| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: netty | Distribution: openSUSE Tumbleweed |
| Version: 4.1.126 | Vendor: openSUSE |
| Release: 1.1 | Build date: Thu Sep 4 15:02:53 2025 |
| Group: Unspecified | Build host: reproducible |
| Size: 5027096 | Source RPM: netty-4.1.126-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://netty.io/ | |
| Summary: An asynchronous event-driven network application framework and tools for Java | |
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application will suffer from a maintainability or a performance issue. Netty has been designed carefully with the experiences earned from the implementation of a lot of protocols such as FTP, SMTP, HTTP, and various binary and text-based legacy protocols. As a result, Netty has succeeded to find a way to achieve ease of development, performance, stability, and flexibility without a compromise.
Apache-2.0
* Thu Sep 04 2025 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.126
* Fixes
+ Decompression codecs vulnerable to DoS via zip bomb style
attack (bsc#1249134, CVE-2025-58057)
+ Request smuggling due to incorrect parsing of chunk extensions
(bsc#1249116, CVE-2025-58056)
+ Fix IllegalReferenceCountException on invalid upgrade response
+ Drop unknown frame on missing stream
+ Don't try to handle incomplete upgrade request
+ Make org.graalvm.nativeimage:svm optional in netty-common
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
+ rediff
* Fri Aug 22 2025 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.124
* Fixes
+ MadeYouReset HTTP/2 DDoS vulnerability
(CVE-2025-55163, bsc#1247991)
+ Fix NPE and AssertionErrors when many tasks are scheduled and
cancelled
+ HTTP2: Http2ConnectionHandler should always use
Http2ConnectionEncoder
+ Epoll: Correctly handle UDP packets with source port of 0
+ Fix netty-common OSGi Import-Package header
+ MqttConnectPayload.toString() includes password
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
+ rediff
* Thu Jul 24 2025 Fridrich Strba <fstrba@suse.com>
- Upgrade to upsteam version 4.1.123
* Fixes
+ Fix chunk reuse bug in adaptive allocator
+ More accurate adaptive memory usage accounting
+ Introduce size-classes for the adaptive allocator
+ Reduce magazine proliferation eagerness
+ Fix concurrent ByteBuffer access issue in
AdaptiveByteBuf.getBytes
+ Fix possible buffer corruption caused by incorrect
setCharSequence(...) implementation
+ AdaptiveByteBuf: Fix AdaptiveByteBuf.maxFastWritableBytes()
to take writerIndex() into account
+ Optimize capacity bumping for adaptive ByteBufs
+ AbstractDnsRecord: equals() and hashCode() to ignore name
field's case
+ Backport Unsafe guards
+ Guard recomputed offset access with hasUnsafe
+ HTTP2: Always produce a RST frame on stream exception
+ Correct what artifacts included in netty-bom
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
+ rediff
* Mon Jun 09 2025 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.122
* Fixes of 4.1.122
+ DirContextUtils.addNameServer(...) should just catch Exception
internally
+ Make public API specify explicit maxAllocation to prevent OOM
+ Fix concurrent ByteBuf write access bug in adaptive allocator
+ Fix transport-native-kqueue Bundle-SymbolicNames
+ Fix resolver-dns-native-macos Bundle-SymbolicNames
+ Always correctly calculate the memory address of the ByteBuf
even if sun.misc.Unsafe is not usable
+ Upgrade lz4 dependencies as the old version did not correctly
handle ByteBuffer that have an arrayOffset > 0
+ Optimize ByteBuf.setCharSequence for adaptive allocator
+ Kqueue: Fix registration failure when fd is reused
+ Make JdkZlibEncoder accept Deflater.DEFAULT_COMPRESSION as
level
+ Ensure OpenSsl.availableJavaCipherSuites does not contain null
values
+ Always prefer direct buffers for pooled allocators if not
explicit disabled
+ Update to netty-tcnative 2.0.72.Final
+ Re-enable sun.misc.Unsafe by default on Java 24+
+ Kqueue: Delay removal from registration map to fix noisy
warnings
* Fixes of 4.1.121
+ Epoll.isAvailable() returns false on Ubuntu 20.04/22.04 arch
amd64
+ Fix transport-native-epoll Bundle-SymbolicNames
* Fixes of 4.1.120
+ Fix flawed termination condition check in
HttpPostRequestEncoder#encodeNextChunkUrlEncoded(int) for
current InterfaceHttpData
+ Exposed decoderEnforceMaxConsecutiveEmptyDataFrames and
decoderEnforceMaxRstFramesPerWindow
+ ThreadExecutorMap must restore old EventExecutor
+ Make Recycler virtual thread friendly
+ Disable sun.misc.Unsafe by default on Java 24+
+ Adaptive: Correctly enforce leak detection when using
AdaptiveByteBufAllocator
+ Add suppressed exception to original cause when calling
Future.sync*
+ Add SETTINGS_ENABLE_CONNECT_PROTOCOL to the default HTTP/2
settings
+ Correct computation for suboptimal chunk retirement
probability
+ Fix bug in method
AdaptivePoolingAllocator.allocateWithoutLock(...)
