Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package netty-tcnative for openSUSE:Factory checked in at 2026-06-15 19:46:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/netty-tcnative (Old) and /work/SRC/openSUSE:Factory/.netty-tcnative.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netty-tcnative" Mon Jun 15 19:46:47 2026 rev:11 rq:1359482 version:2.0.79 Changes: -------- --- /work/SRC/openSUSE:Factory/netty-tcnative/netty-tcnative.changes 2026-05-15 23:54:34.855753586 +0200 +++ /work/SRC/openSUSE:Factory/.netty-tcnative.new.1981/netty-tcnative.changes 2026-06-15 19:50:25.676988935 +0200 @@ -1,0 +2,6 @@ +Fri Jun 12 09:00:55 UTC 2026 - Fridrich Strba <[email protected]> + +- Upgrade to version 2.0.79 Fina + * No formal changelog present + +------------------------------------------------------------------- Old: ---- netty-tcnative-parent-2.0.77.Final.tar.gz New: ---- netty-tcnative-parent-2.0.79.Final.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ netty-tcnative.spec ++++++ --- /var/tmp/diff_new_pack.KB8eXR/_old 2026-06-15 19:50:28.749117762 +0200 +++ /var/tmp/diff_new_pack.KB8eXR/_new 2026-06-15 19:50:28.761118265 +0200 @@ -22,7 +22,7 @@ %define with_gcc 11 %endif Name: netty-tcnative -Version: 2.0.77 +Version: 2.0.79 Release: 0 Summary: Fork of Tomcat Native with improved OpenSSL and mavenized build License: Apache-2.0 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.KB8eXR/_old 2026-06-15 19:50:29.137134033 +0200 +++ /var/tmp/diff_new_pack.KB8eXR/_new 2026-06-15 19:50:29.169135375 +0200 @@ -1,6 +1,6 @@ -mtime: 1778827339 -commit: 30e453ecc5f6c2cb6785aeb8b133859edd3b11d68b3b264d64439380cff60da5 +mtime: 1781256676 +commit: cd2eeb4a1dc04fd16a0e1bc1b165b125c2e29b54c49dc412a99317fbd4695dea url: https://src.opensuse.org/java-packages/netty-tcnative -revision: 30e453ecc5f6c2cb6785aeb8b133859edd3b11d68b3b264d64439380cff60da5 +revision: cd2eeb4a1dc04fd16a0e1bc1b165b125c2e29b54c49dc412a99317fbd4695dea projectscmsync: https://src.opensuse.org/java-packages/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-12 11:31:16.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ netty-tcnative-parent-2.0.77.Final.tar.gz -> netty-tcnative-parent-2.0.79.Final.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/.github/workflows/ci-build.yml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/.github/workflows/ci-build.yml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/.github/workflows/ci-build.yml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/.github/workflows/ci-build.yml 2026-06-12 08:47:26.000000000 +0200 @@ -29,22 +29,25 @@ matrix: include: - setup: centos6-x86_64 - docker-compose-build: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml build" docker-compose-run: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml run build" + docker-bake-args: "-f docker-compose.centos-6.yaml -f docker-compose.centos-6.18.yaml" - setup: debian7-x86_64 - docker-compose-build: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml build" docker-compose-run: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml run build-dynamic-only" + docker-bake-args: "-f docker-compose.debian.yaml -f docker-compose.debian-7.18.yaml" - setup: centos7-aarch64 - docker-compose-build: "-f docker/docker-compose.centos-7.yaml build" docker-compose-run: "-f docker/docker-compose.centos-7.yaml run cross-compile-aarch64-build" + docker-bake-args: "-f docker-compose.centos-7.yaml" - setup: al2023-x86_64-aws_lc - docker-compose-build: "-f docker/docker-compose.al2023.yaml build" docker-compose-run: "-f docker/docker-compose.al2023.yaml run build" + docker-bake-args: "-f docker-compose.al2023.yaml" name: ${{ matrix.setup }} steps: - uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + # Cache .m2/repository - uses: actions/cache@v4 continue-on-error: true @@ -54,8 +57,17 @@ restore-keys: | build-${{ matrix.setup }}-m2-repository-cache- + - name: Extract OpenSSL version from pom.xml + run: echo "OPENSSL_VERSION=$(./mvnw -q -Dexpression=opensslVersion -DforceStdout -N help:evaluate --no-transfer-progress)" >> $GITHUB_ENV + + - name: Extract OpenSSL SHA256 from pom.xml + run: echo "OPENSSL_SHA256=$(./mvnw -q -Dexpression=opensslSha256 -DforceStdout -N help:evaluate --no-transfer-progress)" >> $GITHUB_ENV + - name: Build docker image - run: docker compose ${{ matrix.docker-compose-build }} + working-directory: docker + env: + BUILDX_BAKE_ENTITLEMENTS_FS: "0" + run: docker buildx bake ${{ matrix.docker-bake-args }} --load --set "*.cache-from=type=gha,scope=${{ matrix.setup }}" --set "*.cache-to=type=gha,scope=${{ matrix.setup }},mode=max" - name: Build project run: docker compose ${{ matrix.docker-compose-run }} | tee build.output diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/.github/workflows/ci-pr.yml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/.github/workflows/ci-pr.yml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/.github/workflows/ci-pr.yml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/.github/workflows/ci-pr.yml 2026-06-12 08:47:26.000000000 +0200 @@ -27,22 +27,25 @@ matrix: include: - setup: centos6-x86_64 - docker-compose-build: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml build" docker-compose-run: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml run build" + docker-bake-args: "-f docker-compose.centos-6.yaml -f docker-compose.centos-6.18.yaml" - setup: debian7-x86_64 - docker-compose-build: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml build" docker-compose-run: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml run build-dynamic-only" + docker-bake-args: "-f docker-compose.debian.yaml -f docker-compose.debian-7.18.yaml" - setup: centos7-aarch64 - docker-compose-build: "-f docker/docker-compose.centos-7.yaml build" docker-compose-run: "-f docker/docker-compose.centos-7.yaml run cross-compile-aarch64-build" + docker-bake-args: "-f docker-compose.centos-7.yaml" - setup: al2023-x86_64-aws_lc - docker-compose-build: "-f docker/docker-compose.al2023.yaml build" docker-compose-run: "-f docker/docker-compose.al2023.yaml run build" + docker-bake-args: "-f docker-compose.al2023.yaml" name: ${{ matrix.setup }} steps: - uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + # Cache .m2/repository - uses: actions/cache@v4 continue-on-error: true @@ -52,8 +55,17 @@ restore-keys: | build-pr-${{ matrix.setup }}-m2-repository-cache- + - name: Extract OpenSSL version from pom.xml + run: echo "OPENSSL_VERSION=$(./mvnw -q -Dexpression=opensslVersion -DforceStdout -N help:evaluate --no-transfer-progress)" >> $GITHUB_ENV + + - name: Extract OpenSSL SHA256 from pom.xml + run: echo "OPENSSL_SHA256=$(./mvnw -q -Dexpression=opensslSha256 -DforceStdout -N help:evaluate --no-transfer-progress)" >> $GITHUB_ENV + - name: Build docker image - run: docker compose ${{ matrix.docker-compose-build }} + working-directory: docker + env: + BUILDX_BAKE_ENTITLEMENTS_FS: "0" + run: docker buildx bake ${{ matrix.docker-bake-args }} --load --set "*.cache-from=type=gha,scope=${{ matrix.setup }}" --set "*.cache-to=type=gha,scope=${{ matrix.setup }},mode=max" - name: Build project run: docker compose ${{ matrix.docker-compose-run }} | tee build.output diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/.github/workflows/ci-release.yml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/.github/workflows/ci-release.yml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/.github/workflows/ci-release.yml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/.github/workflows/ci-release.yml 2026-06-12 08:47:26.000000000 +0200 @@ -138,6 +138,17 @@ - name: Create local staging directory run: mkdir -p ~/local-staging + - name: Extract OpenSSL version from pom.xml + working-directory: ./prepare-release-workspace/ + run: echo "OPENSSL_VERSION=$(./mvnw -q -Dexpression=opensslVersion -DforceStdout -N help:evaluate --no-transfer-progress)" >> $GITHUB_ENV + + - name: Extract OpenSSL SHA256 from pom.xml + working-directory: ./prepare-release-workspace/ + run: echo "OPENSSL_SHA256=$(./mvnw -q -Dexpression=opensslSha256 -DforceStdout -N help:evaluate --no-transfer-progress)" >> $GITHUB_ENV + + # Release builds intentionally use docker compose (not buildx bake) for a clean, + # cache-free build. OPENSSL_VERSION is still extracted above so docker-compose can + # interpolate it as a build arg. - name: Build docker image working-directory: ./prepare-release-workspace/ run: docker compose ${{ matrix.docker-compose-build }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/boringssl-static/pom.xml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/boringssl-static/pom.xml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/boringssl-static/pom.xml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/boringssl-static/pom.xml 2026-06-12 08:47:26.000000000 +0200 @@ -19,7 +19,7 @@ <parent> <groupId>io.netty</groupId> <artifactId>netty-tcnative-parent</artifactId> - <version>2.0.77.Final</version> + <version>2.0.79.Final</version> </parent> <artifactId>${project.artifactId}</artifactId> <packaging>jar</packaging> @@ -717,22 +717,6 @@ </properties> <build> - <pluginManagement> - <plugins> - <plugin> - <artifactId>maven-enforcer-plugin</artifactId> - <version>1.4.1</version> - <dependencies> - <!-- Provides the 'requireFilesContent' enforcer rule. --> - <dependency> - <groupId>com.ceilfors.maven.plugin</groupId> - <artifactId>enforcer-rules</artifactId> - <version>1.2.0</version> - </dependency> - </dependencies> - </plugin> - </plugins> - </pluginManagement> <plugins> <plugin> <artifactId>maven-enforcer-plugin</artifactId> @@ -751,15 +735,6 @@ <property>os.detected.classifier</property> <regex>^linux-x86_64.