Skip to content

Update h2 to use unpublished changes #1536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 9, 2022
Merged

Update h2 to use unpublished changes #1536

merged 1 commit into from
Mar 9, 2022

Conversation

@olix0r
Copy link
Member

@olix0r olix0r commented Mar 9, 2022

h2 has a few important changes since its last official release:

This change patches our h2 dependency to use the laster commit on the
master branch.

Signed-off-by: Oliver Gould [email protected]

@olix0r
Update h2 to use unpublished changes
a6eef69 
`h2` has a few important changes since its last official release:

* hyperium/h2@4dc2b4a Avoids time operations that can panic
* hyperium/h2@85549fc Fixes an issue with header parsing
* hyperium/h2@b8eab38 Removes noise from tracing spans

This change patches our `h2` dependency to use the laster commit on the
master branch.

Signed-off-by: Oliver Gould <[email protected]>
@olix0r olix0r requested a review from a team as a code owner March 9, 2022 15:38
@hawkw
Copy link
Contributor

hawkw commented Mar 9, 2022

We should probably stage a release...

@olix0r
Copy link
Member Author

olix0r commented Mar 9, 2022

@hawkw agreed, but this will unblock us getting a proxy release out with the changes. It will be easy to update once there's a release out.

hawkw
hawkw approved these changes Mar 9, 2022
View reviewed changes
Copy link
Contributor

@hawkw hawkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@olix0r oh, for sure, we should definitely merge this in the meantime --- i meant to approve this PR, whoops!

@olix0r olix0r merged commit bbb5c51 into main Mar 9, 2022
@olix0r olix0r deleted the ver/h2-git branch March 9, 2022 17:33
@hawkw
Copy link
Contributor

hawkw commented Mar 9, 2022

upstream release PR: hyperium/h2#609

hawkw added a commit that referenced this pull request Mar 9, 2022
@hawkw
bump h2 to v0.3.12 and remove patch
eff3f86 
Version v0.3.12 of `h2` has been published, so we no longer need the
patch added in #1536 to pick up unreleased changes.
@hawkw hawkw mentioned this pull request Mar 9, 2022
Merged
olix0r pushed a commit that referenced this pull request Mar 9, 2022
@hawkw
bump h2 to v0.3.12 and remove patch (#1538)
d16ffa5 
Version v0.3.12 of `h2` has been published, so we no longer need the
patch added in #1536 to pick up unreleased changes.

Signed-off-by: Eliza Weisman <[email protected]>
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Mar 10, 2022
@olix0r
proxy: v2.174.0
fc99650 
This release fixes an issue that could prevent proxies from sending HTTP
Upgrade requests (e.g., for websockets) through multi-cluster gateways.

Many dependencies have been updated, notably including a new version of
`h2` that improves debug logging, avoids panics in time-related
operations, and fixes an issue with parsing certain types of headers.

---

* ci: Only run checks on changed crates (linkerd/linkerd2-proxy#1498)
* build(deps): bump libc from 0.2.117 to 0.2.118 (linkerd/linkerd2-proxy#1502)
* ci: Run fuzzing only on related changes (linkerd/linkerd2-proxy#1501)
* deps: update to `tokio` 1.17.0 and `tower` 0.4.12, and unpatch (linkerd/linkerd2-proxy#1503)
* build(deps): bump tj-actions/changed-files (linkerd/linkerd2-proxy#1505)
* build(deps): bump cc from 1.0.72 to 1.0.73 (linkerd/linkerd2-proxy#1506)
* cargo: Omit patch versions from Cargo.toml files (linkerd/linkerd2-proxy#1504)
* build(deps): bump tracing-subscriber from 0.3.8 to 0.3.9 (linkerd/linkerd2-proxy#1509)
* build(deps): bump tracing from 0.1.30 to 0.1.31 (linkerd/linkerd2-proxy#1508)
* build(deps): bump tj-actions/changed-files from 15.1 to 16 (linkerd/linkerd2-proxy#1507)
* build(deps): bump rustls from 0.20.3 to 0.20.4 (linkerd/linkerd2-proxy#1510)
* build(deps): bump parking_lot_core from 0.9.0 to 0.9.1 (linkerd/linkerd2-proxy#1511)
* build(deps): bump libc from 0.2.118 to 0.2.119 (linkerd/linkerd2-proxy#1512)
* build(deps): bump anyhow from 1.0.53 to 1.0.55 (linkerd/linkerd2-proxy#1514)
* build(deps): bump getrandom from 0.2.4 to 0.2.5 (linkerd/linkerd2-proxy#1516)
* build(deps): bump tj-actions/changed-files from 16 to 17 (linkerd/linkerd2-proxy#1515)
* Add ExponentialBackoff::new_unchecked (linkerd/linkerd2-proxy#1517)
* Update Rust to v1.59.0 (linkerd/linkerd2-proxy#1519)
* build(deps): bump drain from 0.1.0 to 0.1.1 (linkerd/linkerd2-proxy#1521)
* build(deps): bump tj-actions/changed-files from 17 to 17.2 (linkerd/linkerd2-proxy#1520)
* build(deps): bump trust-dns-resolver from 0.21.0-alpha.5 to 0.21.1 (linkerd/linkerd2-proxy#1522)
* build(deps): bump redox_syscall from 0.2.10 to 0.2.11 (linkerd/linkerd2-proxy#1524)
* build(deps): bump actions/checkout from 2.4.0 to 3 (linkerd/linkerd2-proxy#1525)
* build(deps): bump actions/download-artifact from 2.1.0 to 3 (linkerd/linkerd2-proxy#1526)
* build(deps): bump once_cell from 1.9.0 to 1.10.0 (linkerd/linkerd2-proxy#1529)
* build(deps): bump anyhow from 1.0.55 to 1.0.56 (linkerd/linkerd2-proxy#1531)
* build(deps): bump actions/upload-artifact from 2.3.1 to 3 (linkerd/linkerd2-proxy#1527)
* build(deps): bump libfuzzer-sys from 0.4.2 to 0.4.3 (linkerd/linkerd2-proxy#1528)
* build(deps): bump ipnet from 2.3.1 to 2.4.0 (linkerd/linkerd2-proxy#1530)
* build(deps): bump regex from 1.5.4 to 1.5.5 (linkerd/linkerd2-proxy#1535)
* build(deps): bump tj-actions/changed-files from 17.2 to 17.3 (linkerd/linkerd2-proxy#1534)
* Update h2 to use unpublished changes (linkerd/linkerd2-proxy#1536)
* build(deps): bump tracing from 0.1.31 to 0.1.32 (linkerd/linkerd2-proxy#1537)
* Use the connection's HTTP version in transport header (linkerd/linkerd2-proxy#1533)
* bump `h2` to v0.3.12 and remove patch (linkerd/linkerd2-proxy#1538)

Signed-off-by: Oliver Gould <[email protected]>
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Mar 10, 2022
@olix0r
proxy: v2.174.0
0e9fa2b 
This release fixes an issue that could prevent proxies from sending HTTP
Upgrade requests (e.g., for websockets) through multi-cluster gateways.

Many dependencies have been updated, notably including a new version of
`h2` that improves debug logging, avoids panics in time-related
operations, and fixes an issue with parsing certain types of headers.

This change also patches the `regex` crate to address RUSTSEC-2022-0013,
which could theoretically allow maliciously crafted ServiceProfile
resources to consume an arbitrary amount of proxy resources.

---

* ci: Only run checks on changed crates (linkerd/linkerd2-proxy#1498)
* build(deps): bump libc from 0.2.117 to 0.2.118 (linkerd/linkerd2-proxy#1502)
* ci: Run fuzzing only on related changes (linkerd/linkerd2-proxy#1501)
* deps: update to `tokio` 1.17.0 and `tower` 0.4.12, and unpatch (linkerd/linkerd2-proxy#1503)
* build(deps): bump tj-actions/changed-files (linkerd/linkerd2-proxy#1505)
* build(deps): bump cc from 1.0.72 to 1.0.73 (linkerd/linkerd2-proxy#1506)
* cargo: Omit patch versions from Cargo.toml files (linkerd/linkerd2-proxy#1504)
* build(deps): bump tracing-subscriber from 0.3.8 to 0.3.9 (linkerd/linkerd2-proxy#1509)
* build(deps): bump tracing from 0.1.30 to 0.1.31 (linkerd/linkerd2-proxy#1508)
* build(deps): bump tj-actions/changed-files from 15.1 to 16 (linkerd/linkerd2-proxy#1507)
* build(deps): bump rustls from 0.20.3 to 0.20.4 (linkerd/linkerd2-proxy#1510)
* build(deps): bump parking_lot_core from 0.9.0 to 0.9.1 (linkerd/linkerd2-proxy#1511)
* build(deps): bump libc from 0.2.118 to 0.2.119 (linkerd/linkerd2-proxy#1512)
* build(deps): bump anyhow from 1.0.53 to 1.0.55 (linkerd/linkerd2-proxy#1514)
* build(deps): bump getrandom from 0.2.4 to 0.2.5 (linkerd/linkerd2-proxy#1516)
* build(deps): bump tj-actions/changed-files from 16 to 17 (linkerd/linkerd2-proxy#1515)
* Add ExponentialBackoff::new_unchecked (linkerd/linkerd2-proxy#1517)
* Update Rust to v1.59.0 (linkerd/linkerd2-proxy#1519)
* build(deps): bump drain from 0.1.0 to 0.1.1 (linkerd/linkerd2-proxy#1521)
* build(deps): bump tj-actions/changed-files from 17 to 17.2 (linkerd/linkerd2-proxy#1520)
* build(deps): bump trust-dns-resolver from 0.21.0-alpha.5 to 0.21.1 (linkerd/linkerd2-proxy#1522)
* build(deps): bump redox_syscall from 0.2.10 to 0.2.11 (linkerd/linkerd2-proxy#1524)
* build(deps): bump actions/checkout from 2.4.0 to 3 (linkerd/linkerd2-proxy#1525)
* build(deps): bump actions/download-artifact from 2.1.0 to 3 (linkerd/linkerd2-proxy#1526)
* build(deps): bump once_cell from 1.9.0 to 1.10.0 (linkerd/linkerd2-proxy#1529)
* build(deps): bump anyhow from 1.0.55 to 1.0.56 (linkerd/linkerd2-proxy#1531)
* build(deps): bump actions/upload-artifact from 2.3.1 to 3 (linkerd/linkerd2-proxy#1527)
* build(deps): bump libfuzzer-sys from 0.4.2 to 0.4.3 (linkerd/linkerd2-proxy#1528)
* build(deps): bump ipnet from 2.3.1 to 2.4.0 (linkerd/linkerd2-proxy#1530)
* build(deps): bump regex from 1.5.4 to 1.5.5 (linkerd/linkerd2-proxy#1535)
* build(deps): bump tj-actions/changed-files from 17.2 to 17.3 (linkerd/linkerd2-proxy#1534)
* Update h2 to use unpublished changes (linkerd/linkerd2-proxy#1536)
* build(deps): bump tracing from 0.1.31 to 0.1.32 (linkerd/linkerd2-proxy#1537)
* Use the connection's HTTP version in transport header (linkerd/linkerd2-proxy#1533)
* bump `h2` to v0.3.12 and remove patch (linkerd/linkerd2-proxy#1538)

Signed-off-by: Oliver Gould <[email protected]>
@olix0r olix0r mentioned this pull request Mar 10, 2022
Merged
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Mar 10, 2022
@olix0r
proxy: v2.174.0 (#8042)
310ef6b 
This release fixes an issue that could prevent proxies from sending HTTP
Upgrade requests (e.g., for websockets) through multi-cluster gateways.

Many dependencies have been updated, notably including a new version of
`h2` that improves debug logging, avoids panics in time-related
operations, and fixes an issue with parsing certain types of headers.

This change also updates the `regex` crate to address RUSTSEC-2022-0013,
which could theoretically allow maliciously crafted ServiceProfile
resources to consume an arbitrary amount of proxy resources.

---

* ci: Only run checks on changed crates (linkerd/linkerd2-proxy#1498)
* build(deps): bump libc from 0.2.117 to 0.2.118 (linkerd/linkerd2-proxy#1502)
* ci: Run fuzzing only on related changes (linkerd/linkerd2-proxy#1501)
* deps: update to `tokio` 1.17.0 and `tower` 0.4.12, and unpatch (linkerd/linkerd2-proxy#1503)
* build(deps): bump tj-actions/changed-files (linkerd/linkerd2-proxy#1505)
* build(deps): bump cc from 1.0.72 to 1.0.73 (linkerd/linkerd2-proxy#1506)
* cargo: Omit patch versions from Cargo.toml files (linkerd/linkerd2-proxy#1504)
* build(deps): bump tracing-subscriber from 0.3.8 to 0.3.9 (linkerd/linkerd2-proxy#1509)
* build(deps): bump tracing from 0.1.30 to 0.1.31 (linkerd/linkerd2-proxy#1508)
* build(deps): bump tj-actions/changed-files from 15.1 to 16 (linkerd/linkerd2-proxy#1507)
* build(deps): bump rustls from 0.20.3 to 0.20.4 (linkerd/linkerd2-proxy#1510)
* build(deps): bump parking_lot_core from 0.9.0 to 0.9.1 (linkerd/linkerd2-proxy#1511)
* build(deps): bump libc from 0.2.118 to 0.2.119 (linkerd/linkerd2-proxy#1512)
* build(deps): bump anyhow from 1.0.53 to 1.0.55 (linkerd/linkerd2-proxy#1514)
* build(deps): bump getrandom from 0.2.4 to 0.2.5 (linkerd/linkerd2-proxy#1516)
* build(deps): bump tj-actions/changed-files from 16 to 17 (linkerd/linkerd2-proxy#1515)
* Add ExponentialBackoff::new_unchecked (linkerd/linkerd2-proxy#1517)
* Update Rust to v1.59.0 (linkerd/linkerd2-proxy#1519)
* build(deps): bump drain from 0.1.0 to 0.1.1 (linkerd/linkerd2-proxy#1521)
* build(deps): bump tj-actions/changed-files from 17 to 17.2 (linkerd/linkerd2-proxy#1520)
* build(deps): bump trust-dns-resolver from 0.21.0-alpha.5 to 0.21.1 (linkerd/linkerd2-proxy#1522)
* build(deps): bump redox_syscall from 0.2.10 to 0.2.11 (linkerd/linkerd2-proxy#1524)
* build(deps): bump actions/checkout from 2.4.0 to 3 (linkerd/linkerd2-proxy#1525)
* build(deps): bump actions/download-artifact from 2.1.0 to 3 (linkerd/linkerd2-proxy#1526)
* build(deps): bump once_cell from 1.9.0 to 1.10.0 (linkerd/linkerd2-proxy#1529)
* build(deps): bump anyhow from 1.0.55 to 1.0.56 (linkerd/linkerd2-proxy#1531)
* build(deps): bump actions/upload-artifact from 2.3.1 to 3 (linkerd/linkerd2-proxy#1527)
* build(deps): bump libfuzzer-sys from 0.4.2 to 0.4.3 (linkerd/linkerd2-proxy#1528)
* build(deps): bump ipnet from 2.3.1 to 2.4.0 (linkerd/linkerd2-proxy#1530)
* build(deps): bump regex from 1.5.4 to 1.5.5 (linkerd/linkerd2-proxy#1535)
* build(deps): bump tj-actions/changed-files from 17.2 to 17.3 (linkerd/linkerd2-proxy#1534)
* Update h2 to use unpublished changes (linkerd/linkerd2-proxy#1536)
* build(deps): bump tracing from 0.1.31 to 0.1.32 (linkerd/linkerd2-proxy#1537)
* Use the connection's HTTP version in transport header (linkerd/linkerd2-proxy#1533)
* bump `h2` to v0.3.12 and remove patch (linkerd/linkerd2-proxy#1538)

Signed-off-by: Oliver Gould <[email protected]>
olix0r pushed a commit that referenced this pull request Mar 30, 2022
@hawkw @olix0r
bump h2 to v0.3.12 and remove patch (#1538)
a3df677 
Version v0.3.12 of `h2` has been published, so we no longer need the
patch added in #1536 to pick up unreleased changes.

Signed-off-by: Eliza Weisman <[email protected]>
(cherry picked from commit d16ffa5)
Signed-off-by: Oliver Gould <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@hawkw hawkw hawkw approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@olix0r @hawkw