netty/netty.changes

-------------------------------------------------------------------
Fri Apr  8 07:27:55 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to latest upstream version 4.1.75
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
    + rebase

-------------------------------------------------------------------
Tue Feb 22 18:27:07 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Do not build against the log4j12 packages

-------------------------------------------------------------------
Tue Dec 14 06:31:10 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to latest upstream version 4.1.72
  * fixes: bsc#1193672, CVE-2021-43797: possible HTTP request
    smuggling due to insufficient validation against control
    characters
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
  * no-werror.patch
    + rediff to changed context
- Added patch:
  * no-brotli-zstd.patch
    + disable Brotli and Zstd compression, since we lack
      the dependencies needed to build them

-------------------------------------------------------------------
Fri Mar 12 08:31:56 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to latest upstream version 4.1.60
  * fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request
    Content-Length header field is not validated by
    'Http2MultiplexHandler'
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
    + rediff to changed context
- Added patch:
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
    + revert optional disabled cache implementation that conflicts
      with our 0004-Remove-optional-dep-tcnative.patch

-------------------------------------------------------------------
Thu Feb 11 12:00:22 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to latest upstream version 4.1.59
- Removed patches:
  * netty-CVE-2020-11612.patch
  * netty-CVE-2021-21290.patch
    + fixes integrated in the upstream sources
  * 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
  * 0002-Remove-NPN.patch
  * 0003-Remove-conscrypt-ALPN.patch
  * 0004-Remove-jetty-ALPN.patch
    + replaced by new patches
- Added patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
    + remove various optional dependencies that we do not need
  * 0006-revert-Fix-native-image-build.patch
    + Revert changes that introduce a new dependency that we
      do not have
  * no-werror.patch
    + Do not treat warnings as errors
- Build -poms and -javadoc as noarch packages, since they do not
  install anything in arch-dependent directories

-------------------------------------------------------------------
Thu Feb 11 09:20:25 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * netty-CVE-2021-21290.patch
    + bsc#1182103, CVE-2021-21290

-------------------------------------------------------------------
Thu Apr  9 07:54:00 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * netty-CVE-2020-11612.patch
    + bsc#1168932, CVE-2020-11612
    + bsc#1169082, CVE-2020-10707

-------------------------------------------------------------------
Thu Jan  9 15:14:41 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Split pom-only artifacts into a subpackage netty-pom in order
  to generate their dependencies correctly

-------------------------------------------------------------------
Wed Nov 13 19:18:57 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Initial packaging of netty 4.1.13
OBS-URL: https://build.opensuse.org/package/show/Java:packages/netty?expand=0&rev=27 2022-04-08 09:30:01 +00:00			`-------------------------------------------------------------------`
			`Fri Apr 8 07:27:55 UTC 2022 - Fridrich Strba <fstrba@suse.com>`

			`- Upgrade to latest upstream version 4.1.75`
			`- Modified patches:`
			`* 0001-Remove-optional-dep-Blockhound.patch`
			`* 0002-Remove-optional-dep-conscrypt.patch`
			`* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch`
			`* 0004-Remove-optional-dep-tcnative.patch`
			`* 0005-Remove-optional-dep-log4j.patch`
			`* 0006-revert-Fix-native-image-build.patch`
			`* 0007-Revert-Support-session-cache-for-client-and-server-w.patch`
			`+ rebase`

			`-------------------------------------------------------------------`
			`Tue Feb 22 18:27:07 UTC 2022 - Fridrich Strba <fstrba@suse.com>`

			`- Do not build against the log4j12 packages`

			`-------------------------------------------------------------------`
			`Tue Dec 14 06:31:10 UTC 2021 - Fridrich Strba <fstrba@suse.com>`

			`- Upgrade to latest upstream version 4.1.72`
			`* fixes: bsc#1193672, CVE-2021-43797: possible HTTP request`
			`smuggling due to insufficient validation against control`
			`characters`
			`- Modified patches:`
			`* 0001-Remove-optional-dep-Blockhound.patch`
			`* 0002-Remove-optional-dep-conscrypt.patch`
			`* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch`
			`* 0004-Remove-optional-dep-tcnative.patch`
			`* 0005-Remove-optional-dep-log4j.patch`
			`* 0006-revert-Fix-native-image-build.patch`
			`* 0007-Revert-Support-session-cache-for-client-and-server-w.patch`
			`* no-werror.patch`
			`+ rediff to changed context`
			`- Added patch:`
			`* no-brotli-zstd.patch`
			`+ disable Brotli and Zstd compression, since we lack`
			`the dependencies needed to build them`

			`-------------------------------------------------------------------`
			`Fri Mar 12 08:31:56 UTC 2021 - Fridrich Strba <fstrba@suse.com>`

			`- Upgrade to latest upstream version 4.1.60`
			`* fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request`
			`Content-Length header field is not validated by`
			`'Http2MultiplexHandler'`
			`- Modified patches:`
			`* 0001-Remove-optional-dep-Blockhound.patch`
			`* 0002-Remove-optional-dep-conscrypt.patch`
			`* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch`
			`* 0004-Remove-optional-dep-tcnative.patch`
			`* 0005-Remove-optional-dep-log4j.patch`
			`* 0006-revert-Fix-native-image-build.patch`
			`+ rediff to changed context`
			`- Added patch:`
			`* 0007-Revert-Support-session-cache-for-client-and-server-w.patch`
			`+ revert optional disabled cache implementation that conflicts`
			`with our 0004-Remove-optional-dep-tcnative.patch`

			`-------------------------------------------------------------------`
			`Thu Feb 11 12:00:22 UTC 2021 - Fridrich Strba <fstrba@suse.com>`

			`- Upgrade to latest upstream version 4.1.59`
			`- Removed patches:`
			`* netty-CVE-2020-11612.patch`
			`* netty-CVE-2021-21290.patch`
			`+ fixes integrated in the upstream sources`
			`* 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch`
			`* 0002-Remove-NPN.patch`
			`* 0003-Remove-conscrypt-ALPN.patch`
			`* 0004-Remove-jetty-ALPN.patch`
			`+ replaced by new patches`
			`- Added patches:`
			`* 0001-Remove-optional-dep-Blockhound.patch`
			`* 0002-Remove-optional-dep-conscrypt.patch`
			`* 0003-Remove-optional-deps-jetty-alpn-and-npn.patch`
			`* 0004-Remove-optional-dep-tcnative.patch`
			`* 0005-Remove-optional-dep-log4j.patch`
			`+ remove various optional dependencies that we do not need`
			`* 0006-revert-Fix-native-image-build.patch`
			`+ Revert changes that introduce a new dependency that we`
			`do not have`
			`* no-werror.patch`
			`+ Do not treat warnings as errors`
			`- Build -poms and -javadoc as noarch packages, since they do not`
			`install anything in arch-dependent directories`

			`-------------------------------------------------------------------`
			`Thu Feb 11 09:20:25 UTC 2021 - Fridrich Strba <fstrba@suse.com>`

			`- Added patch:`
			`* netty-CVE-2021-21290.patch`
			`+ bsc#1182103, CVE-2021-21290`

			`-------------------------------------------------------------------`
			`Thu Apr 9 07:54:00 UTC 2020 - Fridrich Strba <fstrba@suse.com>`

			`- Added patch:`
			`* netty-CVE-2020-11612.patch`
			`+ bsc#1168932, CVE-2020-11612`
			`+ bsc#1169082, CVE-2020-10707`

			`-------------------------------------------------------------------`
			`Thu Jan 9 15:14:41 UTC 2020 - Fridrich Strba <fstrba@suse.com>`

			`- Split pom-only artifacts into a subpackage netty-pom in order`
			`to generate their dependencies correctly`

OBS-URL: https://build.opensuse.org/package/show/Java:packages/netty?expand=0&rev=1 2019-11-13 19:20:55 +00:00			`-------------------------------------------------------------------`
			`Wed Nov 13 19:18:57 UTC 2019 - Fridrich Strba <fstrba@suse.com>`

			`- Initial packaging of netty 4.1.13`