* Thu Mar 30 2023 fstrba@suse.com
- Upgrade to upstream version 4.1.90
* Fixes of 4.1.90:
+ Adding header name of the header which failed validation
+ Fix HttpHeaders.names for non-String headers
+ Save expensive volatile operations in the common hot http
decoder path
+ Avoid slow type checks against promises on outbound buffer's
progress
+ Implement NonStickyEventExecutorGroup.inEventLoop
+ Native image: add support for unix domain sockets
+ Use MacOS SDK 10.9 to prevent apple notarization failures
+ Increase errno cache and guard against IOOBE
+ Don't reset BCSSLParameters when setting application protocols
+ WebSocketClientProtocolHandler: add option to disable UTF8
validation
+ Chunked HTTP length decoding should account for
whitespaces/ctrl chars
+ Handle NullPointerException thrown from
NetworkInterface.getNetworkInterfaces()
* Fixes of 4.1.89:
+ Don't fail on HttpObjectDecoder's maxHeaderSize greater then
(Integer.MAX_VALUE - 2)
+ dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when
upgrading from 4.1.87.Final to 4.1.88.Final
* Fixes of 4.1.88:
+ Speed-up HTTP 1.1 header and line parsing
+ Add StacklessSSLHandshakeException for ClosedChannelException
+ Modify changed CloseWebSocketFrame#statusCode() to change the
fetch code to unsigned
+ Check if CommandLineTools are installed before trying to
execute install_name_tool
+ Allow to adjust the GlobalEventExecutor quietPeriod via a
system property
+ Add SslProvider.isOptionSupported(...)
+ Fix FlowControlHandler's behaviour to pass read events when
auto-reading is turned off
+ Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add
transfer-encoding for 204/304 response
+ Only do extra CNAME query if we couldnt follow the whole CNAME
chain in the response
+ Include query id when a query failed
+ DnsResolveContext: include expected record types in exception
message
+ Add necessary native-image configuration files for epoll
+ Create a deep-copy of the Throwable before returning it from
the cache to prevent possible leaks
+ Always respect completeOncePreferredResolved in
DnsNameResolver
+ fix brotli compression
+ Optionally depend on bctls-jdk15on
+ Make releasing objects back to Recycler faster
+ Correctly keep track of validExtensions per request / response
+ Add handling of inflight lookups to reduce real queries when
lookup same hostname
+ DnsQueryContext: include query id and question info in
exception message
+ AsciiStrings can be batch-encoded
* Fixes of 4.1.87:
+ Upgrade to latest netty-tcnative release which doesnt link
libcrypt
+ Add recvmmsg & sendmmsg syscall number for loongarch64
+ Return correct value from SSLSession.getPacketSize() when
using native SSL implementation
+ Explicit disable TLSv1.3 in the OpenSSL options if not
supported
+ Support handshake timeout in SniHandler.
+ Extend DNS address supplier interface to provide feedback
* Fixes of 4.1.86:
+ HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360,
CVE-2022-41881)
+ HTTP Response splitting from assigning header value iterator
(bsc#1206379, CVE-2022-41915)
+ Revert #12888 for potential task scheduling problems in
HashedWheelTimer
+ Deprecate ObjectEncoder/ObjectDecoder
+ HPACK dynamic table size update must happen at the beginning
of the header block
* Fixes of 4.1.85:
+ A bug in FlowControlHandler that broke auto-read has been
fixed
+ The HTTP/2 HPACK encoder is now faster at encoding headers
that have many values
+ A potential memory leak bug has been fixed in the pooled
allocator
+ Fix an issue with the Blockhound integration, which could
cause the MacOSDnsServerAddressStreamProvider to be flagged
as making blocking calls
+ Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have
been fixed
+ ByteToMessageDecoder now handle situations where the same
ByteBuf instance is read multiple times
+ The check that ensures the HTTP/1 Content-Length header is
unique, now no longer causes headers to be rearranged (change
their order)
+ Fix a NullPointerException bug with class initialisation order
between InternalLogger and InternalThreadLocalMap
+ When the netty-resolver-dns-native-macos classes can't load
their native bindings, they now only print a short error
message instead of the huge stack trace it printed previously.
