Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge changes from upstream envoy[release/v1.28] #250

Merged
merged 5 commits into from
Sep 3, 2024
Merged

Merge changes from upstream envoy[release/v1.28] #250

merged 5 commits into from
Sep 3, 2024

Conversation

tedjpoole
Copy link
Contributor

This PR merges recent changes from envoy[release/v1.28] to envoy-openssl[release/v1.28]

@phlax
deps: Bump com_github_curl -> 8.9.1 (#35688)
2e448a3 
Fix #35686 

and resolve related CVE

```console
CVE-2024-7264 (com_github_curl@8.4.0)
  CVSS v3 score: 6.5
  Severity: MEDIUM
  Published date: 2024-07-31
  Last modified date: 2024-08-12
  Description: libcurl's ASN1 parser code has the `GTime2str()` function, used for
  parsing an ASN.1 Generalized Time field. If given an syntactically
  incorrect field, the parser might end up using -1 for the length of
  the *time fraction*, leading to a `strlen()` getting performed on a
  pointer to a heap buffer area that is not (purposely) null terminated.
  This flaw most likely leads to a crash, but can also lead to heap
  contents getting returned to the application when
  [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html)
  is used.
  Affected CPEs:
  - cpe:2.3:a:haxx:libcurl:*

```

Signed-off-by: Ryan Northey <ryan@synca.io>
@phlax
ci: Split build tests from release job (#35580)
c3301f1 
Signed-off-by: Ryan Northey <ryan@synca.io>

Signed-off-by: phlax <phlax@users.noreply.github.com>
@phlax
tls-tests: updating the auto-generated certs for TLS tests (#35781) (…
f78dd71 
…#35802)


Signed-off-by: Ryan Northey <ryan@synca.io>
@tedjpoole
Merge remote-tracking branch 'upstream/release/v1.28' into sync-1.28
770efd7 
* upstream/release/v1.28:
  tls-tests: updating the auto-generated certs for TLS tests (#35781) (#35802)
  ci: Split build tests from release job (#35580)
  deps: Bump `com_github_curl` -> 8.9.1 (#35688)

Signed-off-by: Ted Poole <tpoole@redhat.com>
@tedjpoole tedjpoole removed the request for review from ggreenway August 29, 2024 11:41
@tedjpoole tedjpoole marked this pull request as draft August 29, 2024 13:21
@twghu twghu self-requested a review August 29, 2024 13:22
@tedjpoole
Don't test @com_github_google_quiche//:ci_tests by default
6881f9f 
These quiche ci_tests currently fail to compile against the bssl-compat
layer, becasue it doesn't provide enough of the required BoringSSL API.

Signed-off-by: Ted Poole <tpoole@redhat.com>
@tedjpoole tedjpoole marked this pull request as ready for review September 2, 2024 09:10
@tedjpoole
Copy link
Contributor Author

Executed 1090 out of 1090 tests: 1090 tests pass.

@tedjpoole tedjpoole merged commit 36a50d2 into envoyproxy:release/v1.28 Sep 3, 2024
4 of 5 checks passed
@tedjpoole tedjpoole deleted the sync-1.28 branch September 3, 2024 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twghu twghu twghu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tedjpoole @twghu @phlax