License for the specific language governing
+ * permissions and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL
+ * HEADER in each file and include the License file at
+ * glassfish/bootstrap/legal/CDDLv1.0.txt. If applicable,
+ * add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your
+ * own identifying information: Portions Copyright [yyyy]
+ * [name of copyright owner]
+ *
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Portions Copyright Apache Software Foundation.
+ */
+
+package org.apache.taglibs.standard.tag.common.xml;
+
+import org.apache.taglibs.standard.resources.Resources;
+import org.apache.taglibs.standard.tag.common.core.ImportSupport;
+import org.apache.taglibs.standard.tag.common.core.Util;
+import org.w3c.dom.Document;
+import org.xml.sax.*;
+import org.xml.sax.helpers.XMLReaderFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspTagException;
+import javax.servlet.jsp.PageContext;
+import javax.servlet.jsp.tagext.BodyTagSupport;
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.sax.SAXTransformerFactory;
+import javax.xml.transform.sax.TransformerHandler;
+import java.io.*;
+
+/**
+ * <p>Support for tag handlers for <parse>, the XML parsing tag.</p>
+ *
+ * @author Shawn Bayern
+ */
+public abstract class ParseSupport extends BodyTagSupport {
+
+ //*********************************************************************
+ // Protected state
+
+ protected Object xml; // 'xml' attribute
+ protected String systemId; // 'systemId' attribute
+ protected XMLFilter filter; // 'filter' attribute
+
+ //*********************************************************************
+ // Private state
+
+ private String var; // 'var' attribute
+ private String varDom; // 'varDom' attribute
+ private int scope; // processed 'scope' attr
+ private int scopeDom; // processed 'scopeDom' attr
+
+ // state in support of XML parsing...
+ private DocumentBuilderFactory dbf;
+ private DocumentBuilder db;
+ private TransformerFactory tf;
+ private TransformerHandler th;
+
+
+ //*********************************************************************
+ // Constructor and initialization
+
+ public ParseSupport() {
+ super();
+ init();
+ }
+
+ private void init() {
+ var = varDom = null;
+ xml = null;
+ systemId = null;
+ filter = null;
+ dbf = null;
+ db = null;
+ tf = null;
+ th = null;
+ scope = PageContext.PAGE_SCOPE;
+ scopeDom = PageContext.PAGE_SCOPE;
+ }
+
+
+ //*********************************************************************
+ // Tag logic
+
+ // parse 'source' or body, storing result in 'var'
+ public int doEndTag() throws JspException {
+ try {
+
+ // set up our DocumentBuilder
+ if (dbf == null) {
+ dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setValidating(false);
+ try {
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (ParserConfigurationException e) {
+ throw new AssertionError("Parser does not support secure processing");
+ }
+ }
+ db = dbf.newDocumentBuilder();
+
+ // if we've gotten a filter, set up a transformer to support it
+ if (filter != null) {
+ if (tf == null)
+ tf = TransformerFactory.newInstance();
+ if (!tf.getFeature(SAXTransformerFactory.FEATURE))
+ throw new JspTagException(
+ Resources.getMessage("PARSE_NO_SAXTRANSFORMER"));
+ try {
+ tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (TransformerConfigurationException e) {
+ throw new AssertionError(
+ "TransformerFactory does not support secure processing");
+ }
+
+ SAXTransformerFactory stf = (SAXTransformerFactory) tf;
+ th = stf.newTransformerHandler();
+ }
+
+ // produce a Document by parsing whatever the attributes tell us to use
+ Document d;
+ Object xmlText = this.xml;
+ if (xmlText == null) {
+ // if the attribute was specified, use the body as 'xml'
+ if (bodyContent != null && bodyContent.getString() != null)
+ xmlText = bodyContent.getString().trim();
+ else
+ xmlText = "";
+ }
+ if (xmlText instanceof String)
+ d = parseStringWithFilter((String) xmlText, filter);
+ else if (xmlText instanceof Reader)
+ d = parseReaderWithFilter((Reader) xmlText, filter);
+ else
+ throw new JspTagException(
+ Resources.getMessage("PARSE_INVALID_SOURCE"));
+
+ // we've got a Document object; store it out as appropriate
+ // (let any exclusivity or other constraints be enforced by TEI/TLV)
+ if (var != null)
+ pageContext.setAttribute(var, d, scope);
+ if (varDom != null)
+ pageContext.setAttribute(varDom, d, scopeDom);
+
+ return EVAL_PAGE;
+ } catch (SAXException ex) {
+ throw new JspException(ex);
+ } catch (IOException ex) {
+ throw new JspException(ex);
+ } catch (ParserConfigurationException ex) {
+ throw new JspException(ex);
+ } catch (TransformerConfigurationException ex) {
+ throw new JspException(ex);
+ }
+ }
+
+ // Releases any resources we may have (or inherit)
+ public void release() {
+ init();
+ }
+
+
+ //*********************************************************************
+ // Private utility methods
+
+ /**
+ * Parses the given InputSource after, applying the given XMLFilter.
