Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package netty for openSUSE:Factory checked in at 2026-05-15 23:54:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/netty (Old) and /work/SRC/openSUSE:Factory/.netty.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netty" Fri May 15 23:54:30 2026 rev:14 rq:1353304 version:4.1.133 Changes: -------- --- /work/SRC/openSUSE:Factory/netty/netty.changes 2026-03-30 18:37:57.003739693 +0200 +++ /work/SRC/openSUSE:Factory/.netty.new.1966/netty.changes 2026-05-15 23:54:51.844452902 +0200 @@ -1,0 +2,47 @@ +Fri May 15 06:22:56 UTC 2026 - Fridrich Strba <[email protected]> + +- Upgrade to upstream version 4.1.133 + * Security fixes: + + CVE-2026-42586, bsc#1265245 (netty-codec-redis) + + CVE-2026-42578, bsc#1265243 (netty-handler-proxy) + + CVE-2026-42587, bsc#1265246 (netty-codec-http, + netty-codec-http2) + + CVE-2026-41417, bsc#1264350 (netty-codec-http) + + CVE-2026-42581, bsc#1265277 (netty-codec-http) + + CVE-2026-42580, bsc#1265273 (netty-codec-http) + + CVE-2026-42585, bsc#1265292 (netty-codec-http) + + CVE-2026-42579, bsc#1265272 (netty-codec-dns) + + CVE-2026-42582 (netty-codec-http3) + + CVE-2026-42583, bsc#1265279 (netty-codec, + netty-codec-compression) + + CVE-2026-42584, bsc#1265280 (netty-codec-http) + + CVE-2026-44248, bsc#1265294 (netty-codec-mqtt) + * Other significant changes: + + Fix IndexOutOfBoundsException in StompSubframeDecoder on + heartbeat + + Kqueue: sendfile EINTR doesn't advance offset - data + duplication + + Avoid leak in PemReader on OutOfDirectMemoryError + + Native DNS resolver: Guard against malloc failures + + Include user properties and subscription IDs in + MqttProperties#isEmpty + + Fix parsing HTTP chunks with multiple extensions + + Epoll: Cleanup code to always return negative value on failure + + Native transports: Correctly create pipe when pipe2 is not + supported + + Use stream error for maxContentLength exceeded in + InboundHttp2ToHttpAdapter + + Fix shutdownInput bug in kqueue for empty recv buffer + + Kqueue: Fix usage of LOCAL_PEERPID + + HTTP2: Ensure HTTP2 preface is always send as first message + + HTTP2: Ensure HTTP2 preface is always send as first message + (also on the server) + + Deprecate ObjectCleaner and remove usage + + Update to netty-tcnative 2.0.77.Final + + Avoid NPE in JdkSslServerContext when TrustManagerFactory + returns null + + Avoid NPE in JdkSslClientContext when TrustManagerFactory + returns null + + SCTP: Correctly handle SO_BACKLOG + +------------------------------------------------------------------- Old: ---- netty-4.1.132.Final.tar.gz New: ---- netty-4.1.133.Final.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ netty.spec ++++++ --- /var/tmp/diff_new_pack.ZSpEJ6/_old 2026-05-15 23:54:52.716488797 +0200 +++ /var/tmp/diff_new_pack.ZSpEJ6/_new 2026-05-15 23:54:52.720488962 +0200 @@ -19,7 +19,7 @@ %global namedreltag .Final %global namedversion %{version}%{?namedreltag} Name: netty -Version: 4.1.132 +Version: 4.1.133 Release: 0 Summary: An asynchronous event-driven network application framework and tools for Java License: Apache-2.0 ++++++ 0001-Remove-optional-dep-Blockhound.patch ++++++ --- /var/tmp/diff_new_pack.ZSpEJ6/_old 2026-05-15 23:54:52.752490280 +0200 +++ /var/tmp/diff_new_pack.ZSpEJ6/_new 2026-05-15 23:54:52.760490609 +0200 @@ -1,4 +1,4 @@ -From 9d0068f1c06538bf1dc550410fc935529903fcab Mon Sep 17 00:00:00 2001 +From 28914f7d84e049493c67a4c5f065627b188c23ec Mon Sep 17 00:00:00 2001 From: Mat Booth <[email protected]> Date: Mon, 7 Sep 2020 12:17:31 +0100 Subject: [PATCH 1/4] Remove optional dep Blockhound @@ -9,11 +9,11 @@ ...ockhound.integration.BlockHoundIntegration | 14 - pom.xml | 8 - transport-blockhound-tests/pom.xml | 228 ------- - .../NettyBlockHoundIntegrationTest.java | 570 ------------------ + .../NettyBlockHoundIntegrationTest.java | 593 ------------------ .../netty/util/internal/localhost_server.key | 28 - .../netty/util/internal/localhost_server.pem | 17 - .../io/netty/util/internal/mutual_auth_ca.pem | 19 - - 9 files changed, 1089 deletions(-) + 9 files changed, 1112 deletions(-) delete mode 100644 common/src/main/java/io/netty/util/internal/Hidden.java delete mode 100644 common/src/main/resources/META-INF/services/reactor.blockhound.integration.BlockHoundIntegration delete mode 100644 transport-blockhound-tests/pom.xml @@ -23,7 +23,7 @@ delete mode 100644 transport-blockhound-tests/src/test/resources/io/netty/util/internal/mutual_auth_ca.pem diff --git a/common/pom.xml b/common/pom.xml -index fd6df47e93..260628c2e2 100644 +index 19419fc648..930c18e029 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -89,11 +89,6 @@ @@ -266,10 +266,10 @@ -io.netty.util.internal.Hidden$NettyBlockHoundIntegration \ No newline at end of file diff --git a/pom.xml b/pom.xml -index 802c51e149..1861ad1d25 100644 +index 8e0191e28c..ab4b5c1afa 100644 --- a/pom.xml +++ b/pom.xml -@@ -905,7 +905,6 @@ +@@ -908,7 +908,6 @@ <module>testsuite-native-image</module> <module>testsuite-native-image-client</module> <module>testsuite-native-image-client-runtime-init</module> @@ -277,7 +277,7 @@ <module>microbench</module> <module>bom</module> </modules> -@@ -1328,13 +1327,6 @@ +@@ -1331,13 +1330,6 @@ <version>${log4j2.version}</version> <scope>test</scope> </dependency> @@ -293,7 +293,7 @@ diff --git a/transport-blockhound-tests/pom.xml b/transport-blockhound-tests/pom.xml deleted file mode 100644 -index 6e6ba5c53e..0000000000 +index 8ee4d2585d..0000000000 --- a/transport-blockhound-tests/pom.xml +++ /dev/null @@ -1,228 +0,0 @@ @@ -319,7 +319,7 @@ - <parent> - <groupId>io.netty</groupId> - <artifactId>netty-parent</artifactId> -- <version>4.1.132.Final</version> +- <version>4.1.133.Final</version> - </parent> - - <artifactId>netty-transport-blockhound-tests</artifactId> @@ -527,10 +527,10 @@ -</project> diff --git a/transport-blockhound-tests/src/test/java/io/netty/util/internal/NettyBlockHoundIntegrationTest.java b/transport-blockhound-tests/src/test/java/io/netty/util/internal/NettyBlockHoundIntegrationTest.java deleted file mode 100644 -index 3b8da14d4e..0000000000 +index ed0845ac0e..0000000000 --- a/transport-blockhound-tests/src/test/java/io/netty/util/internal/NettyBlockHoundIntegrationTest.java +++ /dev/null -@@ -1,570 +0,0 @@ +@@ -1,593 +0,0 @@ -/* - * Copyright 2019 The Netty Project - @@ -638,9 +638,12 @@ - - @Test - public void testBlockingCallsInNettyThreads() throws Exception { -- final FutureTask<Void> future = new FutureTask<>(() -> { -- Thread.sleep(0); -- return null; +- final FutureTask<Void> future = new FutureTask<>(new Callable<Void>() { +- @Override +- public Void call() throws Exception { +- Thread.sleep(0); +- return null; +- } - }); - GlobalEventExecutor.INSTANCE.execute(future); - @@ -706,9 +709,16 @@ - }; - taskQueue.emulateContention(); - CountDownLatch latch = new CountDownLatch(1); -- executor.submit(() -> { -- executor.execute(() -> { }); // calls addTask -- latch.countDown(); +- executor.submit(new Runnable() { +- @Override +- public void run() { +- executor.execute(new Runnable() { +- @Override +- public void run() { +- } +- }); // calls addTask +- latch.countDown(); +- } - }); - taskQueue.waitUntilContented(); - taskQueue.removeContention(); @@ -717,9 +727,12 @@ - - @Test - void permittingBlockingCallsInFastThreadLocalThreadSubclass() throws Exception { -- final FutureTask<Void> future = new FutureTask<>(() -> { -- Thread.sleep(0); -- return null; +- final FutureTask<Void> future = new FutureTask<>(new Callable<Void>() { +- @Override +- public Void call() throws Exception { +- Thread.sleep(0); +- return null; +- } - }); - FastThreadLocalThread thread = new FastThreadLocalThread(future) { - @Override @@ -873,8 +886,12 @@ - } - }) - .connect(sc.localAddress()) -- .addListener((ChannelFutureListener) future -> -- future.channel().writeAndFlush(wrappedBuffer(new byte [] { 1, 2, 3, 4 }))) +- .addListener(new ChannelFutureListener() { +- @Override +- public void operationComplete(ChannelFuture future) throws Exception { +- future.channel().writeAndFlush(wrappedBuffer(new byte[]{1, 2, 3, 4})); +- } +- }) - .syncUninterruptibly() - .channel(); - @@ -897,20 +914,23 @@ - public void pooledBufferAllocation() throws Exception { - AtomicLong iterationCounter = new AtomicLong(); - PooledByteBufAllocator allocator = PooledByteBufAllocator.DEFAULT; -- FutureTask<Void> task = new FutureTask<>(() -> { -- List<ByteBuf> buffers = new ArrayList<>(); -- long count; -- do { -- count = iterationCounter.get(); -- } while (count == 0); -- for (int i = 0; i < 13; i++) { -- int size = 8 << i; -- buffers.add(allocator.ioBuffer(size, size)); -- } -- for (ByteBuf buffer : buffers) { -- buffer.release(); +- FutureTask<Void> task = new FutureTask<>(new Callable<Void>() { +- @Override +- public Void call() throws Exception { +- List<ByteBuf> buffers = new ArrayList<>(); +- long count; +- do { +- count = iterationCounter.get(); +- } while (count == 0); +- for (int i = 0; i < 13; i++) { +- int size = 8 << i; +- buffers.add(allocator.ioBuffer(size, size)); +- } +- for (ByteBuf buffer : buffers) { +- buffer.release(); +- } +- return null; - } -- return null; - }); - FastThreadLocalThread thread = new FastThreadLocalThread(task); - thread.start(); @@ -966,13 +986,16 @@ - CountDownLatch latch = new CountDownLatch(1); - List<Object> result = new ArrayList<>(); - List<Throwable> error = new ArrayList<>(); -- executor.execute(() -> { -- try { -- result.add(callable.call()); -- } catch (Throwable t) { -- error.add(t); +- executor.execute(new Runnable() { +- @Override +- public void run() { +- try { +- result.add(callable.call()); +- } catch (Throwable t) { +- error.add(t); +- } +- latch.countDown(); - } -- latch.countDown(); - }); - latch.await(); - assertEquals(0, error.size()); @@ -1184,6 +1207,6 @@ -hH82y9bBeflqroOeztqMpONpWoZjlz0sWbJNvXztXINL7LaNmVYOcoUrCcxPS54T ------END CERTIFICATE----- -- -2.53.0 +2.54.0 ++++++ 0004-Disable-Brotli-and-ZStd-compression.patch ++++++ --- /var/tmp/diff_new_pack.ZSpEJ6/_old 2026-05-15 23:54:52.792491926 +0200 +++ /var/tmp/diff_new_pack.ZSpEJ6/_new 2026-05-15 23:54:52.796492091 +0200 @@ -1,4 +1,4 @@ -From 2b8eb312dc9076d8dc1b48761a05cfd92a95c56d Mon Sep 17 00:00:00 2001 +From 0731b63b314c2e2e103e66b67db90b96fc022d89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <[email protected]> Date: Thu, 30 Mar 2023 13:19:04 +0200 Subject: [PATCH 4/4] Disable Brotli and ZStd compression @@ -333,7 +333,7 @@ return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), ctx.channel().config(), new SnappyFrameEncoder()); diff --git a/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java b/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java -index 0587cf49c1..680ec07c12 100644 +index 5cb6b44afd..5b2f35bea0 100644 --- a/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java +++ b/codec-http2/src/main/java/io/netty/handler/codec/http2/DelegatingDecompressorFrameListener.java @@ -20,24 +20,18 @@ import io.netty.channel.ChannelHandlerContext; @@ -361,13 +361,13 @@ import static io.netty.handler.codec.http2.Http2Error.INTERNAL_ERROR; import static io.netty.handler.codec.http2.Http2Exception.streamError; import static io.netty.util.internal.ObjectUtil.checkNotNull; -@@ -175,18 +169,10 @@ public class DelegatingDecompressorFrameListener extends Http2FrameListenerDecor +@@ -179,18 +173,10 @@ public class DelegatingDecompressorFrameListener extends Http2FrameListenerDecor return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), ctx.channel().config(), ZlibCodecFactory.newZlibDecoder(wrapper, maxAllocation)); } - if (Brotli.isAvailable() && BR.contentEqualsIgnoreCase(contentEncoding)) { - return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), -- ctx.channel().config(), new BrotliDecoder()); +- ctx.channel().config(), new BrotliDecoder(maxAllocation)); - } if (SNAPPY.contentEqualsIgnoreCase(contentEncoding)) { return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), @@ -375,7 +375,7 @@ } - if (Zstd.isAvailable() && ZSTD.contentEqualsIgnoreCase(contentEncoding)) { - return new EmbeddedChannel(ctx.channel().id(), ctx.channel().metadata().hasDisconnect(), -- ctx.channel().config(), new ZstdDecoder()); +- ctx.channel().config(), new ZstdDecoder(maxAllocation)); - } // 'identity' or unsupported return null; @@ -465,6 +465,6 @@ * Create a new {@link SnappyOptions} */ -- -2.53.0 +2.54.0 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.ZSpEJ6/_old 2026-05-15 23:54:52.828493408 +0200 +++ /var/tmp/diff_new_pack.ZSpEJ6/_new 2026-05-15 23:54:52.832493573 +0200 @@ -1,6 +1,6 @@ -mtime: 1774875540 -commit: d6c364f7e6bbf7dbbb8d48be78e93983e53f133c580cae58bf5608bd61ba303e -url: https://src.opensuse.org/java-packages/netty.git -revision: d6c364f7e6bbf7dbbb8d48be78e93983e53f133c580cae58bf5608bd61ba303e +mtime: 1778828762 +commit: e896793d0285e5c512f793a5537e35bffd215a0c24864a445434b1fb6c0036e6 +url: https://src.opensuse.org/java-packages/netty +revision: e896793d0285e5c512f793a5537e35bffd215a0c24864a445434b1fb6c0036e6 projectscmsync: https://src.opensuse.org/java-packages/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-15 09:06:02.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ netty-4.1.132.Final.tar.gz -> netty-4.1.133.Final.tar.gz ++++++ ++++ 5302 lines of diff (skipped)
