netty-4.1.90-150200.4.14.1

- Upgrade to upstream version 4.1.90
  * Fixes of 4.1.90:
    + Adding header name of the header which failed validation
    + Fix HttpHeaders.names for non-String headers
    + Save expensive volatile operations in the common hot http
    decoder path
    + Avoid slow type checks against promises on outbound buffer's
    progress
    + Implement NonStickyEventExecutorGroup.inEventLoop
    + Native image: add support for unix domain sockets
    + Use MacOS SDK 10.9 to prevent apple notarization failures
    + Increase errno cache and guard against IOOBE
    + Don't reset BCSSLParameters when setting application protocols
    + WebSocketClientProtocolHandler: add option to disable UTF8
    validation
    + Chunked HTTP length decoding should account for
    whitespaces/ctrl chars
    + Handle NullPointerException thrown from
    NetworkInterface.getNetworkInterfaces()
  * Fixes of 4.1.89:
    + Don't fail on HttpObjectDecoder's maxHeaderSize greater then
    (Integer.MAX_VALUE - 2)
    + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when
    upgrading from 4.1.87.Final to 4.1.88.Final
  * Fixes of 4.1.88:
    + Speed-up HTTP 1.1 header and line parsing
    + Add StacklessSSLHandshakeException for ClosedChannelException
    + Modify changed CloseWebSocketFrame#statusCode() to change the
    fetch code to unsigned
    + Check if CommandLineTools are installed before trying to
    execute install_name_tool
    + Allow to adjust the GlobalEventExecutor quietPeriod via a
    system property
    + Add SslProvider.isOptionSupported(...)
    + Fix FlowControlHandler's behaviour to pass read events when
    auto-reading is turned off
    + Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add
    transfer-encoding for 204/304 response
    + Only do extra CNAME query if we couldnt follow the whole CNAME
    chain in the response
    + Include query id when a query failed
    + DnsResolveContext: include expected record types in exception
    message
    + Add necessary native-image configuration files for epoll
    + Create a deep-copy of the Throwable before returning it from
    the cache to prevent possible leaks
    + Always respect completeOncePreferredResolved in
    DnsNameResolver
    + fix brotli compression
    + Optionally depend on bctls-jdk15on
    + Make releasing objects back to Recycler faster
    + Correctly keep track of validExtensions per request / response
    + Add handling of inflight lookups to reduce real queries when
    lookup same hostname
    + DnsQueryContext: include query id and question info in
    exception message
    + AsciiStrings can be batch-encoded
  * Fixes of 4.1.87:
    + Upgrade to latest netty-tcnative release which doesnt link
    libcrypt
    + Add recvmmsg & sendmmsg syscall number for loongarch64
    + Return correct value from SSLSession.getPacketSize() when
    using native SSL implementation
    + Explicit disable TLSv1.3 in the OpenSSL options if not
    supported
    + Support handshake timeout in SniHandler.
    + Extend DNS address supplier interface to provide feedback
  * Fixes of 4.1.86:
    + HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360,
    CVE-2022-41881)
    + HTTP Response splitting from assigning header value iterator
    (bsc#1206379, CVE-2022-41915)
    + Revert #12888 for potential task scheduling problems in
    HashedWheelTimer
    + Deprecate ObjectEncoder/ObjectDecoder
    + HPACK dynamic table size update must happen at the beginning
    of the header block
  * Fixes of 4.1.85:
    + A bug in FlowControlHandler that broke auto-read has been
    fixed
    + The HTTP/2 HPACK encoder is now faster at encoding headers
    that have many values
    + A potential memory leak bug has been fixed in the pooled
    allocator
    + Fix an issue with the Blockhound integration, which could
    cause the MacOSDnsServerAddressStreamProvider to be flagged
    as making blocking calls
    + Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have
    been fixed
    + ByteToMessageDecoder now handle situations where the same
    ByteBuf instance is read multiple times
    + The check that ensures the HTTP/1 Content-Length header is
    unique, now no longer causes headers to be rearranged (change
    their order)
    + Fix a NullPointerException bug with class initialisation order
    between InternalLogger and InternalThreadLocalMap
    + When the netty-resolver-dns-native-macos classes can't load
    their native bindings, they now only print a short error
    message instead of the huge stack trace it printed previously.
    The stack trace is still included if DEBUG logging is enabled
    + The Graal native-image meta-data is now placed in the
    recommended location, and no longer causes warnings to be
    printed
    + The HTTP/1 and HTTP/2 codecs now properly support RFC 8297
    Early Hints
    + Subclasses of FastThreadLocalThread can now tell the Netty
    Blockhound integration that they should be allowed to make
    blocking calls
    + Validation of HTTP/2 connection headers have been moved from
    Http2Headers to HpackDecoder, so that outgoing headers are
    not validated
  * Fixes of 4.1.84:
    + HTTP/2 header values with invalid characters are now rejected
    in header validation
    + We now automatically generate conditional meta-data for
    native-image use, making GraalVM support more reliable
    + Fix a scalability issue caused by instanceof and check-cast
    checks that lead to false-sharing on the
    Klass::secondary_super_cache field in the JVM
    (See JDK-8180450)
    + Made the HTTP/2 HPACK static table implementation faster by
    using a perfect hash function
    + Fixed a bug in our PEMParser when PEM files have multiple
    objects, and BouncyCastle is on the classpath
  * Fixes of 4.1.82:
    + Fix a NullPointerException bug when calling forEachByte on
    nested CompositeByteBufs
    + Relax an overly strict HTTP/2 header validation check that was
    rejecting requests from Chrome and Firefox
    + The OpenSSL and BoringSSL implementations now respect the
    jdk.tls.client.protocols and jdk.tls.server.protocols system
    properties, making them react to these in the same way the JDK
    SSL provider does
  * Fixes of 4.1.81:
    + Fix a regression SslContext private key loading
    + Fix a bug in SslContext private key reading fall-back path
    + Fix a buffer leak regression in HttpClientCodec
    + Fix a bug where some HttpMessage implementations, that also
    implement HttpContent, were not handled correctly
    + The MessageFormatter and FormattingTuple classes are now
    usable in the public API
    + Connection related headers in HTTP/2 frames are now rejected,
    in compliance with the specification
  * Fixes of 4.1.80:
    + HttpObjectEncoder scalability issue due to instanceof checks
    + Improve logging when MacOSDnsServerAddressStreamProvider
    cannot be found/loaded
    + Replace stdlib write/read with send/recv
    + Support for pkcs1
    + Add Blockhound exceptions for the PooledByteBufAllocator
    + Fix epoll bug when receiving zero-sized datagrams
    + Avoid including header values in header validation failure
    exceptions
    + Avoid allocating large buffers in JdkZlibEncoder
    + Native Image Support: Set
    IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default
    for native images
    + We need to use disconnectx(...) on macOS
    + Replace synchronized with Java Locks on the allocator
    + Don't use static instances of FixedRecvByteBufAllocator
    + Add escaping for stomp headers
  * Fixes of 4.1.79:
    + The PEM certificate parser is no longer susceptible to
    exponential back-off
    + Non-standard extra ampersands in HTTP POST bodies are no
    longer rejected
    + An io.netty.osClassifiers system property has been added to
    avoid reading os-release files
    + Fix a bug in SslHandler so handlerRemoved works properly even
    if handlerAdded throws an exception
    + Use the correct OSGi processor directive on aarch64, making it
    possible to use OSGi on ARM
    + HTTP paths that begin with a double-slash are now parsed the
    same way browsers do
    + The isCompleted flag is now correctly preserved on objects
    from HttpData.retainedDuplicate()
    + The HttpUtil.isOriginForm() and isAsteriskForm() methods now
    correctly conform with RFC 7230
    + Fix an issue that allowed the multicast methods on
    EpollDatagramChannel to be called outside of an event-loop
    thread
    + Support for the LoongArch64 processor architecture has been
    added
  * Fixes of 4.1.78:
    + Fix a bug where an OPT record was added to DNS queries that
    already had such a record
    + Fix a bug that caused an error when files uploaded with HTTP
    POST contained a backslash in their name
    + Fix an issue in the BlockHound integration that could
    occasionally cause NetUtil to be reported as performing
    blocking operations
    + A similar BlockHound issue was fixed for the JdkSslContext
    + Fix a bug that prevented preface or settings frames from
    being flushed, when an HTTP2 connection was established with
    prior-knowledge
    + Fixes a rare NullPointerException that could occur when a
    ReferenceCountedOpenSslEngine threw an OutOfMemoryError from
    its constructor, and was then later finalized
    + The SslHandler now adds the socket file descriptor to the
    BIOs, when the SslEngine supports this (boringssl and
    libressl), which allow tracing and observability tools to
    monitor encryption traffic on a per-connection basis.
    + It is now possible to explicitly step the scheduling clock in
    EmbeddedEventLoop, which is useful for making automated tests
    with deterministic scheduling
  * Fixes of 4.1.77:
    + Local Information Disclosure Vulnerability in Netty on
    Unix-Like systems due temporary files for Java 6 and lower in
    io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823)
    + Upgraded the optional netty-tcnative dependency to version
    2.0.52.Final
    + Fix a bug where Netty fails to load a shaded native library
    + Include classifier in Automatic-Module-Name
    + Check if epoll_pwait2 is implemented
    + Don't call strdup on packagePrefix
    + Enable debugging of asynchronous tasks in Intellij
    + Throwing an exception in case glibc is missing instead of
    segfaulting the JVM
  * Fixes of 4.1.76:
    + Upgraded the optional netty-tcnative dependency to version
    2.0.51.Final
    + Upgraded the optional log4j dependency to version 2.17.2
    + The netty-all module now declare an automatic module name,
    making it useable with Java Modules.
    + It is now possible to configure arbitrary socket options for
    the native epoll and kqueue transports. Refer to your
    operating system documentation for what options are available.
    + It is now possible to explicitly bind channels to either IPv4
    or IPv6.
    + The HTTP/2 header validation that rejects duplicate
    pseudo-headers, which was added in 4.1.75.Final, has been
    changed so it no longer breaks older versions of gRPC.
    " Fix a NullPointerException that was hiding the real cause of
    certain HTTP/2 header decoding errors.
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * no-brotli-zstd.patch
  - > 0004-Disable-Brotli-and-ZStd-compression.patch
  * no-werror.patch
    + rebase
- Removed patches:
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
    + we have the dependencies, so no need to disable them
  * 0006-revert-Fix-native-image-build.patch
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
    + solve the build breakages differently
- Added patches:
  * 0005-Do-not-use-the-Graal-annotations.patch
  * 0006-Do-not-use-the-Jetbrains-annotations.patch
    + do not use annotations for which we don't have dependencies
  * 0007-Do-not-require-the-tcnative-native-library.patch
    + our tcnative library is installed system-wide

- Force building with java 11 on ix86 in order to avoid random
  build failures

- Upgrade to latest upstream version 4.1.75
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
    + rebase

- Do not build against the log4j12 packages

- Upgrade to latest upstream version 4.1.72
  * fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn't allow
    setting size restrictions for decompressed data
  * fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn't
    restrict chunk length any may buffer skippable chunks in an
    unnecessary way
  * fixes: bsc#1193672, CVE-2021-43797: possible HTTP request
    smuggling due to insufficient validation against control
    characters
  * fixes: bsc#1184203, CVE-2021-21409: request smuggling via
    content-length header
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
  * no-werror.patch
    + rediff to changed context
- Added patch:
  * no-brotli-zstd.patch
    + disable Brotli and Zstd compression, since we lack
    the dependencies needed to build them

- Upgrade to latest upstream version 4.1.60
  * fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request
    Content-Length header field is not validated by
    'Http2MultiplexHandler'
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
  * 0006-revert-Fix-native-image-build.patch
    + rediff to changed context
- Added patch:
  * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
    + revert optional disabled cache implementation that conflicts
    with our 0004-Remove-optional-dep-tcnative.patch

- Upgrade to latest upstream version 4.1.59
- Removed patches:
  * netty-CVE-2020-11612.patch
  * netty-CVE-2021-21290.patch
    + fixes integrated in the upstream sources
  * 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
  * 0002-Remove-NPN.patch
  * 0003-Remove-conscrypt-ALPN.patch
  * 0004-Remove-jetty-ALPN.patch
    + replaced by new patches
- Added patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Remove-optional-dep-tcnative.patch
  * 0005-Remove-optional-dep-log4j.patch
    + remove various optional dependencies that we do not need
  * 0006-revert-Fix-native-image-build.patch
    + Revert changes that introduce a new dependency that we
    do not have
  * no-werror.patch
    + Do not treat warnings as errors
- Build -poms and -javadoc as noarch packages, since they do not
  install anything in arch-dependent directories

- Added patch:
  * netty-CVE-2021-21290.patch
    + bsc#1182103, CVE-2021-21290

- Added patch:
  * netty-CVE-2020-11612.patch
    + bsc#1168932, CVE-2020-11612
    + bsc#1169082, CVE-2020-10707

- Split pom-only artifacts into a subpackage netty-pom in order
  to generate their dependencies correctly

- Initial packaging of netty 4.1.13

- Upgrade to upstream version 4.1.108
  * Fixes of 4.1.108:
    + HttpPostRequestDecoder can OOM (bsc#1222045, CVE-2024-29025)
    + Add zstd decoder
    + Updated HTTP2 Reader to fix missing header state
    + codec-http2: fix some frame validation errors
    + SSL: Only wrap TrustManager if FIPS is not used
    + Epoll: Correctly handle splice tasks when Channel is closed
    + Allow to cancel connect() operations when using non-blocking
    IO
    + DNS resolver final CNAME lookup disabled
    + DNS: Add DnsRecordType definitions for SVCB and HTTPS
    + SSL: Only try to use TLSv1.3 if a compatible ciphersuite is
    configured
    + Backport 'Fix buffer leak in DefaultHttp2HeadersEncoder' to v4
    + SSL: Hold the right monitor while running delegating task
    + SSL: Execute SSL_do_handshake(...) after task is run to ensure
    SSLEngine.getHandshakeStatus() returns the correct value all
    the time
    + Add active flag to EpollServerDomainSocketChannel fd
    constructor
    + Epoll: Fix possible Classloader deadlock caused by loading
    class via JNI
    + Prefer /etc/resolv.conf on Linux and Mac
    + Handle invalid cookie value
    + Upgrade to latest tcnative release
    + ByteToMessageDecoder.channelReadComplete(...) does call read()
    too often
    + Remove the lock usage in PoolArena#numPinnedBytes()
    + Fix x-www-form-urlencoded parsing for no-value key
    (re-submission)
  * Fixes of 4.1.107:
    + Speedup pseudoheader lookup
    + Add support for the Partitioned attribute in cookies
    + Reduce HTTP 1.1 Full msg pipeline traversals
    + DnsNameResolver: Add DnsQueryIdSpace class to reduce overhead
    while generating IDs
    + Fix copy-paste mistake in
    LazyX509Certificate.getIssuerAlternativeNames()
    + HTTP2: lastStreamCreated() does return the wrong value when
    all stream ids were used
    + HTTP2: Update local window should not fail queued frames
    + DnsNameResolver: Allways call bind() during bootstrap
    + HTTP: HttpObjectDecoder must not use HTTPMessage once it is
    passed to the next handler in the ChannelPipeline
    + Ensure key / values are shared between resumed sessions
    + SSLSession.getLastAccessedTime() and getCreationTime() should
    not be equal when session is reused
    + Snappy: Use unsigned short to handle 2 ^ 16 input size instead
    of 2 ^ 15
  * Fixes of 4.1.106:
    + HTTP2: Prevent sharing the index of the continuation frame
    header ByteBuf.
    + DnsNameResolver: Fail query if id space is exhausted
    + Short-circuit ByteBuf::release
  * Fixes of 4.1.105:
    + Fix exception on HTTP chunk size overflow
    + Default value of MAX_MESSAGES_PER_READ not used for native
    DatagramChannels
    + Redo fix scalability issue due to checkcast on context's
    invoke operations
    + Be able to retry the query via TCP if a query failed because
    of a timeout
    + Save HTTP 2 pseudo-header lower-case validation
    + DnsNameResolver: Limit connect timeout to query timeout
    + h2: propagate stream close without read pending, avoid SOOE
    if !autoRead
  * Fixes of 4.1.104:
    + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad
  * Fixes of 4.1.103:
    + Workaround for regex bug in Android SDK
    + Use Http2Headers.size() instead of isEmpty()
    + Add support for RISC-V
  * Fixes of 4.1.101:
    + Add service-loaded extension points for channel initialization
    + Added check for pseudo-headers in trailers
    + Automatically close Http2StreamChannel when
    Http2FrameStreamExceptionreaches end ofChannelPipeline
    + Throwing a stackless exception if RST_FRAME rate is exceeded
    + Only enable the RST limit for servers by default
    + Change default value of MAX_MESSAGES_PER_READ for
    DatagramChannel implementations
    + Descriptive message for errors related to unknown http2
    streams
- Modified patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Disable-Brotli-and-ZStd-compression.patch
  * 0005-Do-not-use-the-Graal-annotations.patch
  * 0006-Do-not-use-the-Jetbrains-annotations.patch
  * 0007-Do-not-require-the-tcnative-native-library.patch
    + rebase

- Use %patch -P N instead of deprecated %patchN.

- Upgrade to upstream version 4.1.100
  * Fixes of 4.1.100:
    + DDoS vector in the HTTP/2 protocol due RST frames
    (bsc#1216169, CVE-2023-44487)
    + Do not fail when compressing empty HttpContent
  * Fixes of 4.1.99:
    + Do not try to delete a global handle with the local handles
    APIs
    + Enable build with JDK21
    + dyld: lazy symbol binding failed: Symbol not found:
    _netty_jni_util_JNI_OnLoad
  * Fixes of 4.1.98:
    + Revert "HttpHeaderValidationUtil should reject chars past the
    1 byte range"
    + Filter out unresolved addresses when parsing resolv.conf
    + Prevent classloader leak via JNI
    + SSLSession.getPeerCertificateChain() should throw
    UnsupportedOperationException if javax.security.cert
    .X509Certificate can not be created
    + Enable client side session cache when using native SSL by
    default
  * Fixes of 4.1.97:
    + Fixing AsciiString#lastIndexOf To Respect The offset
    + Add support for snappy http2 content decompression
    + Add support for password-based encryption scheme 2 params
    + HttpHeaderValidationUtil should reject chars past the 1 byte
    range
    + Honor SslHandler.setWrapDataSize greater than SSL packet
    length
    + Add support for snappy http content encoding
  * Fixes of 4.1.96:
    + Move the PoolThreadCache finalizer to a separate object
    + Fix kevent(..) failed: Invalid argument
    + Revert "Always increment Stream Id on createStream" to fix bug
    which caused sending multiple RST frames for the same id
  * Fixes of 4.1.95
    + Add resource leak listener
    + Reduce object allocations during SslHandler.flush(...)
    + Ensure ByteBuf.capacity(...) will never throw AssertionError
    + Make transport.Bootstrap usable with no netty-resolver on
    classpath
    + Correctly retain slice when calling
    ReplayingDecoderByteBuf.retainedSlice(...)
    + Always increment Stream Id on createStream(...)
    + Fix BrotliEncoder bug that does not mark ByteBuf it encodes a
    read
    + Enhance CertificateException message when throw due hostname
    validation
- Rebased patches:
  * 0001-Remove-optional-dep-Blockhound.patch
  * 0002-Remove-optional-dep-conscrypt.patch
  * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
  * 0004-Disable-Brotli-and-ZStd-compression.patch
  * 0005-Do-not-use-the-Graal-annotations.patch
  * 0006-Do-not-use-the-Jetbrains-annotations.patch
  * 0007-Do-not-require-the-tcnative-native-library.patch

- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp

- Added patch:
  * netty-CVE-2021-21295.patch
    + backport of upstream fixes for bsc#1183262, CVE-2021-21295:
    HTTP/2 request Content-Length header field is not validated
    by 'Http2MultiplexHandler'

- Added patch:
  * netty-CVE-2020-11612.patch
    + bsc#1168932, CVE-2020-11612
    + bsc#1169082, CVE-2020-10707

- Split pom-only artifacts into a subpackage netty-pom in order
  to generate their dependencies correctly

- Initial packaging of netty 4.1.13