Accepting request 890241 from home:stroeder:branches:server:database

redis 6.2.3 with security fixes OBS-URL: https://build.opensuse.org/request/show/890241 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=176
2021-05-04 08:23:54 +00:00 · 2021-05-04 08:23:54 +00:00 · 5dff38b6ba
commit 5dff38b6ba
parent 68932dfc8b
6 changed files with 26 additions and 11 deletions
--- a/ppc-atomic.patch
+++ b/ppc-atomic.patch
@ -1,9 +1,8 @@
-Index: redis-5.0.9/src/Makefile
-===================================================================
--- redis-5.0.9.orig/src/Makefile
-+++ redis-5.0.9/src/Makefile
-@@ -83,6 +83,10 @@ ifneq (,$(filter aarch64 armv,$(uname_M)
- else
+diff -ur redis-6.2.3.orig/src/Makefile redis-6.2.3/src/Makefile
+--- redis-6.2.3.orig/src/Makefile	2021-05-03 21:57:00.000000000 +0200
+++ redis-6.2.3/src/Makefile	2021-05-04 08:48:20.064568420 +0200
+@@ -96,6 +96,10 @@
+ # Linux ARM32 needs -latomic at linking time
 ifneq (,$(findstring armv,$(uname_M)))
         FINAL_LIBS+=-latomic
 +else
@ -11,5 +10,5 @@ Index: redis-5.0.9/src/Makefile
 +        FINAL_LIBS+=-latomic
 +endif
 endif
- endif
 
+ ifeq ($(uname_S),SunOS)
--- a/redis-6.2.2.tar.gz
+++ b/redis-6.2.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535
-size 2454893
--- a/redis-6.2.3.tar.gz
+++ b/redis-6.2.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:98ed7d532b5e9671f5df0825bb71f0f37483a16546364049384c63db8764512b
+size 2456050
--- a/redis.changes
+++ b/redis.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue May  4 06:23:15 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- redis 6.2.3
+  * Security fixes for
+    - Integer overflow in STRALGO LCS command (CVE-2021-29477)
+    - Integer overflow in COPY command for large intsets (CVE-2021-29478)
+  * Fix memory leak in moduleDefragGlobals (#8853)
+  * Fix memory leak when doing lazy freeing client tracking table (#8822)
+  * Block abusive replicas from sending command that could assert and crash redis (#8868)
+  * Use a monotonic clock to check for Lua script timeout (#8812)
+  * redis-cli: Do not use unix socket when we got redirected in cluster mode (#8870)
+  * Fix RM_GetClusterNodeInfo() to correctly populate master id (#8846)
+
 -------------------------------------------------------------------
 Tue Apr 20 09:08:06 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/redis.hashes
+++ b/redis.hashes
@ -123,3 +123,5 @@ hash redis-5.0.12.tar.gz sha256 7040eba5910f7c3d38f05ea5a1d88b480488215bdbd2e10e
 hash redis-6.0.12.tar.gz sha256 f16ad973d19f80f121e53794d5eb48a997e2c6a85b5be41bb3b66750cc17bf6b http://download.redis.io/releases/redis-6.0.12.tar.gz
 hash redis-6.2.1.tar.gz sha256 cd222505012cce20b25682fca931ec93bd21ae92cb4abfe742cf7b76aa907520 http://download.redis.io/releases/redis-6.2.1.tar.gz
 hash redis-6.2.2.tar.gz sha256 7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535 http://download.redis.io/releases/redis-6.2.2.tar.gz
+hash redis-6.0.13.tar.gz sha256 3049763f4553ddd5a69552f41da3dd7dde9fbc524dbb15e517fee24cc73b790c http://download.redis.io/releases/redis-6.0.13.tar.gz
+hash redis-6.2.3.tar.gz sha256 98ed7d532b5e9671f5df0825bb71f0f37483a16546364049384c63db8764512b http://download.redis.io/releases/redis-6.2.3.tar.gz
--- a/redis.spec
+++ b/redis.spec
@ -20,7 +20,7 @@
 %define _log_dir        %{_localstatedir}/log/%{name}
 %define _conf_dir       %{_sysconfdir}/%{name}
 Name:           redis
-Version:        6.2.2
+Version:        6.2.3
 Release:        0
 Summary:        Persistent key-value database
 License:        BSD-3-Clause