+ */
+ private Document parseInputSourceWithFilter(InputSource s, XMLFilter f)
+ throws SAXException, IOException {
+ if (f != null) {
+ // prepare an output Document
+ Document o = db.newDocument();
+
+ // use TrAX to adapt SAX events to a Document object
+ th.setResult(new DOMResult(o));
+ XMLReader xr = XMLReaderFactory.createXMLReader();
+ xr.setEntityResolver(new JstlEntityResolver(pageContext));
+ // (note that we overwrite the filter's parent. this seems
+ // to be expected usage. we could cache and reset the old
+ // parent, but you can't setParent(null), so this wouldn't
+ // be perfect.)
+ f.setParent(xr);
+ f.setContentHandler(th);
+ f.parse(s);
+ return o;
+ } else
+ return parseInputSource(s);
+ }
+
+ /**
+ * Parses the given Reader after applying the given XMLFilter.
+ */
+ private Document parseReaderWithFilter(Reader r, XMLFilter f)
+ throws SAXException, IOException {
+ return parseInputSourceWithFilter(new InputSource(r), f);
+ }
+
+ /**
+ * Parses the given String after applying the given XMLFilter.
+ */
+ private Document parseStringWithFilter(String s, XMLFilter f)
+ throws SAXException, IOException {
+ StringReader r = new StringReader(s);
+ return parseReaderWithFilter(r, f);
+ }
+
+ /**
+ * Parses the given Reader after applying the given XMLFilter.
+ */
+ private Document parseURLWithFilter(String url, XMLFilter f)
+ throws SAXException, IOException {
+ return parseInputSourceWithFilter(new InputSource(url), f);
+ }
+
+ /**
+ * Parses the given InputSource into a Document.
+ */
+ private Document parseInputSource(InputSource s)
+ throws SAXException, IOException {
+ db.setEntityResolver(new JstlEntityResolver(pageContext));
+
+ // normalize URIs so they can be processed consistently by resolver
+ if (systemId == null)
+ s.setSystemId("jstl:");
+ else if (ImportSupport.isAbsoluteUrl(systemId))
+ s.setSystemId(systemId);
+ else
+ s.setSystemId("jstl:" + systemId);
+ return db.parse(s);
+ }
+
+ /**
+ * Parses the given Reader into a Document.
+ */
+ private Document parseReader(Reader r) throws SAXException, IOException {
+ return parseInputSource(new InputSource(r));
+ }
+
+ /**
+ * Parses the given String into a Document.
+ */
+ private Document parseString(String s) throws SAXException, IOException {
+ StringReader r = new StringReader(s);
+ return parseReader(r);
+ }
+
+ /**
+ * Parses the URL (passed as a String) into a Document.
+ */
+ private Document parseURL(String url) throws SAXException, IOException {
+ return parseInputSource(new InputSource(url));
+ }
+
+ //*********************************************************************
+ // JSTL-specific EntityResolver class
+
+ /**
+ * Lets us resolve relative external entities.
+ */
+ public static class JstlEntityResolver implements EntityResolver {
+ private final PageContext ctx;
+
+ public JstlEntityResolver(PageContext ctx) {
+ this.ctx = ctx;
+ }
+
+ public InputSource resolveEntity(String publicId, String systemId)
+ throws FileNotFoundException {
+
+ // pass if we don't have a systemId
+ if (systemId == null)
+ return null;
+
+ // strip leading "jstl:" off URL if applicable
+ if (systemId.startsWith("jstl:"))
+ systemId = systemId.substring(5);
+
+ // we're only concerned with relative URLs
+ if (ImportSupport.isAbsoluteUrl(systemId))
+ return null;
+
+ // for relative URLs, load and wrap the resource.
+ // don't bother checking for 'null' since we specifically want
+ // the parser to fail if the resource doesn't exist
+ InputStream s;
+ if (systemId.startsWith("/")) {
+ s = ctx.getServletContext().getResourceAsStream(systemId);
+ if (s == null)
+ throw new FileNotFoundException(
+ Resources.getMessage("UNABLE_TO_RESOLVE_ENTITY",
+ systemId));
+ } else {
+ String pagePath =
+ ((HttpServletRequest) ctx.getRequest()).getServletPath();
+ String basePath =
+ pagePath.substring(0, pagePath.lastIndexOf("/"));
+ s = ctx.getServletContext().getResourceAsStream(
+ basePath + "/" + systemId);
+ if (s == null)
+ throw new FileNotFoundException(
+ Resources.getMessage("UNABLE_TO_RESOLVE_ENTITY",
+ systemId));
+ }
+ return new InputSource(s);
+ }
+ }
+
+ //*********************************************************************
+ // Tag attributes
+
+ public void setVar(String var) {
+ this.var = var;
+ }
+
+ public void setVarDom(String varDom) {
+ this.varDom = varDom;
+ }
+
+ public void setScope(String scope) {
+ this.scope = Util.getScope(scope);
+ }
+
+ public void setScopeDom(String scopeDom) {
+ this.scopeDom = Util.getScope(scopeDom);
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java
----------------------------------------------------------------------
diff --git a/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java b/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java
new file mode 100644
index 0000000..11975b6
--- /dev/null
+++ b/deps/jstl-patched/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java
@@ -0,0 +1,369 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.taglibs.standard.tag.common.xml;
+
+import org.apache.taglibs.standard.resources.Resources;
+import org.apache.taglibs.standard.tag.common.core.ImportSupport;
+import org.apache.taglibs.standard.tag.common.core.Util;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.XMLReader;
+import org.xml.sax.helpers.XMLReaderFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspTagException;
+import javax.servlet.jsp.PageContext;
+import javax.servlet.jsp.tagext.BodyTagSupport;
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.URIResolver;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.sax.SAXSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.Writer;
+import java.util.List;
+import java.util.MissingResourceException;
+
+public abstract class TransformSupport extends BodyTagSupport {
+
+ protected Object xml;
+
+ protected String xmlSystemId;
+
+ protected Object xslt;
+
+ protected String xsltSystemId;
+
+ protected Result result;
+
+ private String var;
+
+ private int scope;
+
+ private Transformer t;
+
+ private final TransformerFactory tf;
+
+ private final DocumentBuilder db;
+
+ public TransformSupport() {
+ super();
+ try {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setValidating(false);
+ db = dbf.newDocumentBuilder();
+ tf = TransformerFactory.newInstance();
+ } catch (ParserConfigurationException e) {
+ throw (AssertionError) new AssertionError("Unable to create DocumentBuilder").initCause(e);
+ }
+
+ init();
+ }
+
+ private void init() {
+ xml = xslt = null;
+ xmlSystemId = xsltSystemId = null;
+ var = null;
+ result = null;
+ tf.setURIResolver(null);
+ scope = PageContext.PAGE_SCOPE;
+ }
+
+ @Override
+ public int doStartTag()
+ throws JspException {
+
+ t = getTransformer(xslt, xsltSystemId);
+ return EVAL_BODY_BUFFERED;
+ }
+
+ @Override
+ public int doEndTag()
+ throws JspException {
+ try {
+
+ Object xml = this.xml;
+ if (xml == null) {
+ if (bodyContent != null && bodyContent.getString() != null) {
+ xml = bodyContent.getString().trim();
+ } else {
+ xml = "";
+ }
+ }
+
+ if (isNullOrEmpty(xml)) {
+ throw new JspTagException("xml is null");
+ }
+
