Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package netty for openSUSE:Factory checked
in at 2025-08-22 17:49:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/netty (Old)
and /work/SRC/openSUSE:Factory/.netty.new.29662 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netty"
Fri Aug 22 17:49:16 2025 rev:8 rq:1300905 version:4.1.124
Changes:
--------
--- /work/SRC/openSUSE:Factory/netty/netty.changes 2025-07-25
17:05:21.609349440 +0200
+++ /work/SRC/openSUSE:Factory/.netty.new.29662/netty.changes 2025-08-22
17:50:16.398122564 +0200
@@ -1,0 +2,21 @@
+Fri Aug 22 05:25:09 UTC 2025 - Fridrich Strba <fst...@suse.com>
+
+- Upgrade to upstream version 4.1.124
+ * Fixes
+ + MadeYouReset HTTP/2 DDoS vulnerability
+ (CVE-2025-55163, bsc#1247991)
+ + Fix NPE and AssertionErrors when many tasks are scheduled and
+ cancelled
+ + HTTP2: Http2ConnectionHandler should always use
+ Http2ConnectionEncoder
+ + Epoll: Correctly handle UDP packets with source port of 0
+ + Fix netty-common OSGi Import-Package header
+ + MqttConnectPayload.toString() includes password
+- Modified patches:
+ * 0001-Remove-optional-dep-Blockhound.patch
+ * 0002-Remove-optional-dep-conscrypt.patch
+ * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
+ * 0004-Disable-Brotli-and-ZStd-compression.patch
+ + rediff
+
+-------------------------------------------------------------------
Old:
----
netty-4.1.123.Final.tar.gz
New:
----
_scmsync.obsinfo
build.specials.obscpio
netty-4.1.124.Final.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ netty.spec ++++++
--- /var/tmp/diff_new_pack.ZmCHuG/_old 2025-08-22 17:50:17.414164899 +0200
+++ /var/tmp/diff_new_pack.ZmCHuG/_new 2025-08-22 17:50:17.414164899 +0200
@@ -1,7 +1,7 @@
#
# spec file for package netty
#
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%global namedreltag .Final
%global namedversion %{version}%{?namedreltag}
Name: netty
-Version: 4.1.123
+Version: 4.1.124
Release: 0
Summary: An asynchronous event-driven network application framework and
tools for Java
License: Apache-2.0
++++++ 0001-Remove-optional-dep-Blockhound.patch ++++++
++++ 872 lines (skipped)
++++ between
/work/SRC/openSUSE:Factory/netty/0001-Remove-optional-dep-Blockhound.patch
++++ and
/work/SRC/openSUSE:Factory/.netty.new.29662/0001-Remove-optional-dep-Blockhound.patch
++++++ 0002-Remove-optional-dep-conscrypt.patch ++++++
--- /var/tmp/diff_new_pack.ZmCHuG/_old 2025-08-22 17:50:17.458166732 +0200
+++ /var/tmp/diff_new_pack.ZmCHuG/_new 2025-08-22 17:50:17.462166899 +0200
@@ -1,7 +1,7 @@
-From 8f4108d30a1a883b60bc944165ab1ecd91792d2e Mon Sep 17 00:00:00 2001
+From 55c1dd2fea13516c9fee6b5365bd6fe7e701a7ec Mon Sep 17 00:00:00 2001
From: Mat Booth <mat.bo...@redhat.com>
Date: Mon, 7 Sep 2020 13:24:30 +0100
-Subject: [PATCH 2/4] Remove optional dep conscrypt
+Subject: [PATCH 2/7] Remove optional dep conscrypt
---
handler/pom.xml | 6 -
@@ -15,7 +15,7 @@
delete mode 100644
handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
diff --git a/handler/pom.xml b/handler/pom.xml
-index d13a8b48ed..e8375d6273 100644
+index 36ebf83f49..f5f179584b 100644
--- a/handler/pom.xml
+++ b/handler/pom.xml
@@ -96,12 +96,6 @@
@@ -367,10 +367,10 @@
// https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8230977.
