Accepting request 1005288 from home:stroeder:sys

- Update to version 7.0.5 (boo#1203638)
  + Security Fixes:
    * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
      state, with a specially crafted COUNT argument, may cause an integer overflow,
      a subsequent heap overflow, and potentially lead to remote code execution.
      The problem affects Redis versions 7.0.0 or newer
      [reported by Xion (SeungHyun Lee) of KAIST GoN].
  + Module API changes
    * Fix RM_Call execution of scripts when used with M/W/S flags to properly
      handle script flags (#11159)
    * Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)
  + Bug Fixes
    * Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 (#11237)
    * Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover (#11263)
    * Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?' (#10696)
    * Fix a crash when a Lua script returns a meta-table (#11032)
  + Fixes for issues in previous releases of Redis 7.0
    * Fix redis-cli to do DNS lookup before sending CLUSTER MEET (#11151)
    * Fix crash when a key is lazy expired during cluster key migration (#11176)
    * Fix AOF rewrite to fsync the old AOF file when a new one is created (#11004)
    * Fix some crashes involving a list containing entries larger than 1GB (#11242)
    * Correctly handle scripts with a non-read-only shebang on a cluster replica (#11223)
    * Fix memory leak when unloading a module (#11147)
    * Fix bug with scripts ignoring client tracking NOLOOP (#11052)
    * Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC (#11038)
    * Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission (#11086)
    * Fix missing sections for INFO ALL when also requesting a module info section (#11291)

OBS-URL: https://build.opensuse.org/request/show/1005288
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=205

redis-7.0.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f
-size 2963216

redis-7.0.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3
+size 2968205

redis.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Wed Sep 21 20:36:11 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- Update to version 7.0.5 (boo#1203638)
+  + Security Fixes:
+    * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
+      state, with a specially crafted COUNT argument, may cause an integer overflow,
+      a subsequent heap overflow, and potentially lead to remote code execution.
+      The problem affects Redis versions 7.0.0 or newer
+      [reported by Xion (SeungHyun Lee) of KAIST GoN].
+  + Module API changes
+    * Fix RM_Call execution of scripts when used with M/W/S flags to properly
+      handle script flags (#11159)
+    * Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)
+  + Bug Fixes
+    * Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 (#11237)
+    * Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover (#11263)
+    * Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?' (#10696)
+    * Fix a crash when a Lua script returns a meta-table (#11032)
+  + Fixes for issues in previous releases of Redis 7.0
+    * Fix redis-cli to do DNS lookup before sending CLUSTER MEET (#11151)
+    * Fix crash when a key is lazy expired during cluster key migration (#11176)
+    * Fix AOF rewrite to fsync the old AOF file when a new one is created (#11004)
+    * Fix some crashes involving a list containing entries larger than 1GB (#11242)
+    * Correctly handle scripts with a non-read-only shebang on a cluster replica (#11223)
+    * Fix memory leak when unloading a module (#11147)
+    * Fix bug with scripts ignoring client tracking NOLOOP (#11052)
+    * Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC (#11038)
+    * Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission (#11086)
+    * Fix missing sections for INFO ALL when also requesting a module info section (#11291)
+
 -------------------------------------------------------------------
 Mon Jul 18 14:36:34 UTC 2022 - Michael Ströder <michael@stroeder.com>
 

redis.hashes

@@ -142,3 +142,4 @@ hash redis-7.0.1.tar.gz sha256 ca1820d527e4759884620be2917079e61e996fa81da5fbe5c
 hash redis-7.0.2.tar.gz sha256 5e57eafe7d4ac5ecb6a7d64d6b61db775616dbf903293b3fcc660716dbda5eeb http://download.redis.io/releases/redis-7.0.2.tar.gz
 hash redis-7.0.3.tar.gz sha256 2cde7d17214ffe305953da9fff12333e8a72caa57fd4923e4872f6362a208e73 http://download.redis.io/releases/redis-7.0.3.tar.gz
 hash redis-7.0.4.tar.gz sha256 f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f http://download.redis.io/releases/redis-7.0.4.tar.gz
+hash redis-7.0.5.tar.gz sha256 67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3 http://download.redis.io/releases/redis-7.0.5.tar.gz

redis.spec

@@ -20,7 +20,7 @@
 %define _log_dir        %{_localstatedir}/log/%{name}
 %define _conf_dir       %{_sysconfdir}/%{name}
 Name:           redis
-Version:        7.0.4
+Version:        7.0.5
 Release:        0
 Summary:        Persistent key-value database
 License:        BSD-3-Clause