File netty.changes of Package netty.33151
-------------------------------------------------------------------
Wed Mar 27 13:17:21 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.108
* Fixes of 4.1.108:
+ HttpPostRequestDecoder can OOM (bsc#1222045, CVE-2024-29025)
+ Add zstd decoder
+ Updated HTTP2 Reader to fix missing header state
+ codec-http2: fix some frame validation errors
+ SSL: Only wrap TrustManager if FIPS is not used
+ Epoll: Correctly handle splice tasks when Channel is closed
+ Allow to cancel connect() operations when using non-blocking
IO
+ DNS resolver final CNAME lookup disabled
+ DNS: Add DnsRecordType definitions for SVCB and HTTPS
+ SSL: Only try to use TLSv1.3 if a compatible ciphersuite is
configured
+ Backport 'Fix buffer leak in DefaultHttp2HeadersEncoder' to v4
+ SSL: Hold the right monitor while running delegating task
+ SSL: Execute SSL_do_handshake(...) after task is run to ensure
SSLEngine.getHandshakeStatus() returns the correct value all
the time
+ Add active flag to EpollServerDomainSocketChannel fd
constructor
+ Epoll: Fix possible Classloader deadlock caused by loading
class via JNI
+ Prefer /etc/resolv.conf on Linux and Mac
+ Handle invalid cookie value
+ Upgrade to latest tcnative release
+ ByteToMessageDecoder.channelReadComplete(...) does call read()
too often
+ Remove the lock usage in PoolArena#numPinnedBytes()
+ Fix x-www-form-urlencoded parsing for no-value key
(re-submission)
* Fixes of 4.1.107:
+ Speedup pseudoheader lookup
+ Add support for the Partitioned attribute in cookies
+ Reduce HTTP 1.1 Full msg pipeline traversals
+ DnsNameResolver: Add DnsQueryIdSpace class to reduce overhead
while generating IDs
+ Fix copy-paste mistake in
LazyX509Certificate.getIssuerAlternativeNames()
+ HTTP2: lastStreamCreated() does return the wrong value when
all stream ids were used
+ HTTP2: Update local window should not fail queued frames
+ DnsNameResolver: Allways call bind() during bootstrap
+ HTTP: HttpObjectDecoder must not use HTTPMessage once it is
passed to the next handler in the ChannelPipeline
+ Ensure key / values are shared between resumed sessions
+ SSLSession.getLastAccessedTime() and getCreationTime() should
not be equal when session is reused
+ Snappy: Use unsigned short to handle 2 ^ 16 input size instead
of 2 ^ 15
* Fixes of 4.1.106:
+ HTTP2: Prevent sharing the index of the continuation frame
header ByteBuf.
+ DnsNameResolver: Fail query if id space is exhausted
+ Short-circuit ByteBuf::release
* Fixes of 4.1.105:
+ Fix exception on HTTP chunk size overflow
+ Default value of MAX_MESSAGES_PER_READ not used for native
DatagramChannels
+ Redo fix scalability issue due to checkcast on context's
invoke operations
+ Be able to retry the query via TCP if a query failed because
of a timeout
+ Save HTTP 2 pseudo-header lower-case validation
+ DnsNameResolver: Limit connect timeout to query timeout
+ h2: propagate stream close without read pending, avoid SOOE
if !autoRead
* Fixes of 4.1.104:
+ dyld: Symbol not found: _netty_jni_util_JNI_OnLoad
* Fixes of 4.1.103:
+ Workaround for regex bug in Android SDK
+ Use Http2Headers.size() instead of isEmpty()
+ Add support for RISC-V
* Fixes of 4.1.101:
+ Add service-loaded extension points for channel initialization
+ Added check for pseudo-headers in trailers
+ Automatically close Http2StreamChannel when
Http2FrameStreamExceptionreaches end ofChannelPipeline
+ Throwing a stackless exception if RST_FRAME rate is exceeded
+ Only enable the RST limit for servers by default
+ Change default value of MAX_MESSAGES_PER_READ for
DatagramChannel implementations
+ Descriptive message for errors related to unknown http2
streams
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
+ rebase
-------------------------------------------------------------------
Wed Feb 21 10:52:04 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
- Use %patch -P N instead of deprecated %patchN.
