| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Upgrade to upstream version 4.1.108
* Fixes of 4.1.108:
+ HttpPostRequestDecoder can OOM (bsc#1222045, CVE-2024-29025)
+ Add zstd decoder
+ Updated HTTP2 Reader to fix missing header state
+ codec-http2: fix some frame validation errors
+ SSL: Only wrap TrustManager if FIPS is not used
+ Epoll: Correctly handle splice tasks when Channel is closed
+ Allow to cancel connect() operations when using non-blocking
IO
+ DNS resolver final CNAME lookup disabled
+ DNS: Add DnsRecordType definitions for SVCB and HTTPS
+ SSL: Only try to use TLSv1.3 if a compatible ciphersuite is
configured
+ Backport 'Fix buffer leak in DefaultHttp2HeadersEncoder' to v4
+ SSL: Hold the right monitor while running delegating task
+ SSL: Execute SSL_do_handshake(...) after task is run to ensure
SSLEngine.getHandshakeStatus() returns the correct value all
the time
+ Add active flag to EpollServerDomainSocketChannel fd
constructor
+ Epoll: Fix possible Classloader deadlock caused by loading
class via JNI
+ Prefer /etc/resolv.conf on Linux and Mac
+ Handle invalid cookie value
+ Upgrade to latest tcnative release
+ ByteToMessageDecoder.channelReadComplete(...) does call read()
too often
+ Remove the lock usage in PoolArena#numPinnedBytes()
+ Fix x-www-form-urlencoded parsing for no-value key
(re-submission)
* Fixes of 4.1.107:
+ Speedup pseudoheader lookup
+ Add support for the Partitioned attribute in cookies
+ Reduce HTTP 1.1 Full msg pipeline traversals
+ DnsNameResolver: Add DnsQueryIdSpace class to reduce overhead
while generating IDs
+ Fix copy-paste mistake in
LazyX509Certificate.getIssuerAlternativeNames()
+ HTTP2: lastStreamCreated() does return the wrong value when
all stream ids were used
+ HTTP2: Update local window should not fail queued frames
+ DnsNameResolver: Allways call bind() during bootstrap
+ HTTP: HttpObjectDecoder must not use HTTPMessage once it is
passed to the next handler in the ChannelPipeline
+ Ensure key / values are shared between resumed sessions
+ SSLSession.getLastAccessedTime() and getCreationTime() should
not be equal when session is reused
+ Snappy: Use unsigned short to handle 2 ^ 16 input size instead
of 2 ^ 15
* Fixes of 4.1.106:
+ HTTP2: Prevent sharing the index of the continuation frame
header ByteBuf.
+ DnsNameResolver: Fail query if id space is exhausted
+ Short-circuit ByteBuf::release
* Fixes of 4.1.105:
+ Fix exception on HTTP chunk size overflow
+ Default value of MAX_MESSAGES_PER_READ not used for native
DatagramChannels
+ Redo fix scalability issue due to checkcast on context's
invoke operations
+ Be able to retry the query via TCP if a query failed because
of a timeout
+ Save HTTP 2 pseudo-header lower-case validation
+ DnsNameResolver: Limit connect timeout to query timeout
+ h2: propagate stream close without read pending, avoid SOOE
if !autoRead
* Fixes of 4.1.104:
+ dyld: Symbol not found: _netty_jni_util_JNI_OnLoad
* Fixes of 4.1.103:
+ Workaround for regex bug in Android SDK
+ Use Http2Headers.size() instead of isEmpty()
+ Add support for RISC-V
* Fixes of 4.1.101:
+ Add service-loaded extension points for channel initialization
+ Added check for pseudo-headers in trailers
+ Automatically close Http2StreamChannel when
Http2FrameStreamExceptionreaches end ofChannelPipeline
+ Throwing a stackless exception if RST_FRAME rate is exceeded
+ Only enable the RST limit for servers by default
+ Change default value of MAX_MESSAGES_PER_READ for
DatagramChannel implementations
+ Descriptive message for errors related to unknown http2
streams
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
+ rebase
- Use %patch -P N instead of deprecated %patchN.
- Upgrade to upstream version 4.1.100
* Fixes of 4.1.100:
+ DDoS vector in the HTTP/2 protocol due RST frames
(bsc#1216169, CVE-2023-44487)
+ Do not fail when compressing empty HttpContent
* Fixes of 4.1.99:
+ Do not try to delete a global handle with the local handles
APIs
+ Enable build with JDK21
+ dyld: lazy symbol binding failed: Symbol not found:
_netty_jni_util_JNI_OnLoad
* Fixes of 4.1.98:
+ Revert "HttpHeaderValidationUtil should reject chars past the
1 byte range"
+ Filter out unresolved addresses when parsing resolv.conf
+ Prevent classloader leak via JNI
+ SSLSession.getPeerCertificateChain() should throw
UnsupportedOperationException if javax.security.cert
.X509Certificate can not be created
+ Enable client side session cache when using native SSL by
default
* Fixes of 4.1.97:
+ Fixing AsciiString#lastIndexOf To Respect The offset
+ Add support for snappy http2 content decompression
+ Add support for password-based encryption scheme 2 params
+ HttpHeaderValidationUtil should reject chars past the 1 byte
range
+ Honor SslHandler.setWrapDataSize greater than SSL packet
length
+ Add support for snappy http content encoding
* Fixes of 4.1.96:
+ Move the PoolThreadCache finalizer to a separate object
+ Fix kevent(..) failed: Invalid argument
+ Revert "Always increment Stream Id on createStream" to fix bug
which caused sending multiple RST frames for the same id
* Fixes of 4.1.95
+ Add resource leak listener
+ Reduce object allocations during SslHandler.flush(...)
+ Ensure ByteBuf.capacity(...) will never throw AssertionError
+ Make transport.Bootstrap usable with no netty-resolver on
classpath
+ Correctly retain slice when calling
ReplayingDecoderByteBuf.retainedSlice(...)
+ Always increment Stream Id on createStream(...)
+ Fix BrotliEncoder bug that does not mark ByteBuf it encodes a
read
+ Enhance CertificateException message when throw due hostname
validation
- Rebased patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp