Skip to content

Commit

Permalink
Merge pull request #1795 from ballerina-platform/netty-update-2201.2.x
Browse files Browse the repository at this point in the history
[2201.2.x] Update Netty version
  • Loading branch information
TharmiganK authored Oct 20, 2023
2 parents f399dd7 + d69e44d commit b9c7d79
Show file tree
Hide file tree
Showing 13 changed files with 69 additions and 43 deletions.
1 change: 1 addition & 0 deletions .trivyignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CVE-2023-33201
6 changes: 3 additions & 3 deletions ballerina-tests/Dependencies.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ dependencies = [
[[package]]
org = "ballerina"
name = "constraint"
version = "1.0.1"
version = "1.0.2"
scope = "testOnly"
dependencies = [
{org = "ballerina", name = "jballerina.java"}
Expand Down Expand Up @@ -393,7 +393,7 @@ modules = [
[[package]]
org = "ballerina"
name = "time"
version = "2.2.3"
version = "2.2.5"
scope = "testOnly"
dependencies = [
{org = "ballerina", name = "jballerina.java"}
Expand All @@ -402,7 +402,7 @@ dependencies = [
[[package]]
org = "ballerina"
name = "url"
version = "2.2.3"
version = "2.2.4"
scope = "testOnly"
dependencies = [
{org = "ballerina", name = "jballerina.java"}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,8 @@ function testHttp2ValidHeaderLength() returns error? {
}

//Tests the behaviour when header size is greater than the configured threshold
@test:Config {}
// TODO: Enable after fixing this issue : https://github.com/ballerina-platform/ballerina-standard-library/issues/3963
@test:Config {enable: false}
function testHttp2InvalidHeaderLength() returns error? {
http:Client limitClient = check new("http://localhost:" + http2RequestLimitsTestPort3.toString(),
http2Settings = { http2PriorKnowledge: true });
Expand All @@ -139,7 +140,8 @@ function testHttp2InvalidHeaderLength() returns error? {
}

// Tests the fallback behaviour when header size is greater than the configured http2 service
@test:Config {}
// TODO: Enable after fixing this issue : https://github.com/ballerina-platform/ballerina-standard-library/issues/3963
@test:Config {enable: false}
function testHttp2Http2ServiceInvalidHeaderLength() returns error? {
http:Client limitClient = check new("http://localhost:" + requestLimitsTestPort5.toString(),
http2Settings = { http2PriorKnowledge: true });
Expand Down
3 changes: 2 additions & 1 deletion ballerina-tests/tests/http2_mutual_ssl_test.bal
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,8 @@ public function testHttp2MutualSsl4() returns error? {
// Without keys - negative test
http:Client httpClient = check new("https://localhost:9204", http2MutualSslClientConf4);
http:Response|error resp = httpClient->get("/http2Service/");
string expectedErrMsg = "SSL connection failed:javax.net.ssl.SSLHandshakeException: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE localhost/127.0.0.1:9204";
string expectedErrMsg = "SSL connection failed:io.netty.handler.ssl.ReferenceCountedOpenSslEngine$OpenSslHandshakeException"
+ ": error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE localhost/127.0.0.1:9204";
if resp is error {
test:assertEquals(resp.message(), expectedErrMsg);
} else {
Expand Down
60 changes: 33 additions & 27 deletions ballerina/Ballerina.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,56 +30,62 @@ path = "./lib/constraint-native-1.0.0.jar"
[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-common"
version = "4.1.77.Final"
path = "./lib/netty-common-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-common-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-buffer"
version = "4.1.77.Final"
path = "./lib/netty-buffer-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-buffer-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-transport"
version = "4.1.77.Final"
path = "./lib/netty-transport-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-transport-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-resolver"
version = "4.1.77.Final"
path = "./lib/netty-resolver-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-resolver-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-handler"
version = "4.1.77.Final"
path = "./lib/netty-handler-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-handler-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-codec-http"
version = "4.1.77.Final"
path = "./lib/netty-codec-http-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-codec-http-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-codec"
version = "4.1.77.Final"
path = "./lib/netty-codec-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-codec-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-handler-proxy"
version = "4.1.77.Final"
path = "./lib/netty-handler-proxy-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-handler-proxy-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-codec-http2"
version = "4.1.77.Final"
path = "./lib/netty-codec-http2-4.1.77.Final.jar"
version = "4.1.100.Final"
path = "./lib/netty-codec-http2-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-transport-native-unix-common"
version = "4.1.100.Final"
path = "./lib/netty-transport-native-unix-common-4.1.100.Final.jar"

[[platform.java11.dependency]]
groupId = "commons-pool.wso2"
Expand All @@ -102,29 +108,29 @@ path = "./lib/bcpkix-jdk15on-1.69.jar"
[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-tcnative-boringssl-static"
version = "2.0.52.Final"
path = "./lib/netty-tcnative-boringssl-static-2.0.52.Final.jar"
version = "2.0.62.Final"
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final.jar"

[[platform.java11.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.52.Final-windows-x86_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-windows-x86_64.jar"

[[platform.java11.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.52.Final-linux-aarch_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-linux-aarch_64.jar"

[[platform.java11.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.52.Final-linux-x86_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-linux-x86_64.jar"

[[platform.java11.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.52.Final-osx-aarch_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-osx-aarch_64.jar"

[[platform.java11.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.52.Final-osx-x86_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-osx-x86_64.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-tcnative-classes"
version = "2.0.52.Final"
path = "./lib/netty-tcnative-classes-2.0.52.Final.jar"
version = "2.0.62.Final"
path = "./lib/netty-tcnative-classes-2.0.62.Final.jar"

[[platform.java11.dependency]]
groupId = "org.jvnet.mimepull"
Expand Down
6 changes: 3 additions & 3 deletions ballerina/Dependencies.toml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ modules = [
[[package]]
org = "ballerina"
name = "constraint"
version = "1.0.1"
version = "1.0.2"
dependencies = [
{org = "ballerina", name = "jballerina.java"}
]
Expand Down Expand Up @@ -311,7 +311,7 @@ dependencies = [
[[package]]
org = "ballerina"
name = "time"
version = "2.2.3"
version = "2.2.5"
dependencies = [
{org = "ballerina", name = "jballerina.java"}
]
Expand All @@ -322,7 +322,7 @@ modules = [
[[package]]
org = "ballerina"
name = "url"
version = "2.2.3"
version = "2.2.4"
dependencies = [
{org = "ballerina", name = "jballerina.java"}
]
Expand Down
3 changes: 3 additions & 0 deletions ballerina/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,9 @@ dependencies {
externalJars(group: 'io.netty', name: 'netty-codec-http2', version: "${nettyVersion}") {
transitive = false
}
externalJars(group: 'io.netty', name: 'netty-transport-native-unix-common', version: "${nettyVersion}") {
transitive = false
}
externalJars(group: 'commons-pool.wso2', name: 'commons-pool', version: "${wso2CommonsPoolVersion}") {
transitive = false
}
Expand Down
4 changes: 2 additions & 2 deletions ballerina/http_connection.bal
Original file line number Diff line number Diff line change
Expand Up @@ -254,10 +254,10 @@ isolated function createStatusCodeResponse(StatusCodeResponse message, string? r
isolated function retrieveMediaType(StatusCodeResponse resp, string? retrievedMediaType) returns string? {
string? mediaType = resp?.mediaType;
if mediaType is string {
return mediaType;
return strings:trim(mediaType);
}
if retrievedMediaType is string {
return retrievedMediaType;
return strings:trim(retrievedMediaType);
}
return;
}
Expand Down
6 changes: 6 additions & 0 deletions build-config/resources/Ballerina.toml
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,12 @@ artifactId = "netty-codec-http2"
version = "@netty.version@"
path = "./lib/netty-codec-http2-@netty.version@.jar"

[[platform.java11.dependency]]
groupId = "io.netty"
artifactId = "netty-transport-native-unix-common"
version = "@netty.version@"
path = "./lib/netty-transport-native-unix-common-@netty.version@.jar"

[[platform.java11.dependency]]
groupId = "commons-pool.wso2"
artifactId = "commons-pool"
Expand Down
6 changes: 6 additions & 0 deletions changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@ This file contains all the notable changes done to the Ballerina HTTP package th
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to
[Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Fixes

- [Address CVE-2023-4586 netty Vulnerability](https://github.com/ballerina-platform/ballerina-standard-library/issues/4908)

## [2.4.6] - 2022-12-06

### Fixes
Expand Down
4 changes: 2 additions & 2 deletions gradle.properties
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ version=2.4.7-SNAPSHOT
ballerinaLangVersion=2201.2.0
ballerinaTomlParserVersion=1.2.2
commonsLang3Version=3.8.1
nettyVersion=4.1.77.Final
nettyTcnativeVersion=2.0.52.Final
nettyVersion=4.1.100.Final
nettyTcnativeVersion=2.0.62.Final
bouncycastleVersion=1.69
slf4jVersion=1.7.30
jakartaXmlBindVersion=2.3.3
Expand Down
1 change: 1 addition & 0 deletions native/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ dependencies {
// Transport related dependencies
implementation group: 'io.netty', name: 'netty-codec-http2', version:"${nettyVersion}"
implementation group: 'io.netty', name: 'netty-handler-proxy', version:"${nettyVersion}"
implementation group: 'io.netty', name: 'netty-transport-native-unix-common', version:"${nettyVersion}"
implementation group: 'io.netty', name: 'netty-tcnative-boringssl-static', version:"${nettyTcnativeVersion}"
implementation 'io.netty:netty-tcnative-boringssl-static::windows-x86_64'
implementation 'io.netty:netty-tcnative-boringssl-static::linux-aarch_64'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ public HttpResponseFuture send(OutboundMsgHolder outboundMsgHolder, HttpCarbonMe

//Cannot directly assign srcHandler and http2SourceHandler to inner class ConnectionAvailabilityListener hence
//need two new separate variables
final SourceHandler http1xSrcHandlder = srcHandler;
final SourceHandler http1xSrcHandler = srcHandler;
final Http2SourceHandler http2SrcHandler = http2SourceHandler;

if (srcHandler == null && http2SourceHandler == null && LOG.isDebugEnabled()) {
Expand Down Expand Up @@ -211,9 +211,9 @@ public void onSuccess(String protocol, ChannelFuture channelFuture) {
route.toString() + " " + "Original Channel ID is : " + channelFuture.channel().id());
}

if (Constants.HTTP_SCHEME.equalsIgnoreCase(protocol) && http1xSrcHandlder != null) {
if (Constants.HTTP_SCHEME.equalsIgnoreCase(protocol) && http1xSrcHandler != null) {
channelFuture.channel().deregister().addListener(future ->
http1xSrcHandlder.getEventLoop()
http1xSrcHandler.getEventLoop()
.register(channelFuture.channel())
.addListener(
future1 ->
Expand Down

0 comments on commit b9c7d79

Please sign in to comment.