From ee50313260b59e1c963d7d1f4a53321022aec158 Mon Sep 17 00:00:00 2001 From: Adel El-Beik Date: Tue, 2 May 2023 11:24:39 +0100 Subject: [PATCH 01/16] ENT-9883: Updated CODEOWNERS file. --- .github/CODEOWNERS | 49 ++++++++++++++-------------------------------- 1 file changed, 15 insertions(+), 34 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2e77ac821f..8a8dff99e1 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,10 +2,10 @@ *.md @corda/technical-writers # By default anything under core or node-api is the Kernel team -core @corda/kernel -node-api @corda/kernel -node/src/main/kotlin/net/corda/node/internal @corda/kernel -node/src/main/kotlin/net/corda/node/services @corda/kernel +core @rick-r3 +node-api @rick-r3 +node/src/main/kotlin/net/corda/node/internal @rick-r3 +node/src/main/kotlin/net/corda/node/services @rick-r3 # Determinstic components core-deterministic @chrisr3 @@ -17,46 +17,27 @@ serialization-tests @chrisr3 # Demobench defaults to Chris, but Viktor for the main code tools/demobench @chrisr3 -tools/demobench/src/main/kotlin/net/corda/demobench @vkolomeyko # General Corda code -client/rpc @vkolomeyko +core/src/main/kotlin/net/corda/core/flows @rick-r3 +core/src/main/kotlin/net/corda/core/internal/notary @corda/notaries -core/src/main/kotlin/net/corda/core/flows @dimosr -core/src/main/kotlin/net/corda/core/internal/notary @thschroeter -core/src/main/kotlin/net/corda/core/messaging @vkolomeyko +node/src/integration-test/kotlin/net/corda/node/persistence @chriscochrane +node/src/integration-test/kotlin/net/corda/node/services/persistence @chriscochrane +node/src/main/kotlin/net/corda/node/services/messaging @rick-r3 +node/src/main/kotlin/net/corda/node/services/persistence @rick-r3 +node/src/main/kotlin/net/corda/node/services/statemachine @rick-r3 +node/src/main/kotlin/net/corda/notary @corda/notaries -node/src/integration-test/kotlin/net/corda/node/persistence @blsemo -node/src/integration-test/kotlin/net/corda/node/services/persistence @blsemo -node/src/main/kotlin/net/corda/node/internal/artemis @rekalov -node/src/main/kotlin/net/corda/node/services/identity @rekalov -node/src/main/kotlin/net/corda/node/services/keys @rekalov -node/src/main/kotlin/net/corda/node/services/messaging @dimosr -node/src/main/kotlin/net/corda/node/services/network @rekalov -node/src/main/kotlin/net/corda/node/services/persistence @blsemo -node/src/main/kotlin/net/corda/node/services/rpc @vkolomeyko -node/src/main/kotlin/net/corda/node/services/statemachine @lankydan -node/src/main/kotlin/net/corda/node/utilities/registration @rekalov -node/src/main/kotlin/net/corda/notary @thschroeter +node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence @rick-r3 -node-api/src/main/kotlin/net/corda/nodeapi/internal/bridging @vkolomeyko -node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto @rekalov -node-api/src/main/kotlin/net/corda/nodeapi/internal/cryptoservice @rekalov -node-api/src/main/kotlin/net/corda/nodeapi/internal/lifecycle @vkolomeyko -node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence @blsemo -node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper @vkolomeyko -node-api/src/test/kotlin/net/corda/nodeapi/internal/bridging @rekalov - -common/logging/src/main/kotlin/net/corda/common/logging/errorReporting @JamesHR3 -common/logging/src/test/kotlin/net/corda/commmon/logging/errorReporting @JamesHR3 +common/logging/src/main/kotlin/net/corda/common/logging/errorReporting @chriscochrane +common/logging/src/test/kotlin/net/corda/commmon/logging/errorReporting @chriscochrane # Single file ownerships go at the end, as they are most specific and take