Overview

File netty.changes of Package netty.23695

-------------------------------------------------------------------
Fri Apr  8 07:27:55 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to latest upstream version 4.1.75
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
    + rebase

-------------------------------------------------------------------
Tue Feb 22 18:27:07 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Do not build against the log4j12 packages

-------------------------------------------------------------------
Tue Dec 14 06:31:10 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to latest upstream version 4.1.72
  * fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn't allow
    setting size restrictions for decompressed data
  * fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn't
    restrict chunk length any may buffer skippable chunks in an
    unnecessary way
  * fixes: bsc#1193672, CVE-2021-43797: possible HTTP request
    smuggling due to insufficient validation against control
    characters
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
  * no-werror.patch
    + rediff to changed context
- Added patch:
  * no-brotli-zstd.patch
    + disable Brotli and Zstd compression, since we lack
      the dependencies needed to build them

-------------------------------------------------------------------
Fri Mar 12 08:31:56 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to latest upstream version 4.1.60
  * fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request
    Content-Length header field is not validated by
    'Http2MultiplexHandler'
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
    + rediff to changed context
- Added patch:
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
    + revert optional disabled cache implementation that conflicts
      with our 0004-Remove-optional-dep-tcnative.patch

-------------------------------------------------------------------
Thu Feb 11 12:00:22 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to latest upstream version 4.1.59
- Removed patches:
  * netty-CVE-2020-11612.patch
  * netty-CVE-2021-21290.patch
    + fixes integrated in the upstream sources
  * 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
  * 0002-Remove-NPN.patch
  * 0003-Remove-conscrypt-ALPN.patch
  * 0004-Remove-jetty-ALPN.patch
    + replaced by new patches
- Added patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
    + remove various optional dependencies that we do not need
  * 0006-revert-Fix-native-image-build.patch
    + Revert changes that introduce a new dependency that we
      do not have
  * no-werror.patch
    + Do not treat warnings as errors
- Build -poms and -javadoc as noarch packages, since they do not
  install anything in arch-dependent directories

-------------------------------------------------------------------
Thu Feb 11 09:20:25 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * netty-CVE-2021-21290.patch
    + bsc#1182103, CVE-2021-21290

-------------------------------------------------------------------
Thu Apr  9 07:54:00 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * netty-CVE-2020-11612.patch
    + bsc#1168932, CVE-2020-11612
    + bsc#1169082, CVE-2020-10707

-------------------------------------------------------------------
Thu Jan  9 15:14:41 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Split pom-only artifacts into a subpackage netty-pom in order
  to generate their dependencies correctly

-------------------------------------------------------------------
Wed Nov 13 19:18:57 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Initial packaging of netty 4.1.13
openSUSE Build Service is sponsored by
Places