Accepting request 617053 from server:database

- update to 4.0.10 (boo#1097430) CVE-2018-11218 CVE-2018-11219
  https://raw.githubusercontent.com/antirez/redis/4.0.10/00-RELEASENOTES
  - Important security issues related to the Lua scripting engine.
    Please check https://github.com/antirez/redis/issues/5017 for
    more information.
  - A bug with SCAN, SSCAN, HSCAN and ZSCAN, that may not return
    all the elements.  We also add a regression test that can
    trigger the issue often when present, and may in theory be able
    to find unrelated regressions.
  - A PSYNC2 bug is fixed: Redis should not expire keys when saving
    RDB files because otherwise it is no longer possible to use
    such RDB file as a base for partial resynchronization. It no
    longer represents the right state.
  - Compatibility of AOF with RDB preamble when the RDB checksum is
    disabled.
  - Sentinel bug that in some cases prevented Sentinel to detect
    that the master was down immediately. A delay was added to the
    detection.
- refreshed patches to apply cleanly again
  redis-conf.patch
  redis-initscript.patch

OBS-URL: https://build.opensuse.org/request/show/617053
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/redis?expand=0&rev=42

redis-4.0.10.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1db67435a704f8d18aec9b9637b373c34aa233d65b6e174bdac4c1b161f38ca4
+size 1738465

redis-4.0.9.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:df4f73bc318e2f9ffb2d169a922dec57ec7c73dd07bccf875695dbeecd5ec510
-size 1737022

redis-conf.patch

@@ -2,7 +2,7 @@ Index: redis.conf
 ===================================================================
 --- redis.conf.orig
 +++ redis.conf
-@@ -125,7 +125,7 @@ tcp-keepalive 300
+@@ -133,7 +133,7 @@ tcp-keepalive 300
  
  # By default Redis does not run as a daemon. Use 'yes' if you need it.
  # Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
@@ -11,7 +11,7 @@ Index: redis.conf
  
  # If you run Redis from upstart or systemd, Redis can interact with your
  # supervision tree. Options:
-@@ -136,7 +136,7 @@ daemonize no
+@@ -144,7 +144,7 @@ daemonize no
  #                        UPSTART_JOB or NOTIFY_SOCKET environment variables
  # Note: these supervision methods only signal "process is ready."
  #       They do not enable continuous liveness pings back to your supervisor.
@@ -20,7 +20,7 @@ Index: redis.conf
  
  # If a pid file is specified, Redis writes it where specified at startup
  # and removes it at exit.
-@@ -147,7 +147,7 @@ supervised no
+@@ -155,7 +155,7 @@ supervised no
  #
  # Creating a pid file is best effort: if Redis is not able to create it
  # nothing bad happens, the server will start and run normally.
@@ -29,7 +29,7 @@ Index: redis.conf
  
  # Specify the server verbosity level.
  # This can be one of:
-@@ -160,7 +160,8 @@ loglevel notice
+@@ -168,7 +168,8 @@ loglevel notice
  # Specify the log file name. Also the empty string can be used to force
  # Redis to log on the standard output. Note that if you use standard
  # output for logging but daemonize, logs will be sent to /dev/null
@@ -39,7 +39,7 @@ Index: redis.conf
  
  # To enable logging to the system logger, just set 'syslog-enabled' to yes,
  # and optionally update the other syslog parameters to suit your needs.
-@@ -244,7 +245,7 @@ dbfilename dump.rdb
+@@ -260,7 +261,7 @@ dbfilename dump.rdb
  # The Append Only File will also be created inside this directory.
  #
  # Note that you must specify a directory here, not a file name.

redis-initscript.patch

@@ -2,9 +2,12 @@ Index: utils/redis_init_script
 ===================================================================
 --- utils/redis_init_script.orig
 +++ utils/redis_init_script
-@@ -1,42 +1,133 @@
+@@ -1,50 +1,133 @@
  #!/bin/sh
-+
+-#
+-# Simple Redis init.d script conceived to work on Linux systems
+-# as it does use of the /proc filesystem.
+ 
 +# System startup script for Redis for OpenSUSE >= 11.4
 +#
 +# Author: Marcello Barnaba <m.barnaba@ifad.org>
@@ -15,10 +18,13 @@ Index: utils/redis_init_script
 +# Define configurations in /etc/init.d/redis/NAME.conf
 +#
 +# Source: https://gist.github.com/804026
- #
++#
--# Simple Redis init.d script conceived to work on Linux systems
+ ### BEGIN INIT INFO
--# as it does use of the /proc filesystem.
+-# Provides:     redis_6379
-+### BEGIN INIT INFO
+-# Default-Start:        2 3 4 5
+-# Default-Stop:         0 1 6
+-# Short-Description:    Redis data structure server
+-# Description:          Redis data structure server. See https://redis.io
 +# Provides:          redis
 +# Required-Start:    $syslog $remote_fs
 +# Required-Stop:     $syslog $remote_fs
@@ -26,8 +32,11 @@ Index: utils/redis_init_script
 +# Default-Stop:      0 1 2 6
 +# Short-Description: Redis server
 +# Description:       Starts and stops the configured Redis instances
-+### END INIT INFO
+ ### END INIT INFO
-+
+ 
+-REDISPORT=6379
+-EXEC=/usr/local/bin/redis-server
+-CLIEXEC=/usr/local/bin/redis-cli
 +EXEC=/usr/sbin/redis-server
 +USER=redis
 +STATE=/var/run/redis
@@ -65,10 +74,7 @@ Index: utils/redis_init_script
 +    if [ ! -f ${CONFIG} ]; then
 +        echo "$CONFIG not found"
 +        rc_failed
- 
++
--REDISPORT=6379
--EXEC=/usr/local/bin/redis-server
--CLIEXEC=/usr/local/bin/redis-cli
 +    elif [ -f ${PIDFILE} ] && [ -x /proc/`cat ${PIDFILE}` ]; then
 +        echo -n "already running (PID `cat ${PIDFILE}`)"
 +