precedence over other ownerships core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt @adelel1 core/src/main/kotlin/net/corda/core/internal/AttachmentTrustCalculator.kt @adelel1 core/src/main/kotlin/net/corda/core/internal/AttachmentWithContext.kt @adelel1 -core/src/main/kotlin/net/corda/core/internal/CertRole.kt @rekalov core/src/main/kotlin/net/corda/core/node/services/AttachmentStorage.kt @adelel1 -core/src/main/kotlin/net/corda/core/node/services/IdentityService.kt @rekalov -core/src/main/kotlin/net/corda/core/node/services/NetworkMapCache.kt @rekalov From 708fe930394057a8d60c6796b0a8d54b8f856ddf Mon Sep 17 00:00:00 2001 From: Adel El-Beik Date: Tue, 2 May 2023 11:24:39 +0100 Subject: [PATCH 02/16] ENT-9883: Updated CODEOWNERS file. --- .github/CODEOWNERS | 49 ++++++++++++++-------------------------------- 1 file changed, 15 insertions(+), 34 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2e77ac821f..8a8dff99e1 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,10 +2,10 @@ *.md @corda/technical-writers # By default anything under core or node-api is the Kernel team -core @corda/kernel -node-api @corda/kernel -node/src/main/kotlin/net/corda/node/internal @corda/kernel -node/src/main/kotlin/net/corda/node/services @corda/kernel +core @rick-r3 +node-api @rick-r3 +node/src/main/kotlin/net/corda/node/internal @rick-r3 +node/src/main/kotlin/net/corda/node/services @rick-r3 # Determinstic components core-deterministic @chrisr3 @@ -17,46 +17,27 @@ serialization-tests @chrisr3 # Demobench defaults to Chris, but Viktor for the main code tools/demobench @chrisr3 -tools/demobench/src/main/kotlin/net/corda/demobench @vkolomeyko # General Corda code -client/rpc @vkolomeyko +core/src/main/kotlin/net/corda/core/flows @rick-r3 +core/src/main/kotlin/net/corda/core/internal/notary @corda/notaries -core/src/main/kotlin/net/corda/core/flows @dimosr -core/src/main/kotlin/net/corda/core/internal/notary @thschroeter -core/src/main/kotlin/net/corda/core/messaging @vkolomeyko +node/src/integration-test/kotlin/net/corda/node/persistence @chriscochrane +node/src/integration-test/kotlin/net/corda/node/services/persistence @chriscochrane +node/src/main/kotlin/net/corda/node/services/messaging @rick-r3 +node/src/main/kotlin/net/corda/node/services/persistence @rick-r3 +node/src/main/kotlin/net/corda/node/services/statemachine @rick-r3 +node/src/main/kotlin/net/corda/notary @corda/notaries -node/src/integration-test/kotlin/net/corda/node/persistence @blsemo -node/src/integration-test/kotlin/net/corda/node/services/persistence @blsemo -node/src/main/kotlin/net/corda/node/internal/artemis @rekalov -node/src/main/kotlin/net/corda/node/services/identity @rekalov -node/src/main/kotlin/net/corda/node/services/keys @rekalov -node/src/main/kotlin/net/corda/node/services/messaging @dimosr -node/src/main/kotlin/net/corda/node/services/network @rekalov -node/src/main/kotlin/net/corda/node/services/persistence @blsemo -node/src/main/kotlin/net/corda/node/services/rpc @vkolomeyko -node/src/main/kotlin/net/corda/node/services/statemachine @lankydan -node/src/main/kotlin/net/corda/node/utilities/registration @rekalov -node/src/main/kotlin/net/corda/notary @thschroeter +node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence @rick-r3 -node-api/src/main/kotlin/net/corda/nodeapi/internal/bridging @vkolomeyko -node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto @rekalov -node-api/src/main/kotlin/net/corda/nodeapi/internal/cryptoservice @rekalov -node-api/src/main/kotlin/net/corda/nodeapi/internal/lifecycle @vkolomeyko -node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence @blsemo -node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper @vkolomeyko -node-api/src/test/kotlin/net/corda/nodeapi/internal/bridging @rekalov - -common/logging/src/main/kotlin/net/corda/common/logging/errorReporting @JamesHR3 -common/logging/src/test/kotlin/net/corda/commmon/logging/errorReporting @JamesHR3 +common/logging/src/main/kotlin/net/corda/common/logging/errorReporting @chriscochrane +common/logging/src/test/kotlin/net/corda/commmon/logging/errorReporting @chriscochrane # Single file ownerships go at the end, as they are most specific and take precedence over other ownerships core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt @adelel1 core/src/main/kotlin/net/corda/core/internal/AttachmentTrustCalculator.kt @adelel1 core/src/main/kotlin/net/corda/core/internal/AttachmentWithContext.kt @adelel1 -core/src/main/kotlin/net/corda/core/internal/CertRole.kt @rekalov core/src/main/kotlin/net/corda/core/node/services/AttachmentStorage.kt @adelel1 -core/src/main/kotlin/net/corda/core/node/services/IdentityService.kt @rekalov -core/src/main/kotlin/net/corda/core/node/services/NetworkMapCache.kt @rekalov From f212e0fd855ab220db35cfd4e22da086b1b28b41 Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Fri, 2 Jun 2023 17:53:24 +0100 Subject: [PATCH 03/16] ES-562: Correct modules to scan for C4 OS Snyk scan nightly --- .ci/dev/nightly-regression/JenkinsfileSnykScan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/nightly-regression/JenkinsfileSnykScan b/.ci/dev/nightly-regression/JenkinsfileSnykScan index 564bb516a9..6c0f81d698 100644 --- a/.ci/dev/nightly-regression/JenkinsfileSnykScan +++ b/.ci/dev/nightly-regression/JenkinsfileSnykScan @@ -3,5 +3,5 @@ cordaSnykScanPipeline ( snykTokenId: 'c4-os-snyk-api-token-secret', // specify the Gradle submodules to scan and monitor on snyk Server - modulesToScan: ['node', 'capsule', 'bridge', 'bridgecapsule'] + modulesToScan: ['node', 'capsule'] ) From df62044b6e2e19c442f2bdf6f1a346c62123d5f8 Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Fri, 2 Jun 2023 17:53:24 +0100 Subject: [PATCH 04/16] Include 'ES' jira code in PR title check --- .github/workflows/check-pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml index ce097eb02a..f99824a302 100644 --- a/.github/workflows/check-pr-title.yml +++ b/.github/workflows/check-pr-title.yml @@ -9,6 +9,6 @@ jobs: steps: - uses: morrisoncole/pr-lint-action@v1.4.1 with: - title-regex: '^((CORDA|AG|EG|ENT|INFRA)-\d+|NOTICK)(.*)' + title-regex: '^((CORDA|AG|EG|ENT|INFRA|ES)-\d+|NOTICK)(.*)' on-failed-regex-comment: "PR title failed to match regex -> `%regex%`" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 51fc4910ccf0749593ffc6c5614652849dbda9e0 Mon Sep 17 00:00:00 2001 From: Connel McGovern Date: Tue, 6 Jun 2023 16:43:28 +0100 Subject: [PATCH 05/16] Removing bridge/bridgecapsule from main release branch CI pipeline --- .ci/dev/regression/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 5421c21225..1b5506f334 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -89,7 +89,7 @@ pipeline { steps { script { // Invoke Snyk for each Gradle sub project we wish to scan - def modulesToScan = ['node', 'capsule', 'bridge', 'bridgecapsule'] + def modulesToScan = ['node', 'capsule'] modulesToScan.each { module -> snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'") } From 7b163522185f6c6d16cb05559384b96fe3c68411 Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Tue, 6 Jun 2023 16:46:58 +0100 Subject: [PATCH 06/16] ES-562: Correct modules to scan for C4 OS Snyk scan nightly (#7386) * ES-562: Correct modules to scan for C4 OS Snyk scan nightly * Include 'ES' jira code in PR title check --- .ci/dev/nightly-regression/JenkinsfileSnykScan | 2 +- .github/workflows/check-pr-title.