Skip to content

DB-4068 cherry-pick upstream HttpRequest/ObjectDecoder fixes (4.0.54/bdp 5.1) #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 8, 2020
Merged

DB-4068 cherry-pick upstream HttpRequest/ObjectDecoder fixes (4.0.54/bdp 5.1) #22

merged 3 commits into from
Apr 8, 2020

Conversation

jtgrabowski
Copy link

@jtgrabowski jtgrabowski commented Apr 3, 2020
edited
Loading

https://datastax.jira.com/browse/DB-4068

@dalaro I have netty write permissions so I created 4.0.54 branch and this PR

@normanmaurer @dalaro
Detect missing colon when parsing http headers with no value (netty#9871
072722a 
)

Motivation:

Technical speaking its valid to have http headers with no values so we should support it. That said we need to detect if these are "generated" because of an "invalid" fold.

Modifications:

- Detect if a colon is missing when parsing headers.
- Add unit test

Result:

Fixes netty#9866

(cherry picked from commit a7c18d4)

(After the default cherry-pick algorithm finished, I hand-resolved some
compile errors related to refactoring between the 4.0 and 4.1 branches)
jtgrabowski
jtgrabowski commented Apr 3, 2020
View reviewed changes
Copy link
Author

@jtgrabowski jtgrabowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backport looks good but I see some unchanged 4.0.54.Final in pom files

@dalaro
Version bump to 4.0.54.1.dse
9d7e6fa 
This version is equivalent to upstream's 4.0.54.Final, but with one
upstream commit (for CVE-2019-20444) cherry-picked backwards from 4.1.

Detect missing colon when parsing http headers with no value (netty#9871)
	GHSA-cqqj-4p63-rrmm
	netty#9866
	netty#9871

	a7c18d4
@dalaro
Copy link

dalaro commented Apr 7, 2020

Thanks for creating an appropriate base branch.

I found four overlooked 4.0.54.Final usages:

  • <scm><tag> in three poms (top-level, dev-tools, bom)
  • <version> in bom/pom.xml

I updated the stale <version> in bom/pom.xml.

I've also deleted all <tag> elements from the <scm> elements. I haven't created or pushed tags for these new versions yet. If the release job for this project runs mvn release:prepare (or mvn scm:tag directly for some reason), then I think it should repopulate the <scm><tag> as it executes. I'm not sure the release job cares, though, because I see values for <scm><tag> that don't have corresponding tags on the riptano/netty repo.

Here's the diff reflecting what I just listed above, right before force-pushing:

$  git diff dalaro/`git rev-parse --symbolic-full-name --abbrev-ref HEAD`..HEAD
diff --git a/bom/pom.xml b/bom/pom.xml
index 7cd0c4a827..5259e3215d 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -25,7 +25,7 @@
 
   <groupId>io.netty</groupId>
   <artifactId>netty-bom</artifactId>
-  <version>4.0.54.Final</version>
+  <version>4.0.54.1.dse</version>
   <packaging>pom</packaging>
 
   <name>Netty/BOM</name>
@@ -49,7 +49,6 @@
     <url>https://github.com/netty/netty</url>
     <connection>scm:git:git://github.com/netty/netty.git</connection>
     <developerConnection>scm:git:ssh://[email protected]/netty/netty.git</developerConnection>
-    <tag>netty-4.0.54.Final</tag>
   </scm>
 
   <developers>
diff --git a/dev-tools/pom.xml b/dev-tools/pom.xml
index 33eba560f9..e672c70215 100644
--- a/dev-tools/pom.xml
+++ b/dev-tools/pom.xml
@@ -52,6 +52,5 @@
   </build>
 
   <scm>
-    <tag>netty-4.0.54.Final</tag>
   </scm>
 </project>
diff --git a/pom.xml b/pom.xml
index 2d4a2d4bab..1ac923f4c1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -53,7 +53,6 @@
     <url>https://github.com/netty/netty</url>
     <connection>scm:git:git://github.com/netty/netty.git</connection>
     <developerConnection>scm:git:ssh://[email protected]/netty/netty.git</developerConnection>
-    <tag>netty-4.0.54.Final</tag>
   </scm>
 
   <developers>

I'm force-pushing similar changes on the other two PRs.

@dalaro dalaro force-pushed the dse-netty-4.0.54.Final-with-DB-4068 branch from 401e993 to 9d7e6fa Compare April 7, 2020 11:18
This was referenced Apr 7, 2020
Merged
Merged
@dalaro
Add build.yaml for repo.sjc.dsinternal.org
f263804 
This build.yaml is copied from dse-netty-4.1.13.Final.  I just modified the repo
URL to point to https://repo.sjc.dsinternal.org/artifactory/datastax-releases-local
instead of the old artifactory URL.
@jtgrabowski jtgrabowski merged commit 0a9e4f3 into riptano:dse-netty-4.0.54.Final Apr 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jtgrabowski @dalaro @normanmaurer