SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for netty-4.1.90-150200.4.14.1.x86_64.rpm :

* Thu Mar 30 2023 fstrbaAATTsuse.com- Upgrade to upstreeam version 4.1.90
* Fixes of 4.1.90: + Adding header name of the header which failed validation + Fix HttpHeaders.names for non-String headers + Save expensive volatile operations in the common hot http decoder path + Avoid slow type checks against promises on outbound buffer\'s progress + Implement NonStickyEventExecutorGroup.inEventLoop + Native image: add support for unix domain sockets + Use MacOS SDK 10.9 to prevent apple notarization failures + Increase errno cache and guard against IOOBE + Don\'t reset BCSSLParameters when setting application protocols + WebSocketClientProtocolHandler: add option to disable UTF8 validation + Chunked HTTP length decoding should account for whitespaces/ctrl chars + Handle NullPointerException thrown from NetworkInterface.getNetworkInterfaces()
* Fixes of 4.1.89: + Don\'t fail on HttpObjectDecoder\'s maxHeaderSize greater then (Integer.MAX_VALUE - 2) + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when upgrading from 4.1.87.Final to 4.1.88.Final
* Fixes of 4.1.88: + Speed-up HTTP 1.1 header and line parsing + Add StacklessSSLHandshakeException for ClosedChannelException + Modify changed CloseWebSocketFrame#statusCode() to change the fetch code to unsigned + Check if CommandLineTools are installed before trying to execute install_name_tool + Allow to adjust the GlobalEventExecutor quietPeriod via a system property + Add SslProvider.isOptionSupported(...) + Fix FlowControlHandler\'s behaviour to pass read events when auto-reading is turned off + Ensure Http2StreamFrameToHttpObjectCodec#decode doesn\'t add transfer-encoding for 204/304 response + Only do extra CNAME query if we couldnt follow the whole CNAME chain in the response + Include query id when a query failed + DnsResolveContext: include expected record types in exception message + Add necessary native-image configuration files for epoll + Create a deep-copy of the Throwable before returning it from the cache to prevent possible leaks + Always respect completeOncePreferredResolved in DnsNameResolver + fix brotli compression + Optionally depend on bctls-jdk15on + Make releasing objects back to Recycler faster + Correctly keep track of validExtensions per request / response + Add handling of inflight lookups to reduce real queries when lookup same hostname + DnsQueryContext: include query id and question info in exception message + AsciiStrings can be batch-encoded
* Fixes of 4.1.87: + Upgrade to latest netty-tcnative release which doesnt link libcrypt + Add recvmmsg & sendmmsg syscall number for loongarch64 + Return correct value from SSLSession.getPacketSize() when using native SSL implementation + Explicit disable TLSv1.3 in the OpenSSL options if not supported + Support handshake timeout in SniHandler. + Extend DNS address supplier interface to provide feedback
* Fixes of 4.1.86: + HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360, CVE-2022-41881) + HTTP Response splitting from assigning header value iterator (bsc#1206379, CVE-2022-41915) + Revert #12888 for potential task scheduling problems in HashedWheelTimer + Deprecate ObjectEncoder/ObjectDecoder + HPACK dynamic table size update must happen at the beginning of the header block
* Fixes of 4.1.85: + A bug in FlowControlHandler that broke auto-read has been fixed + The HTTP/2 HPACK encoder is now faster at encoding headers that have many values + A potential memory leak bug has been fixed in the pooled allocator + Fix an issue with the Blockhound integration, which could cause the MacOSDnsServerAddressStreamProvider to be flagged as making blocking calls + Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have been fixed + ByteToMessageDecoder now handle situations where the same ByteBuf instance is read multiple times + The check that ensures the HTTP/1 Content-Length header is unique, now no longer causes headers to be rearranged (change their order) + Fix a NullPointerException bug with class initialisation order between InternalLogger and InternalThreadLocalMap + When the netty-resolver-dns-native-macos classes can\'t load their native bindings, they now only print a short error message instead of the huge stack trace it printed previously. The stack trace is still included if DEBUG logging is enabled + The Graal native-image meta-data is now placed in the recommended location, and no longer causes warnings to be printed + The HTTP/1 and HTTP/2 codecs now properly support RFC 8297 Early Hints + Subclasses of FastThreadLocalThread can now tell the Netty Blockhound integration that they should be allowed to make blocking calls + Validation of HTTP/2 connection headers have been moved from Http2Headers to HpackDecoder, so that outgoing headers are not validated
