netty-4.1.13-bp153.2.46

- Added patch:
  * netty-CVE-2021-21295.patch
    + backport of upstream fixes for bsc#1183262, CVE-2021-21295:
    HTTP/2 request Content-Length header field is not validated
    by 'Http2MultiplexHandler'

- Upgrade to upstream version 4.1.108
  * Fixes of 4.1.108:
    + HttpPostRequestDecoder can OOM (bsc#1222045, CVE-2024-29025)
    + Add zstd decoder
    + Updated HTTP2 Reader to fix missing header state
    + codec-http2: fix some frame validation errors
    + SSL: Only wrap TrustManager if FIPS is not used
    + Epoll: Correctly handle splice tasks when Channel is closed
    + Allow to cancel connect() operations when using non-blocking
    IO
    + DNS resolver final CNAME lookup disabled
    + DNS: Add DnsRecordType definitions for SVCB and HTTPS
    + SSL: Only try to use TLSv1.3 if a compatible ciphersuite is
    configured
    + Backport 'Fix buffer leak in DefaultHttp2HeadersEncoder' to v4
    + SSL: Hold the right monitor while running delegating task
    + SSL: Execute SSL_do_handshake(...) after task is run to ensure
    SSLEngine.getHandshakeStatus() returns the correct value all
    the time
    + Add active flag to EpollServerDomainSocketChannel fd
    constructor
    + Epoll: Fix possible Classloader deadlock caused by loading
    class via JNI
    + Prefer /etc/resolv.conf on Linux and Mac
    + Handle invalid cookie value
    + Upgrade to latest tcnative release
    + ByteToMessageDecoder.channelReadComplete(...) does call read()
    too often
    + Remove the lock usage in PoolArena#numPinnedBytes()
    + Fix x-www-form-urlencoded parsing for no-value key
    (re-submission)
  * Fixes of 4.1.107:
    + Speedup pseudoheader lookup
    + Add support for the Partitioned attribute in cookies
    + Reduce HTTP 1.1 Full msg pipeline traversals
    + DnsNameResolver: Add DnsQueryIdSpace class to reduce overhead
    while generating IDs
    + Fix copy-paste mistake in
    LazyX509Certificate.getIssuerAlternativeNames()
    + HTTP2: lastStreamCreated() does return the wrong value when
    all stream ids were used
    + HTTP2: Update local window should not fail queued frames
    + DnsNameResolver: Allways call bind() during bootstrap
    + HTTP: HttpObjectDecoder must not use HTTPMessage once it is
    passed to the next handler in the ChannelPipeline
    + Ensure key / values are shared between resumed sessions
    + SSLSession.getLastAccessedTime() and getCreationTime() should
    not be equal when session is reused
    + Snappy: Use unsigned short to handle 2 ^ 16 input size instead
    of 2 ^ 15
  * Fixes of 4.1.106:
    + HTTP2: Prevent sharing the index of the continuation frame
    header ByteBuf.
    + DnsNameResolver: Fail query if id space is exhausted
    + Short-circuit ByteBuf::release
  * Fixes of 4.1.105:
    + Fix exception on HTTP chunk size overflow
    + Default value of MAX_MESSAGES_PER_READ not used for native
    DatagramChannels
    + Redo fix scalability issue due to checkcast on context's
    invoke operations
    + Be able to retry the query via TCP if a query failed because
    of a timeout
    + Save HTTP 2 pseudo-header lower-case validation
    + DnsNameResolver: Limit connect timeout to query timeout
    + h2: propagate stream close without read pending, avoid SOOE
    if !autoRead
  * Fixes of 4.1.104:
    + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad
  * Fixes of 4.1.103:
    + Workaround for regex bug in Android SDK
    + Use Http2Headers.size() instead of isEmpty()
    + Add support for RISC-V
  * Fixes of 4.1.101:
    + Add service-loaded extension points for channel initialization
    + Added check for pseudo-headers in trailers
    + Automatically close Http2StreamChannel when
    Http2FrameStreamExceptionreaches end ofChannelPipeline
    + Throwing a stackless exception if RST_FRAME rate is exceeded
    + Only enable the RST limit for servers by default
    + Change default value of MAX_MESSAGES_PER_READ for
    DatagramChannel implementations
    + Descriptive message for errors related to unknown http2
    streams
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Disable-Brotli-and-ZStd-compression.patch
  * 0005-Do-not-use-the-Graal-annotations.patch
  * 0006-Do-not-use-the-Jetbrains-annotations.patch
  * 0007-Do-not-require-the-tcnative-native-library.patch
    + rebase

- Use %patch -P N instead of deprecated %patchN.

- Upgrade to upstream version 4.1.100
  * Fixes of 4.1.100:
    + DDoS vector in the HTTP/2 protocol due RST frames
    (bsc#1216169, CVE-2023-44487)
    + Do not fail when compressing empty HttpContent
  * Fixes of 4.1.99:
    + Do not try to delete a global handle with the local handles
    APIs
    + Enable build with JDK21
    + dyld: lazy symbol binding failed: Symbol not found:
    _netty_jni_util_JNI_OnLoad
  * Fixes of 4.1.98:
    + Revert "HttpHeaderValidationUtil should reject chars past the
    1 byte range"
    + Filter out unresolved addresses when parsing resolv.conf
    + Prevent classloader leak via JNI
    + SSLSession.getPeerCertificateChain() should throw
    UnsupportedOperationException if javax.security.cert
    .X509Certificate can not be created
    + Enable client side session cache when using native SSL by
    default
  * Fixes of 4.1.97:
    + Fixing AsciiString#lastIndexOf To Respect The offset
    + Add support for snappy http2 content decompression
    + Add support for password-based encryption scheme 2 params
    + HttpHeaderValidationUtil should reject chars past the 1 byte
    range
    + Honor SslHandler.setWrapDataSize greater than SSL packet
    length
    + Add support for snappy http content encoding
  * Fixes of 4.1.96:
    + Move the PoolThreadCache finalizer to a separate object
    + Fix kevent(..) failed: Invalid argument
    + Revert "Always increment Stream Id on createStream" to fix bug
    which caused sending multiple RST frames for the same id
  * Fixes of 4.1.95
    + Add resource leak listener
    + Reduce object allocations during SslHandler.flush(...)
    + Ensure ByteBuf.capacity(...) will never throw AssertionError
    + Make transport.Bootstrap usable with no netty-resolver on
    classpath
    + Correctly retain slice when calling
    ReplayingDecoderByteBuf.retainedSlice(...)
    + Always increment Stream Id on createStream(...)
    + Fix BrotliEncoder bug that does not mark ByteBuf it encodes a
    read
    + Enhance CertificateException message when throw due hostname
    validation
- Rebased patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Disable-Brotli-and-ZStd-compression.patch
  * 0005-Do-not-use-the-Graal-annotations.patch
  * 0006-Do-not-use-the-Jetbrains-annotations.patch
  * 0007-Do-not-require-the-tcnative-native-library.patch

- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp

- Added patch:
  * netty-CVE-2020-11612.patch
    + bsc#1168932, CVE-2020-11612
    + bsc#1169082, CVE-2020-10707

- Split pom-only artifacts into a subpackage netty-pom in order
  to generate their dependencies correctly

- Initial packaging of netty 4.1.13