redis.changes

@@ -1,16 +1,41 @@
+-------------------------------------------------------------------
+Fri Jun 15 10:17:06 UTC 2018 - mrueckert@suse.de
+
+- update to 4.0.10 (boo#1097430) CVE-2018-11218 CVE-2018-11219
+  https://raw.githubusercontent.com/antirez/redis/4.0.10/00-RELEASENOTES
+  - Important security issues related to the Lua scripting engine.
+    Please check https://github.com/antirez/redis/issues/5017 for
+    more information.
+  - A bug with SCAN, SSCAN, HSCAN and ZSCAN, that may not return
+    all the elements.  We also add a regression test that can
+    trigger the issue often when present, and may in theory be able
+    to find unrelated regressions.
+  - A PSYNC2 bug is fixed: Redis should not expire keys when saving
+    RDB files because otherwise it is no longer possible to use
+    such RDB file as a base for partial resynchronization. It no
+    longer represents the right state.
+  - Compatibility of AOF with RDB preamble when the RDB checksum is
+    disabled.
+  - Sentinel bug that in some cases prevented Sentinel to detect
+    that the master was down immediately. A delay was added to the
+    detection.
+- refreshed patches to apply cleanly again
+  redis-conf.patch
+  redis-initscript.patch
+
 -------------------------------------------------------------------
 Tue Apr 17 16:13:17 UTC 2018 - guillaume.gardet@opensuse.org
 
-- Update redis-enable-bactrace-on-x86-and-ia64-only.patch to handle 
+- Update redis-enable-bactrace-on-x86-and-ia64-only.patch to handle
   arm and rename it to redis-enable-bactrace-on-x86-ia64-and_arm32_only.patch
-- Add redis-disable_integration_logging.patch to disable logging test 
+- Add redis-disable_integration_logging.patch to disable logging test
   when backtrace is not enabled
 
 -------------------------------------------------------------------
 Thu Apr 12 13:13:49 UTC 2018 - ilya@ilya.pp.ua
 
 - Update to 4.0.9
-  * https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
+  * https://raw.githubusercontent.com/antirez/redis/4.0.9/00-RELEASENOTES
   * Critical upgrade for users using AOF with the fsync policy set to "always".
   * Latency monitor could report wrong latencies under certain conditions.
   * AOF rewriting could fail when a backgronud rewrite is triggered and
@@ -27,14 +52,14 @@ Thu Apr 12 13:13:49 UTC 2018 - ilya@ilya.pp.ua
 Thu Feb  8 23:23:58 UTC 2018 - ilya@ilya.pp.ua
 
 - Update to 4.0.8
-  * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
+  * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0.8/00-RELEASENOTES
   * Fix crash Redis Cluster instances during deletions.
 
 -------------------------------------------------------------------
 Sun Jan 28 15:24:25 UTC 2018 - ilya@ilya.pp.ua
 
 - Update to 4.0.7
-  * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
+  * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0.7/00-RELEASENOTES
   * Many 32 bit overflows were addressed in order to allow to use Redis with
     a very significant amount of data, memory size permitting.
   * MEMORY USAGE fixed for the list type.
@@ -63,7 +88,7 @@ Sun Jan 28 15:24:25 UTC 2018 - ilya@ilya.pp.ua
 Thu Jan  4 15:47:48 UTC 2018 - ilya@ilya.pp.ua
 
 - Update to 4.0.6
-  * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
+  * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0.6/00-RELEASENOTES
   * PSYNC2: More errors in the fixes for PSYNC2 (CRITICAL).
   * Quicklist: change the len of quicklist to unsigned long.
   * Quicklist: fix the return value of quicklistCount.
@@ -85,7 +110,7 @@ Sun Oct  8 15:22:54 UTC 2017 - ilya@ilya.pp.ua
 - Drop SLE 11 support.
 - Refresh spec-file.
 - Update to 4.0.2
-  * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
+  * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0.2/00-RELEASENOTES
   * Different replication fixes to PSYNC2, the new 4.0 replication engine.
   * Modules thread safe contexts were introduced. They are an experimental
     API right now, but the API is considered to be stable and usable when needed.

redis.spec

@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via https://bugs.opensuse.org
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
 
@@ -20,7 +20,7 @@
 %define _log_dir        %{_localstatedir}/log/%{name}
 %define _conf_dir       %{_sysconfdir}/%{name}
 Name:           redis
-Version:        4.0.9
+Version:        4.0.10
 Release:        0
 Summary:        Persistent key-value database
 License:        BSD-3-Clause