*</regex> </requireProperty> - <requireFilesContent> - <message> - Cross compile and Release process must be performed on RHEL 7.6 or its derivatives. - </message> - <files> - <file>/etc/redhat-release</file> - </files> - <content>release 7.6</content> - </requireFilesContent> </rules> <ignoreCache>true</ignoreCache> </configuration> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/Dockerfile.centos6 new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/Dockerfile.centos6 --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/Dockerfile.centos6 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/Dockerfile.centos6 2026-06-12 08:47:26.000000000 +0200 @@ -1,5 +1,9 @@ FROM --platform=linux/amd64 centos:6.10 +ARG openssl_version=3.6.1 +ARG openssl_sha256 +ENV OPENSSL_VERSION $openssl_version +ENV OPENSSL_SHA256 $openssl_sha256 ENV SOURCE_DIR /root/source ENV CMAKE_VERSION_BASE 3.26 ENV CMAKE_VERSION $CMAKE_VERSION_BASE.4 @@ -26,6 +30,8 @@ openssl-devel \ patch \ perl \ + perl-IPC-Cmd \ + perl-Time-Piece \ perl-parent \ perl-devel \ tar \ @@ -49,6 +55,20 @@ RUN yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ RUN echo 'source /opt/rh/devtoolset-9/enable' >> ~/.bashrc +# Build OpenSSL 3.x from source using devtoolset-9 +RUN set -x && \ + source /opt/rh/devtoolset-9/enable && \ + # --no-check-certificate: CentOS 6 ships with outdated CA bundles that can't verify modern GitHub TLS certs + wget --no-check-certificate https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz && \ + echo "$OPENSSL_SHA256 openssl-$OPENSSL_VERSION.tar.gz" | sha256sum -c - && \ + tar xvf openssl-$OPENSSL_VERSION.tar.gz && \ + (cd openssl-$OPENSSL_VERSION && \ + # no-asm: devtoolset-9 on CentOS 6 cannot reliably compile OpenSSL's hand-tuned x86_64 assembly + ./Configure linux-x86_64 --prefix=/opt/openssl-$OPENSSL_VERSION --libdir=lib shared no-asm no-apps && \ + make -j1 install_sw) && \ + rm -rf openssl-$OPENSSL_VERSION openssl-$OPENSSL_VERSION.tar.gz && \ + ln -sf /opt/openssl-$OPENSSL_VERSION /usr/local/ssl + RUN rm -rf $SOURCE_DIR # Downloading and installing perlbrew as we need a more up to date perl version for boringssl diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/Dockerfile.cross_compile_aarch64 new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/Dockerfile.cross_compile_aarch64 --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/Dockerfile.cross_compile_aarch64 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/Dockerfile.cross_compile_aarch64 2026-06-12 08:47:26.000000000 +0200 @@ -1,11 +1,13 @@ -FROM --platform=linux/amd64 centos:7.6.1810 +FROM --platform=linux/amd64 centos:7.9.2009 ARG gcc_version=10.2-2020.11 -ARG openssl_version=1_1_1d +ARG openssl_version=3.6.1 +ARG openssl_sha256 ARG apr_version=1.7.6 ENV SOURCE_DIR /root/source ENV GCC_VERSION $gcc_version ENV OPENSSL_VERSION $openssl_version +ENV OPENSSL_SHA256 $openssl_sha256 ENV MAVEN_VERSION 3.9.1 ENV APR_VERSION $apr_version ENV CMAKE_VERSION_BASE 3.26 @@ -15,15 +17,12 @@ WORKDIR $SOURCE_DIR # Update to use the vault -RUN sed -i -e 's/^mirrorlist/#mirrorlist/g' -e 's/^#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\//baseurl=https:\/\/linuxsoft.cern.ch\/centos-vault\/\/7.6.1810\//g' /etc/yum.repos.d/CentOS-Base.repo - -# We want to have git 2.x for the maven scm plugin and also for boringssl -RUN yum install -y https://opensource.blueoptima.com/centos/6/git/x86_64/wandisco-git-release-6-1.noarch.rpm +RUN sed -i -e 's/^mirrorlist/#mirrorlist/g' -e 's/^#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\//baseurl=https:\/\/linuxsoft.cern.ch\/centos-vault\/\/7.9.2009\//g' /etc/yum.repos.d/CentOS-Base.repo # Install requirements RUN set -x && \ yum -y install epel-release && \ - yum -y install wget tar git make autoconf automake libtool openssl-devel ninja-build gcc-c++ patch unzip zip which + yum -y install wget tar git make autoconf automake libtool openssl-devel ninja-build gcc-c++ patch unzip zip which perl perl-IPC-Cmd perl-Time-Piece # Install Java RUN yum install -y java-1.8.0-openjdk-devel golang @@ -41,7 +40,10 @@ wget --no-check-certificate https://downloads.apache.org//apr/apr-$APR_VERSION.tar.gz && \ tar xvf apr-$APR_VERSION.tar.gz && \ pushd apr-$APR_VERSION && \ - CC=aarch64-none-linux-gnu-gcc CFLAGS='-O3 -fno-omit-frame-pointer -fPIC' ./configure --prefix=/opt/apr-$APR_VERSION-share --host=aarch64-none-linux-gnu ac_cv_have_decl_sys_siglist=no ac_cv_file__dev_zero=yes ac_cv_func_setpgrp_void=yes apr_cv_tcp_nodelay_with_cork=yes ac_cv_sizeof_struct_iovec=8 && \ + # ac_cv_search_crypt=no: prevents APR from linking against libcrypt.so.1 (CentOS 7), + # which is absent on AL2023+/RHEL9+ (replaced by libcrypt.so.2). Mirrors apr_crypt.patch + # applied by the Maven build for x86_64. + CC=aarch64-none-linux-gnu-gcc CFLAGS='-O3 -fno-omit-frame-pointer -fPIC' ./configure --prefix=/opt/apr-$APR_VERSION-share --host=aarch64-none-linux-gnu ac_cv_have_decl_sys_siglist=no ac_cv_file__dev_zero=yes ac_cv_func_setpgrp_void=yes apr_cv_tcp_nodelay_with_cork=yes ac_cv_sizeof_struct_iovec=8 ac_cv_search_crypt=no && \ make || true && \ pushd tools && \ gcc -Wall -O2 -DCROSS_COMPILE gen_test_char.c -s -o gen_test_char && \ @@ -51,12 +53,13 @@ # Cross compile OpenSSL for aarch64 - share RUN set -x && \ - wget https://github.com/openssl/openssl/archive/OpenSSL_$OPENSSL_VERSION.tar.gz && \ - tar xvf OpenSSL_$OPENSSL_VERSION.tar.gz && \ - pushd openssl-OpenSSL_$OPENSSL_VERSION && \ - ./Configure linux-aarch64 --cross-compile-prefix=aarch64-none-linux-gnu- --prefix=/opt/openssl-$OPENSSL_VERSION-share shared && \ - make && make install && \ - popd + wget https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz && \ + echo "$OPENSSL_SHA256 openssl-$OPENSSL_VERSION.tar.gz" | sha256sum -c - && \ + tar xvf openssl-$OPENSSL_VERSION.tar.gz && \ + (cd openssl-$OPENSSL_VERSION && \ + ./Configure linux-aarch64 --cross-compile-prefix=aarch64-none-linux-gnu- --prefix=/opt/openssl-$OPENSSL_VERSION-share --libdir=lib shared no-apps && \ + make -j1 install_sw) && \ + rm -rf openssl-$OPENSSL_VERSION openssl-$OPENSSL_VERSION.tar.gz # Install cmake RUN curl -s https://cmake.org/files/v$CMAKE_VERSION_BASE/cmake-$CMAKE_VERSION-linux-x86_64.tar.gz --output cmake-$CMAKE_VERSION-linux-x86_64.tar.gz && tar zvxf cmake-$CMAKE_VERSION-linux-x86_64.tar.gz && mv cmake-$CMAKE_VERSION-linux-x86_64 /opt/ && echo 'PATH=/opt/cmake-$CMAKE_VERSION-linux-x86_64/bin:$PATH' >> ~/.bashrc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/Dockerfile.debian new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/Dockerfile.debian --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/Dockerfile.debian 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/Dockerfile.debian 2026-06-12 08:47:26.000000000 +0200 @@ -2,7 +2,10 @@ FROM --platform=linux/amd64 debian:$debian_version # needed to do again after FROM due to docker limitation ARG debian_version - +ARG openssl_version=3.6.1 +ARG openssl_sha256 +ENV OPENSSL_VERSION $openssl_version +ENV OPENSSL_SHA256 $openssl_sha256 ENV SOURCE_DIR /root/source ENV CMAKE_VERSION_BASE 3.8 ENV CMAKE_VERSION $CMAKE_VERSION_BASE.2 @@ -36,6 +39,7 @@ make \ patch \ perl-base=5.14.2-21+deb7u3 \ + perl-modules=5.14.2-21+deb7u3 \ tar \ unzip \ wget \ @@ -53,6 +57,20 @@ RUN wget -q --no-check-certificate https://github.com/netty/netty-tcnative/releases/download/gcc-precompile/gcc-$GCC_VERSION.tar.gz && tar zxf gcc-$GCC_VERSION.tar.gz && mv gcc-$GCC_VERSION /opt/ && echo 'PATH=/opt/gcc-$GCC_VERSION/bin:$PATH' >> ~/.bashrc && echo 'export CC=/opt/gcc-$GCC_VERSION/bin/gcc' >> ~/.bashrc && echo 'export CXX=/opt/gcc-$GCC_VERSION/bin/g++' >> ~/.bashrc +# Build OpenSSL 3.x from source using the custom GCC +RUN set -x && \ + export CC=/opt/gcc-$GCC_VERSION/bin/gcc && \ + # --no-check-certificate: Debian 7 ships with outdated CA bundles that can't verify modern GitHub TLS certs + wget --no-check-certificate https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz && \ + echo "$OPENSSL_SHA256 openssl-$OPENSSL_VERSION.tar.gz" | sha256sum -c - && \ + tar xvf openssl-$OPENSSL_VERSION.tar.gz && \ + (cd openssl-$OPENSSL_VERSION && \ + # no-asm: the custom GCC on Debian 7 cannot reliably compile OpenSSL's hand-tuned x86_64 assembly + ./Configure linux-x86_64 --prefix=/opt/openssl-$OPENSSL_VERSION --libdir=lib shared no-asm no-apps && \ + make -j1 install_sw) && \ + rm -rf openssl-$OPENSSL_VERSION openssl-$OPENSSL_VERSION.tar.gz && \ + ln -sf /opt/openssl-$OPENSSL_VERSION /usr/local/ssl + RUN rm -rf $SOURCE_DIR # Downloading and installing SDKMAN! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/docker-compose.centos-6.yaml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/docker-compose.centos-6.yaml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/docker-compose.centos-6.yaml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/docker-compose.centos-6.yaml 2026-06-12 08:47:26.000000000 +0200 @@ -7,6 +7,9 @@ build: context: ../ dockerfile: docker/Dockerfile.centos6 + args: + openssl_version: "${OPENSSL_VERSION:-3.6.1}" + openssl_sha256: "${OPENSSL_SHA256:-b1bfedcd5b289ff22aee87c9d600f515767ebf45f77168cb6d64f231f518a82e}" common: &common image: netty-tcnative-centos:default diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/docker-compose.centos-7.yaml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/docker-compose.centos-7.yaml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/docker-compose.centos-7.yaml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/docker-compose.centos-7.yaml 2026-06-12 08:47:26.000000000 +0200 @@ -10,7 +10,8 @@ args: gcc_version: "10.2-2020.11" apr_version: "1.7.6" - openssl_version: "1_1_1k" + openssl_version: "${OPENSSL_VERSION:-3.6.1}" + openssl_sha256: "${OPENSSL_SHA256:-b1bfedcd5b289ff22aee87c9d600f515767ebf45f77168cb6d64f231f518a82e}" cross-compile-aarch64-common: &cross-compile-aarch64-common image: netty-tcnative-centos:cross_compile_aarch64 @@ -40,7 +41,7 @@ cross-compile-aarch64-build: <<: *cross-compile-aarch64-common - command: /bin/bash -cl "./mvnw clean package -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DopensslArmHome=/opt/openssl-$$OPENSSL_VERSION-share -DskipTests && ./mvnw clean package -Plinux-aarch64 -am -pl boringssl-static -DskipTests" + command: /bin/bash -cl "./mvnw clean package -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DskipTests && ./mvnw clean package -Plinux-aarch64 -am -pl boringssl-static -DskipTests" cross-compile-aarch64-deploy: <<: *cross-compile-aarch64-common @@ -50,7 +51,7 @@ - ~/.m2/repository:/root/.m2/repository - ~/.m2/settings.xml:/root/.m2/settings.xml - ..:/code - command: /bin/bash -cl "./mvnw clean deploy -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DopensslArmHome=/opt/openssl-$$OPENSSL_VERSION-share -DskipTests && ./mvnw clean deploy -Plinux-aarch64 -am -pl boringssl-static -DskipTests" + command: /bin/bash -cl "./mvnw clean deploy -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DskipTests && ./mvnw clean deploy -Plinux-aarch64 -am -pl boringssl-static -DskipTests" cross-compile-aarch64-stage-snapshot: <<: *cross-compile-aarch64-common @@ -60,7 +61,7 @@ - ~/.m2/repository:/root/.m2/repository - ~/local-staging:/root/local-staging - ..:/code - command: /bin/bash -cl "./mvnw -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DopensslArmHome=/opt/openssl-$$OPENSSL_VERSION-share clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/root/local-staging -DskipTests=true && ./mvnw -Plinux-aarch64 -am -pl boringssl-static clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/root/local-staging -DskipTests=true" + command: /bin/bash -cl "./mvnw -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/root/local-staging -DskipTests=true && ./mvnw -Plinux-aarch64 -am -pl boringssl-static clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/root/local-staging -DskipTests=true" cross-compile-aarch64-stage-release: <<: *cross-compile-aarch64-common @@ -70,5 +71,5 @@ - ~/.m2/settings.xml:/root/.m2/settings.xml - ~/local-staging:/root/local-staging - ..:/code - command: /bin/bash -cl "cat <(echo -e \"${GPG_PRIVATE_KEY}\") | gpg --batch --import && ./mvnw -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DopensslArmHome=/opt/openssl-$$OPENSSL_VERSION-share clean javadoc:jar package gpg:sign org.sonatype.central:central-publishing-maven-plugin:publish -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME} && ./mvnw -Plinux-aarch64 -am -pl boringssl-static clean javadoc:jar package gpg:sign org.sonatype.central:central-publishing-maven-plugin:publish -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME}" + command: /bin/bash -cl "cat <(echo -e \"${GPG_PRIVATE_KEY}\") | gpg --batch --import && ./mvnw -Plinux-aarch64 -am -pl openssl-dynamic,boringssl-static -DaprArmHome=/opt/apr-$$APR_VERSION-share clean javadoc:jar package gpg:sign org.sonatype.central:central-publishing-maven-plugin:publish -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/docker-compose.debian.yaml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/docker-compose.debian.yaml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/docker/docker-compose.debian.yaml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/docker/docker-compose.debian.yaml 2026-06-12 08:47:26.000000000 +0200 @@ -7,6 +7,9 @@ build: context: .. dockerfile: docker/Dockerfile.debian + args: + openssl_version: "${OPENSSL_VERSION:-3.6.1}" + openssl_sha256: "${OPENSSL_SHA256:-b1bfedcd5b289ff22aee87c9d600f515767ebf45f77168cb6d64f231f518a82e}" common: &common image: netty-tcnative-debian:default diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/libressl-static/pom.xml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/libressl-static/pom.xml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/libressl-static/pom.xml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/libressl-static/pom.xml 2026-06-12 08:47:26.000000000 +0200 @@ -19,7 +19,7 @@ <parent> <groupId>io.netty</groupId> <artifactId>netty-tcnative-parent</artifactId> - <version>2.0.77.Final</version> + <version>2.0.79.Final</version> </parent> <artifactId>netty-tcnative-libressl-static</artifactId> <packaging>jar</packaging> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-classes/pom.xml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-classes/pom.xml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-classes/pom.xml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-classes/pom.xml 2026-06-12 08:47:26.000000000 +0200 @@ -19,7 +19,7 @@ <parent> <groupId>io.netty</groupId> <artifactId>netty-tcnative-parent</artifactId> - <version>2.0.77.Final</version> + <version>2.0.79.Final</version> </parent> <artifactId>netty-tcnative-classes</artifactId> <packaging>jar</packaging> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/pom.xml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/pom.xml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/pom.xml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/pom.xml 2026-06-12 08:47:26.000000000 +0200 @@ -19,7 +19,7 @@ <parent> <groupId>io.netty</groupId> <artifactId>netty-tcnative-parent</artifactId> - <version>2.0.77.Final</version> + <version>2.0.79.Final</version> </parent> <artifactId>netty-tcnative</artifactId> <packaging>jar</packaging> @@ -96,6 +96,7 @@ <!-- Append the Bundle-NativeCode section --> <manifest file="${nativeJarWorkdir}/META-INF/MANIFEST.MF" mode="update"> + <!--suppress MavenModelInspection --> <attribute name="Bundle-NativeCode" value="${tcnativeManifest}" /> </manifest> @@ -119,6 +120,7 @@ </or> </not> </condition> + <!