jetty-minimal-9.4.56-150200.3.28.1

- Upgrade to version 9.4.56.v20240826
  * Security fixes:
    + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote()
    vulnerable to remote DoS attacks
  * Changes:
    + #12201 backport ThreadLimitHandler improvements from Jetty 12
    + #11938 - Updating URL refs from eclipse.org/jetty and
    eclipse.dev/jetty to jetty.org (including XML dtd references)
    + #10805 - Jetty response with an invalid HTTP2 packet if the
    client set the hpack table size as 0

- Upgrade to version 9.4.54.v20240208
  * Security fixes
    + CVE-2024-22201, bsc#1220437: HTTP/2 connection not closed
    after idle timeout when TCP congested
  * Other changes
    + #1256 DoSFilter leaks USER_AUTH entries
    + #11389 Strip default ports on ws/wss scheme uris too

- Do not force Java 11 to build on i586

- Upgrade to version 9.4.53.v20231009
  * Fixes of 9.4.53.v20231009
    + CVE-2023-44487, bsc#1216169
    + CVE-2023-36478, bsc#1216162
    + #10679 - backport HTTP/2 rate control from Jetty 10.0.x
    + #10573 - backport hpack improvements from Jetty 10.0.x
    + #10546 - backport jetty-http Huffman encoders/decoders from
    Jetty 10.0.x
  * Fixes of 9.4.52.v20230823
    + #10352 - Jetty accepts "+" prefixed value in Content-Length
    (CVE-2023-40167, bsc#1215417)
    + #10337 - SizeLimitHandler does not enforce 0 responseLimit
    + #10169 - make sure that a ServiceLoader is retrieved before
    iterating
    + #10066 - Allow SAXParserFactory or SAXParser to be configured
    in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh
    workaround
    + #9887 - Deprecate CGI Servlet (CVE-2023-36479, bsc#1215415)
    + #9716 - Deprecate PushSessionCacheFilter
    + #9660 - OpenId Revoked authentication allows one request
    (CVE-2023-41900, bsc#1215416)
    + #9476 - onCompleteFailure called multiple times

- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp

- Update to version 9.4.51.v20230217
  * Fixes of 9.4.49.v20220914:
    + #8578 - getRequestURL can append "null" if getRequestURI is
    unspecified in an authority-form request-target
    + #8493 - Review HTTP client feature setRemoveIdleDestinations
  * Fixes of 9.4.50.v20221201:
    + #8774 - Added SizeLimitHandler
    + #8678 - Jetty client is not responding to GO_AWAY packet
    received from (Jetty) Server and continue to send traffic on
    same connection
  * Fixes of 9.4.51.v20230217:
    + #9352 - Update / Fix CookieCutter
    + #9345 - Backport Multipart Fix for CVE-2023-26048, bsc#1210620
    + #9352 - Backport Cookie Parsing Fix for CVE-2023-26049,
    bsc#1210621

- Add _multibuild to define 2nd spec file as additional flavor.
  Eliminates the need for source package links in OBS.

- Force building with java 11 on ix86 in order to avoid random
  build failures

- Upgrade to version 9.4.48.v20220622
  * Fixes
    + #8184 - All suffix globs except first fail to match if path
    has "." character in prefix section
    + #8145 - RegexPathSpec backport of optional group name/info
    lookup if regex fails
    + #8088 - Add option to configure exitVm on ShutdownMonitor from
    System properties
    + #8067 - Wall time usage in DoSFilter RateTracker results in
    false positive alert
    + #8014 - Review HttpRequest URI construction (Resolves
    CVE-2022-2047, bsc#1201317)
    + #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578
    parser
    + #7947 - Improved PathSpec handling for servletName & pathInfo
    + #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048,
    bsc#1201316)
    + #7918 - PathMappings.asPathSpec does not allow root
    ServletPathSpec
    + #7863 - Default servlet drops first accept-encoding header if
    there is more than one.
    + #7858 - GZipHandler does not play nice with other handlers in
    HandlerCollection
    + #7837 - Fix StatisticsHandler in the case a Handler throws
    exception
    + #7809 - Jetty 9.4.x 7801 duplicate set session cookies
    + #7748 - Allow overriding of url-pattern mapping in
    ServletContextHandler to allow for regex or uri-template
    matching

- Upgrade to version 9.4.46.v20220328
  * Changes
    + Option --write-module-graph produces wrong .dot file
    + ArrayTrie getBest fails to match the empty string entry in
    certain cases
    + Interrupt flag is not always cleared in between requests
    + Gzip compression not working for multipart/form-data when
    added to the allowed list using addIncludedMimeTypes.
    + Miconfigured headerCacheSize in can result in
    IllegalArgumentException
    + HttpServletResponse.encodeURL not working for URLs starting
    with ../

- Build with java source and target levels 8
- Fix javadoc generation on JDK >= 13

- Make importing of package sun.misc optional since not all jdk
  versions export it

- Splitting the jetty-unixsocket artifact into a separate spec file
  in order to avoid extra dependencies for the jetty-minimal
  package.

- Update to version 9.4.43.v20210629
  * Fix: bsc#1188438, CVE-2021-34429
  * Changes:
    + Improve alias checking in PathResource
    + java.nio.ReadOnlyBufferException
    + Deprecate support for UTF16 encoding in URIs
    + Update to spifly 1.3.3
    + Update to asm 9.1

- Package modules: ant, cdi, deploy, fcgi, http-spi, quickstart,
  rewrite, start, unixsocket

- Update to version 9.4.42.v20210604
  * Fix: bsc#1187117, CVE-2021-28169

- Update to version 9.4.40.v20210413
  * Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when
    client send data length > 17408
  * Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs
  * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory
    from deployment scan

- Upgrade to upstream version 9.4.38.v20210224
  * Fixes bsc#1182898, CVE-2020-27223

- Upgrade to upstream version 9.4.35.v20201120
  * Fixes bsc#1179727, CVE-2020-27218

- Upgrade to upstream version 9.4.30.v20200611