[Git][java-team/jboss-xnio][master] 4 commits: New upstream version 3.8.2
Markus Koschany
gitlab at salsa.debian.org
Thu Sep 17 00:15:46 BST 2020
Markus Koschany pushed to branch master at Debian Java Maintainers / jboss-xnio
Commits:
54a018f6 by Markus Koschany at 2020-09-17T00:37:03+02:00
New upstream version 3.8.2
- - - - -
396e36a4 by Markus Koschany at 2020-09-17T00:37:08+02:00
Update upstream source from tag 'upstream/3.8.2'
Update to upstream version '3.8.2'
with Debian dir 4b5dcfca27ade7e24e77e139ecddb4d14c325dd9
- - - - -
3eaea8b3 by Markus Koschany at 2020-09-17T00:39:34+02:00
Update changelog
- - - - -
38ce8964 by Markus Koschany at 2020-09-17T00:49:49+02:00
Mark libjboss-xnio-java-doc as Multi-Arch: foreign.
- - - - -
11 changed files:
- api/pom.xml
- api/src/main/java/org/xnio/ByteBufferSlicePool.java
- api/src/main/java/org/xnio/Xnio.java
- api/src/main/java/org/xnio/XnioWorker.java
- + api/src/main/java/org/xnio/http/ConnectionClosedEarlyException.java
- api/src/main/java/org/xnio/http/HttpUpgrade.java
- debian/changelog
- debian/control
- nio-impl/pom.xml
- nio-impl/src/main/java/org/xnio/nio/NioXnio.java
- pom.xml
Changes:
=====================================
api/pom.xml
=====================================
@@ -37,7 +37,7 @@
<parent>
<groupId>org.jboss.xnio</groupId>
<artifactId>xnio-all</artifactId>
- <version>3.8.1.Final</version>
+ <version>3.8.2.Final</version>
</parent>
<dependencies>
=====================================
api/src/main/java/org/xnio/ByteBufferSlicePool.java
=====================================
@@ -162,6 +162,8 @@ public final class ByteBufferSlicePool implements Pool<ByteBuffer> {
region = allocator.allocate(buffersPerRegion * bufferSize);
return sliceAllocatedBuffer(region, buffersPerRegion, bufferSize);
} finally {
+ // add all directly allocated memory to directBuffers, so it can
+ // be added to FREE_DIRECT_BUFFERS on clean()
directBuffers.add(region);
}
}
=====================================
api/src/main/java/org/xnio/Xnio.java
=====================================
@@ -494,6 +494,12 @@ public abstract class Xnio {
return new PollingFileSystemWatcher(name, pollInterval, daemonThread);
}
+ /**
+ * Implement tasks that will be executed on thread exits if a task worker
+ * thread is initialized through {@code XnioWorker$WorkerThreadFactory}.
+ */
+ protected void handleThreadExit() {}
+
//==================================================
//
// General methods
=====================================
api/src/main/java/org/xnio/XnioWorker.java
=====================================
@@ -1273,7 +1273,16 @@ public abstract class XnioWorker extends AbstractExecutorService implements Conf
public Thread newThread(final Runnable r) {
return doPrivileged(new PrivilegedAction<Thread>() {
public Thread run() {
- final Thread taskThread = new Thread(threadGroup, r, name + " task-" + getNextSeq(), stackSize);
+ final Thread taskThread = new Thread(threadGroup, new Runnable() {
+ @Override
+ public void run() {
+ try {
+ r.run();
+ } finally {
+ xnio.handleThreadExit();
+ }
+ }
+ }, name + " task-" + getNextSeq(), stackSize);
// Mark the thread as daemon if the Options.THREAD_DAEMON has been set
if (markThreadAsDaemon) {
taskThread.setDaemon(true);
=====================================
api/src/main/java/org/xnio/http/ConnectionClosedEarlyException.java
=====================================
@@ -0,0 +1,63 @@
+/*
+ * JBoss, Home of Professional Open Source
+ *
+ * Copyright 2020 Red Hat, Inc. and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.xnio.http;
+
+/**
+ * Exception thrown if the connection is unexpectedly closed during http upgrade
+ * before the response can be fully read.
+ */
+public class ConnectionClosedEarlyException extends UpgradeFailedException {
+ private static final long serialVersionUID = -2954011903833115915L;
+
+ /**
+ * Constructs a new {@code ConnectionClosedEarlyException} instance. The message is left blank ({@code null}), and no cause
+ * is specified.
+ */
+ public ConnectionClosedEarlyException() {
+ }
+
+ /**
+ * Constructs a new {@code ConnectionClosedEarlyException} instance with an initial message. No cause is specified.
+ *
+ * @param msg the message
+ */
+ public ConnectionClosedEarlyException(String msg) {
+ super(msg);
+ }
+
+ /**
+ * Constructs a new {@code ConnectionClosedEarlyException} instance with an initial cause. If a non-{@code null} cause is
+ * specified, its message is used to initialize the message of this {@code UpgradeFailedException}; otherwise the
+ * message is left blank ({@code null}).
+ *
+ * @param cause the cause
+ */
+ public ConnectionClosedEarlyException(Throwable cause) {
+ super(cause);
+ }
+
+ /**
+ * Constructs a new {@code ConnectionClosedEarlyException} instance with an initial message and cause.
+ *
+ * @param msg the message
+ * @param cause the cause
+ */
+ public ConnectionClosedEarlyException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+}
=====================================
api/src/main/java/org/xnio/http/HttpUpgrade.java
=====================================
@@ -413,7 +413,7 @@ public class HttpUpgrade {
channel.resumeReads();
return;
} else if (r == -1) {
- throw msg.connectionClosedEarly();
+ throw new ConnectionClosedEarlyException(msg.connectionClosedEarly().getMessage());
}
buffer.flip();
parser.parse(buffer);
=====================================
debian/changelog
=====================================
@@ -1,3 +1,15 @@
+jboss-xnio (3.8.2-1) unstable; urgency=medium
+
+ * New upstream version 3.8.2.
+ - Fix CVE-2020-14340:
+ A vulnerability was discovered in XNIO where file descriptor leak caused
+ by growing amounts of NIO Selector file handles between garbage
+ collection cycles. It may allow the attacker to cause a denial of
+ service.
+ * Mark libjboss-xnio-java-doc as Multi-Arch: foreign.
+
+ -- Markus Koschany <apo at debian.org> Thu, 17 Sep 2020 00:37:53 +0200
+
jboss-xnio (3.8.1-1) unstable; urgency=medium
* New upstream version 3.8.1.
=====================================
debian/control
=====================================
@@ -48,6 +48,7 @@ Description: simplified low-level I/O layer for NIO
Package: libjboss-xnio-java-doc
Architecture: all
Section: doc
+Multi-Arch: foreign
Depends:
${misc:Depends}
Recommends:
=====================================
nio-impl/pom.xml
=====================================
@@ -31,7 +31,7 @@
<parent>
<groupId>org.jboss.xnio</groupId>
<artifactId>xnio-all</artifactId>
- <version>3.8.1.Final</version>
+ <version>3.8.2.Final</version>
</parent>
<properties>
=====================================
nio-impl/src/main/java/org/xnio/nio/NioXnio.java
=====================================
@@ -30,7 +30,6 @@ import java.lang.reflect.InvocationTargetException;
import org.xnio.FileSystemWatcher;
import org.xnio.IoUtils;
import org.xnio.Options;
-import org.xnio.ReadPropertyAction;
import org.xnio.Xnio;
import org.xnio.OptionMap;
import org.xnio.XnioWorker;
@@ -246,6 +245,13 @@ final class NioXnio extends Xnio {
return super.createFileSystemWatcher(name, options);
}
+ @Override
+ protected void handleThreadExit() {
+ log.tracef("Invoke selectorThreadLocal.remove() on Thread [%s] exits", Thread.currentThread().getName());
+ selectorThreadLocal.remove();
+ super.handleThreadExit();
+ }
+
private final ThreadLocal<FinalizableSelectorHolder> selectorThreadLocal = new ThreadLocal<FinalizableSelectorHolder>() {
public void remove() {
// if no selector was created, none will be closed
=====================================
pom.xml
=====================================
@@ -32,7 +32,7 @@
<artifactId>xnio-all</artifactId>
<packaging>pom</packaging>
<name>XNIO Parent POM</name>
- <version>3.8.1.Final</version>
+ <version>3.8.2.Final</version>
<description>The aggregator POM of the XNIO project</description>
<licenses>
View it on GitLab: https://salsa.debian.org/java-team/jboss-xnio/-/compare/43d072642d601ddf2eebd004444cd7689ad315be...38ce89645a7fac03d58d7cd003dc268312b07611
--
View it on GitLab: https://salsa.debian.org/java-team/jboss-xnio/-/compare/43d072642d601ddf2eebd004444cd7689ad315be...38ce89645a7fac03d58d7cd003dc268312b07611
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20200916/8a5265c0/attachment.html>
More information about the pkg-java-commits
mailing list