// Because of this lets not do a Java version runtime check but
just depend on if the required methods are
diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
-index f80b3004a8..6159b87ca2 100644
+index 2e8e15fd84..1a6a84b1c6 100644
--- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
+++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
-@@ -250,55 +250,6 @@ public class SslHandler extends ByteToMessageDecoder
implements ChannelOutboundH
+@@ -251,55 +251,6 @@ public class SslHandler extends ByteToMessageDecoder
implements ChannelOutboundH
return ((ReferenceCountedOpenSslEngine)
engine).jdkCompatibilityMode;
}
},
@@ -426,7 +426,7 @@
JDK(false, MERGE_CUMULATOR) {
@Override
SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int len,
ByteBuf out) throws SSLException {
-@@ -357,8 +308,7 @@ public class SslHandler extends ByteToMessageDecoder
implements ChannelOutboundH
+@@ -358,8 +309,7 @@ public class SslHandler extends ByteToMessageDecoder
implements ChannelOutboundH
};
static SslEngineType forEngine(SSLEngine engine) {
@@ -437,10 +437,10 @@
SslEngineType(boolean wantsDirectBuffer, Cumulator cumulator) {
diff --git a/pom.xml b/pom.xml
-index 6b389326a4..e3d8295642 100644
+index 76f3dc1728..b3188b816f 100644
--- a/pom.xml
+++ b/pom.xml
-@@ -918,16 +918,6 @@
+@@ -895,16 +895,6 @@
<optional>true</optional>
</dependency>
@@ -458,6 +458,6 @@
<dependency>
<groupId>software.amazon.cryptools</groupId>
--
-2.50.1
+2.48.1
++++++ 0003-Remove-optional-deps-jetty-alpn-and-npn.patch ++++++
--- /var/tmp/diff_new_pack.ZmCHuG/_old 2025-08-22 17:50:17.474167399 +0200
+++ /var/tmp/diff_new_pack.ZmCHuG/_new 2025-08-22 17:50:17.478167565 +0200
@@ -1,7 +1,7 @@
-From 80592dee40e6b80b630c5931e4e76d0bbe7e9cfd Mon Sep 17 00:00:00 2001
+From daed233559d36cfb8f5136403eb2224da0d89b82 Mon Sep 17 00:00:00 2001
From: Mat Booth <mat.bo...@redhat.com>
Date: Mon, 7 Sep 2020 13:26:20 +0100
-Subject: [PATCH 3/4] Remove optional deps jetty alpn and npn
+Subject: [PATCH 3/7] Remove optional deps jetty alpn and npn
---
handler/pom.xml | 10 --
@@ -15,7 +15,7 @@
delete mode 100644
handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
diff --git a/handler/pom.xml b/handler/pom.xml
-index e8375d6273..6b9a3dd5f7 100644
+index 46c20028eb..35bdbf9272 100644
--- a/handler/pom.xml
+++ b/handler/pom.xml
@@ -86,16 +86,6 @@
@@ -374,10 +374,10 @@
- }
-}
diff --git a/pom.xml b/pom.xml
-index e3d8295642..e6759f0794 100644
+index ae68f4ebe8..176b8e9a96 100644
--- a/pom.xml
+++ b/pom.xml
-@@ -875,20 +875,6 @@
+@@ -815,20 +815,6 @@
<optional>true</optional>
</dependency>
@@ -399,6 +399,6 @@
<dependency>
<groupId>com.google.protobuf</groupId>
--
-2.50.1
+2.46.1
++++++ 0004-Disable-Brotli-and-ZStd-compression.patch ++++++
--- /var/tmp/diff_new_pack.ZmCHuG/_old 2025-08-22 17:50:17.494168232 +0200
+++ /var/tmp/diff_new_pack.ZmCHuG/_new 2025-08-22 17:50:17.498168399 +0200
@@ -1,7 +1,7 @@
-From e93d8f3b39a67d1726304d8fe29f5ca8584d60e0 Mon Sep 17 00:00:00 2001
+From 54262615f71f8e201500f31c5fb96d4103228711 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <fridrich.st...@bluewin.ch>
Date: Thu, 30 Mar 2023 13:19:04 +0200
-Subject: [PATCH 4/4] Disable Brotli and ZStd compression
+Subject: [PATCH 4/7] Disable Brotli and ZStd compression
---
.../codec/http/HttpContentCompressor.java | 107 +-----------------
@@ -217,7 +217,7 @@
- }
}
diff --git
a/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecompressor.java
b/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecompressor.java
-index 44e6195332..ea461844af 100644
+index 3b1134b038..c2f3150bfd 100644
---
a/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecompressor.java
+++
b/codec-http/src/main/java/io/netty/handler/codec/http/HttpContentDecompressor.java
@@ -15,23 +15,15 @@
@@ -244,7 +244,7 @@
/**
* Decompresses an {@link HttpMessage} and an {@link HttpContent} compressed
in
-@@ -102,20 +94,6 @@ public class HttpContentDecompressor extends
HttpContentDecoder {
+@@ -72,20 +64,6 @@ public class HttpContentDecompressor extends
HttpContentDecoder {
return new EmbeddedChannel(ctx.channel().id(),
ctx.channel().metadata().hasDisconnect(),
ctx.channel().config(),
ZlibCodecFactory.newZlibDecoder(wrapper, maxAllocation));
}
@@ -370,7 +370,7 @@
return null;
}
diff --git
a/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java
b/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java
-index 4c25f0adb7..3e3cdddeb4 100644
+index 88245d1116..de44d6013b 100644
---
a/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java
+++
b/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java
@@ -19,24 +19,16 @@ import io.netty.buffer.Unpooled;
@@ -398,7 +398,7 @@
import static io.netty.handler.codec.http2.Http2Error.INTERNAL_ERROR;
import static io.netty.handler.codec.http2.Http2Exception.streamError;
import static io.netty.util.internal.ObjectUtil.checkNotNull;
-@@ -233,18 +225,6 @@ public class DelegatingDecompressorFrameListener extends
Http2FrameListenerDecor
+@@ -181,18 +173,6 @@ public class DelegatingDecompressorFrameListener extends
Http2FrameListenerDecor
return new EmbeddedChannel(ctx.channel().id(),
ctx.channel().metadata().hasDisconnect(),
ctx.channel().config(),
ZlibCodecFactory.newZlibDecoder(wrapper, maxAllocation));
}
@@ -509,6 +509,6 @@
* Default implementation of {@link GzipOptions} with
* {@code compressionLevel()} set to 6, {@code windowBits()} set to 15
and {@code memLevel()} set to 8.
--
-2.50.1
+2.48.1
++++++ _scmsync.obsinfo ++++++
mtime: 1755843252
commit: 0ccd0c30386d1e74eddf3c7c2a31ee325d8aed6126fd5d275a33880f6e9e15e4
url: https://src.opensuse.org/java-packages/netty.git
revision: 0ccd0c30386d1e74eddf3c7c2a31ee325d8aed6126fd5d275a33880f6e9e15e4
projectscmsync: https://src.opensuse.org/java-packages/_ObsPrj
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2025-08-22 08:17:44.000000000 +0200
@@ -0,0 +1 @@
+.osc
++++++ netty-4.1.123.Final.tar.gz -> netty-4.1.124.Final.tar.gz ++++++
++++ 1653 lines of diff (skipped)
