4.1.130

2025-12-16 17:04:23 +01:00
8 changed files with 68 additions and 38 deletions
--- a/0001-Remove-optional-dep-Blockhound.patch
+++ b/0001-Remove-optional-dep-Blockhound.patch
@@ -1,4 +1,4 @@
-From 36ea49fb9506d63fa4198b30b22bc33adc9c74d7 Mon Sep 17 00:00:00 2001
+From c477054f5257b1bb65ce4be1f305a666523a8861 Mon Sep 17 00:00:00 2001
 From: Mat Booth <mat.booth@redhat.com>
 Date: Mon, 7 Sep 2020 12:17:31 +0100
 Subject: [PATCH 1/4] Remove optional dep Blockhound
@@ -8,12 +8,12 @@ Subject: [PATCH 1/4] Remove optional dep Blockhound
 .../java/io/netty/util/internal/Hidden.java   | 200 ------
 ...ockhound.integration.BlockHoundIntegration |  14 -
 pom.xml                                       |   8 -
- transport-blockhound-tests/pom.xml            | 219 -------
+ transport-blockhound-tests/pom.xml            | 228 -------
 .../NettyBlockHoundIntegrationTest.java       | 568 ------------------
 .../netty/util/internal/localhost_server.key  |  28 -
 .../netty/util/internal/localhost_server.pem  |  17 -
 .../io/netty/util/internal/mutual_auth_ca.pem |  19 -
- 9 files changed, 1078 deletions(-)
+ 9 files changed, 1087 deletions(-)
 delete mode 100644 common/src/main/java/io/netty/util/internal/Hidden.java
 delete mode 100644 common/src/main/resources/META-INF/services/reactor.blockhound.integration.BlockHoundIntegration
 delete mode 100644 transport-blockhound-tests/pom.xml
@@ -23,10 +23,10 @@ Subject: [PATCH 1/4] Remove optional dep Blockhound
 delete mode 100644 transport-blockhound-tests/src/test/resources/io/netty/util/internal/mutual_auth_ca.pem

 diff --git a/common/pom.xml b/common/pom.xml
-index a70b4f3b18..eb83e339af 100644
+index a413be33fb..3bf35b1110 100644
 --- a/common/pom.xml
 +++ b/common/pom.xml
-@@ -82,11 +82,6 @@
+@@ -89,11 +89,6 @@
       <artifactId>log4j-core</artifactId>
       <scope>test</scope>
     </dependency>
@@ -266,10 +266,10 @@ index e33bea796c..0000000000
 -io.netty.util.internal.Hidden$NettyBlockHoundIntegration
 \ No newline at end of file
 diff --git a/pom.xml b/pom.xml
-index 0626fc25ec..5c5b5f8ef4 100644
+index 8fb5555d1b..c149145262 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -839,7 +839,6 @@
+@@ -905,7 +905,6 @@
     <module>testsuite-native-image</module>
     <module>testsuite-native-image-client</module>
     <module>testsuite-native-image-client-runtime-init</module>
@@ -277,7 +277,7 @@ index 0626fc25ec..5c5b5f8ef4 100644
     <module>microbench</module>
     <module>bom</module>
   </modules>
-@@ -1254,13 +1253,6 @@
+@@ -1328,13 +1327,6 @@
         <version>${log4j2.version}</version>
         <scope>test</scope>
       </dependency>
@@ -286,14 +286,14 @@ index 0626fc25ec..5c5b5f8ef4 100644
 -      <dependency>
 -        <groupId>io.projectreactor.tools</groupId>
 -        <artifactId>blockhound</artifactId>
-        <version>1.0.14.RELEASE</version>
+-        <version>1.0.15.RELEASE</version>
 -      </dependency>
     </dependencies>
   </dependencyManagement>
 
