#
# spec file for package netty
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global debug_package %{nil}
%global namedreltag .Final
%global namedversion %{version}%{?namedreltag}
Name: netty
Version: 4.1.94
Release: 2.23
Summary: An asynchronous event-driven network application framework and tools for Java
License: Apache-2.0
URL: https://netty.io/
Source0: https://github.com/netty/netty/archive/netty-%{namedversion}.tar.gz
# Upsteam uses a simple template generator script written in groovy and run with gmaven
# We don't have the plugin and want to avoid groovy dependency
# This script is written in bash+sed and performs the same task
Source1: codegen.bash
Source2: https://repo1.maven.org/maven2/io/netty/netty-jni-util/0.0.6.Final/netty-jni-util-0.0.6.Final-sources.jar
Patch0: 0001-Remove-optional-dep-Blockhound.patch
Patch1: 0002-Remove-optional-dep-conscrypt.patch
Patch2: 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
Patch3: 0004-Disable-Brotli-and-ZStd-compression.patch
Patch4: 0005-Do-not-use-the-Graal-annotations.patch
Patch5: 0006-Do-not-use-the-Jetbrains-annotations.patch
Patch6: 0007-Do-not-require-the-tcnative-native-library.patch
Patch7: no-werror.patch
BuildRequires: fdupes
BuildRequires: gcc
BuildRequires: make
BuildRequires: maven-local
BuildRequires: unzip
BuildRequires: mvn(com.jcraft:jzlib)
BuildRequires: mvn(commons-logging:commons-logging)
BuildRequires: mvn(io.netty:netty-tcnative-classes) >= 2.0.60
BuildRequires: mvn(kr.motd.maven:os-maven-plugin)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.logging.log4j:log4j-1.2-api)
BuildRequires: mvn(org.apache.logging.log4j:log4j-api)
BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on)
BuildRequires: mvn(org.bouncycastle:bctls-jdk15on)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
BuildRequires: mvn(org.codehaus.mojo:exec-maven-plugin)
BuildRequires: mvn(org.jctools:jctools-core)
BuildRequires: mvn(org.slf4j:slf4j-api)
%ifarch %{ix86}
BuildConflicts: java >= 12
BuildConflicts: java-devel >= 12
BuildConflicts: java-headless >= 12
%endif
%description
Netty is a NIO client server framework which enables quick and easy
development of network applications such as protocol servers and
clients. It greatly simplifies and streamlines network programming
such as TCP and UDP socket server.
'Quick and easy' doesn't mean that a resulting application will suffer
from a maintainability or a performance issue. Netty has been designed
carefully with the experiences earned from the implementation of a lot
of protocols such as FTP, SMTP, HTTP, and various binary and
text-based legacy protocols. As a result, Netty has succeeded to find
a way to achieve ease of development, performance, stability, and
flexibility without a compromise.
%package poms
Summary: POM-only artifacts for %{name}
BuildArch: noarch
%description poms
%{summary}.
%package javadoc
Summary: API documentation for %{name}
BuildArch: noarch
%description javadoc
%{summary}.