+ Source source = getSource(xml, xmlSystemId);
+
+ if (result != null) {
+ t.transform(source, result);
+ } else if (var != null) {
+
+ Document d = db.newDocument();
+ Result doc = new DOMResult(d);
+ t.transform(source, doc);
+ pageContext.setAttribute(var, d, scope);
+ } else {
+ Result page = new StreamResult(new SafeWriter(pageContext.getOut()));
+ t.transform(source, page);
+ }
+
+ return EVAL_PAGE;
+ } catch (SAXException ex) {
+ throw new JspException(ex);
+ } catch (ParserConfigurationException ex) {
+ throw new JspException(ex);
+ } catch (IOException ex) {
+ throw new JspException(ex);
+ } catch (TransformerException ex) {
+ throw new JspException(ex);
+ }
+ }
+
+
+ @Override
+ public void release() {
+ super.release();
+ init();
+ }
+
+ @Override
+ public void setPageContext(PageContext pageContext) {
+ super.setPageContext(pageContext);
+ tf.setURIResolver(pageContext == null ? null : new JstlUriResolver(pageContext));
+ }
+
+
+ public void addParameter(String name, Object value) {
+ t.setParameter(name, value);
+ }
+
+ private static String wrapSystemId(String systemId) {
+ if (systemId == null) {
+ return "jstl:";
+ } else if (ImportSupport.isAbsoluteUrl(systemId)) {
+ return systemId;
+ } else {
+ return ("jstl:" + systemId);
+ }
+ }
+
+ Transformer getTransformer(final Object xslt, final String systemId)
+ throws JspException {
+ if (isNullOrEmpty(xslt)) {
+ String name = "TRANSFORM_XSLT_IS_NULL";
+ throw new JspTagException(getMessage(name));
+ }
+
+ try {
+
+ final Source s = getSource(xslt, systemId);
+
+ tf.setURIResolver(new JstlUriResolver(pageContext));
+ tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ return tf.newTransformer(s);
+
+ } catch (SAXException ex) {
+ throw new JspException(ex);
+ } catch (ParserConfigurationException ex) {
+ throw new JspException(ex);
+ } catch (IOException ex) {
+ throw new JspException(ex);
+ } catch (TransformerConfigurationException ex) {
+ throw new JspException(ex);
+ }
+ }
+
+ private String getMessage(String name) {
+ try {
+ return Resources.getMessage(name);
+ } catch (MissingResourceException e) {
+ return name;
+ }
+ }
+
+ protected boolean isNullOrEmpty(Object value) {
+ if (value == null) {
+ return true;
+ }
+
+ if (!(value instanceof String)) {
+ return false;
+ }
+
+ String str = (String) value;
+ str = str.trim();
+ return str.isEmpty();
+ }
+
+ private Source getSource(Object o, String systemId)
+ throws SAXException, ParserConfigurationException, IOException, JspTagException {
+ if (o == null) {
+ throw new JspTagException(getMessage("TRANSFORM_XML_IS_NULL"));
+ }
+
+ if (o instanceof List) {
+
+ List<?> list = (List<?>) o;
+ if (list.size() != 1) {
+ throw new JspTagException(getMessage("TRANSFORM_XML_LIST_SIZE"));
+ }
+ return getSource(list.get(0), systemId);
+ }
+
+ if (o instanceof Source) {
+ return (Source) o;
+ }
+
+ if (o instanceof String) {
+ String s = (String) o;
+ s = s.trim();
+ if (s.length() == 0) {
+ throw new JspTagException(getMessage("TRANSFORM_XML_IS_EMPTY"));
+ }
+ return getSource(new StringReader(s), systemId);
+ }
+
+ if (o instanceof Reader) {
+ return getSource((Reader) o, systemId);
+ }
+
+ if (o instanceof Node) {
+ return new DOMSource((Node) o, systemId);
+ }
+ throw new JspTagException(Resources.getMessage("TRANSFORM_XML_UNSUPPORTED_TYPE", o.getClass()));
+ }
+
+ Source getSource(Reader reader, String systemId)
+ throws JspTagException {
+ try {
+ XMLReader xr = XMLReaderFactory.createXMLReader();
+ xr.setEntityResolver(new ParseSupport.JstlEntityResolver(pageContext));
+ xr.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ InputSource s = new InputSource(reader);
+ s.setSystemId(wrapSystemId(systemId));
+ Source result = new SAXSource(xr, s);
+ result.setSystemId(wrapSystemId(systemId));
+ return result;
+ } catch (SAXException e) {
+ throw new JspTagException(e);
+ }
+ }
+
+
+ public void setVar(String var) {
+ this.var = var;
+ }
+
+ public void setScope(String scope) {
+ this.scope = Util.getScope(scope);
+ }
+
+ private static class SafeWriter
+ extends Writer {
+ private final Writer w;
+
+ public SafeWriter(Writer w) {
+ this.w = w;
+ }
+
+ @Override
+ public void close() {
+ }
+
+ @Override
+ public void flush() {
+ }
+
+ @Override
+ public void write(char[] cbuf, int off, int len)
+ throws IOException {
+ w.write(cbuf, off, len);
+ }
+ }
+
+ private static class JstlUriResolver
+ implements URIResolver {
+ private final PageContext ctx;
+
+ public JstlUriResolver(PageContext ctx) {
+ this.ctx = ctx;
+ }
+
+ public Source resolve(String href, String base)
+ throws TransformerException {
+
+ if (href == null) {
+ return null;
+ }
+
+ int index;
+ if (base != null && (index = base.indexOf("jstl:")) != -1) {
+ base = base.substring(index + 5);
+ }
+
+ if (ImportSupport.isAbsoluteUrl(href) || (base != null && ImportSupport.isAbsoluteUrl(base))) {
+ return null;
+ }
+
+ if (base == null || base.lastIndexOf("/") == -1) {
+ base = "";
+ } else {
+ base = base.substring(0, base.lastIndexOf("/") + 1);
+ }
+
+ String target = base + href;
+
+ InputStream s;
+ if (target.startsWith("/")) {
+ s = ctx.getServletContext().getResourceAsStream(target);
+ if (s == null) {
+ throw new TransformerException(Resources.getMessage("UNABLE_TO_RESOLVE_ENTITY", href));
+ }
+ } else {
+ String pagePath = ((HttpServletRequest) ctx.getRequest()).getServletPath();
+ String basePath = pagePath.substring(0, pagePath.lastIndexOf("/"));
+ s = ctx.getServletContext().getResourceAsStream(basePath + "/" + target);
+ if (s == null) {
+ throw new TransformerException(Resources.getMessage("UNABLE_TO_RESOLVE_ENTITY", href));
+ }
+ }
+ return new StreamSource(s);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/deps/jstl-patched/src/main/resources/META-INF/LICENSE
----------------------------------------------------------------------
diff --git a/deps/jstl-patched/src/main/resources/META-INF/LICENSE b/deps/jstl-patched/src/main/resources/META-INF/LICENSE
new file mode 100644
index 0000000..86ad814
--- /dev/null
+++ b/deps/jstl-patched/src/main/resources/META-INF/LICENSE
@@ -0,0 +1,589 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+
+=========================================================================
+ - JSTL & JSP
+ License: CDDL
+-------------------------------------------------------------------------
+
+COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
+
+1. Definitions.
+
+1.1. "Contributor" means each individual or entity that
+creates or contributes to the creation of Modifications.
+
+1.2. "Contributor Version" means the combination of the
+Original Software, prior Modifications used by a
+Contributor (if any), and the Modifications made by that
+particular Contributor.
+
+1.3. "Covered Software" means (a) the Original Software, or
+(b) Modifications, or (c) the combination of files
+containing Original Software with files containing
+Modifications, in each case including portions thereof.
+
+1.4. "Executable" means the Covered Software in any form
+other than Source Code.
+
+1.5. "Initial Developer" means the individual or entity
+that first makes Original Software available under this
+License.
+
+1.6. "Larger Work" means a work which combines Covered
+Software or portions thereof with code not governed by the
+terms of this License.
+
+1.7. "License" means this document.
+
+1.8. "Licensable" means having the right to grant, to the
+maximum extent possible, whether at the time of the initial
+grant or subsequently acquired, any and all of the rights
+conveyed herein.
+
+1.9. "Modifications" means the Source Code and Executable
+form of any of the following:
+
+A. Any file that results from an addition to,
+deletion from or modification of the contents of a
+file containing Original Software or previous
+Modifications;
+
+B. Any new file that contains any part of the
+Original Software or previous Modification; or
+
+C. Any new file that is contributed or otherwise made
+available under the terms of this License.
+
+1.10. "Original Software" means the Source Code and
+Executable form of computer software code that is
+originally released under this License.
+
+1.11. "Patent Claims" means any patent claim(s), now owned
+or hereafter acquired, including without limitation,
+method, process, and apparatus claims, in any patent
+Licensable by grantor.
+
+1.12. "Source Code" means (a) the common form of computer
+software code in which modifications are made and (b)
+associated documentation included in or with such code.
+
+1.13. "You" (or "Your") means an individual or a legal
+entity exercising rights under, and complying with all of
+the terms of, this License. For legal entities, "You"
+includes any entity which controls, is controlled by, or is
+under common control with You. For purposes of this
+definition, "control" means (a) the power, direct or
+indirect, to cause the direction or management of such
+entity, whether by contract or otherwise, or (b) ownership
+of more than fifty percent (50%) of the outstanding shares
+or beneficial ownership of such entity.
+
+2. License Grants.
+
+2.1. The Initial Developer Grant.
+
+Conditioned upon Your compliance with Section 3.1 below and
+subject to third party intellectual property claims, the
+Initial Developer hereby grants You a world-wide,
+royalty-free, non-exclusive license:
+
+(a) under intellectual property rights (other than
+patent or trademark) Licensable by Initial Developer,
+to use, reproduce, modify, display, perform,
+sublicense and distribute the Original Software (or
+portions thereof), with or without Modifications,
+and/or as part of a Larger Work; and
+
+(b) under Patent Claims infringed by the making,
+using or selling of Original Software, to make, have
+made, use, practice, sell, and offer for sale, and/or
+otherwise dispose of the Original Software (or
+portions thereof).
+
+(c) The licenses granted in Sections 2.1(a) and (b)
+are effective on the date Initial Developer first
+distributes or otherwise makes the Original Software
+available to a third party under the terms of this
+License.
+
+(d) Notwithstanding Section 2.1(b) above, no patent
+license is granted: (1) for code that You delete from
+the Original Software, or (2) for infringements
+caused by: (i) the modification of the Original
+Software, or (ii) the combination of the Original
+Software with other software or devices.
+
+2.2. Contributor Grant.
+
+Conditioned upon Your compliance with Section 3.1 below and
+subject to third party intellectual property claims, each
+Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than
+patent or trademark) Licensable by Contributor to
+use, reproduce, modify, display, perform, sublicense
+and distribute the Modifications created by such
+Contributor (or portions thereof), either on an
+unmodified basis, with other Modifications, as
+Covered Software and/or as part of a Larger Work; and
+
+(b) under Patent Claims infringed by the making,
+using, or selling of Modifications made by that
+Contributor either alone and/or in combination with
+its Contributor Version (or portions of such
+combination), to make, use, sell, offer for sale,
+have made, and/or otherwise dispose of: (1)
+Modifications made by that Contributor (or portions
+thereof); and (2) the combination of Modifications
+made by that Contributor with its Contributor Version
+(or portions of such combination).
+
+(c) The licenses granted in Sections 2.2(a) and
+2.2(b) are effective on the date Contributor first
+distributes or otherwise makes the Modifications
+available to a third party.
+
+(d) Notwithstanding Section 2.2(b) above, no patent
+license is granted: (1) for any code that Contributor
+has deleted from the Contributor Version; (2) for
+infringements caused by: (i) third party
+modifications of Contributor Version, or (ii) the
+combination of Modifications made by that Contributor
+with other software (except as part of the
+Contributor Version) or other devices; or (3) under
+Patent Claims infringed by Covered Software in the
+absence of Modifications made by that Contributor.
+
+3. Distribution Obligations.
+
+3.1. Availability of Source Code.
+
+Any Covered Software that You distribute or otherwise make
+available in Executable form must also be made available in
+Source Code form and that Source Code form must be
+distributed only under the terms of this License. You must
+include a copy of this License with every copy of the
+Source Code form of the Covered Software You distribute or
+otherwise make available. You must inform recipients of any
+such Covered Software in Executable form as to how they can
+obtain such Covered Software in Source Code form in a
+reasonable manner on or through a medium customarily used
+for software exchange.
+
+3.2. Modifications.
+
+The Modifications that You create or to which You
+contribute are governed by the terms of this License. You
+represent that You believe Your Modifications are Your
+original creation(s) and/or You have sufficient rights to
+grant the rights conveyed by this License.
+
+3.3. Required Notices.
+
+You must include a notice in each of Your Modifications
+that identifies You as the Contributor of the Modification.
+You may not remove or alter any copyright, patent or
+trademark notices contained within the Covered Software, or
+any notices of licensing or any descriptive text giving
+attribution to any Contributor or the Initial Developer.
+
+3.4. Application of Additional Terms.
+
+You may not offer or impose any terms on any Covered
+Software in Source Code form that alters or restricts the
+applicable version of this License or the recipients'
+rights hereunder. You may choose to offer, and to charge a
+fee for, warranty, support, indemnity or liability
+obligations to one or more recipients of Covered Software.
+However, you may do so only on Your own behalf, and not on
+behalf of the Initial Developer or any Contributor. You
+must make it absolutely clear that any such warranty,
+support, indemnity or liability obligation is offered by
+You alone, and You hereby agree to indemnify the Initial
+Developer and every Contributor for any liability incurred
+by the Initial Developer or such Contributor as a result of
+warranty, support, indemnity or liability terms You offer.
+
+3.5. Distribution of Executable Versions.
+
+You may distribute the Executable form of the Covered
+Software under the terms of this License or under the terms
+of a license of Your choice, which may contain terms
+different from this License, provided that You are in
+compliance with the terms of this License and that the
+license for the Executable form does not attempt to limit
+or alter the recipient's rights in the Source Code form
+from the rights set forth in this License. If You
+distribute the Covered Software in Executable form under a
+different license, You must make it absolutely clear that
+any terms which differ from this License are offered by You
+alone, not by the Initial Developer or Contributor. You
+hereby agree to indemnify the Initial Developer and every
+Contributor for any liability incurred by the Initial
+Developer or such Contributor as a result of any such terms
+You offer.
+
+3.6. Larger Works.
+
+You may create a Larger Work by combining Covered Software
+with other code not governed by the terms of this License
+and distribute the Larger Work as a single product. In such
+a case, You must make sure the requirements of this License
+are fulfilled for the Covered Software.
+
+4. Versions of the License.
+
+4.1. New Versions.
+
+Sun Microsystems, Inc. is the initial license steward and
+may publish revised and/or new versions of this License
+from time to time. Each version will be given a
+distinguishing version number. Except as provided in
+Section 4.3, no one other than the license steward has the
+right to modify this License.
+
+4.2. Effect of New Versions.
+
+You may always continue to use, distribute or otherwise
+make the Covered Software available under the terms of the
+version of the License under which You originally received
+the Covered Software. If the Initial Developer includes a
+notice in the Original Software prohibiting it from being
+distributed or otherwise made available under any
+subsequent version of the License, You must distribute and
+make the Covered Software available under the terms of the
+version of the License under which You originally received
+the Covered Software. Otherwise, You may also choose to
+use, distribute or otherwise make the Covered Software
+available under the terms of any subsequent version of the
+License published by the license steward.
+
+4.3. Modified Versions.
+
+When You are an Initial Developer and You want to create a
+new license for Your Original Software, You may create and
+use a modified version of this License if You: (a) rename
+the license and remove any references to the name of the
+license steward (except to note that the license differs
+from this License); and (b) otherwise make it clear that
+the license contains terms which differ from this License.
+
+5. DISCLAIMER OF WARRANTY.
+
+COVERED SOFTWARE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS"
+BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
+INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED
+SOFTWARE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR
+PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE COVERED SOFTWARE IS WITH YOU. SHOULD ANY
+COVERED SOFTWARE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE
+INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF
+ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF
+WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF
+ANY COVERED SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS
+DISCLAIMER.
+
+6. TERMINATION.
+
+6.1. This License and the rights granted hereunder will
+terminate automatically if You fail to comply with terms
+herein and fail to cure such breach within 30 days of
+becoming aware of the breach. Provisions which, by their
+nature, must remain in effect beyond the termination of
+this License shall survive.
+
+6.2. If You assert a patent infringement claim (excluding
+declaratory judgment actions) against Initial Developer or
+a Contributor (the Initial Developer or Contributor against
+whom You assert such claim is referred to as "Participant")
+alleging that the Participant Software (meaning the
+Contributor Version where the Participant is a Contributor
+or the Original Software where the Participant is the
+Initial Developer) directly or indirectly infringes any
+patent, then any and all rights granted directly or
+indirectly to You by such Participant, the Initial
+Developer (if the Initial Developer is not the Participant)
+and all Contributors under Sections 2.1 and/or 2.2 of this
+License shall, upon 60 days notice from Participant
+terminate prospectively and automatically at the expiration
+of such 60 day notice period, unless if within such 60 day
+period You withdraw Your claim with respect to the
+Participant Software against such Participant either
+unilaterally or pursuant to a written agreement with
+Participant.
+
+6.3. In the event of termination under Sections 6.1 or 6.2
+above, all end user licenses that have been validly granted
+by You or any distributor hereunder prior to termination
+(excluding licenses granted to You by any distributor)
+shall survive termination.
+
+7. LIMITATION OF LIABILITY.
+
+UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT
+(INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE
+INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF
+COVERED SOFTWARE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE
+LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR
+CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT
+LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK
+STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER
+COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN
+INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF
+LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL
+INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT
+APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO
+NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR
+CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT
+APPLY TO YOU.
+
+8. U.S. GOVERNMENT END USERS.
+
+The Covered Software is a "commercial item," as that term is
+defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial
+computer software" (as that term is defined at 48 C.F.R. ?
+252.227-7014(a)(1)) and "commercial computer software
+documentation" as such terms are used in 48 C.F.R. 12.212 (Sept.
+1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1
+through 227.7202-4 (June 1995), all U.S. Government End Users
+acquire Covered Software with only those rights set forth herein.
+This U.S. Government Rights clause is in lieu of, and supersedes,
+any other FAR, DFAR, or other clause or provision that addresses
+Government rights in computer software under this License.
+
+9. MISCELLANEOUS.
+
+This License represents the complete agreement concerning subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the
+extent necessary to make it enforceable. This License shall be
+governed by the law of the jurisdiction specified in a notice
+contained within the Original Software (except to the extent
+applicable law, if any, provides otherwise), excluding such
+jurisdiction's conflict-of-law provisions. Any litigation
+relating to this License shall be subject to the jurisdiction of
+the courts located in the jurisdiction and venue specified in a
+notice contained within the Original Software, with the losing
+party responsible for costs, including, without limitation, court
+costs and reasonable attorneys' fees and expenses. The
+application of the United Nations Convention on Contracts for the
+International Sale of Goods is expressly excluded. Any law or
+regulation which provides that the language of a contract shall
+be construed against the drafter shall not apply to this License.
+You agree that You alone are responsible for compliance with the
+United States export administration regulations (and the export
+control laws and regulation of any other countries) when You use,
+distribute or otherwise make available any Covered Software.
+
+10. RESPONSIBILITY FOR CLAIMS.
+
+As between Initial Developer and the Contributors, each party is
+responsible for claims and damages arising, directly or
+indirectly, out of its utilization of rights under this License
+and You agree to work with Initial Developer and Contributors to
+distribute such responsibility on an equitable basis. Nothing
+herein is intended or shall be deemed to constitute any admission
+of liability.
http://git-wip-us.apache.org/repos/asf/tomee/blob/45e33d76/tomee/tomee-webapp/pom.xml
----------------------------------------------------------------------
diff --git a/tomee/tomee-webapp/pom.xml b/tomee/tomee-webapp/pom.xml
index 40ebf3f..11b525a 100644
--- a/tomee/tomee-webapp/pom.xml
+++ b/tomee/tomee-webapp/pom.xml
@@ -165,7 +165,7 @@
<dependency>
<groupId>org.apache.openejb.patch</groupId>
<artifactId>openejb-jstl</artifactId>
- <version>1.2</version>
+ <version>${openejb.version}</version>
</dependency>
<dependency>
<groupId>org.apache.openejb</groupId>