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.ci/dev/nightly-regression/JenkinsfileSnykScan b/.ci/dev/nightly-regression/JenkinsfileSnykScan index 564bb516a9..6c0f81d698 100644 --- a/.ci/dev/nightly-regression/JenkinsfileSnykScan +++ b/.ci/dev/nightly-regression/JenkinsfileSnykScan @@ -3,5 +3,5 @@ cordaSnykScanPipeline ( snykTokenId: 'c4-os-snyk-api-token-secret', // specify the Gradle submodules to scan and monitor on snyk Server - modulesToScan: ['node', 'capsule', 'bridge', 'bridgecapsule'] + modulesToScan: ['node', 'capsule'] ) diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml index ce097eb02a..f99824a302 100644 --- a/.github/workflows/check-pr-title.yml +++ b/.github/workflows/check-pr-title.yml @@ -9,6 +9,6 @@ jobs: steps: - uses: morrisoncole/pr-lint-action@v1.4.1 with: - title-regex: '^((CORDA|AG|EG|ENT|INFRA)-\d+|NOTICK)(.*)' + title-regex: '^((CORDA|AG|EG|ENT|INFRA|ES)-\d+|NOTICK)(.*)' on-failed-regex-comment: "PR title failed to match regex -> `%regex%`" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 40f928da50cfb17d62a4587bbd6186c5978150d8 Mon Sep 17 00:00:00 2001 From: Chris Cochrane Date: Thu, 15 Jun 2023 14:35:49 +0100 Subject: [PATCH 07/16] Upgrade netty --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 60cf408cea..727ee74d9b 100644 --- a/build.gradle +++ b/build.gradle @@ -79,7 +79,7 @@ buildscript { ext.djvm_version = constants.getProperty("djvmVersion") ext.deterministic_rt_version = constants.getProperty('deterministicRtVersion') ext.okhttp_version = '3.14.2' - ext.netty_version = '4.1.68.Final' + ext.netty_version = '4.1.77.Final' ext.tcnative_version = '2.0.42.Final' ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion") ext.fileupload_version = '1.4' From 89b2deebe3f6c8155c65228abaa2d08acab7e3c2 Mon Sep 17 00:00:00 2001 From: Chris Cochrane Date: Thu, 15 Jun 2023 16:56:42 +0100 Subject: [PATCH 08/16] Upgraded tcnative, for nett (previous commit) --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 727ee74d9b..0be65fba94 100644 --- a/build.gradle +++ b/build.gradle @@ -80,7 +80,7 @@ buildscript { ext.deterministic_rt_version = constants.getProperty('deterministicRtVersion') ext.okhttp_version = '3.14.2' ext.netty_version = '4.1.77.Final' - ext.tcnative_version = '2.0.42.Final' + ext.tcnative_version = '2.0.48.Final' ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion") ext.fileupload_version = '1.4' ext.kryo_version = '4.0.2' From 01ead5376b3e6cfe46a7750224ea5d8ae558b577 Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Fri, 23 Jun 2023 20:46:36 +0100 Subject: [PATCH 09/16] ES-758: add corda remotes env vars to Jenkins logic (#7400) * ES-758: add corda remotes * ES-758: add corda remotes --- .ci/dev/compatibility/JenkinsfileJDK11Compile | 7 +++++++ .ci/dev/nightly-regression/Jenkinsfile | 1 + .ci/dev/pr-code-checks/Jenkinsfile | 4 ++++ .ci/dev/regression/Jenkinsfile | 1 + Jenkinsfile | 1 + 5 files changed, 14 insertions(+) diff --git a/.ci/dev/compatibility/JenkinsfileJDK11Compile b/.ci/dev/compatibility/JenkinsfileJDK11Compile index 0a7ae93060..69bda8be33 100644 --- a/.ci/dev/compatibility/JenkinsfileJDK11Compile +++ b/.ci/dev/compatibility/JenkinsfileJDK11Compile @@ -22,6 +22,13 @@ pipeline { buildDiscarder(logRotator(daysToKeepStr: '14', artifactDaysToKeepStr: '14')) } + environment { + ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') + CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" + CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" + } + stages { stage('JDK 11 Compile') { steps { diff --git a/.ci/dev/nightly-regression/Jenkinsfile b/.ci/dev/nightly-regression/Jenkinsfile index 98895fdcb8..92eae917af 100644 --- a/.ci/dev/nightly-regression/Jenkinsfile +++ b/.ci/dev/nightly-regression/Jenkinsfile @@ -44,6 +44,7 @@ pipeline { ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" } stages { diff --git a/.ci/dev/pr-code-checks/Jenkinsfile b/.ci/dev/pr-code-checks/Jenkinsfile index 7300f52bda..3693cdfce8 100644 --- a/.ci/dev/pr-code-checks/Jenkinsfile +++ b/.ci/dev/pr-code-checks/Jenkinsfile @@ -17,6 +17,10 @@ pipeline { environment { SNYK_API_TOKEN = credentials('c4-os-snyk-api-token-secret') C4_OS_SNYK_ORG_ID = credentials('c4-os-snyk-org-id') + ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') + CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" + CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" } stages { diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index a301041e42..62681c5ea1 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -54,6 +54,7 @@ pipeline { ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" DOCKER_URL = "https://index.docker.io/v1/" EMAIL_RECIPIENTS = credentials('corda4-email-recipient') SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token diff --git a/Jenkinsfile b/Jenkinsfile index 6c684968b3..a824a677d0 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -47,6 +47,7 @@ pipeline { ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" } stages { From d02f6ff68c6b2ca2223d86966f598f76e13415b3 Mon Sep 17 00:00:00 2001 From: Chris Cochrane <78791827+chriscochrane@users.noreply.github.com> Date: Tue, 27 Jun 2023 13:29:28 +0100 Subject: [PATCH 10/16] ENT-10048,ENT-10050 - Security vulnerabilities (#7397) * Updated netty and tcnative --- build.gradle | 4 ++-- .../corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 18fcdbcbe3..6e9e35ceed 100644 --- a/build.gradle +++ b/build.gradle @@ -79,8 +79,8 @@ buildscript { ext.djvm_version = constants.getProperty("djvmVersion") ext.deterministic_rt_version = constants.getProperty('deterministicRtVersion') ext.okhttp_version = '3.14.2' - ext.netty_version = '4.1.46.Final' - ext.tcnative_version = '2.0.29.Final' + ext.netty_version = '4.1.77.Final' + ext.tcnative_version = '2.0.48.Final' ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion") ext.fileupload_version = '1.4' ext.kryo_version = '4.0.2' diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt index 233b19a712..98910a673f 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt @@ -6,7 +6,7 @@ import io.netty.handler.ssl.SniHandler import io.netty.handler.ssl.SslContextBuilder import io.netty.handler.ssl.SslHandler import io.netty.handler.ssl.SslProvider -import io.netty.util.DomainNameMappingBuilder +import io.netty.util.DomainWildcardMappingBuilder import net.corda.core.crypto.SecureHash import net.corda.core.crypto.newSecureRandom import net.corda.core.identity.CordaX500Name @@ -307,7 +307,7 @@ internal fun createServerSNIOpenSslHandler(keyManagerFactoriesMap: Map Date: Wed, 28 Jun 2023 13:20:58 +0100 Subject: [PATCH 11/16] ENT-10076,ENT-10080 - Security Vulnerabilities (#7405) * Updated dependencies * Address compiler checks --- build.gradle | 4 ++-- .../corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 5f63ab7f88..0dafa6db2a 100644 --- a/build.gradle +++ b/build.gradle @@ -79,8 +79,8 @@ buildscript { ext.djvm_version = constants.getProperty("djvmVersion") ext.deterministic_rt_version = constants.getProperty('deterministicRtVersion') ext.okhttp_version = '3.14.2' - ext.netty_version = '4.1.46.Final' - ext.tcnative_version = '2.0.29.Final' + ext.netty_version = '4.1.77.Final' + ext.tcnative_version = '2.0.48.Final' ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion") ext.fileupload_version = '1.4' ext.kryo_version = '4.0.2' diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt index 233b19a712..98910a673f 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt @@ -6,7 +6,7 @@ import io.netty.handler.ssl.SniHandler import io.netty.handler.ssl.SslContextBuilder import io.netty.handler.ssl.SslHandler import io.netty.handler.ssl.SslProvider -import io.netty.util.DomainNameMappingBuilder +import io.netty.util.DomainWildcardMappingBuilder import net.corda.core.crypto.SecureHash import net.corda.core.crypto.newSecureRandom import net.corda.core.identity.CordaX500Name @@ -307,7 +307,7 @@ internal fun createServerSNIOpenSslHandler(keyManagerFactoriesMap: Map Date: Wed, 5 Jul 2023 16:28:08 +0100 Subject: [PATCH 12/16] ES-839: Disable Internal docker publishing for 4.7 ( only supported post 4.9 pacthes) (#7410) * ES-839: Disable Docker publishing for 4.7 * ES-839: remove broken repo --- .ci/dev/regression/Jenkinsfile | 2 +- docker/src/docker/Dockerfile | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index c2c9249e70..836ccdb3b5 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -279,7 +279,7 @@ pipeline { stage('Publish Release Candidate to Internal Repository') { when { - expression { isReleaseCandidate } + expression { return false} // keeping stage to preserve Jenkins history on release branches, but not supported for patch builds pre 4.9 } steps { withCredentials([ diff --git a/docker/src/docker/Dockerfile b/docker/src/docker/Dockerfile index d3d287a750..80eabe193d 100644 --- a/docker/src/docker/Dockerfile +++ b/docker/src/docker/Dockerfile @@ -1,5 +1,8 @@ FROM azul/zulu-openjdk:8u192 +## Remove Azul Zulu repo, as it is gone by now +RUN rm /etc/apt/sources.list.d/zulu.list + ## Add packages, clean cache, create dirs, create corda user and change ownership RUN apt-get update && \ apt-get -y upgrade && \ From 56c6eb42ef14efca105df08200b26dfd645bd497 Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Wed, 5 Jul 2023 16:28:51 +0100 Subject: [PATCH 13/16] ES-757: remove extra paramater (#7403) --- .ci/dev/regression/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 62681c5ea1..033268a688 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -301,7 +301,7 @@ pipeline { always { script { if (gitUtils.isReleaseTag()) { - gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', ''), scm.userRemoteConfigs[0].credentialsId) + gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', '')) } try { if (params.DO_TEST) { From 9dd0bd85093dccc4504816a243b8da1c0d67aeae Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Tue, 11 Jul 2023 13:11:02 +0100 Subject: [PATCH 14/16] ES-757: ensure correct method is called with extra paramater --- .ci/dev/regression/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 033268a688..62681c5ea1 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -301,7 +301,7 @@ pipeline { always { script { if (gitUtils.isReleaseTag()) { - gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', '')) + gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', ''), scm.userRemoteConfigs[0].credentialsId) } try { if (params.DO_TEST) { From b410cd2a5d13b9653f606b626eb157319177fbef Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Wed, 12 Jul 2023 17:36:57 +0100 Subject: [PATCH 15/16] ES-853: update Artifactory refrences to new public location (#7416) * ES-853: update artifactory references to new public location --- build.gradle | 9 +++++---- jdk8u-deterministic/build.gradle | 2 +- settings.gradle | 3 ++- testing/cordapps/dbfailure/dbfcontracts/build.gradle | 4 ++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/build.gradle b/build.gradle index 6e9e35ceed..628f99887b 100644 --- a/build.gradle +++ b/build.gradle @@ -113,6 +113,7 @@ buildscript { ext.hikari_version = '3.3.1' ext.liquibase_version = '3.6.3' ext.artifactory_contextUrl = 'https://software.r3.com/artifactory' + ext.publicArtifactURL = 'https://download.corda.net/maven' ext.snake_yaml_version = constants.getProperty('snakeYamlVersion') ext.docker_compose_rule_version = '1.5.0' ext.selenium_version = '3.141.59' @@ -173,14 +174,14 @@ buildscript { } } else { maven { - url "${artifactory_contextUrl}/corda-dependencies-dev" + url "${publicArtifactURL}/corda-dependencies-dev" content { includeGroupByRegex 'net\\.corda(\\..*)?' includeGroupByRegex 'com\\.r3(\\..*)?' } } maven { - url "${artifactory_contextUrl}/corda-releases" + url "${publicArtifactURL}/corda-releases" content { includeGroupByRegex 'net\\.corda(\\..*)?' includeGroupByRegex 'com\\.r3(\\..*)?' @@ -397,7 +398,7 @@ allprojects { } } else { maven { - url "${artifactory_contextUrl}/corda-dependencies" + url "${publicArtifactURL}/corda-dependencies" content { includeGroupByRegex 'net\\.corda(\\..*)?' includeGroupByRegex 'com\\.r3(\\..*)?' @@ -408,7 +409,7 @@ allprojects { } } maven { - url "${artifactory_contextUrl}/corda-dev" + url "${publicArtifactURL}/corda-dev" content { includeGroupByRegex 'net\\.corda(\\..*)?' includeGroupByRegex 'com\\.r3(\\..*)?' diff --git a/jdk8u-deterministic/build.gradle b/jdk8u-deterministic/build.gradle index f9a91c9cc8..80804d15a8 100644 --- a/jdk8u-deterministic/build.gradle +++ b/jdk8u-deterministic/build.gradle @@ -1,6 +1,6 @@ repositories { maven { - url "$artifactory_contextUrl/corda-dependencies" + url "$publicArtifactURL/corda-dependencies" } } diff --git a/settings.gradle b/settings.gradle index d896cc16d5..a6ade1959e 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1,5 +1,6 @@ pluginManagement { ext.artifactory_contextUrl = 'https://software.r3.com/artifactory' + ext.publicArtifactURL = 'https://download.corda.net/maven' repositories { // Use system environment to activate caching with Artifactory, @@ -21,7 +22,7 @@ pluginManagement { } else { mavenLocal() gradlePluginPortal() - maven { url "${artifactory_contextUrl}/corda-dependencies" } + maven { url "${publicArtifactURL}/corda-dependencies" } } } } diff --git a/testing/cordapps/dbfailure/dbfcontracts/build.gradle b/testing/cordapps/dbfailure/dbfcontracts/build.gradle index 8767f08a31..886a9f9728 100644 --- a/testing/cordapps/dbfailure/dbfcontracts/build.gradle +++ b/testing/cordapps/dbfailure/dbfcontracts/build.gradle @@ -5,8 +5,8 @@ apply plugin: 'kotlin' repositories { mavenLocal() mavenCentral() - maven { url "$artifactory_contextUrl/corda-dependencies" } - maven { url "$artifactory_contextUrl/corda" } + maven { url "$publicArtifactURL/corda-dependencies" } + maven { url "$publicArtifactURL/corda" } } dependencies { From 33df909cee0e6b49de3f0d28e4111382e960d743 Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Wed, 12 Jul 2023 20:01:56 +0100 Subject: [PATCH 16/16] ES-757: update paramater in line with latest shared lib change (#7417) --- .ci/dev/regression/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 62681c5ea1..033268a688 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -301,7 +301,7 @@ pipeline { always { script { if (gitUtils.isReleaseTag()) { - gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', ''), scm.userRemoteConfigs[0].credentialsId) + gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', '')) } try { if (params.DO_TEST) {