%prep
%setup -q -n netty-netty-%{namedversion}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
# remove unnecessary dependency on parent POM
%pom_remove_parent . bom dev-tools
# Disable all in one jar
%pom_disable_module all
# Not needed for RPM builds
%pom_disable_module "example"
%pom_disable_module "microbench"
%pom_xpath_inject 'pom:plugin[pom:artifactId="maven-remote-resources-plugin"]' '
io.netty
netty-dev-tools
${project.version}
'
%pom_remove_plugin :maven-antrun-plugin
%pom_remove_plugin :maven-dependency-plugin
%pom_remove_plugin :xml-maven-plugin
%pom_remove_plugin :japicmp-maven-plugin
%pom_remove_plugin -r :maven-checkstyle-plugin
%pom_remove_plugin -r :animal-sniffer-maven-plugin
%pom_remove_plugin -r :maven-enforcer-plugin
%pom_remove_plugin -r :maven-shade-plugin
%pom_remove_plugin -r :maven-release-plugin
%pom_remove_plugin -r :maven-clean-plugin
%pom_remove_plugin -r :maven-source-plugin
%pom_remove_plugin -r :maven-deploy-plugin
%pom_remove_plugin -r :maven-jxr-plugin
%pom_remove_plugin -r :maven-javadoc-plugin
%pom_remove_plugin -r :forbiddenapis
%pom_remove_plugin -r :revapi-maven-plugin
%pom_remove_plugin -r :bom-helper-maven-plugin
cp %{SOURCE1} common/codegen.bash
chmod +x common/codegen.bash
%pom_add_plugin org.codehaus.mojo:exec-maven-plugin common '
generate-collections
generate-sources
exec
common/codegen.bash
'
%pom_remove_plugin :groovy-maven-plugin common
# We don't have com.oracle.substratevm
%pom_remove_dep "org.graalvm.nativeimage:" common
rm common/src/main/java/io/netty/util/internal/svm/*
# The protobuf-javanano API was discontinued upstream
# so disable support for protobuf in the codecs module
%pom_remove_dep -r "com.google.protobuf:protobuf-java"
%pom_remove_dep -r "com.google.protobuf.nano:protobuf-javanano"
rm codec/src/main/java/io/netty/handler/codec/protobuf/*
sed -i '/import.*protobuf/d' codec/src/main/java/io/netty/handler/codec/DatagramPacket*.java
%pom_remove_dep -r "org.jboss.marshalling:jboss-marshalling"
rm codec/src/main/java/io/netty/handler/codec/marshalling/*
# Various compression codecs
%pom_remove_dep -r com.github.jponge:lzma-java
rm codec/src/*/java/io/netty/handler/codec/compression/Lzma*.java
%pom_remove_dep -r com.ning:compress-lzf
rm codec/src/*/java/io/netty/handler/codec/compression/Lzf*.java
%pom_remove_dep -r net.jpountz.lz4:lz4
rm codec/src/*/java/io/netty/handler/codec/compression/Lz4*.java
%pom_remove_dep -r com.aayushatharva.brotli4j:
rm codec/src/*/java/io/netty/handler/codec/compression/Brotli*.java
%pom_remove_dep -r com.github.luben:zstd-jni
rm codec/src/*/java/io/netty/handler/codec/compression/Zstd*.java
# Disable other codecs with extra dependencies
%pom_remove_dep -r com.fasterxml:aalto-xml
%pom_disable_module codec-xml
# Disable unneeded transport artifacts
%pom_disable_module transport-native-epoll
%pom_disable_module transport-native-kqueue
%pom_disable_module transport-rxtx
%pom_disable_module transport-sctp
%pom_disable_module transport-udt
# Disable macos native bit
%pom_disable_module resolver-dns-native-macos
# Disable test suites
%pom_disable_module testsuite
%pom_disable_module testsuite-autobahn
%pom_disable_module testsuite-http2
%pom_disable_module testsuite-native
%pom_disable_module testsuite-native-image
%pom_disable_module testsuite-native-image-client
%pom_disable_module testsuite-native-image-client-runtime-init
%pom_disable_module testsuite-osgi
%pom_disable_module testsuite-shading
%pom_disable_module transport-native-unix-common-tests
%pom_remove_dep io.netty:netty-jni-util transport-native-unix-common
%pom_remove_plugin :maven-dependency-plugin transport-native-unix-common
mkdir -p transport-native-unix-common/target/netty-jni-util
unzip %{SOURCE2} -d transport-native-unix-common/target/netty-jni-util
# Upstream has jctools bundled.
%pom_xpath_remove "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-bundle-plugin']/pom:executions/pom:execution[pom:id = 'generate-manifest']/pom:configuration/pom:instructions/pom:Import-Package" common/pom.xml
%pom_remove_dep -r :annotations-java5
# Tell xmvn to install attached artifact, which it does not
# do by default. In this case install all attached artifacts with
# the linux classifier.
%{mvn_package} ":::linux*:"
%{mvn_package} ":netty-parent" poms
%{mvn_package} ":netty-bom" poms
%{mvn_package} ':*-tests' __noinstall
%build
%{mvn_build} -f -- -Dsource=8
%install
%mvn_install
%fdupes -s %{buildroot}%{_javadocdir}
%files -f .mfiles
%license LICENSE.txt NOTICE.txt
%files poms -f .mfiles-poms
%license LICENSE.txt NOTICE.txt
%files javadoc -f .mfiles-javadoc
%license LICENSE.txt NOTICE.txt
%changelog
* Fri Jun 23 2023 Fridrich Strba
- Upgrade to upstream version 4.1.94
* Fixes of 4.1.94:
+ Respect offset in
io.netty.util.NetUtil#toAddressString(byte[], int, boolean)
+ Skip finalization for PoolThreadCache instances without
small/normal caches
+ Use network byte order when encoding ipv4 address and port
for Socks codecs
+ Call ReleaseByteArrayElements even when handling of
socket_path fails to fix small mem leak
+ Always enable leak tracking for derived buffers if parent is
tracked
+ Release DnsRecords when failing to notify promise
+ Delay possibility to reuse transaction id when query is
failing because of timeout or cancellation
+ Implement contains for SelectedSelectionKeySet
+ Use Two-Way for finding the delimiter in
DelimiterBasedFrameDecoder
+ Obtain the local address from the fd when the client connects
only with remote address (UDS)
+ Allow to limit the maximum lenght of the ClientHello
(bsc#1212637, CVE-2023-34462)
* Fixes of 4.1.93:
+ Reset byte buffer in loop for AbstractDiskHttpData.setContent
+ OpenSSL MAX_CERTIFICATE_LIST_BYTES option supported
+ Adapt to DirectByteBuffer constructor in Java 21
+ HTTP/2 encoder: allow HEADER_TABLE_SIZE greater than
Integer.MAX_VALUE
+ Upgrade to latest netty-tcnative to fix memory leak
+ H2/H2C server stream channels deactivated while write still
in progress
+ Channel#bytesBefore(un)writable off by 1
+ HTTP/2 should forward shutdown user events to active streams
+ Respect the number of bytes read per datagram when using
recvmmsg
* Fixes of 4.1.92:
+ Make Recycler faster on OpenJ9
+ Allow to change the limit for the maximum size of the
certificate chain.
+ Guard against unbounded grow of suppressed exceptions storage
+ Release websocket handshake response if pipeline checks fail
+ Add support for local and remote addresses on the server for
child channels when UDS
+ Http types slow path checks
* Fixes of 4.1.91:
+ Fire a PrematureChannelClosureException when Channel is closed
while aggregating is still in progress
+ Connect without password if server returns NO_AUTH when using
Socks5
+ Use optional resolution of sun.net.dns
+ Introduce Http2MultiplexActiveStreamsException that can be
used to propagate an error to all active streams
+ Use the correct error when reset a stream
+ Update: Add snappy support on HttpContentDecoder
+ Don't unwrap multiple records until we notified the caller
about the finished handshake
+ Handle EHOSTUNREACH errors in io.netty.channel.unix.Errors
- Depend on netty-tcnative >= 2.0.60 for SSLContext.setMaxCertList
method.
- Rebased patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Disable-Brotli-and-ZStd-compression.patch
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
* 0007-Do-not-require-the-tcnative-native-library.patch
* Thu Mar 30 2023 Fridrich Strba
- Upgrade to upstream version 4.1.90
* Fixes of 4.1.90:
+ Adding header name of the header which failed validation
+ Fix HttpHeaders.names for non-String headers
+ Save expensive volatile operations in the common hot http
decoder path
+ Avoid slow type checks against promises on outbound buffer's
progress
+ Implement NonStickyEventExecutorGroup.inEventLoop
+ Native image: add support for unix domain sockets
+ Use MacOS SDK 10.9 to prevent apple notarization failures
+ Increase errno cache and guard against IOOBE
+ Don't reset BCSSLParameters when setting application protocols
+ WebSocketClientProtocolHandler: add option to disable UTF8
validation
+ Chunked HTTP length decoding should account for
whitespaces/ctrl chars
+ Handle NullPointerException thrown from
NetworkInterface.getNetworkInterfaces()
* Fixes of 4.1.89:
+ Don't fail on HttpObjectDecoder's maxHeaderSize greater then
(Integer.MAX_VALUE - 2)
+ dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when
upgrading from 4.1.87.Final to 4.1.88.Final
* Fixes of 4.1.88:
+ Speed-up HTTP 1.1 header and line parsing
+ Add StacklessSSLHandshakeException for ClosedChannelException
+ Modify changed CloseWebSocketFrame#statusCode() to change the
fetch code to unsigned
+ Check if CommandLineTools are installed before trying to
execute install_name_tool
+ Allow to adjust the GlobalEventExecutor quietPeriod via a
system property
+ Add SslProvider.isOptionSupported(...)
+ Fix FlowControlHandler's behaviour to pass read events when
auto-reading is turned off
+ Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add
transfer-encoding for 204/304 response
+ Only do extra CNAME query if we couldnt follow the whole CNAME
chain in the response
+ Include query id when a query failed
+ DnsResolveContext: include expected record types in exception
message
+ Add necessary native-image configuration files for epoll
+ Create a deep-copy of the Throwable before returning it from
the cache to prevent possible leaks
+ Always respect completeOncePreferredResolved in
DnsNameResolver
+ fix brotli compression
+ Optionally depend on bctls-jdk15on
+ Make releasing objects back to Recycler faster
+ Correctly keep track of validExtensions per request / response
+ Add handling of inflight lookups to reduce real queries when
lookup same hostname
+ DnsQueryContext: include query id and question info in
exception message
+ AsciiStrings can be batch-encoded
* Fixes of 4.1.87:
+ Upgrade to latest netty-tcnative release which doesnt link
libcrypt
+ Add recvmmsg & sendmmsg syscall number for loongarch64
+ Return correct value from SSLSession.getPacketSize() when
using native SSL implementation
+ Explicit disable TLSv1.3 in the OpenSSL options if not
supported
+ Support handshake timeout in SniHandler.
+ Extend DNS address supplier interface to provide feedback
* Fixes of 4.1.86:
+ HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360,
CVE-2022-41881)
+ HTTP Response splitting from assigning header value iterator
(bsc#1206379, CVE-2022-41915)
+ Revert #12888 for potential task scheduling problems in
HashedWheelTimer
+ Deprecate ObjectEncoder/ObjectDecoder
+ HPACK dynamic table size update must happen at the beginning
of the header block
* Fixes of 4.1.85:
+ A bug in FlowControlHandler that broke auto-read has been
fixed
+ The HTTP/2 HPACK encoder is now faster at encoding headers
that have many values
+ A potential memory leak bug has been fixed in the pooled
allocator
+ Fix an issue with the Blockhound integration, which could
cause the MacOSDnsServerAddressStreamProvider to be flagged
as making blocking calls
+ Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have
been fixed
+ ByteToMessageDecoder now handle situations where the same
ByteBuf instance is read multiple times
+ The check that ensures the HTTP/1 Content-Length header is
unique, now no longer causes headers to be rearranged (change
their order)
+ Fix a NullPointerException bug with class initialisation order
between InternalLogger and InternalThreadLocalMap
+ When the netty-resolver-dns-native-macos classes can't load
their native bindings, they now only print a short error
message instead of the huge stack trace it printed previously.
The stack trace is still included if DEBUG logging is enabled
+ The Graal native-image meta-data is now placed in the
recommended location, and no longer causes warnings to be
printed
+ The HTTP/1 and HTTP/2 codecs now properly support RFC 8297
Early Hints
+ Subclasses of FastThreadLocalThread can now tell the Netty
Blockhound integration that they should be allowed to make
blocking calls
+ Validation of HTTP/2 connection headers have been moved from
Http2Headers to HpackDecoder, so that outgoing headers are
not validated
* Fixes of 4.1.84:
+ HTTP/2 header values with invalid characters are now rejected
in header validation
+ We now automatically generate conditional meta-data for
native-image use, making GraalVM support more reliable
+ Fix a scalability issue caused by instanceof and check-cast
checks that lead to false-sharing on the
Klass::secondary_super_cache field in the JVM
(See JDK-8180450)
+ Made the HTTP/2 HPACK static table implementation faster by
using a perfect hash function
+ Fixed a bug in our PEMParser when PEM files have multiple
objects, and BouncyCastle is on the classpath
* Fixes of 4.1.82:
+ Fix a NullPointerException bug when calling forEachByte on
nested CompositeByteBufs
+ Relax an overly strict HTTP/2 header validation check that was
rejecting requests from Chrome and Firefox
+ The OpenSSL and BoringSSL implementations now respect the
jdk.tls.client.protocols and jdk.tls.server.protocols system
properties, making them react to these in the same way the JDK
SSL provider does
* Fixes of 4.1.81:
+ Fix a regression SslContext private key loading
+ Fix a bug in SslContext private key reading fall-back path
+ Fix a buffer leak regression in HttpClientCodec
+ Fix a bug where some HttpMessage implementations, that also
implement HttpContent, were not handled correctly
+ The MessageFormatter and FormattingTuple classes are now
usable in the public API
+ Connection related headers in HTTP/2 frames are now rejected,
in compliance with the specification
* Fixes of 4.1.80:
+ HttpObjectEncoder scalability issue due to instanceof checks
+ Improve logging when MacOSDnsServerAddressStreamProvider
cannot be found/loaded
+ Replace stdlib write/read with send/recv
+ Support for pkcs1
+ Add Blockhound exceptions for the PooledByteBufAllocator
+ Fix epoll bug when receiving zero-sized datagrams
+ Avoid including header values in header validation failure
exceptions
+ Avoid allocating large buffers in JdkZlibEncoder
+ Native Image Support: Set
IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default
for native images
+ We need to use disconnectx(...) on macOS
+ Replace synchronized with Java Locks on the allocator
+ Don't use static instances of FixedRecvByteBufAllocator
+ Add escaping for stomp headers
* Fixes of 4.1.79:
+ The PEM certificate parser is no longer susceptible to
exponential back-off
+ Non-standard extra ampersands in HTTP POST bodies are no
longer rejected
+ An io.netty.osClassifiers system property has been added to
avoid reading os-release files
+ Fix a bug in SslHandler so handlerRemoved works properly even
if handlerAdded throws an exception
+ Use the correct OSGi processor directive on aarch64, making it
possible to use OSGi on ARM
+ HTTP paths that begin with a double-slash are now parsed the
same way browsers do
+ The isCompleted flag is now correctly preserved on objects
from HttpData.retainedDuplicate()
+ The HttpUtil.isOriginForm() and isAsteriskForm() methods now
correctly conform with RFC 7230
+ Fix an issue that allowed the multicast methods on
EpollDatagramChannel to be called outside of an event-loop
thread
+ Support for the LoongArch64 processor architecture has been
added
* Fixes of 4.1.78:
+ Fix a bug where an OPT record was added to DNS queries that
already had such a record
+ Fix a bug that caused an error when files uploaded with HTTP
POST contained a backslash in their name
+ Fix an issue in the BlockHound integration that could
occasionally cause NetUtil to be reported as performing
blocking operations
+ A similar BlockHound issue was fixed for the JdkSslContext
+ Fix a bug that prevented preface or settings frames from
being flushed, when an HTTP2 connection was established with
prior-knowledge
+ Fixes a rare NullPointerException that could occur when a
ReferenceCountedOpenSslEngine threw an OutOfMemoryError from
its constructor, and was then later finalized
+ The SslHandler now adds the socket file descriptor to the
BIOs, when the SslEngine supports this (boringssl and
libressl), which allow tracing and observability tools to
monitor encryption traffic on a per-connection basis.
+ It is now possible to explicitly step the scheduling clock in
EmbeddedEventLoop, which is useful for making automated tests
with deterministic scheduling
* Fixes of 4.1.77:
+ Local Information Disclosure Vulnerability in Netty on
Unix-Like systems due temporary files for Java 6 and lower in
io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823)
+ Upgraded the optional netty-tcnative dependency to version
2.0.52.Final
+ Fix a bug where Netty fails to load a shaded native library
+ Include classifier in Automatic-Module-Name
+ Check if epoll_pwait2 is implemented
+ Don't call strdup on packagePrefix
+ Enable debugging of asynchronous tasks in Intellij
+ Throwing an exception in case glibc is missing instead of
segfaulting the JVM
* Fixes of 4.1.76:
+ Upgraded the optional netty-tcnative dependency to version
2.0.51.Final
+ Upgraded the optional log4j dependency to version 2.17.2
+ The netty-all module now declare an automatic module name,
making it useable with Java Modules.
