netty (1:4.1.7-4ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: HTTP request smuggling
      HTTP header names as defined by RFC7230#section-3.2.4.
    - debian/patches/0005-CVE-2019-20444.patch: Detect missing colon when
      parsing http headers with no value.
    - debian/patches/0006-CVE-2019-20445-1.patch: Verify we do not receive
      multiple content-length headers or a content-length and
      transfer-encoding: chunked header when using HTTP/1.1.
    - debian/patches/0007-CVE-2019-20445-2.patch: Remove "Content-Length" when
      decoding HTTP/1.1 message with both "Transfer-Encoding: chunked" and
      "Content-Length".
    - debian/patches/18-CVE-2019-20445-3.patch: Added tests for
      Transfer-Encoding header with whitespace.
    - CVE-2019-20444
    - CVE-2019-20445
  * SECURITY UPDATE: Memory buffer out of bounds
    - debian/patches/19-CVE-2020-11612.patch: Allow a limit to be set on the
      decompressed buffer size for ZlibDecoders.
    - CVE-2020-11612

 -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Mon, 26 Oct 2020 13:24:33 +0000

netty (1:4.1.7-4) unstable; urgency=medium

  * Team upload.
  * Update debian/watch to repack with xz compression
  * Bump Standards-Version to 4.0.0
  * Update jctools2 patch for approach used upstream (see #866771)

 -- tony mancill <tmancill@debian.org>  Sun, 30 Jul 2017 08:31:35 -0700

netty (1:4.1.7-3) unstable; urgency=medium

  * Team upload.
  * Add patch to build against jctools 2.0 (Closes: #866771)
  * Update libjctools-java build-dep to version 2.0

 -- tony mancill <tmancill@debian.org>  Sat, 22 Jul 2017 18:56:07 -0700

netty (1:4.1.7-2) unstable; urgency=medium

  * Team upload.
  * Fixed the netty-all pom (Closes: #852255)

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 23 Jan 2017 09:32:14 +0100

netty (1:4.1.7-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Build the new modules: codec-dns, codec-http2, codec-memcache,
      codec-mqtt, codec-redis, codec-smtp, codec-stomp, handler-proxy,
      resolver-dns and resolver
    - Ignore the new codec-xml module (missing dependency)
    - New dependency: groovy, libcompress-lzf-java, libgoogle-gson-java
    - Adapted codegen.groovy to run without the groovy-maven-plugin
    - Ignore the new test dependencies
    - Disabled lz4, lzma and protobuf nano support due to missing dependencies

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 16 Jan 2017 09:14:21 +0100

netty (1:4.0.42-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Switch to debhelper level 10

 -- Emmanuel Bourg <ebourg@apache.org>  Sun, 30 Oct 2016 00:12:28 +0200

netty (1:4.0.41-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Depend on netty-tcnative (>= 1.1.33.Fork21)

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 30 Aug 2016 08:52:52 +0200

netty (1:4.0.40-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - New dependency on libjctools-java
    - New build dependency on libmaven-shade-plugin-java
  * Build the netty-transport-native-epoll module
  * Depend on ant-contrib >= 1.0~b3+svn177-8 and dropped the dependency
    on libbcel-java

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 03 Aug 2016 01:04:26 +0200

netty (1:4.0.37-1) unstable; urgency=high

  * Team upload.
  * New upstream release. (Closes: #827620) CVE-2016-4970
  * Add build-dependency on liblog4j2-java.

 -- tony mancill <tmancill@debian.org>  Sat, 18 Jun 2016 14:45:03 -0700

netty (1:4.0.36-2) unstable; urgency=medium

  * Team upload.
  * Removed the empty classifier for the tcnative dependency since it breaks
    the Gradle dependencies resolution

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 24 May 2016 00:45:11 +0200

netty (1:4.0.36-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
  * Depend on libasm-java (>= 5.0) instead of libasm4-java
  * Standards-Version updated to 3.9.8 (no changes)

 -- Emmanuel Bourg <ebourg@apache.org>  Sun, 24 Apr 2016 19:20:27 +0200

netty (1:4.0.35-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Updated the Maven rules
  * Standards-Version updated to 3.9.7 (no changes)
  * Use secure Vcs-* fields

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 28 Mar 2016 23:03:36 +0200

netty (1:4.0.34-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Depend on netty-tcnative (>= 1.1.33.Fork11)
  * Build with the DH sequencer instead of CDBS
  * Made the versions.properties embedded in the jar files reproducible

 -- Emmanuel Bourg <ebourg@apache.org>  Sun, 31 Jan 2016 23:39:15 +0100

netty (1:4.0.33-1) unstable; urgency=medium

  * Team upload.
  * New upstream release

 -- Emmanuel Bourg <ebourg@apache.org>  Thu, 19 Nov 2015 23:37:59 +0100

netty (1:4.0.32-1) unstable; urgency=medium

  * Team upload.
  * New upstream release:
    - Refreshed the patches

 -- Emmanuel Bourg <ebourg@apache.org>  Sat, 03 Oct 2015 01:12:58 +0200

netty (1:4.0.31-1) unstable; urgency=medium

  * Team upload.

  [ Emmanuel Bourg ]
  * New upstream release:
    - Build with maven-debian-helper
    - Fixes CVE-2015-2156 (Closes: #796114)
  * debian/control:
    - Team maintenance by Debian Java Maintainers
    - Standards-Version updated to 3.9.6 (no changes)
    - Removed the deprecated DM-Upload-Allowed field
  * debian/watch: Track the release tags on GitHub
  * Moved the package to Git
  * Switch to debhelper level 9

  [ Charles Plessy ]
  * Updated homepage (debian/control).

 -- Emmanuel Bourg <ebourg@apache.org>  Sat, 12 Sep 2015 23:26:11 +0200

netty (1:3.2.6.Final-2) unstable; urgency=low

  * Merge from James Page (thanks!):
  * Enable test suite to support Ubuntu MIR (LP: #913878) (Closes: #658250):
    - d/build.xml: Add extra targets to compile and execute unit tests.
    - d/rules: Add testing dependencies to build classpath.
    - d/control: Added junit4 and libeasymock-java to BDI's and ant-optional
      to BD's.
  * d/orig-tar.sh; Dropped - not used.

 -- Damien Raude-Morvan <drazzib@debian.org>  Sun, 12 Feb 2012 12:43:50 +0100

netty (1:3.2.6.Final-1) unstable; urgency=low

  * New upstream release (Closes: #643832):
    - Update watch file for github.
  * Add myself to Uploaders.
  * Use maven-repo-helper to install jar.
  * Bump to Standards-Version to 3.9.2:
    - Provide a get-orig-source target.
    - Drop Depends on default-jre-headless.
    - Drop XSBC-* fields (Ubuntu specific)
    - Add Homepage field.
    - Add Vcs-* fields.
  * Use debhelper 7 compat level.
  * Fix copyright:
    - now under Apache-2.0 licence.
    - update to DEP-5.
  * Switch to 3.0 (quilt) source format.
  * Add Recommends on logging frameworks.

 -- Damien Raude-Morvan <drazzib@debian.org>  Wed, 23 Nov 2011 21:14:19 +0100

netty (1:3.1.0.CR1-1) unstable; urgency=low

  * Port package to pkg-java based largely on existing Ubuntu package
  * Pull sources from svn to build orig tarball avoiding DFSG non-compliance
  * debian/copyright, debian/README.source: Update to reflect DFSG-compliant
    packaging.

 -- Chris Grzegorczyk <grze@eucalyptus.com>  Thu, 17 Dec 2009 03:12:31 -0800

netty (3.1.0.CR1+dfsg-0ubuntu1) karmic; urgency=low

  * Repackaged orig tarball to avoid shipping sourceless doc/ elements.
  * debian/copyright, debian/README.source: Explain repacking.

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Wed, 26 Aug 2009 15:13:13 +0200

netty (3.1.0.CR1-0ubuntu1) karmic; urgency=low

  * Initial release. New Eucalyptus dependency.

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Tue, 21 Jul 2009 16:48:12 +0200