diff options
author | Mate Szalay-Beko <symat@apache.org> | 2023-01-19 11:57:30 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-19 11:57:30 +0100 |
commit | c7e15cee13abcfcad7bece2631716d5238c566a3 (patch) | |
tree | 66b7d53189acc931f161eb5c156e0cf7e94442de | |
parent | aa8790c72bcb02ce6f15dd93bbf6df4a14f9015b (diff) | |
download | zookeeper-c7e15cee13abcfcad7bece2631716d5238c566a3.tar.gz |
ZOOKEEPER-4649: Upgrade netty to 4.1.86 because of CVE-2022-41915 (#1963)
Co-authored-by: Mate Szalay-Beko <symat@apache.com>
-rwxr-xr-x | pom.xml | 2 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/NOTICE.txt | 225 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/netty-buffer-4.1.86.Final.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/netty-buffer-4.1.76.Final.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/netty-codec-4.1.86.Final.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/netty-codec-4.1.76.Final.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/netty-handler-4.1.86.Final.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/netty-handler-4.1.76.Final.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/netty-resolver-4.1.86.Final.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/netty-resolver-4.1.76.Final.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.86.Final.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.76.Final.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.86.Final.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.76.Final.LICENSE.txt) | 0 |
8 files changed, 172 insertions, 55 deletions
@@ -558,7 +558,7 @@ <mockito.version>3.6.28</mockito.version> <hamcrest.version>2.2</hamcrest.version> <commons-cli.version>1.4</commons-cli.version> - <netty.version>4.1.76.Final</netty.version> + <netty.version>4.1.86.Final</netty.version> <jetty.version>9.4.49.v20220914</jetty.version> <jackson.version>2.13.2.1</jackson.version> <jline.version>2.14.6</jline.version> diff --git a/zookeeper-server/src/main/resources/NOTICE.txt b/zookeeper-server/src/main/resources/NOTICE.txt index efdd6b439..03601608e 100644 --- a/zookeeper-server/src/main/resources/NOTICE.txt +++ b/zookeeper-server/src/main/resources/NOTICE.txt @@ -11,10 +11,10 @@ for Airlift code can be found at: https://github.com/airlift/airlift/blob/master/LICENSE This product includes software developed by -The Netty Project (http://netty.io/) -Copyright 2011 The Netty Project - -The Netty NOTICE file contains the following items: +The Netty Project (http://netty.io/) Copyright 2011 The Netty Project +The Netty NOTICE file (https://github.com/netty/netty/blob/4.1/NOTICE.txt) +contains the following items: +---------------- start of netty NOTICE file ---------------- This product contains the extensions to Java Collections Framework which has been derived from the works by JSR-166 EG, Doug Lea, and Jason T. Greene: @@ -32,29 +32,112 @@ Base64 Encoder and Decoder, which can be obtained at: * HOMEPAGE: * http://iharder.sourceforge.net/current/java/base64/ -This product contains a modified version of 'JZlib', a re-implementation of -zlib in pure Java, which can be obtained at: +This product contains a modified portion of 'Webbit', an event based +WebSocket and HTTP server, which can be obtained at: + + * LICENSE: + * license/LICENSE.webbit.txt (BSD License) + * HOMEPAGE: + * https://github.com/joewalnes/webbit + +This product contains a modified portion of 'SLF4J', a simple logging +facade for Java, which can be obtained at: + + * LICENSE: + * license/LICENSE.slf4j.txt (MIT License) + * HOMEPAGE: + * https://www.slf4j.org/ + +This product contains a modified portion of 'Apache Harmony', an open source +Java SE, which can be obtained at: + * NOTICE: + * license/NOTICE.harmony.txt * LICENSE: - * license/LICENSE.jzlib.txt (BSD Style License) + * license/LICENSE.harmony.txt (Apache License 2.0) + * HOMEPAGE: + * https://archive.apache.org/dist/harmony/ + +This product contains a modified portion of 'jbzip2', a Java bzip2 compression +and decompression library written by Matthew J. Francis. It can be obtained at: + + * LICENSE: + * license/LICENSE.jbzip2.txt (MIT License) + * HOMEPAGE: + * https://code.google.com/p/jbzip2/ + +This product contains a modified portion of 'libdivsufsort', a C API library to construct +the suffix array and the Burrows-Wheeler transformed string for any input string of +a constant-size alphabet written by Yuta Mori. It can be obtained at: + + * LICENSE: + * license/LICENSE.libdivsufsort.txt (MIT License) + * HOMEPAGE: + * https://github.com/y-256/libdivsufsort + +This product contains a modified portion of Nitsan Wakart's 'JCTools', Java Concurrency Tools for the JVM, + which can be obtained at: + + * LICENSE: + * license/LICENSE.jctools.txt (ASL2 License) + * HOMEPAGE: + * https://github.com/JCTools/JCTools + +This product optionally depends on 'JZlib', a re-implementation of zlib in +pure Java, which can be obtained at: + + * LICENSE: + * license/LICENSE.jzlib.txt (BSD style License) * HOMEPAGE: * http://www.jcraft.com/jzlib/ -This product contains a modified version of 'Webbit', a Java event based -WebSocket and HTTP server: +This product optionally depends on 'Compress-LZF', a Java library for encoding and +decoding data in LZF format, written by Tatu Saloranta. It can be obtained at: * LICENSE: - * license/LICENSE.webbit.txt (BSD License) + * license/LICENSE.compress-lzf.txt (Apache License 2.0) * HOMEPAGE: - * https://github.com/joewalnes/webbit + * https://github.com/ning/compress + +This product optionally depends on 'lz4', a LZ4 Java compression +and decompression library written by Adrien Grand. It can be obtained at: + + * LICENSE: + * license/LICENSE.lz4.txt (Apache License 2.0) + * HOMEPAGE: + * https://github.com/jpountz/lz4-java + +This product optionally depends on 'lzma-java', a LZMA Java compression +and decompression library, which can be obtained at: -This product optionally depends on 'Protocol Buffers', Google's data + * LICENSE: + * license/LICENSE.lzma-java.txt (Apache License 2.0) + * HOMEPAGE: + * https://github.com/jponge/lzma-java + +This product optionally depends on 'zstd-jni', a zstd-jni Java compression +and decompression library, which can be obtained at: + + * LICENSE: + * license/LICENSE.zstd-jni.txt (Apache License 2.0) + * HOMEPAGE: + * https://github.com/luben/zstd-jni + +This product contains a modified portion of 'jfastlz', a Java port of FastLZ compression +and decompression library written by William Kinney. It can be obtained at: + + * LICENSE: + * license/LICENSE.jfastlz.txt (MIT License) + * HOMEPAGE: + * https://code.google.com/p/jfastlz/ + +This product contains a modified portion of and optionally depends on 'Protocol Buffers', Google's data interchange format, which can be obtained at: * LICENSE: * license/LICENSE.protobuf.txt (New BSD License) * HOMEPAGE: - * http://code.google.com/p/protobuf/ + * https://github.com/google/protobuf This product optionally depends on 'Bouncy Castle Crypto APIs' to generate a temporary self-signed X.509 certificate when the JVM does not provide the @@ -63,15 +146,31 @@ equivalent functionality. It can be obtained at: * LICENSE: * license/LICENSE.bouncycastle.txt (MIT License) * HOMEPAGE: - * http://www.bouncycastle.org/ + * https://www.bouncycastle.org/ -This product optionally depends on 'SLF4J', a simple logging facade for Java, -which can be obtained at: +This product optionally depends on 'Snappy', a compression library produced +by Google Inc, which can be obtained at: * LICENSE: - * license/LICENSE.slf4j.txt (MIT License) + * license/LICENSE.snappy.txt (New BSD License) * HOMEPAGE: - * http://www.slf4j.org/ + * https://github.com/google/snappy + +This product optionally depends on 'JBoss Marshalling', an alternative Java +serialization API, which can be obtained at: + + * LICENSE: + * license/LICENSE.jboss-marshalling.txt (Apache License 2.0) + * HOMEPAGE: + * https://github.com/jboss-remoting/jboss-marshalling + +This product optionally depends on 'Caliper', Google's micro- +benchmarking framework, which can be obtained at: + + * LICENSE: + * license/LICENSE.caliper.txt (Apache License 2.0) + * HOMEPAGE: + * https://github.com/google/caliper This product optionally depends on 'Apache Commons Logging', a logging framework, which can be obtained at: @@ -79,61 +178,79 @@ framework, which can be obtained at: * LICENSE: * license/LICENSE.commons-logging.txt (Apache License 2.0) * HOMEPAGE: - * http://commons.apache.org/logging/ + * https://commons.apache.org/logging/ -This product optionally depends on 'Apache Logback', a logging framework, -which can be obtained at: +This product optionally depends on 'Apache Log4J', a logging framework, which +can be obtained at: * LICENSE: - * license/LICENSE.logback.txt (Eclipse Public License 1.0) + * license/LICENSE.log4j.txt (Apache License 2.0) * HOMEPAGE: - * https://logback.qos.ch/ + * https://logging.apache.org/log4j/ -This product optionally depends on 'JBoss Logging', a logging framework, -which can be obtained at: +This product optionally depends on 'Aalto XML', an ultra-high performance +non-blocking XML processor, which can be obtained at: * LICENSE: - * license/LICENSE.jboss-logging.txt (GNU LGPL 2.1) + * license/LICENSE.aalto-xml.txt (Apache License 2.0) * HOMEPAGE: - * http://anonsvn.jboss.org/repos/common/common-logging-spi/ + * https://wiki.fasterxml.com/AaltoHome -This product optionally depends on 'Apache Felix', an open source OSGi -framework implementation, which can be obtained at: +This product contains a modified version of 'HPACK', a Java implementation of +the HTTP/2 HPACK algorithm written by Twitter. It can be obtained at: * LICENSE: - * license/LICENSE.felix.txt (Apache License 2.0) + * license/LICENSE.hpack.txt (Apache License 2.0) * HOMEPAGE: - * http://felix.apache.org/ + * https://github.com/twitter/hpack -The bundled library Metrics Core NOTICE file reports the following items +This product contains a modified version of 'HPACK', a Java implementation of +the HTTP/2 HPACK algorithm written by Cory Benfield. It can be obtained at: -Metrics -Copyright 2010-2013 Coda Hale and Yammer, Inc. + * LICENSE: + * license/LICENSE.hyper-hpack.txt (MIT License) + * HOMEPAGE: + * https://github.com/python-hyper/hpack/ -This product includes software developed by Coda Hale and Yammer, Inc. +This product contains a modified version of 'HPACK', a Java implementation of +the HTTP/2 HPACK algorithm written by Tatsuhiro Tsujikawa. It can be obtained at: -This product includes code derived from the JSR-166 project (ThreadLocalRandom, Striped64, -LongAdder), which was released with the following comments: + * LICENSE: + * license/LICENSE.nghttp2-hpack.txt (MIT License) + * HOMEPAGE: + * https://github.com/nghttp2/nghttp2/ - Written by Doug Lea with assistance from members of JCP JSR-166 - Expert Group and released to the public domain, as explained at - http://creativecommons.org/publicdomain/zero/1.0/ +This product contains a modified portion of 'Apache Commons Lang', a Java library +provides utilities for the java.lang API, which can be obtained at: -The Nappy Java NOTICE file reports the following items: + * LICENSE: + * license/LICENSE.commons-lang.txt (Apache License 2.0) + * HOMEPAGE: + * https://commons.apache.org/proper/commons-lang/ -This product includes software developed by Google - Snappy: http://code.google.com/p/snappy/ (New BSD License) -This product includes software developed by Apache - PureJavaCrc32C from apache-hadoop-common http://hadoop.apache.org/ - (Apache 2.0 license) +This product contains the Maven wrapper scripts from 'Maven Wrapper', that provides an easy way to ensure a user has everything necessary to run the Maven build. -This library containd statically linked libstdc++. This inclusion is allowed by -"GCC RUntime Library Exception" -http://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html + * LICENSE: + * license/LICENSE.mvn-wrapper.txt (Apache License 2.0) + * HOMEPAGE: + * https://github.com/takari/maven-wrapper + +This product contains the dnsinfo.h header file, that provides a way to retrieve the system DNS configuration on MacOS. +This private header is also used by Apple's open source + mDNSResponder (https://opensource.apple.com/tarballs/mDNSResponder/). + + * LICENSE: + * license/LICENSE.dnsinfo.txt (Apple Public Source License 2.0) + * HOMEPAGE: + * https://www.opensource.apple.com/source/configd/configd-453.19/dnsinfo/dnsinfo.h + +This product optionally depends on 'Brotli4j', Brotli compression and +decompression for Java., which can be obtained at: + + * LICENSE: + * license/LICENSE.brotli4j.txt (Apache License 2.0) + * HOMEPAGE: + * https://github.com/hyperxpro/Brotli4j -== Contributors == - * Tatu Saloranta - * Providing benchmark suite - * Alec Wysoker - * Performance and memory usage improvement +---------------- end of netty NOTICE file ----------------
\ No newline at end of file diff --git a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.76.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.86.Final.LICENSE.txt index 6279e5206..6279e5206 100644 --- a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.76.Final.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.86.Final.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/netty-codec-4.1.76.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-codec-4.1.86.Final.LICENSE.txt index 6279e5206..6279e5206 100644 --- a/zookeeper-server/src/main/resources/lib/netty-codec-4.1.76.Final.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/netty-codec-4.1.86.Final.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/netty-handler-4.1.76.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-handler-4.1.86.Final.LICENSE.txt index 6279e5206..6279e5206 100644 --- a/zookeeper-server/src/main/resources/lib/netty-handler-4.1.76.Final.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/netty-handler-4.1.86.Final.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/netty-resolver-4.1.76.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-resolver-4.1.86.Final.LICENSE.txt index 6279e5206..6279e5206 100644 --- a/zookeeper-server/src/main/resources/lib/netty-resolver-4.1.76.Final.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/netty-resolver-4.1.86.Final.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.76.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.86.Final.LICENSE.txt index 6279e5206..6279e5206 100644 --- a/zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.76.Final.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.86.Final.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.76.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.86.Final.LICENSE.txt index 6279e5206..6279e5206 100644 --- a/zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.76.Final.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.86.Final.LICENSE.txt |