 diff --git a/transport-blockhound-tests/pom.xml b/transport-blockhound-tests/pom.xml
 deleted file mode 100644
-index d63f055214..0000000000
+index 3911b0cb1c..0000000000
 --- a/transport-blockhound-tests/pom.xml
 +++ /dev/null
@@ -1,228 +0,0 @@
@@ -319,7 +319,7 @@ index d63f055214..0000000000
 -  <parent>
 -    <groupId>io.netty</groupId>
 -    <artifactId>netty-parent</artifactId>
-    <version>4.1.128.Final</version>
+-    <version>4.1.130.Final</version>
 -  </parent>
 -
 -  <artifactId>netty-transport-blockhound-tests</artifactId>
@@ -1182,5 +1182,5 @@ index 9c9241bc65..0000000000
 -hH82y9bBeflqroOeztqMpONpWoZjlz0sWbJNvXztXINL7LaNmVYOcoUrCcxPS54T
 ------END CERTIFICATE-----
 -- 
-2.51.0
+2.52.0

--- a/0002-Remove-optional-dep-conscrypt.patch
+++ b/0002-Remove-optional-dep-conscrypt.patch
@@ -1,4 +1,4 @@
-From cfbe0ed5d7f2d0571b70213f07f3a414aff674e0 Mon Sep 17 00:00:00 2001
+From eb4608a17464639be083fbb07c46d1ec50fe80ea Mon Sep 17 00:00:00 2001
 From: Mat Booth <mat.booth@redhat.com>
 Date: Mon, 7 Sep 2020 13:24:30 +0100
 Subject: [PATCH 2/4] Remove optional dep conscrypt
@@ -15,7 +15,7 @@ Subject: [PATCH 2/4] Remove optional dep conscrypt
 delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java

 diff --git a/handler/pom.xml b/handler/pom.xml
-index 3d6bf34da7..4f1f05513d 100644
+index dd30e448f2..1076b3963f 100644
 --- a/handler/pom.xml
 +++ b/handler/pom.xml
@@ -96,12 +96,6 @@
@@ -331,10 +331,10 @@ index 917ebaea79..0000000000
 -    }
 -}
 diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-index dc3533e95d..92b0bc8b56 100644
+index 1f6332ec0a..09deb9efe6 100644
 --- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
 +++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-@@ -27,8 +27,7 @@
+@@ -27,8 +27,7 @@ import javax.net.ssl.SSLEngine;
  */
 @Deprecated
 public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
@@ -344,7 +344,7 @@ index dc3533e95d..92b0bc8b56 100644
                                              JettyAlpnSslEngine.isAvailable() ||
             (BouncyCastleUtil.isBcTlsAvailable() && BouncyCastleAlpnSslUtils.isAlpnSupported());
 
-@@ -121,7 +120,6 @@
+@@ -121,7 +120,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati
         public SSLEngine wrapSslEngine(SSLEngine engine, ByteBufAllocator alloc,
                                        JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) {
             throw new RuntimeException("ALPN unsupported. Is your classpath configured correctly?"
@@ -352,7 +352,7 @@ index dc3533e95d..92b0bc8b56 100644
                     + " For Jetty-ALPN, see "
                     + "https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html#alpn-starting");
         }
-@@ -131,10 +129,6 @@
+@@ -131,10 +129,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati
         @Override
         public SSLEngine wrapSslEngine(SSLEngine engine, ByteBufAllocator alloc,
                                        JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) {
@@ -434,10 +434,10 @@ index f80b3004a8..6159b87ca2 100644
 
         SslEngineType(boolean wantsDirectBuffer, Cumulator cumulator) {
 diff --git a/pom.xml b/pom.xml
-index 5c5b5f8ef4..170736db51 100644
+index c149145262..7619d72aa9 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -918,16 +918,6 @@
+@@ -984,16 +984,6 @@
         <optional>true</optional>
       </dependency>
 
@@ -455,5 +455,5 @@ index 5c5b5f8ef4..170736db51 100644
       <dependency>
         <groupId>software.amazon.cryptools</groupId>
 -- 
-2.51.0
+2.52.0

--- a/0003-Remove-optional-deps-jetty-alpn-and-npn.patch
+++ b/0003-Remove-optional-deps-jetty-alpn-and-npn.patch
@@ -1,4 +1,4 @@
-From 6be7812aeb2313bbf0fba49f353d9941de26b897 Mon Sep 17 00:00:00 2001
+From bc24ff3d1f65d8cca6d9866f86d0d288955aecf2 Mon Sep 17 00:00:00 2001
 From: Mat Booth <mat.booth@redhat.com>
 Date: Mon, 7 Sep 2020 13:26:20 +0100
 Subject: [PATCH 3/4] Remove optional deps jetty alpn and npn
@@ -15,7 +15,7 @@ Subject: [PATCH 3/4] Remove optional deps jetty alpn and npn
 delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java

 diff --git a/handler/pom.xml b/handler/pom.xml
-index 4f1f05513d..2a1556277c 100644
+index 1076b3963f..a7532b58a0 100644
 --- a/handler/pom.xml
 +++ b/handler/pom.xml
@@ -86,16 +86,6 @@
@@ -36,10 +36,10 @@ index 4f1f05513d..2a1556277c 100644
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>
 diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-index 92b0bc8b56..f0db866388 100644
+index 09deb9efe6..23504458d7 100644
 --- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
 +++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-@@ -28,7 +28,6 @@
+@@ -28,7 +28,6 @@ import javax.net.ssl.SSLEngine;
 @Deprecated
 public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
     private static final boolean AVAILABLE = JdkAlpnSslUtils.supportsAlpn() ||
@@ -47,7 +47,7 @@ index 92b0bc8b56..f0db866388 100644
             (BouncyCastleUtil.isBcTlsAvailable() && BouncyCastleAlpnSslUtils.isAlpnSupported());
 
     private static final SslEngineWrapperFactory ALPN_WRAPPER = AVAILABLE ? new AlpnWrapper() : new FailureWrapper();
-@@ -139,10 +138,6 @@
+@@ -139,10 +138,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati
             if (JdkAlpnSslUtils.supportsAlpn()) {
                 return new JdkAlpnSslEngine(engine, applicationNegotiator, isServer);
             }
@@ -374,10 +374,10 @@ index aad00b5f6d..0000000000
 -    }
 -}
 diff --git a/pom.xml b/pom.xml
-index 170736db51..9add346f6b 100644
+index 7619d72aa9..1a96a46174 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -875,20 +875,6 @@
+@@ -941,20 +941,6 @@
         <optional>true</optional>
       </dependency>
 
@@ -399,5 +399,5 @@ index 170736db51..9add346f6b 100644
       <dependency>
         <groupId>com.google.protobuf</groupId>
 -- 
-2.51.0
+2.52.0

--- a/0004-Disable-Brotli-and-ZStd-compression.patch
+++ b/0004-Disable-Brotli-and-ZStd-compression.patch
@@ -1,4 +1,4 @@
-From 8445a1513bc95a49a5ab9e89084cd3bf3ca0dd40 Mon Sep 17 00:00:00 2001
+From e88bb2c9f01c33b8ed1263dd3624f4b24c29dff1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <fridrich.strba@bluewin.ch>
 Date: Thu, 30 Mar 2023 13:19:04 +0200
 Subject: [PATCH 4/4] Disable Brotli and ZStd compression
@@ -418,7 +418,7 @@ index 73e497ccb8..56a2a93677 100644
         return null;
     }
 diff --git a/codec/src/main/java/io/netty/handler/codec/compression/StandardCompressionOptions.java b/codec/src/main/java/io/netty/handler/codec/compression/StandardCompressionOptions.java
-index 38793a97e6..c1f1c8c17c 100644
+index 1397e12308..c1f1c8c17c 100644
 --- a/codec/src/main/java/io/netty/handler/codec/compression/StandardCompressionOptions.java
 +++ b/codec/src/main/java/io/netty/handler/codec/compression/StandardCompressionOptions.java
@@ -15,11 +15,10 @@
@@ -481,7 +481,7 @@ index 38793a97e6..c1f1c8c17c 100644
 -    /**
 -     * Default implementation of {@link ZstdOptions} with{compressionLevel(int)} set to
 -     * {@link ZstdConstants#DEFAULT_COMPRESSION_LEVEL},{@link ZstdConstants#DEFAULT_BLOCK_SIZE},
-     * {@link ZstdConstants#MAX_BLOCK_SIZE}
+-     * {@link ZstdConstants#DEFAULT_MAX_ENCODE_SIZE}
 -     */
 -    public static ZstdOptions zstd() {
 -        return ZstdOptions.DEFAULT;
@@ -509,5 +509,5 @@ index 38793a97e6..c1f1c8c17c 100644
      * Default implementation of {@link GzipOptions} with
      * {@code compressionLevel()} set to 6, {@code windowBits()} set to 15 and {@code memLevel()} set to 8.
 -- 
-2.51.0
+2.52.0

--- a/netty-4.1.128.Final.tar.gz
+++ b/netty-4.1.128.Final.tar.gz
--- a/netty-4.1.130.Final.tar.gz
+++ b/netty-4.1.130.Final.tar.gz
--- a/netty.changes
+++ b/netty.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Dec 16 15:56:03 UTC 2025 - Fridrich Strba <fstrba@suse.com>
+
+- Upgrade to upstream verson 4.1.130
+  * Fixes:
+    + RLF injection vulnerability in io.netty.handler.codec.http
+      .HttpRequestEncoder (bsc#1255048, CVE-2025-67735)
+    + Update lz4-java version to 1.10.1
+    + Close Channel and fail bootstrap when setting a ChannelOption
+      causes an error
+    + Discard the following HttpContent for preflight request
+    + Fix race condition in NonStickyEventExecutorGroup causing
+      incorrect inEventLoop() results
+    + Fix Zstd compression for large data
+    + Fix ZstdEncoder not producing data when source is smaller than
+      block
+    + Make big endian ASCII hashcode consistent with little endian
+    + Fix reentrancy bug in ByteToMessageDecoder
+    + Add 32k and 64k size classes to adaptive allocator
+    + Re-enable reflective field accesses in native images
+    + Correct HTTP/2 padding length check
+    + Fix HTTP startline validation
+    + Fix MpscIntQueue bug
+- Modified patches:
+  * 0001-Remove-optional-dep-Blockhound.patch
+  * 0002-Remove-optional-dep-conscrypt.patch
+  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
+  * 0004-Disable-Brotli-and-ZStd-compression.patch
+    + rediff
+
 -------------------------------------------------------------------
 Thu Oct 23 18:19:04 UTC 2025 - Fridrich Strba <fstrba@suse.com>

--- a/netty.spec
+++ b/netty.spec
@@ -19,7 +19,7 @@
 %global namedreltag .Final
 %global namedversion %{version}%{?namedreltag}
 Name:           netty
-Version:        4.1.128
+Version:        4.1.130
 Release:        0
 Summary:        An asynchronous event-driven network application framework and tools for Java
 License:        Apache-2.0
@@ -185,7 +185,7 @@ rm codec/src/main/java/io/netty/handler/codec/marshalling/*
 rm codec/src/*/java/io/netty/handler/codec/compression/Lzma*.java
 %pom_remove_dep -r com.ning:compress-lzf
 rm codec/src/*/java/io/netty/handler/codec/compression/Lzf*.java
-%pom_remove_dep -r org.lz4:lz4-java
+%pom_remove_dep -r at.yawk.lz4:lz4-java
 rm codec/src/*/java/io/netty/handler/codec/compression/Lz4*.java
 %pom_remove_dep -r com.aayushatharva.brotli4j:
 rm codec/src/*/java/io/netty/handler/codec/compression/Brotli*.java