--suppress MavenModelInspection --> <attachartifact file="${nativeJarFile}" classifier="${classifier}" type="jar" /> </target> </configuration> @@ -330,6 +332,7 @@ <nativeLibOsParts>${os.detected.name}_aarch_64</nativeLibOsParts> <jniArch>aarch_64</jniArch> <javaModuleNameClassifier>${os.detected.name}.aarch_64</javaModuleNameClassifier> + <opensslArmHome>/opt/openssl-${opensslVersion}-share</opensslArmHome> </properties> <build> @@ -345,18 +348,6 @@ </archive> </configuration> </plugin> - <plugin> - <artifactId>maven-enforcer-plugin</artifactId> - <version>1.4.1</version> - <dependencies> - <!-- Provides the 'requireFilesContent' enforcer rule. --> - <dependency> - <groupId>com.ceilfors.maven.plugin</groupId> - <artifactId>enforcer-rules</artifactId> - <version>1.2.0</version> - </dependency> - </dependencies> - </plugin> </plugins> </pluginManagement> @@ -378,23 +369,10 @@ <property>os.detected.classifier</property> <regex>^linux-x86_64.*</regex> </requireProperty> - <requireFilesContent> - <message> - Cross compile and Release process must be performed on RHEL 7.6 or its derivatives. - </message> - <files> - <file>/etc/redhat-release</file> - </files> - <content>release 7.6</content> - </requireFilesContent> <requireProperty> <property>aprArmHome</property> <message>The folder of APR for aarch64 must be specified by hand. Please try -DaprArmHome=</message> </requireProperty> - <requireProperty> - <property>opensslArmHome</property> - <message>The folder of OpenSSL for aarch64 must be specified by hand. Please try -DopensslArmHome=</message> - </requireProperty> </rules> <ignoreCache>true</ignoreCache> </configuration> @@ -417,6 +395,7 @@ <forceConfigure>${forceConfigure}</forceConfigure> <configureArgs> <configureArg>--libdir=${project.build.directory}/native-build/target/lib</configureArg> + <!--suppress MavenModelInspection --> <configureArg>--with-apr=${aprArmHome}</configureArg> <configureArg>--with-ssl=${opensslArmHome}</configureArg> <configureArg>--host=aarch64-linux-gnu</configureArg> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/src/main/c/ssl.c new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/src/main/c/ssl.c --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/src/main/c/ssl.c 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/src/main/c/ssl.c 2026-06-12 08:47:26.000000000 +0200 @@ -2316,6 +2316,25 @@ } } +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + // Clear the chain; the loop below appends certificates to the + // chain, and in TLS 1.3, this can be called again after the + // server sends a HelloRetryRequest. Without clearing the + // certificate chain that results in duplicate entries. + if (SSL_clear_chain_certs(ssl_) != 1) { + int errCode = ERR_get_error(); + if (errCode == 0) { + tcn_Throw(e, "Could not clear certificate chain (unknown)"); + } else { + ERR_error_string_n(errCode, err, ERR_LEN); + ERR_clear_error(); + + tcn_Throw(e, "Could not clear certificate chain (%s)", err); + } + return; + } +#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + // The first cert was loaded via SSL_use_certificate so skip it. for (i = 1; i < numCerts; ++i) { @@ -2681,11 +2700,9 @@ } TCN_IMPLEMENT_CALL(void, SSL, addCredential)(TCN_STDARGS, jlong ssl, jlong cred) { - if (!check_credential_api(e)) return; +#ifdef OPENSSL_IS_BORINGSSL SSL *ssl_ = J2P(ssl, SSL *); TCN_CHECK_NULL(ssl_, ssl, /* void */); - -#ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* credential = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(credential, credential, /* void */); @@ -2693,22 +2710,23 @@ if (result == 0) { tcn_Throw(e, "Failed to add credential to SSL"); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } TCN_IMPLEMENT_CALL(jlong, SSL, getSelectedCredential)(TCN_STDARGS, jlong ssl) { - if (!check_credential_api(e)) return 0; +#ifdef OPENSSL_IS_BORINGSSL SSL *ssl_ = J2P(ssl, SSL *); TCN_CHECK_NULL(ssl_, ssl, 0); - -#ifdef OPENSSL_IS_BORINGSSL const SSL_CREDENTIAL* credential = SSL_get0_selected_credential(ssl_); if (credential == NULL) { return 0; } return (jlong)(intptr_t)credential; #else - return 0; // Unreachable - check_credential_api throws + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); + return 0; #endif } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/src/main/c/ssl_private.h new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/src/main/c/ssl_private.h --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/src/main/c/ssl_private.h 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/src/main/c/ssl_private.h 2026-06-12 08:47:26.000000000 +0200 @@ -521,42 +521,4 @@ #define tcn_SSL_set1_curves(s, glist, glistlen) SSL_ctrl(s, SSL_CTRL_SET_GROUPS, glistlen,(char *)(glist)) #endif // defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) -// SSL_CREDENTIAL API runtime detection for FIPS compatibility -#ifdef OPENSSL_IS_BORINGSSL -// Use weak symbols to detect if SSL_CREDENTIAL API is available at runtime -// FIPS BoringSSL builds (fips-20230428 and earlier) don't have these symbols -__attribute__((weak)) extern SSL_CREDENTIAL* SSL_CREDENTIAL_new_x509(void); -__attribute__((weak)) extern SSL_CREDENTIAL* SSL_CREDENTIAL_new_delegated(void); -__attribute__((weak)) extern void SSL_CREDENTIAL_free(SSL_CREDENTIAL*); -__attribute__((weak)) extern void SSL_CREDENTIAL_up_ref(SSL_CREDENTIAL*); -__attribute__((weak)) extern int SSL_CREDENTIAL_set1_private_key(SSL_CREDENTIAL*, EVP_PKEY*); -__attribute__((weak)) extern int SSL_CREDENTIAL_set1_cert_chain(SSL_CREDENTIAL*, CRYPTO_BUFFER *const*, size_t); -__attribute__((weak)) extern int SSL_CREDENTIAL_set1_trust_anchor_id(SSL_CREDENTIAL*, const uint8_t*, size_t); -__attribute__((weak)) extern void SSL_CREDENTIAL_set_must_match_issuer(SSL_CREDENTIAL*, int); -__attribute__((weak)) extern int SSL_CREDENTIAL_set1_ocsp_response(SSL_CREDENTIAL*, CRYPTO_BUFFER*); -__attribute__((weak)) extern int SSL_CREDENTIAL_set1_signed_cert_timestamp_list(SSL_CREDENTIAL*, CRYPTO_BUFFER*); -__attribute__((weak)) extern int SSL_CREDENTIAL_set1_certificate_properties(SSL_CREDENTIAL*, CRYPTO_BUFFER*); -__attribute__((weak)) extern int SSL_CREDENTIAL_set1_signing_algorithm_prefs(SSL_CREDENTIAL*, const uint16_t*, size_t); -__attribute__((weak)) extern int SSL_CREDENTIAL_set1_delegated_credential(SSL_CREDENTIAL*, CRYPTO_BUFFER*); -__attribute__((weak)) extern int SSL_add1_credential(SSL*, SSL_CREDENTIAL*); -__attribute__((weak)) extern int SSL_CTX_add1_credential(SSL_CTX*, SSL_CREDENTIAL*); -__attribute__((weak)) extern const SSL_CREDENTIAL* SSL_get0_selected_credential(const SSL*); - -// Check if credential API is available and throw if not -// Returns 1 if available, 0 if not (with exception thrown) -static inline int check_credential_api(JNIEnv* e) { - if (SSL_CREDENTIAL_new_x509 == NULL) { - tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); - return 0; - } - return 1; -} - -#else -__attribute__((unused)) static inline int check_credential_api(JNIEnv* e) { - tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); - return 0; -} -#endif // OPENSSL_IS_BORINGSSL - #endif /* SSL_PRIVATE_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/src/main/c/sslcontext.c new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/src/main/c/sslcontext.c --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/src/main/c/sslcontext.c 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/src/main/c/sslcontext.c 2026-06-12 08:47:26.000000000 +0200 @@ -2983,11 +2983,10 @@ } TCN_IMPLEMENT_CALL(void, SSLContext, addCredential)(TCN_STDARGS, jlong ctx, jlong cred) { - if (!check_credential_api(e)) return; +#ifdef OPENSSL_IS_BORINGSSL tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); TCN_CHECK_NULL(c, ctx, /* void */); -#ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* credential = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(credential, credential, /* void */); @@ -2995,6 +2994,8 @@ if (result == 0) { tcn_Throw(e, "Failed to add credential to SSL_CTX"); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/src/main/c/sslcredential.c new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/src/main/c/sslcredential.c --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-dynamic/src/main/c/sslcredential.c 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-dynamic/src/main/c/sslcredential.c 2026-06-12 08:47:26.000000000 +0200 @@ -43,38 +43,39 @@ // Core SSL_CREDENTIAL functions TCN_IMPLEMENT_CALL(jlong, SSLCredential, newX509)(TCN_STDARGS) { - if (!check_credential_api(e)) return 0; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* cred = SSL_CREDENTIAL_new_x509(); TCN_CHECK_NULL(cred, credential, 0); return (jlong)(intptr_t)cred; #else - return 0; // Unreachable - check_credential_api throws + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); + return 0; #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, upRef)(TCN_STDARGS, jlong cred) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); SSL_CREDENTIAL_up_ref(c); +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, free)(TCN_STDARGS, jlong cred) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; if (c != NULL) { SSL_CREDENTIAL_free(c); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } // SSL_CREDENTIAL configuration methods TCN_IMPLEMENT_CALL(void, SSLCredential, setPrivateKey)(TCN_STDARGS, jlong cred, jlong key) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; EVP_PKEY* pkey = (EVP_PKEY*)(intptr_t)key; @@ -85,11 +86,12 @@ if (SSL_CREDENTIAL_set1_private_key(c, pkey) == 0) { throw_openssl_error(e, "Failed to set private key"); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, setCertChain)(TCN_STDARGS, jlong cred, jlong certChainStack) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); @@ -117,11 +119,12 @@ if (result == 0) { throw_openssl_error(e, "Failed to set certificate chain"); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, setOcspResponse)(TCN_STDARGS, jlong cred, jbyteArray ocsp) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); @@ -147,11 +150,12 @@ if (result == 0) { throw_openssl_error(e, "Failed to set OCSP response"); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, setSigningAlgorithmPrefs)(TCN_STDARGS, jlong cred, jintArray prefs) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); @@ -184,11 +188,12 @@ if (result == 0) { throw_openssl_error(e, "Failed to set signing algorithm preferences"); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, setCertificateProperties)(TCN_STDARGS, jlong cred, jbyteArray cert_props) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); @@ -214,11 +219,12 @@ if (result == 0) { throw_openssl_error(e, "Failed to set certificate properties"); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, setSignedCertTimestampList)(TCN_STDARGS, jlong cred, jbyteArray sct_list) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); @@ -244,21 +250,23 @@ if (result == 0) { throw_openssl_error(e, "Failed to set signed certificate timestamp list"); } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, setMustMatchIssuer)(TCN_STDARGS, jlong cred, jboolean match) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); SSL_CREDENTIAL_set_must_match_issuer(c, match == JNI_TRUE ? 1 : 0); +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } // Trust anchor configuration TCN_IMPLEMENT_CALL(void, SSLCredential, setTrustAnchorId)(TCN_STDARGS, jlong cred, jbyteArray id) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); @@ -280,12 +288,13 @@ throw_openssl_error(e, "Failed to set trust anchor ID"); return; } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } // Delegated credentials TCN_IMPLEMENT_CALL(jlong, SSLCredential, newDelegated)(TCN_STDARGS) { - if (!check_credential_api(e)) return 0; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* credential = SSL_CREDENTIAL_new_delegated(); if (credential == NULL) { @@ -294,12 +303,12 @@ } return (jlong)(intptr_t)credential; #else - return 0; // Unreachable - check_credential_api throws + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); + return 0; #endif } TCN_IMPLEMENT_CALL(void, SSLCredential, setDelegatedCredential)(TCN_STDARGS, jlong cred, jbyteArray dc) { - if (!check_credential_api(e)) return; #ifdef OPENSSL_IS_BORINGSSL SSL_CREDENTIAL* c = (SSL_CREDENTIAL*)(intptr_t)cred; TCN_CHECK_NULL(c, credential, /* void */); @@ -326,6 +335,8 @@ throw_openssl_error(e, "Failed to set delegated credential"); return; } +#else + tcn_ThrowUnsupportedOperationException(e, "SSL_CREDENTIAL API not available."); #endif } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-static/pom.xml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-static/pom.xml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/openssl-static/pom.xml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/openssl-static/pom.xml 2026-06-12 08:47:26.000000000 +0200 @@ -19,7 +19,7 @@ <parent> <groupId>io.netty</groupId> <artifactId>netty-tcnative-parent</artifactId> - <version>2.0.77.Final</version> + <version>2.0.79.Final</version> </parent> <artifactId>netty-tcnative-openssl-static</artifactId> <packaging>jar</packaging> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/pom.xml new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/pom.xml --- old/netty-tcnative-netty-tcnative-parent-2.0.77.Final/pom.xml 2026-04-23 11:49:13.000000000 +0200 +++ new/netty-tcnative-netty-tcnative-parent-2.0.79.Final/pom.xml 2026-06-12 08:47:26.000000000 +0200 @@ -24,7 +24,7 @@ <groupId>io.netty</groupId> <artifactId>netty-tcnative-parent</artifactId> - <version>2.0.77.Final</version> + <version>2.0.79.Final</version> <packaging>pom</packaging> <name>Netty/TomcatNative [Parent]</name> @@ -75,7 +75,7 @@ <properties> <maven.javadoc.failOnError>false</maven.javadoc.failOnError> <checkstyle.skip>true</checkstyle.skip> - <enforcer.plugin.version>1.4.1</enforcer.plugin.version> + <enforcer.plugin.version>3.0.0</enforcer.plugin.version> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <maven.compiler.release>8</maven.compiler.release> @@ -161,14 +161,6 @@ <plugin> <artifactId>maven-enforcer-plugin</artifactId> <version>${enforcer.plugin.version}</version> - <dependencies> - <!-- Provides the 'requireFilesContent' enforcer rule. --> - <dependency> - <groupId>com.ceilfors.maven.plugin</groupId> - <artifactId>enforcer-rules</artifactId> - <version>1.2.0</version> - </dependency> - </dependencies> </plugin> <plugin> <groupId>org.fusesource.hawtjni</groupId> @@ -851,27 +843,10 @@ <property>os.detected.classifier</property> <regex>^linux-x86_64$</regex> </requireProperty> - <requireFilesContent> - <message> - Release process must be performed on RHEL 6.8 or its derivatives. - </message> - <files> - <file>/etc/redhat-release</file> - </files> - <content>release 6.</content> - </requireFilesContent> </rules> </configuration> </execution> </executions> - <dependencies> - <!-- Provides the 'requireFilesContent' enforcer rule. --> - <dependency> - <groupId>com.ceilfors.maven.plugin</groupId> - <artifactId>enforcer-rules</artifactId> - <version>1.2.0</version> - </dependency> - </dependencies> </plugin> </plugins> </build>
