This repository has been archived by the owner on Oct 13, 2023. It is now read-only.
[19.03 backport] bump google.golang.org/grpc v1.23.0 (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515) #340
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thaJeztah
force-pushed
the
19.03_backport_bump_grpc
branch
2 times, most recently
from
c4eb2b0
to
3c89c99
Compare
tiborvass
approved these changes
Sep 6, 2019
thaJeztah
force-pushed
the
19.03_backport_bump_grpc
branch
from
3c89c99
to
1df963d
Compare
|
Jenkins killed the PowerPC tests after 1 minute something (no idea why)
|
|
kicked Jenkins again.. 7 times is a charm, right? 😂 |
thaJeztah
force-pushed
the
19.03_backport_bump_grpc
branch
from
1df963d
to
4aad8d4
Compare
full diff: grpc/grpc-go@v1.20.1...v1.23.0 This update contains security fixes: - transport: block reading frames when too many transport control frames are queued (grpc/grpc-go#2970) - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Other changes can be found in the release notes: https://github.com/grpc/grpc-go/releases/tag/v1.23.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit f1cd799) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: containerd/ttrpc@699c4e4...92c8520 changes: - containerd/ttrpc#37 Handle EOF to prevent file descriptor leak - containerd/ttrpc#38 Improve connection error handling - containerd/ttrpc#40 Support headers - containerd/ttrpc#41 Add client and server unary interceptors - containerd/ttrpc#43 metadata as KeyValue type - containerd/ttrpc#42 Refactor close handling for ttrpc clients - containerd/ttrpc#44 Fix method full name generation - containerd/ttrpc#46 Client.Call(): do not return error if no Status is set (gRPC v1.23 and up) - containerd/ttrpc#49 Handle ok status Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 8769255) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
force-pushed
the
19.03_backport_bump_grpc
branch
from
4aad8d4
to
525e8ed
Compare
Apparently not; 8 and 9 were no luck as well; kicked number 10 (and disabled RS1) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
built on top of #339. the first commit is from #339(rebased)backport of moby#39798
fixes ENGCORE-975
addresses ENGCORE-971
full diff: grpc/grpc-go@v1.20.1...v1.23.0
This update contains security fixes:
Other changes can be found in the release notes:
https://github.com/grpc/grpc-go/releases/tag/v1.23.0
Also updating containerd/ttrpc to get containerd/ttrpc#46 in;
full diff: containerd/ttrpc@699c4e4...92c8520
changes: