Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP4:FactoryCandidates
netty
netty.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File netty.changes of Package netty
------------------------------------------------------------------- Wed Oct 30 14:29:44 UTC 2024 - Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.114 * Fixes of 4.1.114: + Validate HTTP Method + Release AdaptiveByteBuf when ownership could not be transfered + Make arenas reuse their last chunk more aggressively + Only add Magazine to Set if we can ensure its removed again + Ensure Chunk will not leak if init of AdaptiveByteBuf fails for whatever reason + Correctly release one-off allocated chunks + Ensure pooled memory is released when AdaptivePoolingAllocator is GC'ed + Slices / duplicates of AdaptiveByteBuf must not escape the rootParent + Fix sizeBucket bug in AdaptivePoolingAllocator + AdaptiveByteBufAllocator: More strict reference counting for chunks + Ensure we not store the DnsQueryContext for later removal when we couldnt obtain a query id + Reduce memory fragmentation + Properly free magazine chunks and avoid orphaned magazines + Magazines must be freed under the expand lock + Release message before failing promise when multiple requests are written while upgrade is in progress. + Allow to reuse more then one session per host / port mapping + Ensure writes will not fail when triggered after receiving UpgradeEvent.UPGRADE_SUCCESSFUL + Refactor DnsNameResolver to be able to use different strategies when it comes to creating Channels for queries. + DnsNameResolver: allow users to skip bind() during bootstrap + DnsResolverBuilder methods should make it clear that these are for DatagramChannel * Fixes of 4.1.113: + feat: Support for IP_BIND_ADDRESS_NO_PORT socket option + Ensure AbstractCoalescingBufferQueue does not end up in inconsistent state on error + Add new SslHandler.isEncrypted(...) variant that will not produce false positives + Ensure flushes are not discarded by ChunkedWriteHandler for passed through messages + Remove reference to parent in recycled buffers for leak detection + Upgrade to netty-tcnative 2.0.66.Final + Cleanup fields on AdaptiveByteBuf::deallocate * Fixes of 4.1.112: + Avoid unnecessary reflective probes on netty initialization + Allow control frames between fragments + Only delete the socket file for NioServerDomainSocketChannel + Add check for IPv6 brackets when address is unresolved + fix ResolvConf initialization with SecurityManager enabled + Fix potential DNS cache invalidation in ResolveWithDotSearchDomain scenario + Backport the SslContextBuilder.endpointIdentificationAlgorithm method + Aggressively remove PoolThreadCache references from its finalizer object + Send Http2PriorityFrame through fireUserEventTriggered for Http2MultiplexHandler + Fix potential DNS cache invalidation across different EventLoops + Reject http header values with non SP / HTAB chars + Don't strip whitespaces from header names and let the validator handle it + Reject request if NUL is present in the request line + Allow HTTP responses without reason-phrase + Validate HTTP version while decoding + Only include scopeId on link-local addresses when using native transport * Fixes of 4.1.111: + ReadOnlyByteBufferBuf | ReadOnlyUnsafeDirectByteBuf get, copy, duplicate, slice methods should be safe to be called from multiple threads + ReadyOnlyBuf must return false for isWritable() when sliced or duplicated + ReadOnlyByteBuf (and sub-classes) does not create derived buffers that share reference count + ByteBuf.asReadOnly().nioBuffer*() need to return read-only ByteBuffer + Remove unwanted mandatory dependency in OSGi + HashedWheelTimer.stop() must cancel tasks + ZSTD decompression not resilient to compression bombs + Duplicate of slice should have the same capacity as the original slice so that it's not writable + Optimize wrap buffer cumulation in SslHandler and don't mutate input buffers + Prepare for unsafe memory access deprecated for removal + Fix AdaptiveByteBufAllocator class loading on Java 6/7 + Add missing NULL checks in native code * Fixes of 4.1.110: + Add unix domain socket transport in netty 4.x via JDK16+ + Backport #13075: Add the AdaptivePoolingAllocator + Add no-value key handling only for form body + Add support for specifying SecureRandom in SSLContext initialization * Fixes of 4.1.109: + Utilize ByteBuf#indexOf + Don't send a RST frame when closing the stream in a write future while processing inbound frames + Fix DefaultChannelId#asLongText NPE + Fix voidPromise in Http2FrameCodec.writeHeadersFrame + Make /etc/resolv.conf reading more robust + Fix NioSocketChannel usage in graalvm native-image + Improve ByteBufUtil#firstIndexOf + Rewrite ZstdDecoder to remove the need of allocate a huge byte[] internally + Always log registered/detected ChannelInitializerExtension(s) at INFO level + Enhance AsciiString#toLowerCase and AsciiString#toUpperCase + Add support for zstd http content decompression + Save Snappy's encode tmp table allocation - Regenerated patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Disable-Brotli-and-ZStd-compression.patch * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch * 0007-Do-not-require-the-tcnative-native-library.patch ------------------------------------------------------------------- Tue Sep 24 22:27:37 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com> - Add reproducible.patch to omit the mtime from libnetty-unix-common.a for reproducible builds (boo#1047218) ------------------------------------------------------------------- Wed Mar 27 13:17:21 UTC 2024 - Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.108 * Fixes of 4.1.108: + HttpPostRequestDecoder can OOM (bsc#1222045, CVE-2024-29025) + Add zstd decoder + Updated HTTP2 Reader to fix missing header state + codec-http2: fix some frame validation errors + SSL: Only wrap TrustManager if FIPS is not used + Epoll: Correctly handle splice tasks when Channel is closed + Allow to cancel connect() operations when using non-blocking IO + DNS resolver final CNAME lookup disabled + DNS: Add DnsRecordType definitions for SVCB and HTTPS + SSL: Only try to use TLSv1.3 if a compatible ciphersuite is configured + Backport 'Fix buffer leak in DefaultHttp2HeadersEncoder' to v4 + SSL: Hold the right monitor while running delegating task + SSL: Execute SSL_do_handshake(...) after task is run to ensure SSLEngine.getHandshakeStatus() returns the correct value all the time + Add active flag to EpollServerDomainSocketChannel fd constructor + Epoll: Fix possible Classloader deadlock caused by loading class via JNI + Prefer /etc/resolv.conf on Linux and Mac + Handle invalid cookie value + Upgrade to latest tcnative release + ByteToMessageDecoder.channelReadComplete(...) does call read() too often + Remove the lock usage in PoolArena#numPinnedBytes() + Fix x-www-form-urlencoded parsing for no-value key (re-submission) * Fixes of 4.1.107: + Speedup pseudoheader lookup + Add support for the Partitioned attribute in cookies + Reduce HTTP 1.1 Full msg pipeline traversals + DnsNameResolver: Add DnsQueryIdSpace class to reduce overhead while generating IDs + Fix copy-paste mistake in LazyX509Certificate.getIssuerAlternativeNames() + HTTP2: lastStreamCreated() does return the wrong value when all stream ids were used + HTTP2: Update local window should not fail queued frames + DnsNameResolver: Allways call bind() during bootstrap + HTTP: HttpObjectDecoder must not use HTTPMessage once it is passed to the next handler in the ChannelPipeline + Ensure key / values are shared between resumed sessions + SSLSession.getLastAccessedTime() and getCreationTime() should not be equal when session is reused + Snappy: Use unsigned short to handle 2 ^ 16 input size instead of 2 ^ 15 * Fixes of 4.1.106: + HTTP2: Prevent sharing the index of the continuation frame header ByteBuf. + DnsNameResolver: Fail query if id space is exhausted + Short-circuit ByteBuf::release * Fixes of 4.1.105: + Fix exception on HTTP chunk size overflow + Default value of MAX_MESSAGES_PER_READ not used for native DatagramChannels + Redo fix scalability issue due to checkcast on context's invoke operations + Be able to retry the query via TCP if a query failed because of a timeout + Save HTTP 2 pseudo-header lower-case validation + DnsNameResolver: Limit connect timeout to query timeout + h2: propagate stream close without read pending, avoid SOOE if !autoRead * Fixes of 4.1.104: + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad * Fixes of 4.1.103: + Workaround for regex bug in Android SDK + Use Http2Headers.size() instead of isEmpty() + Add support for RISC-V * Fixes of 4.1.101: + Add service-loaded extension points for channel initialization + Added check for pseudo-headers in trailers + Automatically close Http2StreamChannel when Http2FrameStreamExceptionreaches end ofChannelPipeline + Throwing a stackless exception if RST_FRAME rate is exceeded + Only enable the RST limit for servers by default + Change default value of MAX_MESSAGES_PER_READ for DatagramChannel implementations + Descriptive message for errors related to unknown http2 streams - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Disable-Brotli-and-ZStd-compression.patch * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch * 0007-Do-not-require-the-tcnative-native-library.patch + rebase ------------------------------------------------------------------- Wed Feb 21 10:52:04 UTC 2024 - Gus Kenion <gus.kenion@suse.com> - Use %patch -P N instead of deprecated %patchN. ------------------------------------------------------------------- Thu Oct 12 15:12:00 UTC 2023 - Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.100 * Fixes of 4.1.100: + DDoS vector in the HTTP/2 protocol due RST frames (bsc#1216169, CVE-2023-44487) + Do not fail when compressing empty HttpContent * Fixes of 4.1.99: + Do not try to delete a global handle with the local handles APIs + Enable build with JDK21 + dyld: lazy symbol binding failed: Symbol not found: _netty_jni_util_JNI_OnLoad * Fixes of 4.1.98: + Revert "HttpHeaderValidationUtil should reject chars past the 1 byte range" + Filter out unresolved addresses when parsing resolv.conf + Prevent classloader leak via JNI + SSLSession.getPeerCertificateChain() should throw UnsupportedOperationException if javax.security.cert .X509Certificate can not be created + Enable client side session cache when using native SSL by default * Fixes of 4.1.97: + Fixing AsciiString#lastIndexOf To Respect The offset + Add support for snappy http2 content decompression + Add support for password-based encryption scheme 2 params + HttpHeaderValidationUtil should reject chars past the 1 byte range + Honor SslHandler.setWrapDataSize greater than SSL packet length + Add support for snappy http content encoding * Fixes of 4.1.96: + Move the PoolThreadCache finalizer to a separate object + Fix kevent(..) failed: Invalid argument + Revert "Always increment Stream Id on createStream" to fix bug which caused sending multiple RST frames for the same id * Fixes of 4.1.95 + Add resource leak listener + Reduce object allocations during SslHandler.flush(...) + Ensure ByteBuf.capacity(...) will never throw AssertionError + Make transport.Bootstrap usable with no netty-resolver on classpath + Correctly retain slice when calling ReplayingDecoderByteBuf.retainedSlice(...) + Always increment Stream Id on createStream(...) + Fix BrotliEncoder bug that does not mark ByteBuf it encodes a read + Enhance CertificateException message when throw due hostname validation - Rebased patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Disable-Brotli-and-ZStd-compression.patch * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch * 0007-Do-not-require-the-tcnative-native-library.patch ------------------------------------------------------------------- Wed Sep 13 04:55:29 UTC 2023 - Fridrich Strba <fstrba@suse.com> - Reproducible builds: use SOURCE_DATE_EPOCH for timestamp ------------------------------------------------------------------- Fri Jun 23 08:44:41 UTC 2023 - Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.94 * Fixes of 4.1.94: + Respect offset in io.netty.util.NetUtil#toAddressString(byte[], int, boolean) + Skip finalization for PoolThreadCache instances without small/normal caches + Use network byte order when encoding ipv4 address and port for Socks codecs + Call ReleaseByteArrayElements even when handling of socket_path fails to fix small mem leak + Always enable leak tracking for derived buffers if parent is tracked + Release DnsRecords when failing to notify promise + Delay possibility to reuse transaction id when query is failing because of timeout or cancellation + Implement contains for SelectedSelectionKeySet + Use Two-Way for finding the delimiter in DelimiterBasedFrameDecoder + Obtain the local address from the fd when the client connects only with remote address (UDS) + Allow to limit the maximum lenght of the ClientHello (bsc#1212637, CVE-2023-34462) * Fixes of 4.1.93: + Reset byte buffer in loop for AbstractDiskHttpData.setContent + OpenSSL MAX_CERTIFICATE_LIST_BYTES option supported + Adapt to DirectByteBuffer constructor in Java 21 + HTTP/2 encoder: allow HEADER_TABLE_SIZE greater than Integer.MAX_VALUE + Upgrade to latest netty-tcnative to fix memory leak + H2/H2C server stream channels deactivated while write still in progress + Channel#bytesBefore(un)writable off by 1 + HTTP/2 should forward shutdown user events to active streams + Respect the number of bytes read per datagram when using recvmmsg * Fixes of 4.1.92: + Make Recycler faster on OpenJ9 + Allow to change the limit for the maximum size of the certificate chain. + Guard against unbounded grow of suppressed exceptions storage + Release websocket handshake response if pipeline checks fail + Add support for local and remote addresses on the server for child channels when UDS + Http types slow path checks * Fixes of 4.1.91: + Fire a PrematureChannelClosureException when Channel is closed while aggregating is still in progress + Connect without password if server returns NO_AUTH when using Socks5 + Use optional resolution of sun.net.dns + Introduce Http2MultiplexActiveStreamsException that can be used to propagate an error to all active streams + Use the correct error when reset a stream + Update: Add snappy support on HttpContentDecoder + Don't unwrap multiple records until we notified the caller about the finished handshake + Handle EHOSTUNREACH errors in io.netty.channel.unix.Errors - Depend on netty-tcnative >= 2.0.60 for SSLContext.setMaxCertList method. - Rebased patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Disable-Brotli-and-ZStd-compression.patch * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch * 0007-Do-not-require-the-tcnative-native-library.patch ------------------------------------------------------------------- Thu Mar 30 16:49:51 UTC 2023 - Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.90 * Fixes of 4.1.90: + Adding header name of the header which failed validation + Fix HttpHeaders.names for non-String headers + Save expensive volatile operations in the common hot http decoder path + Avoid slow type checks against promises on outbound buffer's progress + Implement NonStickyEventExecutorGroup.inEventLoop + Native image: add support for unix domain sockets + Use MacOS SDK 10.9 to prevent apple notarization failures + Increase errno cache and guard against IOOBE + Don't reset BCSSLParameters when setting application protocols + WebSocketClientProtocolHandler: add option to disable UTF8 validation + Chunked HTTP length decoding should account for whitespaces/ctrl chars + Handle NullPointerException thrown from NetworkInterface.getNetworkInterfaces() * Fixes of 4.1.89: + Don't fail on HttpObjectDecoder's maxHeaderSize greater then (Integer.MAX_VALUE - 2) + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when upgrading from 4.1.87.Final to 4.1.88.Final * Fixes of 4.1.88: + Speed-up HTTP 1.1 header and line parsing + Add StacklessSSLHandshakeException for ClosedChannelException + Modify changed CloseWebSocketFrame#statusCode() to change the fetch code to unsigned + Check if CommandLineTools are installed before trying to execute install_name_tool + Allow to adjust the GlobalEventExecutor quietPeriod via a system property + Add SslProvider.isOptionSupported(...) + Fix FlowControlHandler's behaviour to pass read events when auto-reading is turned off + Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add transfer-encoding for 204/304 response + Only do extra CNAME query if we couldnt follow the whole CNAME chain in the response + Include query id when a query failed + DnsResolveContext: include expected record types in exception message + Add necessary native-image configuration files for epoll + Create a deep-copy of the Throwable before returning it from the cache to prevent possible leaks + Always respect completeOncePreferredResolved in DnsNameResolver + fix brotli compression + Optionally depend on bctls-jdk15on + Make releasing objects back to Recycler faster + Correctly keep track of validExtensions per request / response + Add handling of inflight lookups to reduce real queries when lookup same hostname + DnsQueryContext: include query id and question info in exception message + AsciiStrings can be batch-encoded * Fixes of 4.1.87: + Upgrade to latest netty-tcnative release which doesnt link libcrypt + Add recvmmsg & sendmmsg syscall number for loongarch64 + Return correct value from SSLSession.getPacketSize() when using native SSL implementation + Explicit disable TLSv1.3 in the OpenSSL options if not supported + Support handshake timeout in SniHandler. + Extend DNS address supplier interface to provide feedback * Fixes of 4.1.86: + HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360, CVE-2022-41881) + HTTP Response splitting from assigning header value iterator (bsc#1206379, CVE-2022-41915) + Revert #12888 for potential task scheduling problems in HashedWheelTimer + Deprecate ObjectEncoder/ObjectDecoder + HPACK dynamic table size update must happen at the beginning of the header block * Fixes of 4.1.85: + A bug in FlowControlHandler that broke auto-read has been fixed + The HTTP/2 HPACK encoder is now faster at encoding headers that have many values + A potential memory leak bug has been fixed in the pooled allocator + Fix an issue with the Blockhound integration, which could cause the MacOSDnsServerAddressStreamProvider to be flagged as making blocking calls + Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have been fixed + ByteToMessageDecoder now handle situations where the same ByteBuf instance is read multiple times + The check that ensures the HTTP/1 Content-Length header is unique, now no longer causes headers to be rearranged (change their order) + Fix a NullPointerException bug with class initialisation order between InternalLogger and InternalThreadLocalMap + When the netty-resolver-dns-native-macos classes can't load their native bindings, they now only print a short error message instead of the huge stack trace it printed previously. The stack trace is still included if DEBUG logging is enabled + The Graal native-image meta-data is now placed in the recommended location, and no longer causes warnings to be printed + The HTTP/1 and HTTP/2 codecs now properly support RFC 8297 Early Hints + Subclasses of FastThreadLocalThread can now tell the Netty Blockhound integration that they should be allowed to make blocking calls + Validation of HTTP/2 connection headers have been moved from Http2Headers to HpackDecoder, so that outgoing headers are not validated * Fixes of 4.1.84: + HTTP/2 header values with invalid characters are now rejected in header validation + We now automatically generate conditional meta-data for native-image use, making GraalVM support more reliable + Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the Klass::secondary_super_cache field in the JVM (See JDK-8180450) + Made the HTTP/2 HPACK static table implementation faster by using a perfect hash function + Fixed a bug in our PEMParser when PEM files have multiple objects, and BouncyCastle is on the classpath * Fixes of 4.1.82: + Fix a NullPointerException bug when calling forEachByte on nested CompositeByteBufs + Relax an overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox + The OpenSSL and BoringSSL implementations now respect the jdk.tls.client.protocols and jdk.tls.server.protocols system properties, making them react to these in the same way the JDK SSL provider does * Fixes of 4.1.81: + Fix a regression SslContext private key loading + Fix a bug in SslContext private key reading fall-back path + Fix a buffer leak regression in HttpClientCodec + Fix a bug where some HttpMessage implementations, that also implement HttpContent, were not handled correctly + The MessageFormatter and FormattingTuple classes are now usable in the public API + Connection related headers in HTTP/2 frames are now rejected, in compliance with the specification * Fixes of 4.1.80: + HttpObjectEncoder scalability issue due to instanceof checks + Improve logging when MacOSDnsServerAddressStreamProvider cannot be found/loaded + Replace stdlib write/read with send/recv + Support for pkcs1 + Add Blockhound exceptions for the PooledByteBufAllocator + Fix epoll bug when receiving zero-sized datagrams + Avoid including header values in header validation failure exceptions + Avoid allocating large buffers in JdkZlibEncoder + Native Image Support: Set IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default for native images + We need to use disconnectx(...) on macOS + Replace synchronized with Java Locks on the allocator + Don't use static instances of FixedRecvByteBufAllocator + Add escaping for stomp headers * Fixes of 4.1.79: + The PEM certificate parser is no longer susceptible to exponential back-off + Non-standard extra ampersands in HTTP POST bodies are no longer rejected + An io.netty.osClassifiers system property has been added to avoid reading os-release files + Fix a bug in SslHandler so handlerRemoved works properly even if handlerAdded throws an exception + Use the correct OSGi processor directive on aarch64, making it possible to use OSGi on ARM + HTTP paths that begin with a double-slash are now parsed the same way browsers do + The isCompleted flag is now correctly preserved on objects from HttpData.retainedDuplicate() + The HttpUtil.isOriginForm() and isAsteriskForm() methods now correctly conform with RFC 7230 + Fix an issue that allowed the multicast methods on EpollDatagramChannel to be called outside of an event-loop thread + Support for the LoongArch64 processor architecture has been added * Fixes of 4.1.78: + Fix a bug where an OPT record was added to DNS queries that already had such a record + Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name + Fix an issue in the BlockHound integration that could occasionally cause NetUtil to be reported as performing blocking operations + A similar BlockHound issue was fixed for the JdkSslContext + Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge + Fixes a rare NullPointerException that could occur when a ReferenceCountedOpenSslEngine threw an OutOfMemoryError from its constructor, and was then later finalized + The SslHandler now adds the socket file descriptor to the BIOs, when the SslEngine supports this (boringssl and libressl), which allow tracing and observability tools to monitor encryption traffic on a per-connection basis. + It is now possible to explicitly step the scheduling clock in EmbeddedEventLoop, which is useful for making automated tests with deterministic scheduling * Fixes of 4.1.77: + Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for Java 6 and lower in io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823) + Upgraded the optional netty-tcnative dependency to version 2.0.52.Final + Fix a bug where Netty fails to load a shaded native library + Include classifier in Automatic-Module-Name + Check if epoll_pwait2 is implemented + Don't call strdup on packagePrefix + Enable debugging of asynchronous tasks in Intellij + Throwing an exception in case glibc is missing instead of segfaulting the JVM * Fixes of 4.1.76: + Upgraded the optional netty-tcnative dependency to version 2.0.51.Final + Upgraded the optional log4j dependency to version 2.17.2 + The netty-all module now declare an automatic module name, making it useable with Java Modules. + It is now possible to configure arbitrary socket options for the native epoll and kqueue transports. Refer to your operating system documentation for what options are available. + It is now possible to explicitly bind channels to either IPv4 or IPv6. + The HTTP/2 header validation that rejects duplicate pseudo-headers, which was added in 4.1.75.Final, has been changed so it no longer breaks older versions of gRPC. " Fix a NullPointerException that was hiding the real cause of certain HTTP/2 header decoding errors. - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * no-brotli-zstd.patch -> 0004-Disable-Brotli-and-ZStd-compression.patch * no-werror.patch + rebase - Removed patches: * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch + we have the dependencies, so no need to disable them * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + solve the build breakages differently - Added patches: * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch + do not use annotations for which we don't have dependencies * 0007-Do-not-require-the-tcnative-native-library.patch + our tcnative library is installed system-wide ------------------------------------------------------------------- Thu Oct 13 11:21:47 UTC 2022 - Fridrich Strba <fstrba@suse.com> - Force building with java 11 on ix86 in order to avoid random build failures ------------------------------------------------------------------- Fri Apr 8 07:27:55 UTC 2022 - Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.75 - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + rebase ------------------------------------------------------------------- Tue Feb 22 18:27:07 UTC 2022 - Fridrich Strba <fstrba@suse.com> - Do not build against the log4j12 packages ------------------------------------------------------------------- Tue Dec 14 06:31:10 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.72 * fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way * fixes: bsc#1193672, CVE-2021-43797: possible HTTP request smuggling due to insufficient validation against control characters * fixes: bsc#1184203, CVE-2021-21409: request smuggling via content-length header - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch * no-werror.patch + rediff to changed context - Added patch: * no-brotli-zstd.patch + disable Brotli and Zstd compression, since we lack the dependencies needed to build them ------------------------------------------------------------------- Fri Mar 12 08:31:56 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.60 * fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request Content-Length header field is not validated by 'Http2MultiplexHandler' - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch + rediff to changed context - Added patch: * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + revert optional disabled cache implementation that conflicts with our 0004-Remove-optional-dep-tcnative.patch ------------------------------------------------------------------- Thu Feb 11 12:00:22 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.59 - Removed patches: * netty-CVE-2020-11612.patch * netty-CVE-2021-21290.patch + fixes integrated in the upstream sources * 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch * 0002-Remove-NPN.patch * 0003-Remove-conscrypt-ALPN.patch * 0004-Remove-jetty-ALPN.patch + replaced by new patches - Added patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch + remove various optional dependencies that we do not need * 0006-revert-Fix-native-image-build.patch + Revert changes that introduce a new dependency that we do not have * no-werror.patch + Do not treat warnings as errors - Build -poms and -javadoc as noarch packages, since they do not install anything in arch-dependent directories ------------------------------------------------------------------- Thu Feb 11 09:20:25 UTC 2021 - Fridrich Strba <fstrba@suse.com> - Added patch: * netty-CVE-2021-21290.patch + bsc#1182103, CVE-2021-21290 ------------------------------------------------------------------- Thu Apr 9 07:54:00 UTC 2020 - Fridrich Strba <fstrba@suse.com> - Added patch: * netty-CVE-2020-11612.patch + bsc#1168932, CVE-2020-11612 + bsc#1169082, CVE-2020-10707 ------------------------------------------------------------------- Thu Jan 9 15:14:41 UTC 2020 - Fridrich Strba <fstrba@suse.com> - Split pom-only artifacts into a subpackage netty-pom in order to generate their dependencies correctly ------------------------------------------------------------------- Wed Nov 13 19:18:57 UTC 2019 - Fridrich Strba <fstrba@suse.com> - Initial packaging of netty 4.1.13
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor