SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for envoy-proxy-source-1.14.6-bp153.3.4.1.x86_64.rpm :

* Tue Apr 27 2021 Guillaume GARDET - Update _constraints for backports
* Tue Mar 16 2021 Martin Liška - Double memory limits for dwz.
* Mon Dec 21 2020 Manuel Buil - Update to 1.14.6 (CVE-2020-35471 boo#1180121)
* Thu Sep 17 2020 Guillaume GARDET - Relax constraints on aarch64
* Tue Aug 25 2020 Michał Rostecki - Update to 1.14.4 (bsc#1173559, CVE-2020-12605, CVE-2020-8663, CVE-2020-12603, CVE-2020-12604)
* Release notes: https://www.envoyproxy.io/docs/envoy/v1.14.4/intro/version_history- Remove patches which were either released upstream or are not relevant anymore:
* 0001-server-add-getTransportSocketFactoryContext-to-Filte.patch
* 0002-test-Fix-mocks.patch
* 0003-test-Fix-format.patch
* 0004-server-Add-comments-pointing-out-implementation-deta.patch
* 0005-server-Move-setInitManager-to-TransportSocketFactory.patch
* 0006-fix-format.patch
* 0007-lua-Handle-the-default-case-in-scriptLog.patch- Add patches which fix the offline build of the new version:
* 0001-build-Use-Go-from-host.patch
* 0002-build-update-several-go-dependencies-11581.patch
* 0003-build-Add-explicit-requirement-on-rules_cc.patch- We are switching back to BoringSSL, because it\'s supported by the Envoy upstream. Compatibility with OpenSSL was done by using an additional compatibility layer (https://github.com/envoyproxy/envoy-openssl/) which is not following upstream releases and packaging it is hard to maintain. Security team has already approved BoringSSL as a legitimate SSL/TLS library and it\'s already used the Envoy package related to Istio (cilium-istio-proxy).
* Wed Jul 01 2020 Michał Rostecki - Add patch which fixes the error occuring for spdlog 1.6.1:
* 0007-lua-Handle-the-default-case-in-scriptLog.patch
* Wed May 20 2020 Michel Normand - limit build resources for ppc64le to avoid Out of Memory error
* Wed May 20 2020 Michel Normand - Add ppc64/ppc64le in _constraints to use worker with max memory
* Thu Apr 16 2020 Dirk Mueller - add big-endian-support.patch to fix build on s390x:
* backport of an already upstream patch at https://github.com/envoyproxy/envoy/pull/10250
* Fri Mar 20 2020 Michal Jura - Fix path in find command, bsc#1167073
* Mon Mar 16 2020 Michał Rostecki - Fix the include dir of moonjit.
* Mon Mar 09 2020 Michał Rostecki - Add bazel-rules-python as a build requirement.
* Mon Feb 17 2020 Klaus Kämpf - add workaround-for-big-endian.patch - fix build for s390x
* Tue Feb 04 2020 Michał Rostecki - Remove nanopb from requirements.
* Thu Jan 16 2020 Michał Rostecki - Add patches which allow an access to TransportSocketFactoryContext from a Filter context. Needed for cilium-proxy to work properly:
* 0001-server-add-getTransportSocketFactoryContext-to-Filte.patch
* 0002-test-Fix-mocks.patch
* 0003-test-Fix-format.patch
* 0004-server-Add-comments-pointing-out-implementation-deta.patch
* 0005-server-Move-setInitManager-to-TransportSocketFactory.patch
* 0006-fix-format.patch
* Tue Jan 14 2020 Michał Rostecki - Update to version 1.12.2+git.20200109:
* http: fixed CVE-2019-18801 by allocating sufficient memory for request headers.
* http: fixed CVE-2019-18802 by implementing stricter validation of HTTP/1 headers.
* http: trim LWS at the end of header keys, for correct HTTP/1.1 header parsing.
* http: added strict authority checking. This can be reversed temporarily by setting the runtime feature envoy.reloadable_features.strict_authority_validation to false.
* route config: fixed CVE-2019-18838 by checking for presence of host/path headers.
* listener: fixed CVE-2019-18836 by clearing accept filters before connection creation.- Switch from Maistra to envoy-openssl as the way of replacing BoringSSL with OpenSSL.- Add source package to build cilium-proxy separately, with envoy-proxy-source as a build depencency.- Add patch which fixes dynamic linking of OpenSSL:
* bazel-Fix-optional-dynamic-linking-of-OpenSSL.patch- Add patch which adds backwards compatibility with TLS 1.2 and OpenSSL 1.1.0:
* compatibility-with-TLS-1.2-and-OpenSSL-1.1.0.patch- Add patch for compatibility with fmt 6.1.0 and spdlog 1.5.0:
* logger-Use-spdlog-memory_buf_t-instead-of-fmt-memory.patch- Remove patches which are not needed anymore:
* 0001-bazel-Update-protobuf-and-other-needed-dependencies.patch
* 0002-bazel-Update-grpc-to-1.23.0.patch
* 0003-tracing-update-googleapis-use-SetName-for-operation-.patch
* Fri Dec 13 2019 Michał Rostecki - Replace lua51-luajit with moonjit.
* Thu Nov 14 2019 Michał Rostecki - Use golang-
* packages for openSUSE Tumbleweed and use sources of Go deps for Leap and SLE.- Add the following patches for Go deps:
* com_github_golang_protobuf-gazelle.patch
* com_github_golang_protobuf-extras.patch
* org_golang_x_tools-gazelle.patch
* org_golang_x_tools-extras.patch
* Wed Nov 06 2019 Michał Rostecki - Do not bundle any dependencies, move everything to separate packages.- Add patch which makes envoy-proxy compatible with newer googleapis:
* 0003-tracing-update-googleapis-use-SetName-for-operation-.patch
* Fri Nov 01 2019 Michał Rostecki - Do not use global optflags (temporarily) - enabling them causes linker errors.
* Fri Oct 18 2019 Michał Rostecki - Disable incompatible_bzl_disallow_load_after_statement check in Bazel - some dependencies still do not pass it.
* Thu Oct 17 2019 Richard Brown - Remove obsolete Groups tag (fate#326485)
* Wed Oct 16 2019 Michał Rostecki - Remove duplicate tarball of golang-org-x-tools and unneeded tarballs of msgpack and http-parser.
* Tue Oct 15 2019 Michał Rostecki - Update to version 1.11.1:
* http: added mitigation of client initiated attacks that result in flooding of the downstream HTTP/2 connections. Those attacks can be logged at the “warning” level when the runtime feature http.connection_manager.log_flood_exception is enabled. The runtime setting defaults to disabled to avoid log spam when under attack.
* http: added inbound_empty_frames_flood counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on consecutive inbound frames with an empty payload and no end stream flag. The limit is configured by setting the max_consecutive_inbound_frames_with_empty_payload config setting.
* http: added inbound_priority_frames_flood counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on inbound PRIORITY frames. The limit is configured by setting the max_inbound_priority_frames_per_stream config setting.
* http: added inbound_window_update_frames_flood counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on inbound WINDOW_UPDATE frames.
* http: added outbound_flood counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the outbound queue limit.
* http: added outbound_control_flood counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the outbound queue limit for PING, SETTINGS and RST_STREAM frames.
* http: enabled strict validation of HTTP/2 messaging. Previous behavior can be restored using stream_error_on_invalid_http_messaging config setting.- Add sources of envoy-openssl project which makes use of OpenSSL instead of BoringSSL.- Add patches which makes Envoy compatible with versions of libraries available in openSUSE:
* 0001-bazel-Update-protobuf-and-other-needed-dependencies.patch
* 0002-bazel-Update-grpc-to-1.23.0.patch- Remove patches which are not needed anymore:
* 0001-Remove-deprecated-Blaze-PACKAGE_NAME-macro-5330.patch
* 0001-Upgrade-gabime-spdlog-dependency-to-1.3.0-5604.patch
* 0001-bazel-transport-sockets-Update-grpc-to-1.19.1.patch
* Thu Apr 04 2019 Jan Engelhardt - openssl-devel should be pkgconfig(openssl)
* Tue Mar 19 2019 Michal Rostecki - Add patch which allows to use grpc 1.19.x.
* 0001-bazel-transport-sockets-Update-grpc-to-1.19.1.patch- Use source packages of grpc-httpjson-transcoding, opentracing-cpp and lightstep-tracer-cpp. (boo#1129568)
* Tue Mar 12 2019 Bernhard Wiedemann - Use fixed date for reproducible builds (boo#1047218)
* Tue Feb 26 2019 Michał Rostecki - Add upstream patch which allows to use spdlog 1.3.x.
* 0001-Upgrade-gabime-spdlog-dependency-to-1.3.0-5604.patch
* Wed Feb 20 2019 Michał Rostecki - Add upstream patch which fixes build with Bazel 0.22.0.
* 0001-Remove-deprecated-Blaze-PACKAGE_NAME-macro-5330.patch- Fix build with the newest bazel-rules-go.
* Thu Feb 14 2019 Michał Rostecki - Stop bundling libraries and dependencies, use shared libraries and
*-source packages instead.
* Wed Oct 31 2018 Michał Rostecki - Initial version 1.8.0+git20181105
  
ICM