* Fixes of 4.1.84: + HTTP/2 header values with invalid characters are now rejected in header validation + We now automatically generate conditional meta-data for native-image use, making GraalVM support more reliable + Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the Klass::secondary_super_cache field in the JVM (See JDK-8180450) + Made the HTTP/2 HPACK static table implementation faster by using a perfect hash function + Fixed a bug in our PEMParser when PEM files have multiple objects, and BouncyCastle is on the classpath
* Fixes of 4.1.82: + Fix a NullPointerException bug when calling forEachByte on nested CompositeByteBufs + Relax an overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox + The OpenSSL and BoringSSL implementations now respect the jdk.tls.client.protocols and jdk.tls.server.protocols system properties, making them react to these in the same way the JDK SSL provider does
* Fixes of 4.1.81: + Fix a regression SslContext private key loading + Fix a bug in SslContext private key reading fall-back path + Fix a buffer leak regression in HttpClientCodec + Fix a bug where some HttpMessage implementations, that also implement HttpContent, were not handled correctly + The MessageFormatter and FormattingTuple classes are now usable in the public API + Connection related headers in HTTP/2 frames are now rejected, in compliance with the specification
* Fixes of 4.1.80: + HttpObjectEncoder scalability issue due to instanceof checks + Improve logging when MacOSDnsServerAddressStreamProvider cannot be found/loaded + Replace stdlib write/read with send/recv + Support for pkcs1 + Add Blockhound exceptions for the PooledByteBufAllocator + Fix epoll bug when receiving zero-sized datagrams + Avoid including header values in header validation failure exceptions + Avoid allocating large buffers in JdkZlibEncoder + Native Image Support: Set IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default for native images + We need to use disconnectx(...) on macOS + Replace synchronized with Java Locks on the allocator + Don\'t use static instances of FixedRecvByteBufAllocator + Add escaping for stomp headers
* Fixes of 4.1.79: + The PEM certificate parser is no longer susceptible to exponential back-off + Non-standard extra ampersands in HTTP POST bodies are no longer rejected + An io.netty.osClassifiers system property has been added to avoid reading os-release files + Fix a bug in SslHandler so handlerRemoved works properly even if handlerAdded throws an exception + Use the correct OSGi processor directive on aarch64, making it possible to use OSGi on ARM + HTTP paths that begin with a double-slash are now parsed the same way browsers do + The isCompleted flag is now correctly preserved on objects from HttpData.retainedDuplicate() + The HttpUtil.isOriginForm() and isAsteriskForm() methods now correctly conform with RFC 7230 + Fix an issue that allowed the multicast methods on EpollDatagramChannel to be called outside of an event-loop thread + Support for the LoongArch64 processor architecture has been added
* Fixes of 4.1.78: + Fix a bug where an OPT record was added to DNS queries that already had such a record + Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name + Fix an issue in the BlockHound integration that could occasionally cause NetUtil to be reported as performing blocking operations + A similar BlockHound issue was fixed for the JdkSslContext + Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge + Fixes a rare NullPointerException that could occur when a ReferenceCountedOpenSslEngine threw an OutOfMemoryError from its constructor, and was then later finalized + The SslHandler now adds the socket file descriptor to the BIOs, when the SslEngine supports this (boringssl and libressl), which allow tracing and observability tools to monitor encryption traffic on a per-connection basis. + It is now possible to explicitly step the scheduling clock in EmbeddedEventLoop, which is useful for making automated tests with deterministic scheduling