+ Fix a Bytebuf leak in TcpDnsQueryDecoder
+ SSL: Clear native error if named group is not supported
+ WebSocketClientCompressionHandler shouldn't claim window bits
support when jzlib is not available
+ Fix the assignment error of maxQoS parameter in ConnAck
Properties
* Fixes of 4.1.119
+ Replace SSL assertion with explicit record length check
+ Fix NPE when upgrade message fails to aggregate
+ SslHandler: Fix possible NPE when executor is used for
delegating
+ Consistently add channel info in HTTP/2 logs
+ Add QueryStringDecoder option to leave '+' alone
+ Use initialized BouncyCastle providers when available
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
+ rediff
* Thu Mar 27 2025 Fridrich Strba <fstrba@suse.com>
- Fix pom.xml errors that will be fatal with Maven 4
* Tue Feb 11 2025 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.118
* Fixes of 4.1.118
+ SslHandler doesn't correctly validate packets which can lead
to native crash when using native SSLEngine (bsc#1237037,
CVE-2025-24970)
+ Denial of Service attack on windows app using Netty, again
(bsc#1237038, CVE-2025-25193)
+ Upgrade netty-tcnative to 2.0.70.Final
+ Fix recycling in CodecOutputList
+ Allocate bytebuf without magazine lock when threads get
collisions
+ Make StreamBufferingEncoder not send header frame with
priority by default
+ Notify event loop termination future of unexpected exceptions
+ KQueueEventLoop leaks memory on shutdown
+ Fix AccessControlException in GlobalEventExecutor
+ Fix possible buffer leak when stream can't be mapped
+ AdaptivePoolingAllocator: Round chunk sizes up to
MIN_CHUNK_SIZE units and reduce chunk release frequency
* Fixes of 4.1.117
+ Fix classloader leaks in GlobalEventExecuto
+ Support BouncyCastle FIPS for reading PEM files
+ Dns: Correctly encode DnsPtrRecord
+ Provides Brotli settings without com.aayushatharva.brotli4j
dependency
+ Make DefaultResourceLeak more resilient against OOM
+ OpenSslSession: Add support to defensively check for peer
certs
+ Reentrant close in EmbeddedChannel
+ SslHandler: Ensure buffers are never leaked when wrap(...)
produce SSLException
+ Adaptive: Only use ThreadLocal if called from
FastThreadLocalThread in case of temporary byte[] allocation
+ Correcly handle comments appended to nameserver declarations
* Fixes of 4.1.116
+ PcapWriteHandler no longer ignores writePcapGlobalHeader
+ Allow PcapWriteHandler to output PCAP files larger than 2GB
+ Fix bugs in BoundedInputStream
+ AdaptiveByteBufAllocator will not use threadlocal magazine if
FastThreadLocalThread.willCleanupFastThreadLocals() returns
false
+ Fix HTTP header validation bug
+ Add range check for
AdaptivePoolingAllocator.CENTRAL_QUEUE_CAPACITY and
MAGAZINE_BUFFER_QUEUE_CAPACITY
+ Fix possible race condition in method
AdaptivePoolingAllocator.offerToQueue(...)
+ Make sure the sentinel Magazine.MAGAZINE_FREED not be replaced
+ Decrease usedMemory of magazine when the chunk get deallocate
+ Only try to use Zstd and Brotli if we can load the native libs
+ AdaptiveByteBufAllocator: Correctly manage used memory
strategy in all cases
+ Bump BlockHound version to 1.0.10.RELEASE
+ Add details to TooLongFrameException message
+ Adapt: Only add Chunk to central Queue if unused
+ Adapt: Don't fail when we run on a host with 1 core
+ Adapt: Ensure Chunks from the central Queue are re-used even
if there are Magazine local cached Chunks
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
+ rediff
* Thu Dec 05 2024 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.115
* Fixes:
+ Allow MessageToMessageDecoder to take care of reading more
data when needed
+ Fix SSL session resumption with ClientAuth.OPTIONAL and add
tests with session tickets
+ Fix incorrect cast in NioDomainSocketChannel.parent()
+ Fix bug where SslHandler may stall after TLSv1.3 handshake
with delegate tasks
+ AdaptiveByteBufAllocator: Make pooling of AdaptiveByteBuf
magazine local
+ Specialize Adaptive's allocator Recycler based on magazine's
owner
+ Fix epoll_wait retry loop
+ Log / include the correct error during handshake failure
+ Convey autoAckPing in http2 decoder constructor chain
+ Allow to set used named groups per OpenSslContext
+ Verify default named groups before using them with native SSL
implementation
+ Include details on why it was not possible to configure
accepted issuers in the SSLException
+ Correctly detect if KeyManager is not supported by OpenSSL
version
+ Preserve ordering of default named groups during conversation
+ Denial of Service attack on windows app using netty
(bsc#1233297, CVE-2024-47535)
- Split the netty-poms package in netty-parent and netty-bom
- Modified patch:
* 0001-Remove-optional-dep-Blockhound.patch
+ rediff
* Wed Nov 27 2024 Fridrich Strba <fstrba@suse.com>
- Clean a bit the spec file and adapt to the recent changes in
netty-tcnative package
- Removed patches:
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
+ remove the annotations with a macro in the jurand tool
* 0007-Do-not-require-the-tcnative-native-library.patch
+ we are building now the artifact, so we can require it
* Wed Oct 30 2024 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.114
* Fixes of 4.1.114:
+ Validate HTTP Method
+ Release AdaptiveByteBuf when ownership could not be transfered
+ Make arenas reuse their last chunk more aggressively
+ Only add Magazine to Set if we can ensure its removed again
+ Ensure Chunk will not leak if init of AdaptiveByteBuf fails
for whatever reason
+ Correctly release one-off allocated chunks
+ Ensure pooled memory is released when
AdaptivePoolingAllocator is GC'ed
+ Slices / duplicates of AdaptiveByteBuf must not escape the
rootParent
+ Fix sizeBucket bug in AdaptivePoolingAllocator
+ AdaptiveByteBufAllocator: More strict reference counting for
chunks
+ Ensure we not store the DnsQueryContext for later removal when
we couldnt obtain a query id
+ Reduce memory fragmentation
+ Properly free magazine chunks and avoid orphaned magazines
+ Magazines must be freed under the expand lock
+ Release message before failing promise when multiple requests
are written while upgrade is in progress.
+ Allow to reuse more then one session per host / port mapping
+ Ensure writes will not fail when triggered after receiving
UpgradeEvent.UPGRADE_SUCCESSFUL
+ Refactor DnsNameResolver to be able to use different
strategies when it comes to creating Channels for queries.
+ DnsNameResolver: allow users to skip bind() during bootstrap
+ DnsResolverBuilder methods should make it clear that these are
for DatagramChannel
* Fixes of 4.1.113:
+ feat: Support for IP_BIND_ADDRESS_NO_PORT socket option
+ Ensure AbstractCoalescingBufferQueue does not end up in
inconsistent state on error
+ Add new SslHandler.isEncrypted(...) variant that will not
produce false positives
+ Ensure flushes are not discarded by ChunkedWriteHandler for
passed through messages
+ Remove reference to parent in recycled buffers for leak
detection
+ Upgrade to netty-tcnative 2.0.66.Final
+ Cleanup fields on AdaptiveByteBuf::deallocate
* Fixes of 4.1.112:
+ Avoid unnecessary reflective probes on netty initialization
+ Allow control frames between fragments
+ Only delete the socket file for NioServerDomainSocketChannel
+ Add check for IPv6 brackets when address is unresolved
+ fix ResolvConf initialization with SecurityManager enabled
+ Fix potential DNS cache invalidation in
ResolveWithDotSearchDomain scenario
+ Backport the SslContextBuilder.endpointIdentificationAlgorithm
method
+ Aggressively remove PoolThreadCache references from its
finalizer object
+ Send Http2PriorityFrame through fireUserEventTriggered for
Http2MultiplexHandler
+ Fix potential DNS cache invalidation across different
EventLoops
+ Reject http header values with non SP / HTAB chars
+ Don't strip whitespaces from header names and let the
validator handle it
+ Reject request if NUL is present in the request line
+ Allow HTTP responses without reason-phrase
+ Validate HTTP version while decoding
+ Only include scopeId on link-local addresses when using native
transport
* Fixes of 4.1.111:
+ ReadOnlyByteBufferBuf | ReadOnlyUnsafeDirectByteBuf get, copy,
duplicate, slice methods should be safe to be called from
multiple threads
+ ReadyOnlyBuf must return false for isWritable() when sliced or
duplicated
+ ReadOnlyByteBuf (and sub-classes) does not create derived
buffers that share reference count
+ ByteBuf.asReadOnly().nioBuffer*() need to return read-only
ByteBuffer
+ Remove unwanted mandatory dependency in OSGi
+ HashedWheelTimer.stop() must cancel tasks
+ ZSTD decompression not resilient to compression bombs
+ Duplicate of slice should have the same capacity as the
original slice so that it's not writable
+ Optimize wrap buffer cumulation in SslHandler and don't mutate
input buffers
+ Prepare for unsafe memory access deprecated for removal
+ Fix AdaptiveByteBufAllocator class loading on Java 6/7
+ Add missing NULL checks in native code
* Fixes of 4.1.110:
+ Add unix domain socket transport in netty 4.x via JDK16+
+ Backport #13075: Add the AdaptivePoolingAllocator
+ Add no-value key handling only for form body
+ Add support for specifying SecureRandom in SSLContext
initialization
* Fixes of 4.1.109:
+ Utilize ByteBuf#indexOf
