Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: netty | Distribution: openSUSE Tumbleweed |
Version: 4.1.115 | Vendor: openSUSE |
Release: 1.1 | Build date: Thu Dec 5 13:48:41 2024 |
Group: Unspecified | Build host: reproducible |
Size: 4957750 | Source RPM: netty-4.1.115-1.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://netty.io/ | |
Summary: An asynchronous event-driven network application framework and tools for Java |
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application will suffer from a maintainability or a performance issue. Netty has been designed carefully with the experiences earned from the implementation of a lot of protocols such as FTP, SMTP, HTTP, and various binary and text-based legacy protocols. As a result, Netty has succeeded to find a way to achieve ease of development, performance, stability, and flexibility without a compromise.
Apache-2.0
* Thu Dec 05 2024 Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.115 * Fixes: + Allow MessageToMessageDecoder to take care of reading more data when needed + Fix SSL session resumption with ClientAuth.OPTIONAL and add tests with session tickets + Fix incorrect cast in NioDomainSocketChannel.parent() + Fix bug where SslHandler may stall after TLSv1.3 handshake with delegate tasks + AdaptiveByteBufAllocator: Make pooling of AdaptiveByteBuf magazine local + Specialize Adaptive's allocator Recycler based on magazine's owner + Fix epoll_wait retry loop + Log / include the correct error during handshake failure + Convey autoAckPing in http2 decoder constructor chain + Allow to set used named groups per OpenSslContext + Verify default named groups before using them with native SSL implementation + Include details on why it was not possible to configure accepted issuers in the SSLException + Correctly detect if KeyManager is not supported by OpenSSL version + Preserve ordering of default named groups during conversation + Denial of Service attack on windows app using netty (bsc#1233297, CVE-2024-47535) - Split the netty-poms package in netty-parent and netty-bom - Modified patch: * 0001-Remove-optional-dep-Blockhound.patch + rediff * Wed Nov 27 2024 Fridrich Strba <fstrba@suse.com> - Clean a bit the spec file and adapt to the recent changes in netty-tcnative package - Removed patches: * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch + remove the annotations with a macro in the jurand tool * 0007-Do-not-require-the-tcnative-native-library.patch + we are building now the artifact, so we can require it * Wed Oct 30 2024 Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.114 * Fixes of 4.1.114: + Validate HTTP Method + Release AdaptiveByteBuf when ownership could not be transfered + Make arenas reuse their last chunk more aggressively + Only add Magazine to Set if we can ensure its removed again + Ensure Chunk will not leak if init of AdaptiveByteBuf fails for whatever reason + Correctly release one-off allocated chunks + Ensure pooled memory is released when AdaptivePoolingAllocator is GC'ed + Slices / duplicates of AdaptiveByteBuf must not escape the rootParent + Fix sizeBucket bug in AdaptivePoolingAllocator + AdaptiveByteBufAllocator: More strict reference counting for chunks + Ensure we not store the DnsQueryContext for later removal when we couldnt obtain a query id + Reduce memory fragmentation + Properly free magazine chunks and avoid orphaned magazines + Magazines must be freed under the expand lock + Release message before failing promise when multiple requests are written while upgrade is in progress. + Allow to reuse more then one session per host / port mapping + Ensure writes will not fail when triggered after receiving UpgradeEvent.UPGRADE_SUCCESSFUL + Refactor DnsNameResolver to be able to use different strategies when it comes to creating Channels for queries. + DnsNameResolver: allow users to skip bind() during bootstrap + DnsResolverBuilder methods should make it clear that these are for DatagramChannel * Fixes of 4.1.113: + feat: Support for IP_BIND_ADDRESS_NO_PORT socket option + Ensure AbstractCoalescingBufferQueue does not end up in inconsistent state on error + Add new SslHandler.isEncrypted(...) variant that will not produce false positives + Ensure flushes are not discarded by ChunkedWriteHandler for passed through messages + Remove reference to parent in recycled buffers for leak detection + Upgrade to netty-tcnative 2.0.66.Final + Cleanup fields on AdaptiveByteBuf::deallocate * Fixes of 4.1.112: + Avoid unnecessary reflective probes on netty initialization + Allow control frames between fragments + Only delete the socket file for NioServerDomainSocketChannel + Add check for IPv6 brackets when address is unresolved + fix ResolvConf initialization with SecurityManager enabled + Fix potential DNS cache invalidation in ResolveWithDotSearchDomain scenario + Backport the SslContextBuilder.endpointIdentificationAlgorithm method + Aggressively remove PoolThreadCache references from its finalizer object + Send Http2PriorityFrame through fireUserEventTriggered for Http2MultiplexHandler + Fix potential DNS cache invalidation across different EventLoops + Reject http header values with non SP / HTAB chars + Don't strip whitespaces from header names and let the validator handle it + Reject request if NUL is present in the request line + Allow HTTP responses without reason-phrase + Validate HTTP version while decoding + Only include scopeId on link-local addresses when using native transport * Fixes of 4.1.111: + ReadOnlyByteBufferBuf | ReadOnlyUnsafeDirectByteBuf get, copy, duplicate, slice methods should be safe to be called from multiple threads + ReadyOnlyBuf must return false for isWritable() when sliced or duplicated + ReadOnlyByteBuf (and sub-classes) does not create derived buffers that share reference count + ByteBuf.asReadOnly().nioBuffer*() need to return read-only ByteBuffer + Remove unwanted mandatory dependency in OSGi + HashedWheelTimer.stop() must cancel tasks + ZSTD decompression not resilient to compression bombs + Duplicate of slice should have the same capacity as the original slice so that it's not writable + Optimize wrap buffer cumulation in SslHandler and don't mutate input buffers + Prepare for unsafe memory access deprecated for removal + Fix AdaptiveByteBufAllocator class loading on Java 6/7 + Add missing NULL checks in native code * Fixes of 4.1.110: + Add unix domain socket transport in netty 4.x via JDK16+ + Backport #13075: Add the AdaptivePoolingAllocator + Add no-value key handling only for form body + Add support for specifying SecureRandom in SSLContext initialization * Fixes of 4.1.109: + Utilize ByteBuf#indexOf + Don't send a RST frame when closing the stream in a write future while processing inbound frames + Fix DefaultChannelId#asLongText NPE + Fix voidPromise in Http2FrameCodec.writeHeadersFrame + Make /etc/resolv.conf reading more robust + Fix NioSocketChannel usage in graalvm native-image + Improve ByteBufUtil#firstIndexOf + Rewrite ZstdDecoder to remove the need of allocate a huge byte[] internally + Always log registered/detected ChannelInitializerExtension(s) at INFO level + Enhance AsciiString#toLowerCase and AsciiString#toUpperCase + Add support for zstd http content decompression + Save Snappy's encode tmp table allocation - Regenerated patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Disable-Brotli-and-ZStd-compression.patch * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch * 0007-Do-not-require-the-tcnative-native-library.patch * Tue Sep 24 2024 Bernhard Wiedemann <bwiedemann@suse.com> - Add reproducible.patch to omit the mtime from libnetty-unix-common.a for reproducible builds (boo#1047218) * Wed Mar 27 2024 Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.108 * Fixes of 4.1.108: + HttpPostRequestDecoder can OOM (bsc#1222045, CVE-2024-29025) + Add zstd decoder + Updated HTTP2 Reader to fix missing header state + codec-http2: fix some frame validation errors + SSL: Only wrap TrustManager if FIPS is not used + Epoll: Correctly handle splice tasks when Channel is closed + Allow to cancel connect() operations when using non-blocking IO + DNS resolver final CNAME lookup disabled + DNS: Add DnsRecordType definitions for SVCB and HTTPS + SSL: Only try to use TLSv1.3 if a compatible ciphersuite is configured + Backport 'Fix buffer leak in DefaultHttp2HeadersEncoder' to v4 + SSL: Hold the right monitor while running delegating task + SSL: Execute SSL_do_handshake(...) after task is run to ensure SSLEngine.getHandshakeStatus() returns the correct value all the time + Add active flag to EpollServerDomainSocketChannel fd constructor + Epoll: Fix possible Classloader deadlock caused by loading class via JNI + Prefer /etc/resolv.conf on Linux and Mac + Handle invalid cookie value + Upgrade to latest tcnative release + ByteToMessageDecoder.channelReadComplete(...) does call read() too often + Remove the lock usage in PoolArena#numPinnedBytes() + Fix x-www-form-urlencoded parsing for no-value key (re-submission) * Fixes of 4.1.107: + Speedup pseudoheader lookup + Add support for the Partitioned attribute in cookies + Reduce HTTP 1.1 Full msg pipeline traversals + DnsNameResolver: Add DnsQueryIdSpace class to reduce overhead while generating IDs + Fix copy-paste mistake in LazyX509Certificate.getIssuerAlternativeNames() + HTTP2: lastStreamCreated() does return the wrong value when all stream ids were used + HTTP2: Update local window should not fail queued frames + DnsNameResolver: Allways call bind() during bootstrap + HTTP: HttpObjectDecoder must not use HTTPMessage once it is passed to the next handler in the ChannelPipeline + Ensure key / values are shared between resumed sessions + SSLSession.getLastAccessedTime() and getCreationTime() should not be equal when session is reused + Snappy: Use unsigned short to handle 2 ^ 16 input size instead of 2 ^ 15 * Fixes of 4.1.106: + HTTP2: Prevent sharing the index of the continuation frame header ByteBuf. + DnsNameResolver: Fail query if id space is exhausted + Short-circuit ByteBuf::release * Fixes of 4.1.105: + Fix exception on HTTP chunk size overflow + Default value of MAX_MESSAGES_PER_READ not used for native DatagramChannels + Redo fix scalability issue due to checkcast on context's invoke operations + Be able to retry the query via TCP if a query failed because of a timeout + Save HTTP 2 pseudo-header lower-case validation + DnsNameResolver: Limit connect timeout to query timeout + h2: propagate stream close without read pending, avoid SOOE if !autoRead * Fixes of 4.1.104: + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad * Fixes of 4.1.103: + Workaround for regex bug in Android SDK + Use Http2Headers.size() instead of isEmpty() + Add support for RISC-V * Fixes of 4.1.101: + Add service-loaded extension points for channel initialization + Added check for pseudo-headers in trailers + Automatically close Http2StreamChannel when Http2FrameStreamExceptionreaches end ofChannelPipeline + Throwing a stackless exception if RST_FRAME rate is exceeded + Only enable the RST limit for servers by default + Change default value of MAX_MESSAGES_PER_READ for DatagramChannel implementations + Descriptive message for errors related to unknown http2 streams - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Disable-Brotli-and-ZStd-compression.patch * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch * 0007-Do-not-require-the-tcnative-native-library.patch + rebase * Wed Feb 21 2024 Gus Kenion <gus.kenion@suse.com> - Use %patch -P N instead of deprecated %patchN. * Thu Oct 12 2023 Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.100 * Fixes of 4.1.100: + DDoS vector in the HTTP/2 protocol due RST frames (bsc#1216169, CVE-2023-44487) + Do not fail when compressing empty HttpContent * Fixes of 4.1.99: + Do not try to delete a global handle with the local handles APIs + Enable build with JDK21 + dyld: lazy symbol binding failed: Symbol not found: _netty_jni_util_JNI_OnLoad * Fixes of 4.1.98: + Revert "HttpHeaderValidationUtil should reject chars past the 1 byte range" + Filter out unresolved addresses when parsing resolv.conf + Prevent classloader leak via JNI + SSLSession.getPeerCertificateChain() should throw UnsupportedOperationException if javax.security.cert .X509Certificate can not be created + Enable client side session cache when using native SSL by default * Fixes of 4.1.97: + Fixing AsciiString#lastIndexOf To Respect The offset + Add support for snappy http2 content decompression + Add support for password-based encryption scheme 2 params + HttpHeaderValidationUtil should reject chars past the 1 byte range + Honor SslHandler.setWrapDataSize greater than SSL packet length + Add support for snappy http content encoding * Fixes of 4.1.96: + Move the PoolThreadCache finalizer to a separate object + Fix kevent(..) failed: Invalid argument + Revert "Always increment Stream Id on createStream" to fix bug which caused sending multiple RST frames for the same id * Fixes of 4.1.95 + Add resource leak listener + Reduce object allocations during SslHandler.flush(...) + Ensure ByteBuf.capacity(...) will never throw AssertionError + Make transport.Bootstrap usable with no netty-resolver on classpath + Correctly retain slice when calling ReplayingDecoderByteBuf.retainedSlice(...) + Always increment Stream Id on createStream(...) + Fix BrotliEncoder bug that does not mark ByteBuf it encodes a read + Enhance CertificateException message when throw due hostname validation - Rebased patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Disable-Brotli-and-ZStd-compression.patch * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch * 0007-Do-not-require-the-tcnative-native-library.patch * Wed Sep 13 2023 Fridrich Strba <fstrba@suse.com> - Reproducible builds: use SOURCE_DATE_EPOCH for timestamp * Fri Jun 23 2023 Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.94 * Fixes of 4.1.94: + Respect offset in io.netty.util.NetUtil#toAddressString(byte[], int, boolean) + Skip finalization for PoolThreadCache instances without small/normal caches + Use network byte order when encoding ipv4 address and port for Socks codecs + Call ReleaseByteArrayElements even when handling of socket_path fails to fix small mem leak + Always enable leak tracking for derived buffers if parent is tracked + Release DnsRecords when failing to notify promise + Delay possibility to reuse transaction id when query is failing because of timeout or cancellation + Implement contains for SelectedSelectionKeySet + Use Two-Way for finding the delimiter in DelimiterBasedFrameDecoder + Obtain the local address from the fd when the client connects only with remote address (UDS) + Allow to limit the maximum lenght of the ClientHello (bsc#1212637, CVE-2023-34462) * Fixes of 4.1.93: + Reset byte buffer in loop for AbstractDiskHttpData.setContent + OpenSSL MAX_CERTIFICATE_LIST_BYTES option supported + Adapt to DirectByteBuffer constructor in Java 21 + HTTP/2 encoder: allow HEADER_TABLE_SIZE greater than Integer.MAX_VALUE + Upgrade to latest netty-tcnative to fix memory leak + H2/H2C server stream channels deactivated while write still in progress + Channel#bytesBefore(un)writable off by 1 + HTTP/2 should forward shutdown user events to active streams + Respect the number of bytes read per datagram when using recvmmsg * Fixes of 4.1.92: + Make Recycler faster on OpenJ9 + Allow to change the limit for the maximum size of the certificate chain. + Guard against unbounded grow of suppressed exceptions storage + Release websocket handshake response if pipeline checks fail + Add support for local and remote addresses on the server for child channels when UDS + Http types slow path checks * Fixes of 4.1.91: + Fire a PrematureChannelClosureException when Channel is closed while aggregating is still in progress + Connect without password if server returns NO_AUTH when using Socks5 + Use optional resolution of sun.net.dns + Introduce Http2MultiplexActiveStreamsException that can be used to propagate an error to all active streams + Use the correct error when reset a stream + Update: Add snappy support on HttpContentDecoder + Don't unwrap multiple records until we notified the caller about the finished handshake + Handle EHOSTUNREACH errors in io.netty.channel.unix.Errors - Depend on netty-tcnative >= 2.0.60 for SSLContext.setMaxCertList method. - Rebased patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Disable-Brotli-and-ZStd-compression.patch * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch * 0007-Do-not-require-the-tcnative-native-library.patch * Thu Mar 30 2023 Fridrich Strba <fstrba@suse.com> - Upgrade to upstream version 4.1.90 * Fixes of 4.1.90: + Adding header name of the header which failed validation + Fix HttpHeaders.names for non-String headers + Save expensive volatile operations in the common hot http decoder path + Avoid slow type checks against promises on outbound buffer's progress + Implement NonStickyEventExecutorGroup.inEventLoop + Native image: add support for unix domain sockets + Use MacOS SDK 10.9 to prevent apple notarization failures + Increase errno cache and guard against IOOBE + Don't reset BCSSLParameters when setting application protocols + WebSocketClientProtocolHandler: add option to disable UTF8 validation + Chunked HTTP length decoding should account for whitespaces/ctrl chars + Handle NullPointerException thrown from NetworkInterface.getNetworkInterfaces() * Fixes of 4.1.89: + Don't fail on HttpObjectDecoder's maxHeaderSize greater then (Integer.MAX_VALUE - 2) + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when upgrading from 4.1.87.Final to 4.1.88.Final * Fixes of 4.1.88: + Speed-up HTTP 1.1 header and line parsing + Add StacklessSSLHandshakeException for ClosedChannelException + Modify changed CloseWebSocketFrame#statusCode() to change the fetch code to unsigned + Check if CommandLineTools are installed before trying to execute install_name_tool + Allow to adjust the GlobalEventExecutor quietPeriod via a system property + Add SslProvider.isOptionSupported(...) + Fix FlowControlHandler's behaviour to pass read events when auto-reading is turned off + Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add transfer-encoding for 204/304 response + Only do extra CNAME query if we couldnt follow the whole CNAME chain in the response + Include query id when a query failed + DnsResolveContext: include expected record types in exception message + Add necessary native-image configuration files for epoll + Create a deep-copy of the Throwable before returning it from the cache to prevent possible leaks + Always respect completeOncePreferredResolved in DnsNameResolver + fix brotli compression + Optionally depend on bctls-jdk15on + Make releasing objects back to Recycler faster + Correctly keep track of validExtensions per request / response + Add handling of inflight lookups to reduce real queries when lookup same hostname + DnsQueryContext: include query id and question info in exception message + AsciiStrings can be batch-encoded * Fixes of 4.1.87: + Upgrade to latest netty-tcnative release which doesnt link libcrypt + Add recvmmsg & sendmmsg syscall number for loongarch64 + Return correct value from SSLSession.getPacketSize() when using native SSL implementation + Explicit disable TLSv1.3 in the OpenSSL options if not supported + Support handshake timeout in SniHandler. + Extend DNS address supplier interface to provide feedback * Fixes of 4.1.86: + HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360, CVE-2022-41881) + HTTP Response splitting from assigning header value iterator (bsc#1206379, CVE-2022-41915) + Revert #12888 for potential task scheduling problems in HashedWheelTimer + Deprecate ObjectEncoder/ObjectDecoder + HPACK dynamic table size update must happen at the beginning of the header block * Fixes of 4.1.85: + A bug in FlowControlHandler that broke auto-read has been fixed + The HTTP/2 HPACK encoder is now faster at encoding headers that have many values + A potential memory leak bug has been fixed in the pooled allocator + Fix an issue with the Blockhound integration, which could cause the MacOSDnsServerAddressStreamProvider to be flagged as making blocking calls + Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have been fixed + ByteToMessageDecoder now handle situations where the same ByteBuf instance is read multiple times + The check that ensures the HTTP/1 Content-Length header is unique, now no longer causes headers to be rearranged (change their order) + Fix a NullPointerException bug with class initialisation order between InternalLogger and InternalThreadLocalMap + When the netty-resolver-dns-native-macos classes can't load their native bindings, they now only print a short error message instead of the huge stack trace it printed previously. The stack trace is still included if DEBUG logging is enabled + The Graal native-image meta-data is now placed in the recommended location, and no longer causes warnings to be printed + The HTTP/1 and HTTP/2 codecs now properly support RFC 8297 Early Hints + Subclasses of FastThreadLocalThread can now tell the Netty Blockhound integration that they should be allowed to make blocking calls + Validation of HTTP/2 connection headers have been moved from Http2Headers to HpackDecoder, so that outgoing headers are not validated * Fixes of 4.1.84: + HTTP/2 header values with invalid characters are now rejected in header validation + We now automatically generate conditional meta-data for native-image use, making GraalVM support more reliable + Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the Klass::secondary_super_cache field in the JVM (See JDK-8180450) + Made the HTTP/2 HPACK static table implementation faster by using a perfect hash function + Fixed a bug in our PEMParser when PEM files have multiple objects, and BouncyCastle is on the classpath * Fixes of 4.1.82: + Fix a NullPointerException bug when calling forEachByte on nested CompositeByteBufs + Relax an overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox + The OpenSSL and BoringSSL implementations now respect the jdk.tls.client.protocols and jdk.tls.server.protocols system properties, making them react to these in the same way the JDK SSL provider does * Fixes of 4.1.81: + Fix a regression SslContext private key loading + Fix a bug in SslContext private key reading fall-back path + Fix a buffer leak regression in HttpClientCodec + Fix a bug where some HttpMessage implementations, that also implement HttpContent, were not handled correctly + The MessageFormatter and FormattingTuple classes are now usable in the public API + Connection related headers in HTTP/2 frames are now rejected, in compliance with the specification * Fixes of 4.1.80: + HttpObjectEncoder scalability issue due to instanceof checks + Improve logging when MacOSDnsServerAddressStreamProvider cannot be found/loaded + Replace stdlib write/read with send/recv + Support for pkcs1 + Add Blockhound exceptions for the PooledByteBufAllocator + Fix epoll bug when receiving zero-sized datagrams + Avoid including header values in header validation failure exceptions + Avoid allocating large buffers in JdkZlibEncoder + Native Image Support: Set IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default for native images + We need to use disconnectx(...) on macOS + Replace synchronized with Java Locks on the allocator + Don't use static instances of FixedRecvByteBufAllocator + Add escaping for stomp headers * Fixes of 4.1.79: + The PEM certificate parser is no longer susceptible to exponential back-off + Non-standard extra ampersands in HTTP POST bodies are no longer rejected + An io.netty.osClassifiers system property has been added to avoid reading os-release files + Fix a bug in SslHandler so handlerRemoved works properly even if handlerAdded throws an exception + Use the correct OSGi processor directive on aarch64, making it possible to use OSGi on ARM + HTTP paths that begin with a double-slash are now parsed the same way browsers do + The isCompleted flag is now correctly preserved on objects from HttpData.retainedDuplicate() + The HttpUtil.isOriginForm() and isAsteriskForm() methods now correctly conform with RFC 7230 + Fix an issue that allowed the multicast methods on EpollDatagramChannel to be called outside of an event-loop thread + Support for the LoongArch64 processor architecture has been added * Fixes of 4.1.78: + Fix a bug where an OPT record was added to DNS queries that already had such a record + Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name + Fix an issue in the BlockHound integration that could occasionally cause NetUtil to be reported as performing blocking operations + A similar BlockHound issue was fixed for the JdkSslContext + Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge + Fixes a rare NullPointerException that could occur when a ReferenceCountedOpenSslEngine threw an OutOfMemoryError from its constructor, and was then later finalized + The SslHandler now adds the socket file descriptor to the BIOs, when the SslEngine supports this (boringssl and libressl), which allow tracing and observability tools to monitor encryption traffic on a per-connection basis. + It is now possible to explicitly step the scheduling clock in EmbeddedEventLoop, which is useful for making automated tests with deterministic scheduling * Fixes of 4.1.77: + Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for Java 6 and lower in io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823) + Upgraded the optional netty-tcnative dependency to version 2.0.52.Final + Fix a bug where Netty fails to load a shaded native library + Include classifier in Automatic-Module-Name + Check if epoll_pwait2 is implemented + Don't call strdup on packagePrefix + Enable debugging of asynchronous tasks in Intellij + Throwing an exception in case glibc is missing instead of segfaulting the JVM * Fixes of 4.1.76: + Upgraded the optional netty-tcnative dependency to version 2.0.51.Final + Upgraded the optional log4j dependency to version 2.17.2 + The netty-all module now declare an automatic module name, making it useable with Java Modules. + It is now possible to configure arbitrary socket options for the native epoll and kqueue transports. Refer to your operating system documentation for what options are available. + It is now possible to explicitly bind channels to either IPv4 or IPv6. + The HTTP/2 header validation that rejects duplicate pseudo-headers, which was added in 4.1.75.Final, has been changed so it no longer breaks older versions of gRPC. " Fix a NullPointerException that was hiding the real cause of certain HTTP/2 header decoding errors. - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * no-brotli-zstd.patch - > 0004-Disable-Brotli-and-ZStd-compression.patch * no-werror.patch + rebase - Removed patches: * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch + we have the dependencies, so no need to disable them * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + solve the build breakages differently - Added patches: * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch + do not use annotations for which we don't have dependencies * 0007-Do-not-require-the-tcnative-native-library.patch + our tcnative library is installed system-wide * Thu Oct 13 2022 Fridrich Strba <fstrba@suse.com> - Force building with java 11 on ix86 in order to avoid random build failures * Fri Apr 08 2022 Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.75 - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + rebase * Tue Feb 22 2022 Fridrich Strba <fstrba@suse.com> - Do not build against the log4j12 packages * Tue Dec 14 2021 Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.72 * fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way * fixes: bsc#1193672, CVE-2021-43797: possible HTTP request smuggling due to insufficient validation against control characters * fixes: bsc#1184203, CVE-2021-21409: request smuggling via content-length header - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch * no-werror.patch + rediff to changed context - Added patch: * no-brotli-zstd.patch + disable Brotli and Zstd compression, since we lack the dependencies needed to build them * Fri Mar 12 2021 Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.60 * fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request Content-Length header field is not validated by 'Http2MultiplexHandler' - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch + rediff to changed context - Added patch: * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + revert optional disabled cache implementation that conflicts with our 0004-Remove-optional-dep-tcnative.patch * Thu Feb 11 2021 Fridrich Strba <fstrba@suse.com> - Upgrade to latest upstream version 4.1.59 - Removed patches: * netty-CVE-2020-11612.patch * netty-CVE-2021-21290.patch + fixes integrated in the upstream sources * 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch * 0002-Remove-NPN.patch * 0003-Remove-conscrypt-ALPN.patch * 0004-Remove-jetty-ALPN.patch + replaced by new patches - Added patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch + remove various optional dependencies that we do not need * 0006-revert-Fix-native-image-build.patch + Revert changes that introduce a new dependency that we do not have * no-werror.patch + Do not treat warnings as errors - Build -poms and -javadoc as noarch packages, since they do not install anything in arch-dependent directories * Thu Feb 11 2021 Fridrich Strba <fstrba@suse.com> - Added patch: * netty-CVE-2021-21290.patch + bsc#1182103, CVE-2021-21290
/usr/lib64/java/netty /usr/lib64/java/netty/netty-resolver-dns-classes-macos.jar /usr/lib64/java/netty/netty-transport-classes-epoll.jar /usr/lib64/java/netty/netty-transport-classes-kqueue.jar /usr/lib64/java/netty/netty-transport-native-epoll-linux-x86_64.jar /usr/lib64/java/netty/netty-transport-native-unix-common-linux-x86_64.jar /usr/lib64/java/netty/netty-transport-native-unix-common.jar /usr/share/java/netty /usr/share/java/netty/netty-all.jar /usr/share/java/netty/netty-buffer.jar /usr/share/java/netty/netty-codec-dns.jar /usr/share/java/netty/netty-codec-haproxy.jar /usr/share/java/netty/netty-codec-http.jar /usr/share/java/netty/netty-codec-http2.jar /usr/share/java/netty/netty-codec-memcache.jar /usr/share/java/netty/netty-codec-mqtt.jar /usr/share/java/netty/netty-codec-redis.jar /usr/share/java/netty/netty-codec-smtp.jar /usr/share/java/netty/netty-codec-socks.jar /usr/share/java/netty/netty-codec-stomp.jar /usr/share/java/netty/netty-codec-xml.jar /usr/share/java/netty/netty-codec.jar /usr/share/java/netty/netty-common.jar /usr/share/java/netty/netty-dev-tools.jar /usr/share/java/netty/netty-handler-proxy.jar /usr/share/java/netty/netty-handler-ssl-ocsp.jar /usr/share/java/netty/netty-handler.jar /usr/share/java/netty/netty-resolver-dns.jar /usr/share/java/netty/netty-resolver.jar /usr/share/java/netty/netty-transport-native-epoll.jar /usr/share/java/netty/netty-transport-native-kqueue.jar /usr/share/java/netty/netty-transport-sctp.jar /usr/share/java/netty/netty-transport.jar /usr/share/licenses/netty /usr/share/licenses/netty/LICENSE.txt /usr/share/licenses/netty/NOTICE.txt /usr/share/maven-metadata/netty.xml /usr/share/maven-poms/netty /usr/share/maven-poms/netty/netty-all.pom /usr/share/maven-poms/netty/netty-buffer.pom /usr/share/maven-poms/netty/netty-codec-dns.pom /usr/share/maven-poms/netty/netty-codec-haproxy.pom /usr/share/maven-poms/netty/netty-codec-http.pom /usr/share/maven-poms/netty/netty-codec-http2.pom /usr/share/maven-poms/netty/netty-codec-memcache.pom /usr/share/maven-poms/netty/netty-codec-mqtt.pom /usr/share/maven-poms/netty/netty-codec-redis.pom /usr/share/maven-poms/netty/netty-codec-smtp.pom /usr/share/maven-poms/netty/netty-codec-socks.pom /usr/share/maven-poms/netty/netty-codec-stomp.pom /usr/share/maven-poms/netty/netty-codec-xml.pom /usr/share/maven-poms/netty/netty-codec.pom /usr/share/maven-poms/netty/netty-common.pom /usr/share/maven-poms/netty/netty-dev-tools.pom /usr/share/maven-poms/netty/netty-handler-proxy.pom /usr/share/maven-poms/netty/netty-handler-ssl-ocsp.pom /usr/share/maven-poms/netty/netty-handler.pom /usr/share/maven-poms/netty/netty-resolver-dns-classes-macos.pom /usr/share/maven-poms/netty/netty-resolver-dns.pom /usr/share/maven-poms/netty/netty-resolver.pom /usr/share/maven-poms/netty/netty-transport-classes-epoll.pom /usr/share/maven-poms/netty/netty-transport-classes-kqueue.pom /usr/share/maven-poms/netty/netty-transport-native-epoll.pom /usr/share/maven-poms/netty/netty-transport-native-kqueue.pom /usr/share/maven-poms/netty/netty-transport-native-unix-common.pom /usr/share/maven-poms/netty/netty-transport-sctp.pom /usr/share/maven-poms/netty/netty-transport.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Dec 27 23:35:20 2024