Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
netty.28292
netty.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File netty.changes of Package netty.28292
------------------------------------------------------------------- Thu Mar 30 16:49:51 UTC 2023 - Fridrich Strba <fstrba@suse.com> - Upgrade to upstreeam version 4.1.90 * Fixes of 4.1.90: + Adding header name of the header which failed validation + Fix HttpHeaders.names for non-String headers + Save expensive volatile operations in the common hot http decoder path + Avoid slow type checks against promises on outbound buffer's progress + Implement NonStickyEventExecutorGroup.inEventLoop + Native image: add support for unix domain sockets + Use MacOS SDK 10.9 to prevent apple notarization failures + Increase errno cache and guard against IOOBE + Don't reset BCSSLParameters when setting application protocols + WebSocketClientProtocolHandler: add option to disable UTF8 validation + Chunked HTTP length decoding should account for whitespaces/ctrl chars + Handle NullPointerException thrown from NetworkInterface.getNetworkInterfaces() * Fixes of 4.1.89: + Don't fail on HttpObjectDecoder's maxHeaderSize greater then (Integer.MAX_VALUE - 2) + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when upgrading from 4.1.87.Final to 4.1.88.Final * Fixes of 4.1.88: + Speed-up HTTP 1.1 header and line parsing + Add StacklessSSLHandshakeException for ClosedChannelException + Modify changed CloseWebSocketFrame#statusCode() to change the fetch code to unsigned + Check if CommandLineTools are installed before trying to execute install_name_tool + Allow to adjust the GlobalEventExecutor quietPeriod via a system property + Add SslProvider.isOptionSupported(...) + Fix FlowControlHandler's behaviour to pass read events when auto-reading is turned off + Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add transfer-encoding for 204/304 response + Only do extra CNAME query if we couldnt follow the whole CNAME chain in the response + Include query id when a query failed + DnsResolveContext: include expected record types in exception message + Add necessary native-image configuration files for epoll + Create a deep-copy of the Throwable before returning it from the cache to prevent possible leaks + Always respect completeOncePreferredResolved in DnsNameResolver + fix brotli compression + Optionally depend on bctls-jdk15on + Make releasing objects back to Recycler faster + Correctly keep track of validExtensions per request / response + Add handling of inflight lookups to reduce real queries when lookup same hostname + DnsQueryContext: include query id and question info in exception message + AsciiStrings can be batch-encoded * Fixes of 4.1.87: + Upgrade to latest netty-tcnative release which doesnt link libcrypt + Add recvmmsg & sendmmsg syscall number for loongarch64 + Return correct value from SSLSession.getPacketSize() when using native SSL implementation + Explicit disable TLSv1.3 in the OpenSSL options if not supported + Support handshake timeout in SniHandler. + Extend DNS address supplier interface to provide feedback * Fixes of 4.1.86: + HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360, CVE-2022-41881) + HTTP Response splitting from assigning header value iterator (bsc#1206379, CVE-2022-41915) + Revert #12888 for potential task scheduling problems in HashedWheelTimer + Deprecate ObjectEncoder/ObjectDecoder + HPACK dynamic table size update must happen at the beginning of the header block * Fixes of 4.1.85: + A bug in FlowControlHandler that broke auto-read has been fixed + The HTTP/2 HPACK encoder is now faster at encoding headers that have many values + A potential memory leak bug has been fixed in the pooled allocator + Fix an issue with the Blockhound integration, which could cause the MacOSDnsServerAddressStreamProvider to be flagged as making blocking calls + Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have been fixed + ByteToMessageDecoder now handle situations where the same ByteBuf instance is read multiple times + The check that ensures the HTTP/1 Content-Length header is unique, now no longer causes headers to be rearranged (change their order) + Fix a NullPointerException bug with class initialisation order between InternalLogger and InternalThreadLocalMap + When the netty-resolver-dns-native-macos classes can't load their native bindings, they now only print a short error message instead of the huge stack trace it printed previously. The stack trace is still included if DEBUG logging is enabled + The Graal native-image meta-data is now placed in the recommended location, and no longer causes warnings to be printed + The HTTP/1 and HTTP/2 codecs now properly support RFC 8297 Early Hints + Subclasses of FastThreadLocalThread can now tell the Netty Blockhound integration that they should be allowed to make blocking calls + Validation of HTTP/2 connection headers have been moved from Http2Headers to HpackDecoder, so that outgoing headers are not validated * Fixes of 4.1.84: + HTTP/2 header values with invalid characters are now rejected in header validation + We now automatically generate conditional meta-data for native-image use, making GraalVM support more reliable + Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the Klass::secondary_super_cache field in the JVM (See JDK-8180450) + Made the HTTP/2 HPACK static table implementation faster by using a perfect hash function + Fixed a bug in our PEMParser when PEM files have multiple objects, and BouncyCastle is on the classpath * Fixes of 4.1.82: + Fix a NullPointerException bug when calling forEachByte on nested CompositeByteBufs + Relax an overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox + The OpenSSL and BoringSSL implementations now respect the jdk.tls.client.protocols and jdk.tls.server.protocols system properties, making them react to these in the same way the JDK SSL provider does * Fixes of 4.1.81: + Fix a regression SslContext private key loading + Fix a bug in SslContext private key reading fall-back path + Fix a buffer leak regression in HttpClientCodec + Fix a bug where some HttpMessage implementations, that also implement HttpContent, were not handled correctly + The MessageFormatter and FormattingTuple classes are now usable in the public API + Connection related headers in HTTP/2 frames are now rejected, in compliance with the specification * Fixes of 4.1.80: + HttpObjectEncoder scalability issue due to instanceof checks + Improve logging when MacOSDnsServerAddressStreamProvider cannot be found/loaded + Replace stdlib write/read with send/recv + Support for pkcs1 + Add Blockhound exceptions for the PooledByteBufAllocator + Fix epoll bug when receiving zero-sized datagrams + Avoid including header values in header validation failure exceptions + Avoid allocating large buffers in JdkZlibEncoder + Native Image Support: Set IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default for native images + We need to use disconnectx(...) on macOS + Replace synchronized with Java Locks on the allocator + Don't use static instances of FixedRecvByteBufAllocator + Add escaping for stomp headers * Fixes of 4.1.79: + The PEM certificate parser is no longer susceptible to exponential back-off + Non-standard extra ampersands in HTTP POST bodies are no longer rejected + An io.netty.osClassifiers system property has been added to avoid reading os-release files + Fix a bug in SslHandler so handlerRemoved works properly even if handlerAdded throws an exception + Use the correct OSGi processor directive on aarch64, making it possible to use OSGi on ARM + HTTP paths that begin with a double-slash are now parsed the same way browsers do + The isCompleted flag is now correctly preserved on objects from HttpData.retainedDuplicate() + The HttpUtil.isOriginForm() and isAsteriskForm() methods now correctly conform with RFC 7230 + Fix an issue that allowed the multicast methods on EpollDatagramChannel to be called outside of an event-loop thread + Support for the LoongArch64 processor architecture has been added * Fixes of 4.1.78: + Fix a bug where an OPT record was added to DNS queries that already had such a record + Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name + Fix an issue in the BlockHound integration that could occasionally cause NetUtil to be reported as performing blocking operations + A similar BlockHound issue was fixed for the JdkSslContext + Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge + Fixes a rare NullPointerException that could occur when a ReferenceCountedOpenSslEngine threw an OutOfMemoryError from its constructor, and was then later finalized + The SslHandler now adds the socket file descriptor to the BIOs, when the SslEngine supports this (boringssl and libressl), which allow tracing and observability tools to monitor encryption traffic on a per-connection basis. + It is now possible to explicitly step the scheduling clock in EmbeddedEventLoop, which is useful for making automated tests with deterministic scheduling * Fixes of 4.1.77: + Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for Java 6 and lower in io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823) + Upgraded the optional netty-tcnative dependency to version 2.0.52.Final + Fix a bug where Netty fails to load a shaded native library + Include classifier in Automatic-Module-Name + Check if epoll_pwait2 is implemented + Don't call strdup on packagePrefix + Enable debugging of asynchronous tasks in Intellij + Throwing an exception in case glibc is missing instead of segfaulting the JVM * Fixes of 4.1.76: + Upgraded the optional netty-tcnative dependency to version 2.0.51.Final + Upgraded the optional log4j dependency to version 2.17.2 + The netty-all module now declare an automatic module name, making it useable with Java Modules. + It is now possible to configure arbitrary socket options for the native epoll and kqueue transports. Refer to your operating system documentation for what options are available. + It is now possible to explicitly bind channels to either IPv4 or IPv6. + The HTTP/2 header validation that rejects duplicate pseudo-headers, which was added in 4.1.75.Final, has been changed so it no longer breaks older versions of gRPC. " Fix a NullPointerException that was hiding the real cause of certain HTTP/2 header decoding errors. - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * no-brotli-zstd.patch -> 0004-Disable-Brotli-and-ZStd-compression.patch * no-werror.patch + rebase - Removed patches: * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch + we have the dependencies, so no need to disable them * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + solve the build breakages differently - Added patches: * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch + do not use annotations for which we don't have dependencies * 0007-Do-not-require-the-tcnative-native-library.patch + our tcnative library is installed system-wide ------------------------------------------------------------------- Thu Oct 13 11:21:47 UTC 2022 - Fridrich Strba <fstrba@suse.com> - Force building with java 11 on ix86 in order to avoid random build failures ------------------------------------------------------------------- Fri Apr 8 07:27:55 UTC 2022 - Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.75 - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + rebase ------------------------------------------------------------------- Tue Feb 22 18:27:07 UTC 2022 - Fridrich Strba <fstrba@suse.com> - Do not build against the log4j12 packages ------------------------------------------------------------------- Tue Dec 14 06:31:10 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.72 * fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way * fixes: bsc#1193672, CVE-2021-43797: possible HTTP request smuggling due to insufficient validation against control characters * fixes: bsc#1184203, CVE-2021-21409: request smuggling via content-length header - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch * no-werror.patch + rediff to changed context - Added patch: * no-brotli-zstd.patch + disable Brotli and Zstd compression, since we lack the dependencies needed to build them ------------------------------------------------------------------- Fri Mar 12 08:31:56 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.60 * fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request Content-Length header field is not validated by 'Http2MultiplexHandler' - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch + rediff to changed context - Added patch: * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + revert optional disabled cache implementation that conflicts with our 0004-Remove-optional-dep-tcnative.patch ------------------------------------------------------------------- Thu Feb 11 12:00:22 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.59 - Removed patches: * netty-CVE-2020-11612.patch * netty-CVE-2021-21290.patch + fixes integrated in the upstream sources * 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch * 0002-Remove-NPN.patch * 0003-Remove-conscrypt-ALPN.patch * 0004-Remove-jetty-ALPN.patch + replaced by new patches - Added patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch + remove various optional dependencies that we do not need * 0006-revert-Fix-native-image-build.patch + Revert changes that introduce a new dependency that we do not have * no-werror.patch + Do not treat warnings as errors - Build -poms and -javadoc as noarch packages, since they do not install anything in arch-dependent directories ------------------------------------------------------------------- Thu Feb 11 09:20:25 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Added patch: * netty-CVE-2021-21290.patch + bsc#1182103, CVE-2021-21290 ------------------------------------------------------------------- Thu Apr 9 07:54:00 UTC 2020 - Fridrich Strba <fstrba@suse.com> - Added patch: * netty-CVE-2020-11612.patch + bsc#1168932, CVE-2020-11612 + bsc#1169082, CVE-2020-10707 ------------------------------------------------------------------- Thu Jan 9 15:14:41 UTC 2020 - Fridrich Strba <fstrba@suse.com> - Split pom-only artifacts into a subpackage netty-pom in order to generate their dependencies correctly ------------------------------------------------------------------- Wed Nov 13 19:18:57 UTC 2019 - Fridrich Strba <fstrba@suse.com> - Initial packaging of netty 4.1.13
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor