Package Release Info

envoy-proxy-1.14.4-bp153.2.10

Update Info: Base Release
Available in Package Hub : 15 SP3

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

envoy-proxy
envoy-proxy-source

Change Logs

* Tue Apr 27 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update _constraints for backports
* Tue Mar 16 2021 Martin Li?ka <mliska@suse.cz>
- Double memory limits for dwz.
* Thu Sep 17 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Relax constraints on aarch64
* Tue Aug 25 2020 Micha? Rostecki <mrostecki@suse.com>
- Update to 1.14.4 (bsc#1173559, CVE-2020-12605, CVE-2020-8663, CVE-2020-12603, CVE-2020-12604)
  * Release notes: https://www.envoyproxy.io/docs/envoy/v1.14.4/intro/version_history
- Remove patches which were either released upstream or are not
  relevant anymore:
  * 0001-server-add-getTransportSocketFactoryContext-to-Filte.patch
  * 0002-test-Fix-mocks.patch
  * 0003-test-Fix-format.patch
  * 0004-server-Add-comments-pointing-out-implementation-deta.patch
  * 0005-server-Move-setInitManager-to-TransportSocketFactory.patch
  * 0006-fix-format.patch
  * 0007-lua-Handle-the-default-case-in-scriptLog.patch
- Add patches which fix the offline build of the new version:
  * 0001-build-Use-Go-from-host.patch
  * 0002-build-update-several-go-dependencies-11581.patch
  * 0003-build-Add-explicit-requirement-on-rules_cc.patch
- We are switching back to BoringSSL, because it's supported by the
  Envoy upstream. Compatibility with OpenSSL was done by using an
  additional compatibility layer (https://github.com/envoyproxy/envoy-openssl/)
  which is not following upstream releases and packaging it is hard
  to maintain. Security team has already approved BoringSSL as a
  legitimate SSL/TLS library and it's already used the Envoy package
  related to Istio (cilium-istio-proxy).
* Wed Jul 01 2020 Micha? Rostecki <mrostecki@suse.com>
- Add patch which fixes the error occuring for spdlog 1.6.1:
  * 0007-lua-Handle-the-default-case-in-scriptLog.patch
* Wed May 20 2020 Michel Normand <normand@linux.vnet.ibm.com>
-  limit build resources for ppc64le to avoid Out of Memory error
* Wed May 20 2020 Michel Normand <normand@linux.vnet.ibm.com>
- Add ppc64/ppc64le in _constraints to use worker with max memory
* Thu Apr 16 2020 Dirk Mueller <dmueller@suse.com>
- add big-endian-support.patch to fix build on s390x:
  * backport of an already upstream patch at https://github.com/envoyproxy/envoy/pull/10250
* Mon Mar 16 2020 Micha? Rostecki <mrostecki@opensuse.org>
- Fix the include dir of moonjit.
* Mon Mar 09 2020 Micha? Rostecki <mrostecki@opensuse.org>
- Add bazel-rules-python as a build requirement.
* Tue Feb 04 2020 Micha? Rostecki <mrostecki@opensuse.org>
- Remove nanopb from requirements.
* Thu Jan 16 2020 Micha? Rostecki <mrostecki@opensuse.org>
- Add patches which allow an access to TransportSocketFactoryContext
  from a Filter context. Needed for cilium-proxy to work properly:
  * 0001-server-add-getTransportSocketFactoryContext-to-Filte.patch
  * 0002-test-Fix-mocks.patch
  * 0003-test-Fix-format.patch
  * 0004-server-Add-comments-pointing-out-implementation-deta.patch
  * 0005-server-Move-setInitManager-to-TransportSocketFactory.patch
  * 0006-fix-format.patch
* Tue Jan 14 2020 Micha? Rostecki <mrostecki@opensuse.org>
- Update to version 1.12.2+git.20200109:
  * http: fixed CVE-2019-18801 by allocating sufficient memory for
    request headers.
  * http: fixed CVE-2019-18802 by implementing stricter validation
    of HTTP/1 headers.
  * http: trim LWS at the end of header keys, for correct HTTP/1.1
    header parsing.
  * http: added strict authority checking. This can be reversed
    temporarily by setting the runtime feature
    envoy.reloadable_features.strict_authority_validation to false.
  * route config: fixed CVE-2019-18838 by checking for presence of
    host/path headers.
  * listener: fixed CVE-2019-18836 by clearing accept filters
    before connection creation.
- Switch from Maistra to envoy-openssl as the way of replacing
  BoringSSL with OpenSSL.
- Add source package to build cilium-proxy separately, with
  envoy-proxy-source as a build depencency.
- Add patch which fixes dynamic linking of OpenSSL:
  * bazel-Fix-optional-dynamic-linking-of-OpenSSL.patch
- Add patch which adds backwards compatibility with TLS 1.2 and
  OpenSSL 1.1.0:
  * compatibility-with-TLS-1.2-and-OpenSSL-1.1.0.patch
- Add patch for compatibility with fmt 6.1.0 and spdlog 1.5.0:
  * logger-Use-spdlog-memory_buf_t-instead-of-fmt-memory.patch
- Remove patches which are not needed anymore:
  * 0001-bazel-Update-protobuf-and-other-needed-dependencies.patch
  * 0002-bazel-Update-grpc-to-1.23.0.patch
  * 0003-tracing-update-googleapis-use-SetName-for-operation-.patch
* Fri Dec 13 2019 Micha? Rostecki <mrostecki@opensuse.org>
- Replace lua51-luajit with moonjit.
* Wed Nov 06 2019 Micha? Rostecki <mrostecki@opensuse.org>
- Do not bundle any dependencies, move everything to separate
  packages.
- Add patch which makes envoy-proxy compatible with newer
  googleapis:
  * 0003-tracing-update-googleapis-use-SetName-for-operation-.patch
* Fri Nov 01 2019 Micha? Rostecki <mrostecki@opensuse.org>
- Do not use global optflags (temporarily) - enabling them causes
  linker errors.
* Fri Oct 18 2019 Micha? Rostecki <mrostecki@opensuse.org>
- Disable incompatible_bzl_disallow_load_after_statement check in
  Bazel - some dependencies still do not pass it.
* Thu Oct 17 2019 Richard Brown <rbrown@suse.com>
- Remove obsolete Groups tag (fate#326485)
* Wed Oct 16 2019 Micha? Rostecki <mrostecki@opensuse.org>
- Remove duplicate tarball of golang-org-x-tools and unneeded
  tarballs of msgpack and http-parser.
* Tue Oct 15 2019 Micha? Rostecki <mrostecki@opensuse.org>
- Update to version 1.11.1:
  * http: added mitigation of client initiated attacks that result
    in flooding of the downstream HTTP/2 connections. Those attacks
    can be logged at the ?warning? level when the runtime feature
    http.connection_manager.log_flood_exception is enabled. The
    runtime setting defaults to disabled to avoid log spam when
    under attack.
  * http: added inbound_empty_frames_flood counter stat to the
    HTTP/2 codec stats, for tracking number of connections
    terminated for exceeding the limit on consecutive inbound
    frames with an empty payload and no end stream flag. The limit
    is configured by setting the
    max_consecutive_inbound_frames_with_empty_payload config
    setting.
  * http: added inbound_priority_frames_flood counter stat to the
    HTTP/2 codec stats, for tracking number of connections
    terminated for exceeding the limit on inbound PRIORITY frames.
    The limit is configured by setting the
    max_inbound_priority_frames_per_stream config setting.
  * http: added inbound_window_update_frames_flood counter stat
    to the HTTP/2 codec stats, for tracking number of connections
    terminated for exceeding the limit on inbound WINDOW_UPDATE
    frames.
  * http: added outbound_flood counter stat to the HTTP/2 codec
    stats, for tracking number of connections terminated for
    exceeding the outbound queue limit.
  * http: added outbound_control_flood counter stat to the HTTP/2
    codec stats, for tracking number of connections terminated
    for exceeding the outbound queue limit for PING, SETTINGS and
    RST_STREAM frames.
  * http: enabled strict validation of HTTP/2 messaging. Previous
    behavior can be restored using
    stream_error_on_invalid_http_messaging config setting.
- Add sources of envoy-openssl project which makes use of OpenSSL
  instead of BoringSSL.
- Add patches which makes Envoy compatible with versions of
  libraries available in openSUSE:
  * 0001-bazel-Update-protobuf-and-other-needed-dependencies.patch
  * 0002-bazel-Update-grpc-to-1.23.0.patch
- Remove patches which are not needed anymore:
  * 0001-Remove-deprecated-Blaze-PACKAGE_NAME-macro-5330.patch
  * 0001-Upgrade-gabime-spdlog-dependency-to-1.3.0-5604.patch
  * 0001-bazel-transport-sockets-Update-grpc-to-1.19.1.patch