Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge envoy[release/v1.28] into envoy-openssl[release/v1.28] #260

Merged
merged 19 commits into from
Sep 26, 2024
Merged

Merge envoy[release/v1.28] into envoy-openssl[release/v1.28] #260

merged 19 commits into from
Sep 26, 2024

Conversation

tedjpoole
Copy link
Contributor

@tedjpoole tedjpoole commented Sep 25, 2024
edited
Loading

Brings us up to v1.28.7

phlax and others added 19 commits August 22, 2024 08:54
@phlax
deps: Bump com_github_curl -> 8.9.1 (#35688)
2e448a3 
Fix #35686 

and resolve related CVE

```console
CVE-2024-7264 ([email protected])
  CVSS v3 score: 6.5
  Severity: MEDIUM
  Published date: 2024-07-31
  Last modified date: 2024-08-12
  Description: libcurl's ASN1 parser code has the `GTime2str()` function, used for
  parsing an ASN.1 Generalized Time field. If given an syntactically
  incorrect field, the parser might end up using -1 for the length of
  the *time fraction*, leading to a `strlen()` getting performed on a
  pointer to a heap buffer area that is not (purposely) null terminated.
  This flaw most likely leads to a crash, but can also lead to heap
  contents getting returned to the application when
  [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html)
  is used.
  Affected CPEs:
  - cpe:2.3:a:haxx:libcurl:*

```

Signed-off-by: Ryan Northey <[email protected]>
@phlax
ci: Split build tests from release job (#35580)
c3301f1 
Signed-off-by: Ryan Northey <[email protected]>

Signed-off-by: phlax <[email protected]>
@phlax
tls-tests: updating the auto-generated certs for TLS tests (#35781) (…
f78dd71 
…#35802)


Signed-off-by: Ryan Northey <[email protected]>
@phlax
repo/ci: Shift publishing CI -> github (#35660)
2c4f12b 
Signed-off-by: Ryan Northey <[email protected]>

Signed-off-by: phlax <[email protected]>
@phlax
vpp/build: Minor fix for cmake build (#35583)
d19d46f 
There are multiple files named config.h and in some build environments
it causes the build postscript to fail

Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

Signed-off-by: Ryan Northey <[email protected]>
@phlax
vpp: Additional fix for build file mangling
eaefe68 
Signed-off-by: Ryan Northey <[email protected]>
@phlax
docker/release: Bump Ubuntu -> fa17826
74662aa 
Signed-off-by: Ryan Northey <[email protected]>
@dependabot @phlax
build(deps): bump distroless/base-nossl-debian12 from 9652482 to `f…
2947cfc 
…b10a97` in /ci (#35982)


Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
@phlax
repo: Release v1.28.6
98cde4c 
Changes:

- Update curl lib to resolve CVE-2024-7264
- Assorted fixes
- Updated container images

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.6
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.28.6/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.28.6/version_history/v1.28/v1.28.6
**Full changelog**:
    envoyproxy/envoy@v1.28.5...v1.28.6

Signed-off-by: Ryan Northey <[email protected]>
@phlax
repo: Dev v1.28.7
3e436db 
Signed-off-by: Ryan Northey <[email protected]>
@phlax
release/ci: Skip build tests on publishing run (#36145)
a77d04c 

Signed-off-by: Ryan Northey <[email protected]>
@phlax
release/ci: Dont run on tags (#36146)
75a6877 
Signed-off-by: Ryan Northey <[email protected]>
@dependabot @phlax
build(deps): bump distroless/base-nossl-debian12 from fb10a97 to `4…
d1777ee 
…cc93c5` in /ci (#36206)


Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
@alyssawilk @phlax
internal_address_config: change the default to be more secure for ser…
94a1d5b 
…vice mesh environments

Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Boteng Yao <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
@botengyao @phlax
fix local reply in async client and destroy order
91eece4 
Signed-off-by: Boteng Yao <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
@tyxia @phlax
escape invalid host name
b5a09f7 
Signed-off-by: tyxia <[email protected]>
Signed-off-by: Boteng Yao <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
@phlax
repo: Release v1.28.7
4848d6d 
**Summary of changes**

[CVE-2024-45808](GHSA-p222-xhp9-39rc): Malicious log injection via access logs
[CVE-2024-45806](GHSA-ffhv-fvxq-r6mf): Potential manipulate `x-envoy` headers from external sources
[CVE-2024-45810](GHSA-qm74-x36m-555q): Envoy crashes for LocalReply in http async client

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.7
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.28.7/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.28.7/version_history/v1.28/v1.28.7
**Full changelog**:
    envoyproxy/envoy@v1.28.6...v1.28.7

Signed-off-by: Boteng Yao <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
@phlax
repo: Dev v1.28.8
2889b72 
Signed-off-by: Ryan Northey <[email protected]>
@tedjpoole
Merge remote-tracking branch 'envoy/release/v1.28' into sync-1.28
efb295d 
Signed-off-by: Ted Poole <[email protected]>
@tedjpoole
Copy link
Contributor Author

Executed 1090 out of 1090 tests: 1090 tests pass.

@tedjpoole tedjpoole requested review from dcillera and removed request for mattklein123, ggreenway and alyssawilk September 26, 2024 12:57
@tedjpoole tedjpoole merged commit c094156 into envoyproxy:release/v1.28 Sep 26, 2024
5 checks passed
@tedjpoole tedjpoole deleted the sync-1.28 branch September 26, 2024 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcillera dcillera dcillera approved these changes

@mattklein123 mattklein123 Awaiting requested review from mattklein123

@ggreenway ggreenway Awaiting requested review from ggreenway

@alyssawilk alyssawilk Awaiting requested review from alyssawilk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@tedjpoole @dcillera @phlax @alyssawilk @botengyao @tyxia