+ Don't send a RST frame when closing the stream in a write
future while processing inbound frames
+ Fix DefaultChannelId#asLongText NPE
+ Fix voidPromise in Http2FrameCodec.writeHeadersFrame
+ Make /etc/resolv.conf reading more robust
+ Fix NioSocketChannel usage in graalvm native-image
+ Improve ByteBufUtil#firstIndexOf
+ Rewrite ZstdDecoder to remove the need of allocate a huge
byte[] internally
+ Always log registered/detected ChannelInitializerExtension(s)
at INFO level
+ Enhance AsciiString#toLowerCase and AsciiString#toUpperCase
+ Add support for zstd http content decompression
+ Save Snappy's encode tmp table allocation
- Regenerated patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
* Tue Sep 24 2024 Bernhard Wiedemann <bwiedemann@suse.com>
- Add reproducible.patch to omit the mtime from libnetty-unix-common.a
for reproducible builds (boo#1047218)
* Wed Mar 27 2024 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.108
* Fixes of 4.1.108:
+ HttpPostRequestDecoder can OOM (bsc#1222045, CVE-2024-29025)
+ Add zstd decoder
+ Updated HTTP2 Reader to fix missing header state
+ codec-http2: fix some frame validation errors
+ SSL: Only wrap TrustManager if FIPS is not used
+ Epoll: Correctly handle splice tasks when Channel is closed
+ Allow to cancel connect() operations when using non-blocking
IO
+ DNS resolver final CNAME lookup disabled
+ DNS: Add DnsRecordType definitions for SVCB and HTTPS
+ SSL: Only try to use TLSv1.3 if a compatible ciphersuite is
configured
+ Backport 'Fix buffer leak in DefaultHttp2HeadersEncoder' to v4
+ SSL: Hold the right monitor while running delegating task
+ SSL: Execute SSL_do_handshake(...) after task is run to ensure
SSLEngine.getHandshakeStatus() returns the correct value all
the time
+ Add active flag to EpollServerDomainSocketChannel fd
constructor
+ Epoll: Fix possible Classloader deadlock caused by loading
class via JNI
+ Prefer /etc/resolv.conf on Linux and Mac
+ Handle invalid cookie value
+ Upgrade to latest tcnative release
+ ByteToMessageDecoder.channelReadComplete(...) does call read()
too often
+ Remove the lock usage in PoolArena#numPinnedBytes()
+ Fix x-www-form-urlencoded parsing for no-value key
(re-submission)
* Fixes of 4.1.107:
+ Speedup pseudoheader lookup
+ Add support for the Partitioned attribute in cookies
+ Reduce HTTP 1.1 Full msg pipeline traversals
+ DnsNameResolver: Add DnsQueryIdSpace class to reduce overhead
while generating IDs
+ Fix copy-paste mistake in
LazyX509Certificate.getIssuerAlternativeNames()
+ HTTP2: lastStreamCreated() does return the wrong value when
all stream ids were used
+ HTTP2: Update local window should not fail queued frames
+ DnsNameResolver: Allways call bind() during bootstrap
+ HTTP: HttpObjectDecoder must not use HTTPMessage once it is
passed to the next handler in the ChannelPipeline
+ Ensure key / values are shared between resumed sessions
+ SSLSession.getLastAccessedTime() and getCreationTime() should
not be equal when session is reused
+ Snappy: Use unsigned short to handle 2 ^ 16 input size instead
of 2 ^ 15
* Fixes of 4.1.106:
+ HTTP2: Prevent sharing the index of the continuation frame
header ByteBuf.
+ DnsNameResolver: Fail query if id space is exhausted
+ Short-circuit ByteBuf::release
* Fixes of 4.1.105:
+ Fix exception on HTTP chunk size overflow
+ Default value of MAX_MESSAGES_PER_READ not used for native
DatagramChannels
+ Redo fix scalability issue due to checkcast on context's
invoke operations
+ Be able to retry the query via TCP if a query failed because
of a timeout
+ Save HTTP 2 pseudo-header lower-case validation
+ DnsNameResolver: Limit connect timeout to query timeout
+ h2: propagate stream close without read pending, avoid SOOE
if !autoRead
* Fixes of 4.1.104:
+ dyld: Symbol not found: _netty_jni_util_JNI_OnLoad
* Fixes of 4.1.103:
+ Workaround for regex bug in Android SDK
+ Use Http2Headers.size() instead of isEmpty()
+ Add support for RISC-V
* Fixes of 4.1.101:
+ Add service-loaded extension points for channel initialization
+ Added check for pseudo-headers in trailers
+ Automatically close Http2StreamChannel when
Http2FrameStreamExceptionreaches end ofChannelPipeline
+ Throwing a stackless exception if RST_FRAME rate is exceeded
+ Only enable the RST limit for servers by default
+ Change default value of MAX_MESSAGES_PER_READ for
DatagramChannel implementations
+ Descriptive message for errors related to unknown http2
streams
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
+ rebase
* Wed Feb 21 2024 Gus Kenion <gus.kenion@suse.com>
- Use %patch -P N instead of deprecated %patchN.
* Thu Oct 12 2023 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.100
* Fixes of 4.1.100:
+ DDoS vector in the HTTP/2 protocol due RST frames
(bsc#1216169, CVE-2023-44487)
+ Do not fail when compressing empty HttpContent
* Fixes of 4.1.99:
+ Do not try to delete a global handle with the local handles
APIs
+ Enable build with JDK21
+ dyld: lazy symbol binding failed: Symbol not found:
_netty_jni_util_JNI_OnLoad
* Fixes of 4.1.98:
+ Revert "HttpHeaderValidationUtil should reject chars past the
1 byte range"
+ Filter out unresolved addresses when parsing resolv.conf
+ Prevent classloader leak via JNI
+ SSLSession.getPeerCertificateChain() should throw
UnsupportedOperationException if javax.security.cert
.X509Certificate can not be created
+ Enable client side session cache when using native SSL by
default
* Fixes of 4.1.97:
+ Fixing AsciiString#lastIndexOf To Respect The offset
+ Add support for snappy http2 content decompression
+ Add support for password-based encryption scheme 2 params
+ HttpHeaderValidationUtil should reject chars past the 1 byte
range
+ Honor SslHandler.setWrapDataSize greater than SSL packet
length
+ Add support for snappy http content encoding
* Fixes of 4.1.96:
+ Move the PoolThreadCache finalizer to a separate object
+ Fix kevent(..) failed: Invalid argument
+ Revert "Always increment Stream Id on createStream" to fix bug
which caused sending multiple RST frames for the same id
* Fixes of 4.1.95
+ Add resource leak listener
+ Reduce object allocations during SslHandler.flush(...)
+ Ensure ByteBuf.capacity(...) will never throw AssertionError
+ Make transport.Bootstrap usable with no netty-resolver on
classpath
+ Correctly retain slice when calling
ReplayingDecoderByteBuf.retainedSlice(...)
+ Always increment Stream Id on createStream(...)
+ Fix BrotliEncoder bug that does not mark ByteBuf it encodes a
read
+ Enhance CertificateException message when throw due hostname
validation
- Rebased patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
* Wed Sep 13 2023 Fridrich Strba <fstrba@suse.com>
- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp
* Fri Jun 23 2023 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.94
* Fixes of 4.1.94:
+ Respect offset in
io.netty.util.NetUtil#toAddressString(byte[], int, boolean)
+ Skip finalization for PoolThreadCache instances without
small/normal caches
+ Use network byte order when encoding ipv4 address and port
for Socks codecs
+ Call ReleaseByteArrayElements even when handling of
socket_path fails to fix small mem leak
+ Always enable leak tracking for derived buffers if parent is
tracked
+ Release DnsRecords when failing to notify promise
+ Delay possibility to reuse transaction id when query is
failing because of timeout or cancellation
+ Implement contains for SelectedSelectionKeySet
+ Use Two-Way for finding the delimiter in
DelimiterBasedFrameDecoder
+ Obtain the local address from the fd when the client connects
only with remote address (UDS)
+ Allow to limit the maximum lenght of the ClientHello
(bsc#1212637, CVE-2023-34462)
* Fixes of 4.1.93:
+ Reset byte buffer in loop for AbstractDiskHttpData.setContent
+ OpenSSL MAX_CERTIFICATE_LIST_BYTES option supported
+ Adapt to DirectByteBuffer constructor in Java 21
+ HTTP/2 encoder: allow HEADER_TABLE_SIZE greater than
Integer.MAX_VALUE
+ Upgrade to latest netty-tcnative to fix memory leak
+ H2/H2C server stream channels deactivated while write still
in progress
+ Channel#bytesBefore(un)writable off by 1
+ HTTP/2 should forward shutdown user events to active streams
+ Respect the number of bytes read per datagram when using
recvmmsg
* Fixes of 4.1.92:
+ Make Recycler faster on OpenJ9
+ Allow to change the limit for the maximum size of the
certificate chain.
+ Guard against unbounded grow of suppressed exceptions storage
+ Release websocket handshake response if pipeline checks fail
+ Add support for local and remote addresses on the server for
child channels when UDS
+ Http types slow path checks
* Fixes of 4.1.91:
+ Fire a PrematureChannelClosureException when Channel is closed
while aggregating is still in progress
+ Connect without password if server returns NO_AUTH when using
Socks5
+ Use optional resolution of sun.net.dns
+ Introduce Http2MultiplexActiveStreamsException that can be
used to propagate an error to all active streams
+ Use the correct error when reset a stream
+ Update: Add snappy support on HttpContentDecoder
+ Don't unwrap multiple records until we notified the caller
about the finished handshake
+ Handle EHOSTUNREACH errors in io.netty.channel.unix.Errors
- Depend on netty-tcnative >= 2.0.60 for SSLContext.setMaxCertList
method.
- Rebased patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
* Thu Mar 30 2023 Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.90
* Fixes of 4.1.90:
+ Adding header name of the header which failed validation
+ Fix HttpHeaders.names for non-String headers
+ Save expensive volatile operations in the common hot http
decoder path
+ Avoid slow type checks against promises on outbound buffer's
progress
+ Implement NonStickyEventExecutorGroup.inEventLoop
+ Native image: add support for unix domain sockets
+ Use MacOS SDK 10.9 to prevent apple notarization failures
+ Increase errno cache and guard against IOOBE
+ Don't reset BCSSLParameters when setting application protocols
+ WebSocketClientProtocolHandler: add option to disable UTF8
validation
+ Chunked HTTP length decoding should account for
whitespaces/ctrl chars
+ Handle NullPointerException thrown from
NetworkInterface.getNetworkInterfaces()
* Fixes of 4.1.89:
+ Don't fail on HttpObjectDecoder's maxHeaderSize greater then
(Integer.MAX_VALUE - 2)
+ dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when
upgrading from 4.1.87.Final to 4.1.88.Final
* Fixes of 4.1.88:
+ Speed-up HTTP 1.1 header and line parsing
+ Add StacklessSSLHandshakeException for ClosedChannelException
+ Modify changed CloseWebSocketFrame#statusCode() to change the
fetch code to unsigned
+ Check if CommandLineTools are installed before trying to
execute install_name_tool
+ Allow to adjust the GlobalEventExecutor quietPeriod via a
system property
+ Add SslProvider.isOptionSupported(...)
+ Fix FlowControlHandler's behaviour to pass read events when
auto-reading is turned off
+ Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add
transfer-encoding for 204/304 response
+ Only do extra CNAME query if we couldnt follow the whole CNAME
chain in the response
+ Include query id when a query failed
+ DnsResolveContext: include expected record types in exception
message
+ Add necessary native-image configuration files for epoll
+ Create a deep-copy of the Throwable before returning it from
the cache to prevent possible leaks
+ Always respect completeOncePreferredResolved in
DnsNameResolver
+ fix brotli compression
+ Optionally depend on bctls-jdk15on
+ Make releasing objects back to Recycler faster
+ Correctly keep track of validExtensions per request / response
+ Add handling of inflight lookups to reduce real queries when
lookup same hostname
+ DnsQueryContext: include query id and question info in
exception message
+ AsciiStrings can be batch-encoded
* Fixes of 4.1.87:
+ Upgrade to latest netty-tcnative release which doesnt link
libcrypt
+ Add recvmmsg & sendmmsg syscall number for loongarch64
+ Return correct value from SSLSession.getPacketSize() when
using native SSL implementation
+ Explicit disable TLSv1.3 in the OpenSSL options if not
supported
+ Support handshake timeout in SniHandler.
+ Extend DNS address supplier interface to provide feedback
* Fixes of 4.1.86:
+ HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360,
CVE-2022-41881)
+ HTTP Response splitting from assigning header value iterator
(bsc#1206379, CVE-2022-41915)
+ Revert #12888 for potential task scheduling problems in
HashedWheelTimer
+ Deprecate ObjectEncoder/ObjectDecoder
+ HPACK dynamic table size update must happen at the beginning
of the header block
* Fixes of 4.1.85:
+ A bug in FlowControlHandler that broke auto-read has been
fixed
+ The HTTP/2 HPACK encoder is now faster at encoding headers
that have many values
+ A potential memory leak bug has been fixed in the pooled
allocator
+ Fix an issue with the Blockhound integration, which could
cause the MacOSDnsServerAddressStreamProvider to be flagged
as making blocking calls
+ Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have
been fixed
+ ByteToMessageDecoder now handle situations where the same
ByteBuf instance is read multiple times
+ The check that ensures the HTTP/1 Content-Length header is
unique, now no longer causes headers to be rearranged (change
their order)
+ Fix a NullPointerException bug with class initialisation order
between InternalLogger and InternalThreadLocalMap
+ When the netty-resolver-dns-native-macos classes can't load
their native bindings, they now only print a short error
message instead of the huge stack trace it printed previously.
The stack trace is still included if DEBUG logging is enabled
+ The Graal native-image meta-data is now placed in the
recommended location, and no longer causes warnings to be
printed
+ The HTTP/1 and HTTP/2 codecs now properly support RFC 8297
Early Hints
+ Subclasses of FastThreadLocalThread can now tell the Netty
Blockhound integration that they should be allowed to make
blocking calls
+ Validation of HTTP/2 connection headers have been moved from
Http2Headers to HpackDecoder, so that outgoing headers are
not validated
* Fixes of 4.1.84:
+ HTTP/2 header values with invalid characters are now rejected
in header validation
+ We now automatically generate conditional meta-data for
native-image use, making GraalVM support more reliable
+ Fix a scalability issue caused by instanceof and check-cast
checks that lead to false-sharing on the
Klass::secondary_super_cache field in the JVM
(See JDK-8180450)
+ Made the HTTP/2 HPACK static table implementation faster by
using a perfect hash function
+ Fixed a bug in our PEMParser when PEM files have multiple
objects, and BouncyCastle is on the classpath
* Fixes of 4.1.82:
+ Fix a NullPointerException bug when calling forEachByte on
nested CompositeByteBufs
+ Relax an overly strict HTTP/2 header validation check that was
rejecting requests from Chrome and Firefox
+ The OpenSSL and BoringSSL implementations now respect the
jdk.tls.client.protocols and jdk.tls.server.protocols system
properties, making them react to these in the same way the JDK
SSL provider does
* Fixes of 4.1.81:
+ Fix a regression SslContext private key loading
+ Fix a bug in SslContext private key reading fall-back path
+ Fix a buffer leak regression in HttpClientCodec
+ Fix a bug where some HttpMessage implementations, that also
implement HttpContent, were not handled correctly
+ The MessageFormatter and FormattingTuple classes are now
usable in the public API
+ Connection related headers in HTTP/2 frames are now rejected,
in compliance with the specification
* Fixes of 4.1.80:
+ HttpObjectEncoder scalability issue due to instanceof checks
+ Improve logging when MacOSDnsServerAddressStreamProvider
cannot be found/loaded
+ Replace stdlib write/read with send/recv
+ Support for pkcs1
+ Add Blockhound exceptions for the PooledByteBufAllocator
+ Fix epoll bug when receiving zero-sized datagrams
+ Avoid including header values in header validation failure
exceptions
+ Avoid allocating large buffers in JdkZlibEncoder
+ Native Image Support: Set
IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default
for native images
+ We need to use disconnectx(...) on macOS
+ Replace synchronized with Java Locks on the allocator
+ Don't use static instances of FixedRecvByteBufAllocator
+ Add escaping for stomp headers
* Fixes of 4.1.79:
+ The PEM certificate parser is no longer susceptible to
exponential back-off
+ Non-standard extra ampersands in HTTP POST bodies are no
longer rejected
+ An io.netty.osClassifiers system property has been added to
avoid reading os-release files
+ Fix a bug in SslHandler so handlerRemoved works properly even
if handlerAdded throws an exception
+ Use the correct OSGi processor directive on aarch64, making it
possible to use OSGi on ARM
+ HTTP paths that begin with a double-slash are now parsed the
same way browsers do
+ The isCompleted flag is now correctly preserved on objects
from HttpData.retainedDuplicate()
+ The HttpUtil.isOriginForm() and isAsteriskForm() methods now
correctly conform with RFC 7230
+ Fix an issue that allowed the multicast methods on
EpollDatagramChannel to be called outside of an event-loop
thread
+ Support for the LoongArch64 processor architecture has been
added
* Fixes of 4.1.78:
+ Fix a bug where an OPT record was added to DNS queries that
already had such a record
+ Fix a bug that caused an error when files uploaded with HTTP
POST contained a backslash in their name
+ Fix an issue in the BlockHound integration that could
occasionally cause NetUtil to be reported as performing
blocking operations
+ A similar BlockHound issue was fixed for the JdkSslContext
+ Fix a bug that prevented preface or settings frames from
being flushed, when an HTTP2 connection was established with
prior-knowledge
+ Fixes a rare NullPointerException that could occur when a
ReferenceCountedOpenSslEngine threw an OutOfMemoryError from
its constructor, and was then later finalized
+ The SslHandler now adds the socket file descriptor to the
BIOs, when the SslEngine supports this (boringssl and
libressl), which allow tracing and observability tools to
monitor encryption traffic on a per-connection basis.
+ It is now possible to explicitly step the scheduling clock in
EmbeddedEventLoop, which is useful for making automated tests
with deterministic scheduling
* Fixes of 4.1.77:
+ Local Information Disclosure Vulnerability in Netty on
Unix-Like systems due temporary files for Java 6 and lower in
io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823)
+ Upgraded the optional netty-tcnative dependency to version
2.0.52.Final
+ Fix a bug where Netty fails to load a shaded native library
+ Include classifier in Automatic-Module-Name
+ Check if epoll_pwait2 is implemented
+ Don't call strdup on packagePrefix
+ Enable debugging of asynchronous tasks in Intellij
+ Throwing an exception in case glibc is missing instead of
segfaulting the JVM
* Fixes of 4.1.76:
+ Upgraded the optional netty-tcnative dependency to version
2.0.51.Final
+ Upgraded the optional log4j dependency to version 2.17.2
+ The netty-all module now declare an automatic module name,
making it useable with Java Modules.
+ It is now possible to configure arbitrary socket options for
the native epoll and kqueue transports. Refer to your
operating system documentation for what options are available.
+ It is now possible to explicitly bind channels to either IPv4
or IPv6.
+ The HTTP/2 header validation that rejects duplicate
pseudo-headers, which was added in 4.1.75.Final, has been
changed so it no longer breaks older versions of gRPC.
" Fix a NullPointerException that was hiding the real cause of
certain HTTP/2 header decoding errors.
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* no-brotli-zstd.patch
- > 0004-Disable-Brotli-and-ZStd-compression.patch
* no-werror.patch
+ rebase
- Removed patches:
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
+ we have the dependencies, so no need to disable them
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ solve the build breakages differently
- Added patches:
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
+ do not use annotations for which we don't have dependencies
* 0007-Do-not-require-the-tcnative-native-library.patch
+ our tcnative library is installed system-wide
* Thu Oct 13 2022 Fridrich Strba <fstrba@suse.com>
- Force building with java 11 on ix86 in order to avoid random
build failures
* Fri Apr 08 2022 Fridrich Strba <fstrba@suse.com>
- Upgrade to latest upstream version 4.1.75
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ rebase
* Tue Feb 22 2022 Fridrich Strba <fstrba@suse.com>
- Do not build against the log4j12 packages
/usr/lib64/java/netty /usr/lib64/java/netty/netty-resolver-dns-classes-macos.jar /usr/lib64/java/netty/netty-transport-classes-epoll.jar /usr/lib64/java/netty/netty-transport-classes-kqueue.jar /usr/lib64/java/netty/netty-transport-native-epoll-linux-ppcle_64.jar /usr/lib64/java/netty/netty-transport-native-unix-common-linux-ppcle_64.jar /usr/lib64/java/netty/netty-transport-native-unix-common.jar /usr/share/java/netty /usr/share/java/netty/netty-all.jar /usr/share/java/netty/netty-buffer.jar /usr/share/java/netty/netty-codec-dns.jar /usr/share/java/netty/netty-codec-haproxy.jar /usr/share/java/netty/netty-codec-http.jar /usr/share/java/netty/netty-codec-http2.jar /usr/share/java/netty/netty-codec-memcache.jar /usr/share/java/netty/netty-codec-mqtt.jar /usr/share/java/netty/netty-codec-redis.jar /usr/share/java/netty/netty-codec-smtp.jar /usr/share/java/netty/netty-codec-socks.jar /usr/share/java/netty/netty-codec-stomp.jar /usr/share/java/netty/netty-codec-xml.jar /usr/share/java/netty/netty-codec.jar /usr/share/java/netty/netty-common.jar /usr/share/java/netty/netty-dev-tools.jar /usr/share/java/netty/netty-handler-proxy.jar /usr/share/java/netty/netty-handler-ssl-ocsp.jar /usr/share/java/netty/netty-handler.jar /usr/share/java/netty/netty-resolver-dns.jar /usr/share/java/netty/netty-resolver.jar /usr/share/java/netty/netty-transport-native-epoll.jar /usr/share/java/netty/netty-transport-native-kqueue.jar /usr/share/java/netty/netty-transport-sctp.jar /usr/share/java/netty/netty-transport.jar /usr/share/licenses/netty /usr/share/licenses/netty/LICENSE.txt /usr/share/licenses/netty/NOTICE.txt /usr/share/maven-metadata/netty.xml /usr/share/maven-poms/netty /usr/share/maven-poms/netty/netty-all.pom /usr/share/maven-poms/netty/netty-buffer.pom /usr/share/maven-poms/netty/netty-codec-dns.pom /usr/share/maven-poms/netty/netty-codec-haproxy.pom /usr/share/maven-poms/netty/netty-codec-http.pom /usr/share/maven-poms/netty/netty-codec-http2.pom /usr/share/maven-poms/netty/netty-codec-memcache.pom /usr/share/maven-poms/netty/netty-codec-mqtt.pom /usr/share/maven-poms/netty/netty-codec-redis.pom /usr/share/maven-poms/netty/netty-codec-smtp.pom /usr/share/maven-poms/netty/netty-codec-socks.pom /usr/share/maven-poms/netty/netty-codec-stomp.pom /usr/share/maven-poms/netty/netty-codec-xml.pom /usr/share/maven-poms/netty/netty-codec.pom /usr/share/maven-poms/netty/netty-common.pom /usr/share/maven-poms/netty/netty-dev-tools.pom /usr/share/maven-poms/netty/netty-handler-proxy.pom /usr/share/maven-poms/netty/netty-handler-ssl-ocsp.pom /usr/share/maven-poms/netty/netty-handler.pom /usr/share/maven-poms/netty/netty-resolver-dns-classes-macos.pom /usr/share/maven-poms/netty/netty-resolver-dns.pom /usr/share/maven-poms/netty/netty-resolver.pom /usr/share/maven-poms/netty/netty-transport-classes-epoll.pom /usr/share/maven-poms/netty/netty-transport-classes-kqueue.pom /usr/share/maven-poms/netty/netty-transport-native-epoll.pom /usr/share/maven-poms/netty/netty-transport-native-kqueue.pom /usr/share/maven-poms/netty/netty-transport-native-unix-common.pom /usr/share/maven-poms/netty/netty-transport-sctp.pom /usr/share/maven-poms/netty/netty-transport.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Oct 19 22:42:15 2025