Import Debian changes 1:4.1.48-2

netty (1:4.1.48-2) unstable; urgency=high

  * Team upload.
  * Fix CVE-2021-21290:
    In Netty there is a vulnerability on Unix-like systems involving an
    insecure temp file. When netty's multipart decoders are used local
    information disclosure can occur via the local system temporary directory
    if temporary storing uploads on the disk is enabled. On unix-like systems,
    the temporary directory is shared between all user. As such, writing to
    this directory using APIs that do not explicitly set the file/directory
    permissions can lead to information disclosure. Thanks to Salvatore
    Bonaccorso for the report. (Closes: #982580)
  * Switch to debhelper-compat = 13.
  * Declare compliance with Debian Policy 4.5.1.

netty (1:4.1.48-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches

netty (1:4.1.45-2) unstable; urgency=medium

  * Team upload.
  * Enable building of transport-native-kqueue.
    - Needed to update async-http-client.

netty (1:4.1.45-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Fixes CVE-2019-20444, CVE-2019-20445 and CVE-2020-7238
      (Closes: #950966, #950967)
    - Refreshed the patches
    - Updated the Maven rules
    - Depend on libnetty-tcnative-java (>= 2.0.28)
    - Disabled the native image support due to missing dependencies
    - Disabled the BlockHound integration
  * Standards-Version updated to 4.5.0

netty (1:4.1.33-3) unstable; urgency=medium

  * Team upload.
  * Apply patch for FTBFS on 32-bit architectures. (Closes: #923455)
    Thank you to Sjoerd Simons for the patch.
  * Set "Rules-Requires-Root: no" in debian/control
  * Specify debhelper compat 12 via debhelper-compat dependency
  * Bump Standards-Version to 4.4.1

netty (1:4.1.33-2) unstable; urgency=high

  * Team upload.
  * Correctly handle whitespaces in HTTP header names as defined by
    RFC7230#section-3.2.4 (CVE-2019-16869) (Closes: #941266)