* Fixes of 4.1.77: + Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for Java 6 and lower in io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823) + Upgraded the optional netty-tcnative dependency to version 2.0.52.Final + Fix a bug where Netty fails to load a shaded native library + Include classifier in Automatic-Module-Name + Check if epoll_pwait2 is implemented + Don\'t call strdup on packagePrefix + Enable debugging of asynchronous tasks in Intellij + Throwing an exception in case glibc is missing instead of segfaulting the JVM
* Fixes of 4.1.76: + Upgraded the optional netty-tcnative dependency to version 2.0.51.Final + Upgraded the optional log4j dependency to version 2.17.2 + The netty-all module now declare an automatic module name, making it useable with Java Modules. + It is now possible to configure arbitrary socket options for the native epoll and kqueue transports. Refer to your operating system documentation for what options are available. + It is now possible to explicitly bind channels to either IPv4 or IPv6. + The HTTP/2 header validation that rejects duplicate pseudo-headers, which was added in 4.1.75.Final, has been changed so it no longer breaks older versions of gRPC. \" Fix a NullPointerException that was hiding the real cause of certain HTTP/2 header decoding errors.- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* no-brotli-zstd.patch - > 0004-Disable-Brotli-and-ZStd-compression.patch
* no-werror.patch + rebase- Removed patches:
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch + we have the dependencies, so no need to disable them
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch + solve the build breakages differently- Added patches:
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch + do not use annotations for which we don\'t have dependencies
* 0007-Do-not-require-the-tcnative-native-library.patch + our tcnative library is installed system-wide
* Thu Oct 13 2022 fstrbaAATTsuse.com- Force building with java 11 on ix86 in order to avoid random build failures
* Fri Apr 08 2022 fstrbaAATTsuse.com- Upgrade to latest upstream version 4.1.75- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch + rebase
* Tue Feb 22 2022 fstrbaAATTsuse.com- Do not build against the log4j12 packages
* Tue Dec 14 2021 fstrbaAATTsuse.com- Upgrade to latest upstream version 4.1.72
* fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn\'t allow setting size restrictions for decompressed data
* fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn\'t restrict chunk length any may buffer skippable chunks in an unnecessary way
* fixes: bsc#1193672, CVE-2021-43797: possible HTTP request smuggling due to insufficient validation against control characters
* fixes: bsc#1184203, CVE-2021-21409: request smuggling via content-length header- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
* no-werror.patch + rediff to changed context- Added patch:
* no-brotli-zstd.patch + disable Brotli and Zstd compression, since we lack the dependencies needed to build them
* Fri Mar 12 2021 fstrbaAATTsuse.com- Upgrade to latest upstream version 4.1.60
* fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request Content-Length header field is not validated by \'Http2MultiplexHandler\'- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch + rediff to changed context- Added patch:
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch + revert optional disabled cache implementation that conflicts with our 0004-Remove-optional-dep-tcnative.patch
* Thu Feb 11 2021 fstrbaAATTsuse.com- Upgrade to latest upstream version 4.1.59- Removed patches:
* netty-CVE-2020-11612.patch
* netty-CVE-2021-21290.patch + fixes integrated in the upstream sources
* 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
* 0002-Remove-NPN.patch
* 0003-Remove-conscrypt-ALPN.patch
* 0004-Remove-jetty-ALPN.patch + replaced by new patches- Added patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch + remove various optional dependencies that we do not need
* 0006-revert-Fix-native-image-build.patch + Revert changes that introduce a new dependency that we do not have
* no-werror.patch + Do not treat warnings as errors- Build -poms and -javadoc as noarch packages, since they do not install anything in arch-dependent directories
* Thu Feb 11 2021 fstrbaAATTsuse.com- Added patch:
* netty-CVE-2021-21290.patch + bsc#1182103, CVE-2021-21290
* Thu Apr 09 2020 fstrbaAATTsuse.com- Added patch:
* netty-CVE-2020-11612.patch + bsc#1168932, CVE-2020-11612 + bsc#1169082, CVE-2020-10707
* Thu Jan 09 2020 fstrbaAATTsuse.com- Split pom-only artifacts into a subpackage netty-pom in order to generate their dependencies correctly
* Wed Nov 13 2019 fstrbaAATTsuse.com- Initial packaging of netty 4.1.13
  
ICM