-------------------------------------------------------------------
Thu Oct 12 15:12:00 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.100
* Fixes of 4.1.100:
+ DDoS vector in the HTTP/2 protocol due RST frames
(bsc#1216169, CVE-2023-44487)
+ Do not fail when compressing empty HttpContent
* Fixes of 4.1.99:
+ Do not try to delete a global handle with the local handles
APIs
+ Enable build with JDK21
+ dyld: lazy symbol binding failed: Symbol not found:
_netty_jni_util_JNI_OnLoad
* Fixes of 4.1.98:
+ Revert "HttpHeaderValidationUtil should reject chars past the
1 byte range"
+ Filter out unresolved addresses when parsing resolv.conf
+ Prevent classloader leak via JNI
+ SSLSession.getPeerCertificateChain() should throw
UnsupportedOperationException if javax.security.cert
.X509Certificate can not be created
+ Enable client side session cache when using native SSL by
default
* Fixes of 4.1.97:
+ Fixing AsciiString#lastIndexOf To Respect The offset
+ Add support for snappy http2 content decompression
+ Add support for password-based encryption scheme 2 params
+ HttpHeaderValidationUtil should reject chars past the 1 byte
range
+ Honor SslHandler.setWrapDataSize greater than SSL packet
length
+ Add support for snappy http content encoding
* Fixes of 4.1.96:
+ Move the PoolThreadCache finalizer to a separate object
+ Fix kevent(..) failed: Invalid argument
+ Revert "Always increment Stream Id on createStream" to fix bug
which caused sending multiple RST frames for the same id
* Fixes of 4.1.95
+ Add resource leak listener
+ Reduce object allocations during SslHandler.flush(...)
+ Ensure ByteBuf.capacity(...) will never throw AssertionError
+ Make transport.Bootstrap usable with no netty-resolver on
classpath
+ Correctly retain slice when calling
ReplayingDecoderByteBuf.retainedSlice(...)
+ Always increment Stream Id on createStream(...)
+ Fix BrotliEncoder bug that does not mark ByteBuf it encodes a
read
+ Enhance CertificateException message when throw due hostname
validation
- Rebased patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
-------------------------------------------------------------------
Wed Sep 13 04:55:29 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp
-------------------------------------------------------------------
Fri Jun 23 08:44:41 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.94
* Fixes of 4.1.94:
+ Respect offset in
io.netty.util.NetUtil#toAddressString(byte[], int, boolean)
+ Skip finalization for PoolThreadCache instances without
small/normal caches
+ Use network byte order when encoding ipv4 address and port
for Socks codecs
+ Call ReleaseByteArrayElements even when handling of
socket_path fails to fix small mem leak
+ Always enable leak tracking for derived buffers if parent is
tracked
+ Release DnsRecords when failing to notify promise
+ Delay possibility to reuse transaction id when query is
failing because of timeout or cancellation
+ Implement contains for SelectedSelectionKeySet
+ Use Two-Way for finding the delimiter in
DelimiterBasedFrameDecoder
+ Obtain the local address from the fd when the client connects
only with remote address (UDS)
+ Allow to limit the maximum lenght of the ClientHello
(bsc#1212637, CVE-2023-34462)
* Fixes of 4.1.93:
+ Reset byte buffer in loop for AbstractDiskHttpData.setContent
+ OpenSSL MAX_CERTIFICATE_LIST_BYTES option supported
+ Adapt to DirectByteBuffer constructor in Java 21
+ HTTP/2 encoder: allow HEADER_TABLE_SIZE greater than
Integer.MAX_VALUE
+ Upgrade to latest netty-tcnative to fix memory leak
+ H2/H2C server stream channels deactivated while write still
in progress
+ Channel#bytesBefore(un)writable off by 1
+ HTTP/2 should forward shutdown user events to active streams
+ Respect the number of bytes read per datagram when using
recvmmsg
* Fixes of 4.1.92:
+ Make Recycler faster on OpenJ9
+ Allow to change the limit for the maximum size of the
certificate chain.
+ Guard against unbounded grow of suppressed exceptions storage
+ Release websocket handshake response if pipeline checks fail
+ Add support for local and remote addresses on the server for
child channels when UDS
+ Http types slow path checks
* Fixes of 4.1.91:
+ Fire a PrematureChannelClosureException when Channel is closed
while aggregating is still in progress
+ Connect without password if server returns NO_AUTH when using
Socks5
+ Use optional resolution of sun.net.dns
+ Introduce Http2MultiplexActiveStreamsException that can be
used to propagate an error to all active streams
+ Use the correct error when reset a stream
+ Update: Add snappy support on HttpContentDecoder
+ Don't unwrap multiple records until we notified the caller
about the finished handshake
+ Handle EHOSTUNREACH errors in io.netty.channel.unix.Errors
- Depend on netty-tcnative >= 2.0.60 for SSLContext.setMaxCertList
method.
- Rebased patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
-------------------------------------------------------------------
Thu Mar 30 16:49:51 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 4.1.90
* Fixes of 4.1.90:
+ Adding header name of the header which failed validation
+ Fix HttpHeaders.names for non-String headers
+ Save expensive volatile operations in the common hot http
decoder path
+ Avoid slow type checks against promises on outbound buffer's
progress
+ Implement NonStickyEventExecutorGroup.inEventLoop
+ Native image: add support for unix domain sockets
+ Use MacOS SDK 10.9 to prevent apple notarization failures
+ Increase errno cache and guard against IOOBE
+ Don't reset BCSSLParameters when setting application protocols
+ WebSocketClientProtocolHandler: add option to disable UTF8
validation
+ Chunked HTTP length decoding should account for
whitespaces/ctrl chars
+ Handle NullPointerException thrown from
NetworkInterface.getNetworkInterfaces()
* Fixes of 4.1.89:
+ Don't fail on HttpObjectDecoder's maxHeaderSize greater then
(Integer.MAX_VALUE - 2)
+ dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when
upgrading from 4.1.87.Final to 4.1.88.Final
* Fixes of 4.1.88:
+ Speed-up HTTP 1.1 header and line parsing
+ Add StacklessSSLHandshakeException for ClosedChannelException
+ Modify changed CloseWebSocketFrame#statusCode() to change the
fetch code to unsigned
+ Check if CommandLineTools are installed before trying to
execute install_name_tool
+ Allow to adjust the GlobalEventExecutor quietPeriod via a
system property
+ Add SslProvider.isOptionSupported(...)
+ Fix FlowControlHandler's behaviour to pass read events when
auto-reading is turned off
+ Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add
transfer-encoding for 204/304 response
+ Only do extra CNAME query if we couldnt follow the whole CNAME
chain in the response
+ Include query id when a query failed
+ DnsResolveContext: include expected record types in exception
message
+ Add necessary native-image configuration files for epoll
+ Create a deep-copy of the Throwable before returning it from
the cache to prevent possible leaks
+ Always respect completeOncePreferredResolved in
DnsNameResolver
+ fix brotli compression
+ Optionally depend on bctls-jdk15on
+ Make releasing objects back to Recycler faster
+ Correctly keep track of validExtensions per request / response
+ Add handling of inflight lookups to reduce real queries when
lookup same hostname
+ DnsQueryContext: include query id and question info in
exception message
+ AsciiStrings can be batch-encoded
* Fixes of 4.1.87:
+ Upgrade to latest netty-tcnative release which doesnt link
libcrypt
+ Add recvmmsg & sendmmsg syscall number for loongarch64
+ Return correct value from SSLSession.getPacketSize() when
using native SSL implementation
+ Explicit disable TLSv1.3 in the OpenSSL options if not
supported
+ Support handshake timeout in SniHandler.
+ Extend DNS address supplier interface to provide feedback
* Fixes of 4.1.86:
+ HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360,
CVE-2022-41881)
+ HTTP Response splitting from assigning header value iterator
(bsc#1206379, CVE-2022-41915)
+ Revert #12888 for potential task scheduling problems in
HashedWheelTimer
+ Deprecate ObjectEncoder/ObjectDecoder
+ HPACK dynamic table size update must happen at the beginning
of the header block
* Fixes of 4.1.85:
+ A bug in FlowControlHandler that broke auto-read has been
fixed
+ The HTTP/2 HPACK encoder is now faster at encoding headers
that have many values
+ A potential memory leak bug has been fixed in the pooled
allocator
+ Fix an issue with the Blockhound integration, which could
cause the MacOSDnsServerAddressStreamProvider to be flagged
as making blocking calls
+ Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have
been fixed
+ ByteToMessageDecoder now handle situations where the same
ByteBuf instance is read multiple times
+ The check that ensures the HTTP/1 Content-Length header is
unique, now no longer causes headers to be rearranged (change
their order)
+ Fix a NullPointerException bug with class initialisation order
between InternalLogger and InternalThreadLocalMap
+ When the netty-resolver-dns-native-macos classes can't load
their native bindings, they now only print a short error
message instead of the huge stack trace it printed previously.
The stack trace is still included if DEBUG logging is enabled
+ The Graal native-image meta-data is now placed in the
recommended location, and no longer causes warnings to be
printed
+ The HTTP/1 and HTTP/2 codecs now properly support RFC 8297
Early Hints
+ Subclasses of FastThreadLocalThread can now tell the Netty
Blockhound integration that they should be allowed to make
blocking calls
+ Validation of HTTP/2 connection headers have been moved from
Http2Headers to HpackDecoder, so that outgoing headers are
not validated
* Fixes of 4.1.84:
+ HTTP/2 header values with invalid characters are now rejected
in header validation
+ We now automatically generate conditional meta-data for
native-image use, making GraalVM support more reliable
+ Fix a scalability issue caused by instanceof and check-cast
checks that lead to false-sharing on the
Klass::secondary_super_cache field in the JVM
(See JDK-8180450)
+ Made the HTTP/2 HPACK static table implementation faster by
using a perfect hash function
+ Fixed a bug in our PEMParser when PEM files have multiple
objects, and BouncyCastle is on the classpath
* Fixes of 4.1.82:
+ Fix a NullPointerException bug when calling forEachByte on
nested CompositeByteBufs
+ Relax an overly strict HTTP/2 header validation check that was
rejecting requests from Chrome and Firefox
+ The OpenSSL and BoringSSL implementations now respect the
jdk.tls.client.protocols and jdk.tls.server.protocols system
properties, making them react to these in the same way the JDK
SSL provider does
* Fixes of 4.1.81:
+ Fix a regression SslContext private key loading
+ Fix a bug in SslContext private key reading fall-back path
+ Fix a buffer leak regression in HttpClientCodec
+ Fix a bug where some HttpMessage implementations, that also
implement HttpContent, were not handled correctly
+ The MessageFormatter and FormattingTuple classes are now
usable in the public API
+ Connection related headers in HTTP/2 frames are now rejected,
in compliance with the specification
* Fixes of 4.1.80:
+ HttpObjectEncoder scalability issue due to instanceof checks
+ Improve logging when MacOSDnsServerAddressStreamProvider
cannot be found/loaded
+ Replace stdlib write/read with send/recv
+ Support for pkcs1
+ Add Blockhound exceptions for the PooledByteBufAllocator
+ Fix epoll bug when receiving zero-sized datagrams
+ Avoid including header values in header validation failure
exceptions
+ Avoid allocating large buffers in JdkZlibEncoder
+ Native Image Support: Set
IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default
for native images
+ We need to use disconnectx(...) on macOS
+ Replace synchronized with Java Locks on the allocator
+ Don't use static instances of FixedRecvByteBufAllocator
+ Add escaping for stomp headers
* Fixes of 4.1.79:
+ The PEM certificate parser is no longer susceptible to
exponential back-off
+ Non-standard extra ampersands in HTTP POST bodies are no
longer rejected
+ An io.netty.osClassifiers system property has been added to
avoid reading os-release files
+ Fix a bug in SslHandler so handlerRemoved works properly even
if handlerAdded throws an exception
+ Use the correct OSGi processor directive on aarch64, making it
possible to use OSGi on ARM
+ HTTP paths that begin with a double-slash are now parsed the
same way browsers do
+ The isCompleted flag is now correctly preserved on objects
from HttpData.retainedDuplicate()
+ The HttpUtil.isOriginForm() and isAsteriskForm() methods now
correctly conform with RFC 7230
+ Fix an issue that allowed the multicast methods on
EpollDatagramChannel to be called outside of an event-loop
thread
+ Support for the LoongArch64 processor architecture has been
added
* Fixes of 4.1.78:
+ Fix a bug where an OPT record was added to DNS queries that
already had such a record
+ Fix a bug that caused an error when files uploaded with HTTP
POST contained a backslash in their name
+ Fix an issue in the BlockHound integration that could
occasionally cause NetUtil to be reported as performing
blocking operations
+ A similar BlockHound issue was fixed for the JdkSslContext
+ Fix a bug that prevented preface or settings frames from
being flushed, when an HTTP2 connection was established with
prior-knowledge
+ Fixes a rare NullPointerException that could occur when a
ReferenceCountedOpenSslEngine threw an OutOfMemoryError from
its constructor, and was then later finalized
+ The SslHandler now adds the socket file descriptor to the
BIOs, when the SslEngine supports this (boringssl and
libressl), which allow tracing and observability tools to
monitor encryption traffic on a per-connection basis.
