Skip to content
Snippets Groups Projects
Commit 89da9523 authored by Markus Koschany's avatar Markus Koschany
Browse files

Import Debian changes 1:4.1.48-2

netty (1:4.1.48-2) unstable; urgency=high

  * Team upload.
  * Fix CVE-2021-21290:
    In Netty there is a vulnerability on Unix-like systems involving an
    insecure temp file. When netty's multipart decoders are used local
    information disclosure can occur via the local system temporary directory
    if temporary storing uploads on the disk is enabled. On unix-like systems,
    the temporary directory is shared between all user. As such, writing to
    this directory using APIs that do not explicitly set the file/directory
    permissions can lead to information disclosure. Thanks to Salvatore
    Bonaccorso for the report. (Closes: #982580)
  * Switch to debhelper-compat = 13.
  * Declare compliance with Debian Policy 4.5.1.

netty (1:4.1.48-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches

netty (1:4.1.45-2) unstable; urgency=medium

  * Team upload.
  * Enable building of transport-native-kqueue.
    - Needed to update async-http-client.

netty (1:4.1.45-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Fixes CVE-2019-20444, CVE-2019-20445 and CVE-2020-7238
      (Closes: #950966, #950967)
    - Refreshed the patches
    - Updated the Maven rules
    - Depend on libnetty-tcnative-java (>= 2.0.28)
    - Disabled the native image support due to missing dependencies
    - Disabled the BlockHound integration
  * Standards-Version updated to 4.5.0

netty (1:4.1.33-3) unstable; urgency=medium

  * Team upload.
  * Apply patch for FTBFS on 32-bit architectures. (Closes: #923455)
    Thank you to Sjoerd Simons for the patch.
  * Set "Rules-Requires-Root: no" in debian/control
  * Specify debhelper compat 12 via debhelper-compat dependency
  * Bump Standards-Version to 4.4.1

netty (1:4.1.33-2) unstable; urgency=high

  * Team upload.
  * Correctly handle whitespaces in HTTP header names as defined by
    RFC7230#section-3.2.4 (CVE-2019-16869) (Closes: #941266)
parents c8dfb08e 3879298f
Branches upstream/bookworm upstream/bullseye upstream/trixie
Tags upstream/4.1.48
1 merge request!6manual merge bullseye
Pipeline #280000 canceled
Showing
with 729 additions and 482 deletions
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment