Sync with Envoy 1.16.1 to bring in two security fixes. #287
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Backport following commits to 1.16: 748b2ab (mac ci: try ignoring update failure (envoyproxy#13658), 2020-10-20) f95f539 (ci: various improvements (envoyproxy#13660), 2020-10-20) 6481a27 (ci: stop building alpine-debug images in favor of ubuntu-based debug image (envoyproxy#13598), 2020-10-15) 73d78f8 (ci: use multiple stage (envoyproxy#13557), 2020-10-15) b7a4756 (ci: use azp for api and go-control-plane sync (envoyproxy#13550), 2020-10-14) 876a6bb (ci use azp to sync filter example (envoyproxy#13501), 2020-10-12) a0f31ee (ci: use azp to generate docs (envoyproxy#13481), 2020-10-12) 7e5d854 (ci: bring BAZEL_BUILD_OPTIONS back for format and docs (envoyproxy#13480), 2020-10-11) 7af2b2b (ci: use same flaky test process script on macOS (envoyproxy#13485), 2020-10-10) Signed-off-by: Lizan Zhou <lizan@tetrate.io> Co-authored-by: asraa <asraa@google.com>
…envoyproxy#13882) * Prevent SEGFAULT when disabling listener (envoyproxy#13515) This prevents the stop_listening overload action from causing segmentation faults that can occur if the action is enabled after the listener has already shut down. Signed-off-by: Alex Konradi <akonradi@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
… (envoyproxy#13966) Fix a bug where the transport socket options for the first downstream got reused for subsequent upstream connections. Risk Level: low Testing: new integration test Docs Changes: n/a Release Notes: Platform Specific Features: Fixes envoyproxy#13659 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
…on requests and replay them when re-enabling read. (envoyproxy#13772) (envoyproxy#14017) Fixes SslSocket read resumption after readDisable when processing the SSL record that contains the last bytes of the HTTP message Risk Level: low Testing: new unit and integration tests Docs Changes: n/a Release Notes: added Platform Specific Features: n/a Fixes envoyproxy#12304 Signed-off-by: Antonio Vicente <avd@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
…alloc (envoyproxy#13447) (envoyproxy#14082) Signed-off-by: Joshua Marantz <jmarantz@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io> Co-authored-by: Joshua Marantz <jmarantz@google.com>
… (envoyproxy#14127) The client request stream can be deleted under the call stack of Envoy::IntegrationCodecClient::startRequest if the proxy replies quickly enough. Attempts to send an end stream on that request result in use-after-free on the client stream in cases where the client processed the full reply inside startRequest. Fixes envoyproxy#12960 Signed-off-by: Antonio Vicente <avd@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io> Co-authored-by: antonio <avd@google.com>
Backport of PR envoyproxy#13529 and envoyproxy#13503 Signed-off-by: Ryan Northey <ryan@synca.io> Signed-off-by: Christoph Pakulski <christoph@tetrate.io> Co-authored-by: phlax <phlax@users.noreply.github.com>
…nvoyproxy#14130) Signed-off-by: Matt Klein <mklein@lyft.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io> Co-authored-by: Matt Klein <mklein@lyft.com> Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
…amInfo (envoyproxy#14132) This fixes a regression which resulted in the downstreamRemoteAddress on the StreamInfo for a connection not having the address supplied by the proxy protocol filter, but instead having the address of the directly connected peer. This issue does not affect HTTP filters. Signed-off-by: Greg Greenway <ggreenway@apple.com>
…ase-1.8-1.16.1-envoy-sync Signed-off-by: Pengyuan Bian <bianpengyuan@google.com>
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
|
@PiotrSikora Not sure if I did this correctly. I simply did a |
|
@PiotrSikora Also do you have permission to do a manual merge? |
PiotrSikora
approved these changes
Dec 1, 2020
|
@bianpengyuan yeah, Added |
|
Looks that I don't have permission to merge this. @duderino @howardjohn does either one of you have? If so, please merge this using "Create a merge commit" option. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Fixes #Issue]
[Optional Deprecated:]