+ It is now possible to configure arbitrary socket options for
the native epoll and kqueue transports. Refer to your
operating system documentation for what options are available.
+ It is now possible to explicitly bind channels to either IPv4
or IPv6.
+ The HTTP/2 header validation that rejects duplicate
pseudo-headers, which was added in 4.1.75.Final, has been
changed so it no longer breaks older versions of gRPC.
" Fix a NullPointerException that was hiding the real cause of
certain HTTP/2 header decoding errors.
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* no-brotli-zstd.patch
- > 0004-Disable-Brotli-and-ZStd-compression.patch
* no-werror.patch
+ rebase
- Removed patches:
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
+ we have the dependencies, so no need to disable them
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ solve the build breakages differently
- Added patches:
* 0005-Do-not-use-the-Graal-annotations.patch
* 0006-Do-not-use-the-Jetbrains-annotations.patch
+ do not use annotations for which we don't have dependencies
* 0007-Do-not-require-the-tcnative-native-library.patch
+ our tcnative library is installed system-wide
* Thu Oct 13 2022 Fridrich Strba
- Force building with java 11 on ix86 in order to avoid random
build failures
* Fri Apr 8 2022 Fridrich Strba
- Upgrade to latest upstream version 4.1.75
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ rebase
* Tue Feb 22 2022 Fridrich Strba
- Do not build against the log4j12 packages
* Tue Dec 14 2021 Fridrich Strba
- Upgrade to latest upstream version 4.1.72
* fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn't allow
setting size restrictions for decompressed data
* fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn't
restrict chunk length any may buffer skippable chunks in an
unnecessary way
* fixes: bsc#1193672, CVE-2021-43797: possible HTTP request
smuggling due to insufficient validation against control
characters
* fixes: bsc#1184203, CVE-2021-21409: request smuggling via
content-length header
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
* no-werror.patch
+ rediff to changed context
- Added patch:
* no-brotli-zstd.patch
+ disable Brotli and Zstd compression, since we lack
the dependencies needed to build them
* Fri Mar 12 2021 Fridrich Strba
- Upgrade to latest upstream version 4.1.60
* fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request
Content-Length header field is not validated by
'Http2MultiplexHandler'
- Modified patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
* 0006-revert-Fix-native-image-build.patch
+ rediff to changed context
- Added patch:
* 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ revert optional disabled cache implementation that conflicts
with our 0004-Remove-optional-dep-tcnative.patch
* Thu Feb 11 2021 Fridrich Strba
- Upgrade to latest upstream version 4.1.59
- Removed patches:
* netty-CVE-2020-11612.patch
* netty-CVE-2021-21290.patch
+ fixes integrated in the upstream sources
* 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
* 0002-Remove-NPN.patch
* 0003-Remove-conscrypt-ALPN.patch
* 0004-Remove-jetty-ALPN.patch
+ replaced by new patches
- Added patches:
* 0001-Remove-optional-dep-Blockhound.patch
* 0002-Remove-optional-dep-conscrypt.patch
* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
* 0004-Remove-optional-dep-tcnative.patch
* 0005-Remove-optional-dep-log4j.patch
+ remove various optional dependencies that we do not need
* 0006-revert-Fix-native-image-build.patch
+ Revert changes that introduce a new dependency that we
do not have
* no-werror.patch
+ Do not treat warnings as errors
- Build -poms and -javadoc as noarch packages, since they do not
install anything in arch-dependent directories
* Thu Feb 11 2021 Fridrich Strba
- Added patch:
* netty-CVE-2021-21290.patch
+ bsc#1182103, CVE-2021-21290
* Thu Apr 9 2020 Fridrich Strba
- Added patch:
* netty-CVE-2020-11612.patch
+ bsc#1168932, CVE-2020-11612
+ bsc#1169082, CVE-2020-10707
* Thu Jan 9 2020 Fridrich Strba
- Split pom-only artifacts into a subpackage netty-pom in order
to generate their dependencies correctly
* Wed Nov 13 2019 Fridrich Strba
- Initial packaging of netty 4.1.13