From d02f6ff68c6b2ca2223d86966f598f76e13415b3 Mon Sep 17 00:00:00 2001 From: Chris Cochrane <78791827+chriscochrane@users.noreply.github.com> Date: Tue, 27 Jun 2023 13:29:28 +0100 Subject: [PATCH 1/5] ENT-10048,ENT-10050 - Security vulnerabilities (#7397) * Updated netty and tcnative --- build.gradle | 4 ++-- .../corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 18fcdbcbe3..6e9e35ceed 100644 --- a/build.gradle +++ b/build.gradle @@ -79,8 +79,8 @@ buildscript { ext.djvm_version = constants.getProperty("djvmVersion") ext.deterministic_rt_version = constants.getProperty('deterministicRtVersion') ext.okhttp_version = '3.14.2' - ext.netty_version = '4.1.46.Final' - ext.tcnative_version = '2.0.29.Final' + ext.netty_version = '4.1.77.Final' + ext.tcnative_version = '2.0.48.Final' ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion") ext.fileupload_version = '1.4' ext.kryo_version = '4.0.2' diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt index 233b19a712..98910a673f 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt @@ -6,7 +6,7 @@ import io.netty.handler.ssl.SniHandler import io.netty.handler.ssl.SslContextBuilder import io.netty.handler.ssl.SslHandler import io.netty.handler.ssl.SslProvider -import io.netty.util.DomainNameMappingBuilder +import io.netty.util.DomainWildcardMappingBuilder import net.corda.core.crypto.SecureHash import net.corda.core.crypto.newSecureRandom import net.corda.core.identity.CordaX500Name @@ -307,7 +307,7 @@ internal fun createServerSNIOpenSslHandler(keyManagerFactoriesMap: Map Date: Wed, 5 Jul 2023 16:28:51 +0100 Subject: [PATCH 2/5] ES-757: remove extra paramater (#7403) --- .ci/dev/regression/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 62681c5ea1..033268a688 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -301,7 +301,7 @@ pipeline { always { script { if (gitUtils.isReleaseTag()) { - gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', ''), scm.userRemoteConfigs[0].credentialsId) + gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', '')) } try { if (params.DO_TEST) { From 9dd0bd85093dccc4504816a243b8da1c0d67aeae Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Tue, 11 Jul 2023 13:11:02 +0100 Subject: [PATCH 3/5] ES-757: ensure correct method is called with extra paramater --- .ci/dev/regression/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 033268a688..62681c5ea1 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -301,7 +301,7 @@ pipeline { always { script { if (gitUtils.isReleaseTag()) { - gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', '')) + gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', ''), scm.userRemoteConfigs[0].credentialsId) } try { if (params.DO_TEST) { From b410cd2a5d13b9653f606b626eb157319177fbef Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Wed, 12 Jul 2023 17:36:57 +0100 Subject: [PATCH 4/5] ES-853: update Artifactory refrences to new public location (#7416) * ES-853: update artifactory references to new public location --- build.gradle | 9 +++++---- jdk8u-deterministic/build.gradle | 2 +- settings.gradle | 3 ++- testing/cordapps/dbfailure/dbfcontracts/build.gradle | 4 ++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/build.gradle b/build.gradle index 6e9e35ceed..628f99887b 100644 --- a/build.gradle +++ b/build.gradle @@ -113,6 +113,7 @@ buildscript { ext.hikari_version = '3.3.1' ext.liquibase_version = '3.6.3' ext.artifactory_contextUrl = 'https://software.r3.com/artifactory' + ext.publicArtifactURL = 'https://download.corda.net/maven' ext.snake_yaml_version = constants.getProperty('snakeYamlVersion') ext.docker_compose_rule_version = '1.5.0' ext.selenium_version = '3.141.59' @@ -173,14 +174,14 @@ buildscript { } } else { maven { - url "${artifactory_contextUrl}/corda-dependencies-dev" + url "${publicArtifactURL}/corda-dependencies-dev" content { includeGroupByRegex 'net\\.corda(\\..*)?' includeGroupByRegex 'com\\.r3(\\..*)?' } } maven { - url "${artifactory_contextUrl}/corda-releases" + url "${publicArtifactURL}/corda-releases" content { includeGroupByRegex 'net\\.corda(\\..*)?' includeGroupByRegex 'com\\.r3(\\..*)?' @@ -397,7 +398,7 @@ allprojects { } } else { maven { - url "${artifactory_contextUrl}/corda-dependencies" + url "${publicArtifactURL}/corda-dependencies" content { includeGroupByRegex 'net\\.corda(\\..*)?' includeGroupByRegex 'com\\.r3(\\..*)?' @@ -408,7 +409,7 @@ allprojects { } } maven { - url "${artifactory_contextUrl}/corda-dev" + url "${publicArtifactURL}/corda-dev" content { includeGroupByRegex 'net\\.corda(\\..*)?' includeGroupByRegex 'com\\.r3(\\..*)?' diff --git a/jdk8u-deterministic/build.gradle b/jdk8u-deterministic/build.gradle index f9a91c9cc8..80804d15a8 100644 --- a/jdk8u-deterministic/build.gradle +++ b/jdk8u-deterministic/build.gradle @@ -1,6 +1,6 @@ repositories { maven { - url "$artifactory_contextUrl/corda-dependencies" + url "$publicArtifactURL/corda-dependencies" } } diff --git a/settings.gradle b/settings.gradle index d896cc16d5..a6ade1959e 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1,5 +1,6 @@ pluginManagement { ext.artifactory_contextUrl = 'https://software.r3.com/artifactory' + ext.publicArtifactURL = 'https://download.corda.net/maven' repositories { // Use system environment to activate caching with Artifactory, @@ -21,7 +22,7 @@ pluginManagement { } else { mavenLocal() gradlePluginPortal() - maven { url "${artifactory_contextUrl}/corda-dependencies" } + maven { url "${publicArtifactURL}/corda-dependencies" } } } } diff --git a/testing/cordapps/dbfailure/dbfcontracts/build.gradle b/testing/cordapps/dbfailure/dbfcontracts/build.gradle index 8767f08a31..886a9f9728 100644 --- a/testing/cordapps/dbfailure/dbfcontracts/build.gradle +++ b/testing/cordapps/dbfailure/dbfcontracts/build.gradle @@ -5,8 +5,8 @@ apply plugin: 'kotlin' repositories { mavenLocal() mavenCentral() - maven { url "$artifactory_contextUrl/corda-dependencies" } - maven { url "$artifactory_contextUrl/corda" } + maven { url "$publicArtifactURL/corda-dependencies" } + maven { url "$publicArtifactURL/corda" } } dependencies { From 33df909cee0e6b49de3f0d28e4111382e960d743 Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Wed, 12 Jul 2023 20:01:56 +0100 Subject: [PATCH 5/5] ES-757: update paramater in line with latest shared lib change (#7417) --- .ci/dev/regression/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 62681c5ea1..033268a688 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -301,7 +301,7 @@ pipeline { always { script { if (gitUtils.isReleaseTag()) { - gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', ''), scm.userRemoteConfigs[0].credentialsId) + gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', '')) } try { if (params.DO_TEST) {