+ It is now possible to explicitly step the scheduling clock in
EmbeddedEventLoop, which is useful for making automated tests
with deterministic scheduling
* Fixes of 4.1.77:
+ Local Information Disclosure Vulnerability in Netty on
Unix-Like systems due temporary files for Java 6 and lower in
io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823)
+ Upgraded the optional netty-tcnative dependency to version
2.0.52.Final
+ Fix a bug where Netty fails to load a shaded native library
+ Include classifier in Automatic-Module-Name
+ Check if epoll_pwait2 is implemented
+ Don't call strdup on packagePrefix
+ Enable debugging of asynchronous tasks in Intellij
+ Throwing an exception in case glibc is missing instead of
segfaulting the JVM
* Fixes of 4.1.76:
+ Upgraded the optional netty-tcnative dependency to version
2.0.51.Final
+ Upgraded the optional log4j dependency to version 2.17.2
+ The netty-all module now declare an automatic module name,
making it useable with Java Modules.
+ It is now possible to configure arbitrary socket options for
the native epoll and kqueue transports. Refer to your
operating system documentation for what options are available.
+ It is now possible to explicitly bind channels to either IPv4
or IPv6.
+ The HTTP/2 header validation that rejects duplicate
pseudo-headers, which was added in 4.1.75.Final, has been
changed so it no longer breaks older versions of gRPC.
" Fix a NullPointerException that was hiding the real cause of
certain HTTP/2 header decoding errors.
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* no-brotli-zstd.patch
-> 0004-Disable-Brotli-and-ZStd-compression.patch
* no-werror.patch
+ rebase
- Removed patches:
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
+ we have the dependencies, so no need to disable them
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ solve the build breakages differently
- Added patches:
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
+ do not use annotations for which we don't have dependencies
* 0007-Do-not-require-the-tcnative-native-library.patch
+ our tcnative library is installed system-wide
-------------------------------------------------------------------
Thu Oct 13 11:21:47 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Force building with java 11 on ix86 in order to avoid random
build failures
-------------------------------------------------------------------
Fri Apr 8 07:27:55 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to latest upstream version 4.1.75
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ rebase
-------------------------------------------------------------------
Tue Feb 22 18:27:07 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Do not build against the log4j12 packages
-------------------------------------------------------------------
Tue Dec 14 06:31:10 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Upgrade to latest upstream version 4.1.72
* fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn't allow
setting size restrictions for decompressed data
* fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn't
restrict chunk length any may buffer skippable chunks in an
unnecessary way
* fixes: bsc#1193672, CVE-2021-43797: possible HTTP request
smuggling due to insufficient validation against control
characters
* fixes: bsc#1184203, CVE-2021-21409: request smuggling via
content-length header
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
* no-werror.patch
+ rediff to changed context
- Added patch:
* no-brotli-zstd.patch
+ disable Brotli and Zstd compression, since we lack
the dependencies needed to build them
-------------------------------------------------------------------
Fri Mar 12 08:31:56 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Upgrade to latest upstream version 4.1.60
* fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request
Content-Length header field is not validated by
'Http2MultiplexHandler'
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
+ rediff to changed context
- Added patch:
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ revert optional disabled cache implementation that conflicts
with our 0004-Remove-optional-dep-tcnative.patch
-------------------------------------------------------------------
Thu Feb 11 12:00:22 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Upgrade to latest upstream version 4.1.59
- Removed patches:
* netty-CVE-2020-11612.patch
* netty-CVE-2021-21290.patch
+ fixes integrated in the upstream sources
* 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
* 0002-Remove-NPN.patch
* 0003-Remove-conscrypt-ALPN.patch
* 0004-Remove-jetty-ALPN.patch
+ replaced by new patches
- Added patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
+ remove various optional dependencies that we do not need
* 0006-revert-Fix-native-image-build.patch
+ Revert changes that introduce a new dependency that we
do not have
* no-werror.patch
+ Do not treat warnings as errors
- Build -poms and -javadoc as noarch packages, since they do not
install anything in arch-dependent directories
-------------------------------------------------------------------
Thu Feb 11 09:20:25 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* netty-CVE-2021-21290.patch
+ bsc#1182103, CVE-2021-21290
-------------------------------------------------------------------
Thu Apr 9 07:54:00 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* netty-CVE-2020-11612.patch
+ bsc#1168932, CVE-2020-11612
+ bsc#1169082, CVE-2020-10707
-------------------------------------------------------------------
Thu Jan 9 15:14:41 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Split pom-only artifacts into a subpackage netty-pom in order
to generate their dependencies correctly
-------------------------------------------------------------------
Wed Nov 13 19:18:57 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Initial packaging of netty 4.1.13
