pool/redis
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 923169 from home:stroeder:sys

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/923169
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=186
This commit is contained in:
Danilo Spinella 2021-10-05 09:57:51 +00:00 committed by Git OBS Bridge
parent 1a8fa3482d
commit 97948553d5
5 changed files with 53 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
redis-6.2.5.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae
size 2465302

3
redis-6.2.6.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab
size 2476542

46
redis.changes
View File

@ -1,3 +1,49 @@
-------------------------------------------------------------------
Mon Oct 4 20:23:56 UTC 2021 - Michael Ströder <michael@stroeder.com>
- redis 6.2.6 with security fixes for
* Security fixes:
- CVE-2021-41099: Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value (boo#1191299)
- CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms (boo#1191300)
- CVE-2021-32687: Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value (boo#1191302)
- CVE-2021-32675: Denial Of Service when processing RESP request payloads with
a large number of elements on many connections (boo#1191303)
- CVE-2021-32672: Random heap reading issue with Lua Debugger (boo#1191304)
- CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value (boo#1191305)
- CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit (boo#1191305)
- CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer
overflow (boo#1191306)
* Bug fixes that involve behavior changes:
- GEO* STORE with empty source key deletes the destination key and return 0
Previously it would have returned an empty array like the non-STORE variant.
- PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions
This actually changed in 6.2.0 but was overlooked and omitted from the release notes.
* Bug fixes that are only applicable to previous releases of Redis 6.2:
- Fix CLIENT PAUSE, used an old timeout from previous PAUSE
- Fix CLIENT PAUSE in a replica would mess the replication offset
- Add some missing error statistics in INFO errorstats
* Other bug fixes:
- Fix incorrect reply of COMMAND command key positions for MIGRATE command
- Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue)
- Fix the wrong misdetection of sync_file_range system call, affecting performance
* CLI tools:
- When redis-cli received ASK response, it didn't handle it
* Improvements:
- Add latency monitor sample when key is deleted via lazy expire
- Sanitize corrupt payload improvements
- Delete empty keys when loading RDB file or handling a RESTORE command
-------------------------------------------------------------------
Thu Jul 22 13:44:32 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>

3
redis.hashes
View File

@ -130,3 +130,6 @@ hash redis-6.2.4.tar.gz sha256 ba32c406a10fc2c09426e2be2787d74ff204eb3a2e496d87c
hash redis-5.0.13.tar.gz sha256 2b617aa2d6ad66c6a5d99fc8590c6b83b40d391fd1184c6eeab30df31f6a7208 http://download.redis.io/releases/redis-5.0.13.tar.gz
hash redis-6.0.15.tar.gz sha256 4bc295264a95bc94423c162a9eee66135a24a51eefe5f53f18fc9bde5c3a9f74 http://download.redis.io/releases/redis-6.0.15.tar.gz
hash redis-6.2.5.tar.gz sha256 4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae http://download.redis.io/releases/redis-6.2.5.tar.gz
hash redis-5.0.14.tar.gz sha256 3ea5024766d983249e80d4aa9457c897a9f079957d0fb1f35682df233f997f32 http://download.redis.io/releases/redis-5.0.14.tar.gz
hash redis-6.0.16.tar.gz sha256 3639bbf29aca1a1670de1ab2ce224d6511c63969e7e590d3cdf8f7888184fa19 http://download.redis.io/releases/redis-6.0.16.tar.gz
hash redis-6.2.6.tar.gz sha256 5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab http://download.redis.io/releases/redis-6.2.6.tar.gz

2
redis.spec
View File

@ -20,7 +20,7 @@
%define _log_dir %{_localstatedir}/log/%{name}
%define _conf_dir %{_sysconfdir}/%{name}
Name: redis
Version: 6.2.5
Version: 6.2.6
Release: 0
Summary: Persistent key-value database
License: BSD-3-Clause