| Patch |
File delta |
Description |
| 01 ignore npn.patch | (download) |
handler/pom.xml |
16 16 + 0 - 0 !
handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java |
2 2 + 0 - 0 !
handler/src/main/java/io/netty/handler/ssl/SslProvider.java |
2 1 + 1 - 0 !
pom.xml |
2 2 + 0 - 0 !
4 files changed, 21 insertions(+), 1 deletion(-) |
disable the npn/alpn support since it relies on jetty npn-api and alpn-api which aren't available in debian
|
| 03 ignore jboss marshalling.patch | (download) |
codec/pom.xml |
15 15 + 0 - 0 !
1 file changed, 15 insertions(+) |
disable the jboss marshalling support (not in debian)
|
| 04 netty all light.patch | (download) |
all/pom.xml |
27 2 + 25 - 0 !
1 file changed, 2 insertions(+), 25 deletions(-) |
turn the netty-all jar into an empty jar to optimize the size of the package
but keep the dependencies on the other artifacts
|
| 05 reproducible versions properties.patch | (download) |
pom.xml |
10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-) |
make the versions.properties files reproducible
|
| 06 remove tcnative classifier.patch | (download) |
handler/pom.xml |
1 0 + 1 - 0 !
pom.xml |
1 0 + 1 - 0 !
transport-native-epoll/pom.xml |
1 0 + 1 - 0 !
transport-native-kqueue/pom.xml |
1 0 + 1 - 0 !
4 files changed, 4 deletions(-) |
removes the empty classifier for the tcnative dependency since it breaks
the Gradle dependencies resolution (seen with the projectreactor package)
|
| 07 netty all epoll dependency.patch | (download) |
all/pom.xml |
43 6 + 37 - 0 !
1 file changed, 6 insertions(+), 37 deletions(-) |
moves the netty-transport-native-epoll out of the profiles
since it doesn't work with Gradle (required for the projectreactor package)
|
| 08 codegen without groovy plugin.patch | (download) |
common/src/main/script/codegen.groovy |
9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-) |
adapts codegen.groovy to run without the groovy-maven-plugin (not in debian yet)
|
| 09 ignore lz4.patch | (download) |
codec/pom.xml |
1 1 + 0 - 0 !
1 file changed, 1 insertion(+) |
disables lz4 support (missing dependency)
|
| 10 ignore lzma.patch | (download) |
codec/pom.xml |
1 1 + 0 - 0 !
1 file changed, 1 insertion(+) |
disables lzma support (missing dependency)
|
| 11 ignore protobuf nano.patch | (download) |
codec/pom.xml |
1 1 + 0 - 0 !
codec/src/main/java/io/netty/handler/codec/protobuf/ProtobufVarint32FrameDecoder.java |
1 0 + 1 - 0 !
codec/src/main/java/io/netty/handler/codec/protobuf/ProtobufVarint32LengthFieldPrepender.java |
1 0 + 1 - 0 !
3 files changed, 1 insertion(+), 2 deletions(-) |
disables protobuf nano support (missing dependency)
|
| 13 ignore conscrypt.patch | (download) |
handler/pom.xml |
1 1 + 0 - 0 !
handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java |
7 1 + 6 - 0 !
handler/src/main/java/io/netty/handler/ssl/SslHandler.java |
47 1 + 46 - 0 !
3 files changed, 3 insertions(+), 52 deletions(-) |
disables conscrypt support (missing dependency)
|
| 15 disable Werror.patch | (download) |
transport-native-epoll/pom.xml |
2 1 + 1 - 0 !
transport-native-unix-common/pom.xml |
8 4 + 4 - 0 !
2 files changed, 5 insertions(+), 5 deletions(-) |
build native parts without werror as that can cause build failures
|
| 16 disable substratevm support.patch | (download) |
common/src/main/java/io/netty/util/internal/svm/CleanerJava6Substitution.java |
10 0 + 10 - 0 !
common/src/main/java/io/netty/util/internal/svm/PlatformDependent0Substitution.java |
10 0 + 10 - 0 !
common/src/main/java/io/netty/util/internal/svm/PlatformDependentSubstitution.java |
9 0 + 9 - 0 !
common/src/main/java/io/netty/util/internal/svm/UnsafeRefArrayAccessSubstitution.java |
9 0 + 9 - 0 !
4 files changed, 38 deletions(-) |
disables substratevm support (missing dependencies)
|
| 17 disable blockhound integration.patch | (download) |
common/src/main/java/io/netty/util/internal/Hidden.java |
105 0 + 105 - 0 !
common/src/main/resources/META-INF/services/reactor.blockhound.integration.BlockHoundIntegration |
14 0 + 14 - 0 !
2 files changed, 119 deletions(-) |
disables blochound integration (missing dependency)
|
| CVE 2021 21290.patch | (download) |
buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java |
4 2 + 2 - 0 !
buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java |
2 1 + 1 - 0 !
codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java |
5 3 + 2 - 0 !
codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java |
3 2 + 1 - 0 !
common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java |
2 1 + 1 - 0 !
common/src/main/java/io/netty/util/internal/PlatformDependent.java |
19 19 + 0 - 0 !
handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java |
6 4 + 2 - 0 !
handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java |
3 2 + 1 - 0 !
testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java |
4 2 + 2 - 0 !
transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java |
3 2 + 1 - 0 !
transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java |
3 2 + 1 - 0 !
transport/src/test/java/io/netty/channel/DefaultFileRegionTest.java |
2 1 + 1 - 0 !
12 files changed, 41 insertions(+), 15 deletions(-) |
cve-2021-21290
Bugs-Debian: https://bugs.debian.org/982580
|
| CVE 2021 21295.patch | (download) |
codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java |
44 24 + 20 - 0 !
codec-http/src/main/java/io/netty/handler/codec/http/HttpUtil.java |
86 86 + 0 - 0 !
codec-http2/src/main/java/io/netty/handler/codec/http2/DefaultHttp2ConnectionDecoder.java |
100 91 + 9 - 0 !
codec-http2/src/test/java/io/netty/handler/codec/http2/DefaultHttp2ConnectionDecoderTest.java |
128 128 + 0 - 0 !
4 files changed, 329 insertions(+), 29 deletions(-) |
cve-2021-21295
|
| CVE 2021 21409.patch | (download) |
codec-http2/src/main/java/io/netty/handler/codec/http2/DefaultHttp2ConnectionDecoder.java |
5 4 + 1 - 0 !
codec-http2/src/test/java/io/netty/handler/codec/http2/Http2MultiplexTest.java |
135 134 + 1 - 0 !
2 files changed, 138 insertions(+), 2 deletions(-) |
cve-2021-21409 (was: [patch] merge pull request from ghsa-f256-j965-7f32)
|
| 21 java 17.patch | (download) |
handler/src/main/java/io/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java |
3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-) |
compile with jdk 17
Source: https://github.com/netty/netty/commit/bb184794341255cf02f9b7156c5ad828b172fdab.patch
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011135
Comment: No longer needed after updating upstream to 4.1.52 or later
|
| CVE 2021 37136.patch | (download) |
codec/src/main/java/io/netty/handler/codec/compression/Bzip2BlockDecompressor.java |
5 5 + 0 - 0 !
codec/src/main/java/io/netty/handler/codec/compression/Bzip2Constants.java |
2 2 + 0 - 0 !
codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java |
15 8 + 7 - 0 !
3 files changed, 15 insertions(+), 7 deletions(-) |
cve-2021-37136
Bug-Debian: https://bugs.debian.org/1014769
|
| CVE 2021 37137.patch | (download) |
codec/src/main/java/io/netty/handler/codec/compression/Snappy.java |
30 23 + 7 - 0 !
codec/src/main/java/io/netty/handler/codec/compression/SnappyFrameDecoder.java |
46 39 + 7 - 0 !
2 files changed, 62 insertions(+), 14 deletions(-) |
cve-2021-37137
Bug-Debian: https://bugs.debian.org/1014769
|
| CVE 2021 43797.patch | (download) |
codec-http/src/main/java/io/netty/handler/codec/http/DefaultHttpHeaders.java |
8 8 + 0 - 0 !
codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java |
8 4 + 4 - 0 !
codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java |
87 81 + 6 - 0 !
codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java |
78 78 + 0 - 0 !
4 files changed, 171 insertions(+), 10 deletions(-) |
cve-2021-43797
Bug-Debian: https://bugs.debian.org/1001437
|
| CVE 2022 41881.patch | (download) |
codec-haproxy/src/main/java/io/netty/handler/codec/haproxy/HAProxyMessage.java |
16 11 + 5 - 0 !
codec-haproxy/src/test/java/io/netty/handler/codec/haproxy/HAProxyMessageDecoderTest.java |
65 65 + 0 - 0 !
2 files changed, 76 insertions(+), 5 deletions(-) |
cve-2022-41881
Bug-Debian: https://bugs.debian.org/1027180
|
| CVE 2022 41915.patch | (download) |
codec-http/src/test/java/io/netty/handler/codec/http/DefaultHttpHeadersTest.java |
25 24 + 1 - 0 !
codec/src/main/java/io/netty/handler/codec/DefaultHeaders.java |
368 299 + 69 - 0 !
2 files changed, 323 insertions(+), 70 deletions(-) |
cve-2022-41915
Bug-Debian: https://bugs.debian.org/1027180
|
| CVE 2023 34462.patch | (download) |
common/src/main/java/io/netty/util/internal/ObjectUtil.java |
55 52 + 3 - 0 !
handler/src/main/java/io/netty/handler/ssl/AbstractSniHandler.java |
22 22 + 0 - 0 !
handler/src/main/java/io/netty/handler/ssl/SniHandler.java |
50 50 + 0 - 0 !
handler/src/main/java/io/netty/handler/ssl/SslClientHelloHandler.java |
32 32 + 0 - 0 !
4 files changed, 156 insertions(+), 3 deletions(-) |
cve-2023-34462
Bug-Debian: https://bugs.debian.org/1038947
|
| CVE 2023 44487.patch | (download) |
codec-http2/src/main/java/io/netty/handler/codec/http2/AbstractHttp2ConnectionHandlerBuilder.java |
24 22 + 2 - 0 !
codec-http2/src/main/java/io/netty/handler/codec/http2/Http2FrameCodecBuilder.java |
6 6 + 0 - 0 !
codec-http2/src/main/java/io/netty/handler/codec/http2/Http2MaxRstFrameDecoder.java |
58 58 + 0 - 0 !
codec-http2/src/main/java/io/netty/handler/codec/http2/Http2MaxRstFrameListener.java |
58 58 + 0 - 0 !
codec-http2/src/main/java/io/netty/handler/codec/http2/Http2MultiplexCodecBuilder.java |
6 6 + 0 - 0 !
5 files changed, 150 insertions(+), 2 deletions(-) |
cve-2023-44487
Bug-Debian: https://bugs.debian.org/1054234
|
