From 5dff38b6bac178eb799ac680b9e27f8652ee09a0951c6262a3aab2f1d8ee0707 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Tue, 4 May 2021 08:23:54 +0000 Subject: [PATCH 1/2] Accepting request 890241 from home:stroeder:branches:server:database redis 6.2.3 with security fixes OBS-URL: https://build.opensuse.org/request/show/890241 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=176 --- ppc-atomic.patch | 13 ++++++------- redis-6.2.2.tar.gz | 3 --- redis-6.2.3.tar.gz | 3 +++ redis.changes | 14 ++++++++++++++ redis.hashes | 2 ++ redis.spec | 2 +- 6 files changed, 26 insertions(+), 11 deletions(-) delete mode 100644 redis-6.2.2.tar.gz create mode 100644 redis-6.2.3.tar.gz diff --git a/ppc-atomic.patch b/ppc-atomic.patch index c0fa419..8f3f131 100644 --- a/ppc-atomic.patch +++ b/ppc-atomic.patch @@ -1,9 +1,8 @@ -Index: redis-5.0.9/src/Makefile -=================================================================== ---- redis-5.0.9.orig/src/Makefile -+++ redis-5.0.9/src/Makefile -@@ -83,6 +83,10 @@ ifneq (,$(filter aarch64 armv,$(uname_M) - else +diff -ur redis-6.2.3.orig/src/Makefile redis-6.2.3/src/Makefile +--- redis-6.2.3.orig/src/Makefile 2021-05-03 21:57:00.000000000 +0200 ++++ redis-6.2.3/src/Makefile 2021-05-04 08:48:20.064568420 +0200 +@@ -96,6 +96,10 @@ + # Linux ARM32 needs -latomic at linking time ifneq (,$(findstring armv,$(uname_M))) FINAL_LIBS+=-latomic +else @@ -11,5 +10,5 @@ Index: redis-5.0.9/src/Makefile + FINAL_LIBS+=-latomic +endif endif - endif + ifeq ($(uname_S),SunOS) diff --git a/redis-6.2.2.tar.gz b/redis-6.2.2.tar.gz deleted file mode 100644 index 0cee524..0000000 --- a/redis-6.2.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535 -size 2454893 diff --git a/redis-6.2.3.tar.gz b/redis-6.2.3.tar.gz new file mode 100644 index 0000000..0c1f1a9 --- /dev/null +++ b/redis-6.2.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:98ed7d532b5e9671f5df0825bb71f0f37483a16546364049384c63db8764512b +size 2456050 diff --git a/redis.changes b/redis.changes index 7abfbec..b9ea68c 100644 --- a/redis.changes +++ b/redis.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue May 4 06:23:15 UTC 2021 - Michael Ströder + +- redis 6.2.3 + * Security fixes for + - Integer overflow in STRALGO LCS command (CVE-2021-29477) + - Integer overflow in COPY command for large intsets (CVE-2021-29478) + * Fix memory leak in moduleDefragGlobals (#8853) + * Fix memory leak when doing lazy freeing client tracking table (#8822) + * Block abusive replicas from sending command that could assert and crash redis (#8868) + * Use a monotonic clock to check for Lua script timeout (#8812) + * redis-cli: Do not use unix socket when we got redirected in cluster mode (#8870) + * Fix RM_GetClusterNodeInfo() to correctly populate master id (#8846) + ------------------------------------------------------------------- Tue Apr 20 09:08:06 UTC 2021 - Andreas Stieger diff --git a/redis.hashes b/redis.hashes index 1b6d1d6..300845f 100644 --- a/redis.hashes +++ b/redis.hashes @@ -123,3 +123,5 @@ hash redis-5.0.12.tar.gz sha256 7040eba5910f7c3d38f05ea5a1d88b480488215bdbd2e10e hash redis-6.0.12.tar.gz sha256 f16ad973d19f80f121e53794d5eb48a997e2c6a85b5be41bb3b66750cc17bf6b http://download.redis.io/releases/redis-6.0.12.tar.gz hash redis-6.2.1.tar.gz sha256 cd222505012cce20b25682fca931ec93bd21ae92cb4abfe742cf7b76aa907520 http://download.redis.io/releases/redis-6.2.1.tar.gz hash redis-6.2.2.tar.gz sha256 7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535 http://download.redis.io/releases/redis-6.2.2.tar.gz +hash redis-6.0.13.tar.gz sha256 3049763f4553ddd5a69552f41da3dd7dde9fbc524dbb15e517fee24cc73b790c http://download.redis.io/releases/redis-6.0.13.tar.gz +hash redis-6.2.3.tar.gz sha256 98ed7d532b5e9671f5df0825bb71f0f37483a16546364049384c63db8764512b http://download.redis.io/releases/redis-6.2.3.tar.gz diff --git a/redis.spec b/redis.spec index 2f8032c..49a0f6f 100644 --- a/redis.spec +++ b/redis.spec @@ -20,7 +20,7 @@ %define _log_dir %{_localstatedir}/log/%{name} %define _conf_dir %{_sysconfdir}/%{name} Name: redis -Version: 6.2.2 +Version: 6.2.3 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause From 34ca9d19567b08327fdfe632b89c26154c90d8db7de02ec36f7da9b6f57340fb Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Fri, 7 May 2021 07:49:51 +0000 Subject: [PATCH 2/2] Accepting request 891111 from home:AndreasStieger:branches:server:database redis 6.2.3 changelog OBS-URL: https://build.opensuse.org/request/show/891111 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=177 --- redis.changes | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/redis.changes b/redis.changes index b9ea68c..5d8495d 100644 --- a/redis.changes +++ b/redis.changes @@ -2,15 +2,14 @@ Tue May 4 06:23:15 UTC 2021 - Michael Ströder - redis 6.2.3 - * Security fixes for - - Integer overflow in STRALGO LCS command (CVE-2021-29477) - - Integer overflow in COPY command for large intsets (CVE-2021-29478) - * Fix memory leak in moduleDefragGlobals (#8853) - * Fix memory leak when doing lazy freeing client tracking table (#8822) - * Block abusive replicas from sending command that could assert and crash redis (#8868) - * Use a monotonic clock to check for Lua script timeout (#8812) - * redis-cli: Do not use unix socket when we got redirected in cluster mode (#8870) - * Fix RM_GetClusterNodeInfo() to correctly populate master id (#8846) + * CVE-2021-29477: Integer overflow in STRALGO LCS command (boo#1185729) + * CVE-2021-29478: Integer overflow in COPY command for large intsets (boo#1185730) + * Fix memory leak in moduleDefragGlobals + * Fix memory leak when doing lazy freeing client tracking table + * Block abusive replicas from sending command that could assert and crash redis + * Use a monotonic clock to check for Lua script timeout + * redis-cli: Do not use unix socket when we got redirected in cluster mode + * Fix RM_GetClusterNodeInfo() to correctly populate master id ------------------------------------------------------------------- Tue Apr 20 09:08:06 UTC 2021 - Andreas Stieger