The stack trace is still included if DEBUG logging is enabled
+ The Graal native-image meta-data is now placed in the
recommended location, and no longer causes warnings to be
printed
+ The HTTP/1 and HTTP/2 codecs now properly support RFC 8297
Early Hints
+ Subclasses of FastThreadLocalThread can now tell the Netty
Blockhound integration that they should be allowed to make
blocking calls
+ Validation of HTTP/2 connection headers have been moved from
Http2Headers to HpackDecoder, so that outgoing headers are
not validated
* Fixes of 4.1.84:
+ HTTP/2 header values with invalid characters are now rejected
in header validation
+ We now automatically generate conditional meta-data for
native-image use, making GraalVM support more reliable
+ Fix a scalability issue caused by instanceof and check-cast
checks that lead to false-sharing on the
Klass::secondary_super_cache field in the JVM
(See JDK-8180450)
+ Made the HTTP/2 HPACK static table implementation faster by
using a perfect hash function
+ Fixed a bug in our PEMParser when PEM files have multiple
objects, and BouncyCastle is on the classpath
* Fixes of 4.1.82:
+ Fix a NullPointerException bug when calling forEachByte on
nested CompositeByteBufs
+ Relax an overly strict HTTP/2 header validation check that was
rejecting requests from Chrome and Firefox
+ The OpenSSL and BoringSSL implementations now respect the
jdk.tls.client.protocols and jdk.tls.server.protocols system
properties, making them react to these in the same way the JDK
SSL provider does
* Fixes of 4.1.81:
+ Fix a regression SslContext private key loading
+ Fix a bug in SslContext private key reading fall-back path
+ Fix a buffer leak regression in HttpClientCodec
+ Fix a bug where some HttpMessage implementations, that also
implement HttpContent, were not handled correctly
+ The MessageFormatter and FormattingTuple classes are now
usable in the public API
+ Connection related headers in HTTP/2 frames are now rejected,
in compliance with the specification
* Fixes of 4.1.80:
+ HttpObjectEncoder scalability issue due to instanceof checks
+ Improve logging when MacOSDnsServerAddressStreamProvider
cannot be found/loaded
+ Replace stdlib write/read with send/recv
+ Support for pkcs1
+ Add Blockhound exceptions for the PooledByteBufAllocator
+ Fix epoll bug when receiving zero-sized datagrams
+ Avoid including header values in header validation failure
exceptions
+ Avoid allocating large buffers in JdkZlibEncoder
+ Native Image Support: Set
IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default
for native images
+ We need to use disconnectx(...) on macOS
+ Replace synchronized with Java Locks on the allocator
+ Don't use static instances of FixedRecvByteBufAllocator
+ Add escaping for stomp headers
* Fixes of 4.1.79:
+ The PEM certificate parser is no longer susceptible to
exponential back-off
+ Non-standard extra ampersands in HTTP POST bodies are no
longer rejected
+ An io.netty.osClassifiers system property has been added to
avoid reading os-release files
+ Fix a bug in SslHandler so handlerRemoved works properly even
if handlerAdded throws an exception
+ Use the correct OSGi processor directive on aarch64, making it
possible to use OSGi on ARM
+ HTTP paths that begin with a double-slash are now parsed the
same way browsers do
+ The isCompleted flag is now correctly preserved on objects
from HttpData.retainedDuplicate()
+ The HttpUtil.isOriginForm() and isAsteriskForm() methods now
correctly conform with RFC 7230
+ Fix an issue that allowed the multicast methods on
EpollDatagramChannel to be called outside of an event-loop
thread
+ Support for the LoongArch64 processor architecture has been
added
* Fixes of 4.1.78:
+ Fix a bug where an OPT record was added to DNS queries that
already had such a record
+ Fix a bug that caused an error when files uploaded with HTTP
POST contained a backslash in their name
+ Fix an issue in the BlockHound integration that could
occasionally cause NetUtil to be reported as performing
blocking operations
+ A similar BlockHound issue was fixed for the JdkSslContext
+ Fix a bug that prevented preface or settings frames from
being flushed, when an HTTP2 connection was established with
prior-knowledge
+ Fixes a rare NullPointerException that could occur when a
ReferenceCountedOpenSslEngine threw an OutOfMemoryError from
its constructor, and was then later finalized
+ The SslHandler now adds the socket file descriptor to the
BIOs, when the SslEngine supports this (boringssl and
libressl), which allow tracing and observability tools to
monitor encryption traffic on a per-connection basis.
+ It is now possible to explicitly step the scheduling clock in
EmbeddedEventLoop, which is useful for making automated tests
with deterministic scheduling
* Fixes of 4.1.77:
+ Local Information Disclosure Vulnerability in Netty on
Unix-Like systems due temporary files for Java 6 and lower in
io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823)
+ Upgraded the optional netty-tcnative dependency to version
2.0.52.Final
+ Fix a bug where Netty fails to load a shaded native library
+ Include classifier in Automatic-Module-Name
+ Check if epoll_pwait2 is implemented
+ Don't call strdup on packagePrefix
+ Enable debugging of asynchronous tasks in Intellij
+ Throwing an exception in case glibc is missing instead of
segfaulting the JVM
* Fixes of 4.1.76:
+ Upgraded the optional netty-tcnative dependency to version
2.0.51.Final
+ Upgraded the optional log4j dependency to version 2.17.2
+ The netty-all module now declare an automatic module name,
making it useable with Java Modules.
+ It is now possible to configure arbitrary socket options for
the native epoll and kqueue transports. Refer to your
operating system documentation for what options are available.
+ It is now possible to explicitly bind channels to either IPv4
or IPv6.
+ The HTTP/2 header validation that rejects duplicate
pseudo-headers, which was added in 4.1.75.Final, has been
changed so it no longer breaks older versions of gRPC.
" Fix a NullPointerException that was hiding the real cause of
certain HTTP/2 header decoding errors.
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* no-brotli-zstd.patch
- > 0004-Disable-Brotli-and-ZStd-compression.patch
* no-werror.patch
+ rebase
- Removed patches:
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
+ we have the dependencies, so no need to disable them
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ solve the build breakages differently
- Added patches:
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
+ do not use annotations for which we don't have dependencies
* 0007-Do-not-require-the-tcnative-native-library.patch
+ our tcnative library is installed system-wide
* Thu Oct 13 2022 fstrba@suse.com
- Force building with java 11 on ix86 in order to avoid random
build failures