From 97948553d5aa954192d7309358658d42c8d20c5fe3cb860e9fa98a7f37a5ffcf Mon Sep 17 00:00:00 2001
From: Danilo Spinella <danilo.spinella@suse.com>
Date: Tue, 5 Oct 2021 09:57:51 +0000
Subject: [PATCH] Accepting request 923169 from home:stroeder:sys

OBS-URL: https://build.opensuse.org/request/show/923169
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=186
---
 redis-6.2.5.tar.gz |  3 ---
 redis-6.2.6.tar.gz |  3 +++
 redis.changes      | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 redis.hashes       |  3 +++
 redis.spec         |  2 +-
 5 files changed, 53 insertions(+), 4 deletions(-)
 delete mode 100644 redis-6.2.5.tar.gz
 create mode 100644 redis-6.2.6.tar.gz

diff --git a/redis-6.2.5.tar.gz b/redis-6.2.5.tar.gz
deleted file mode 100644
index 3de558c..0000000
--- a/redis-6.2.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae
-size 2465302
diff --git a/redis-6.2.6.tar.gz b/redis-6.2.6.tar.gz
new file mode 100644
index 0000000..b9d271e
--- /dev/null
+++ b/redis-6.2.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab
+size 2476542
diff --git a/redis.changes b/redis.changes
index 440244a..6596a82 100644
--- a/redis.changes
+++ b/redis.changes
@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Mon Oct  4 20:23:56 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- redis 6.2.6 with security fixes for
+  * Security fixes:
+    - CVE-2021-41099: Integer to heap buffer overflow handling certain string
+      commands and network payloads, when proto-max-bulk-len is manually configured
+      to a non-default, very large value (boo#1191299)
+    - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
+      redis-sentinel parsing large multi-bulk replies on some older and less common
+      platforms (boo#1191300)
+    - CVE-2021-32687: Integer to heap buffer overflow with intsets, when
+      set-max-intset-entries is manually configured to a non-default, very large
+      value (boo#1191302)
+    - CVE-2021-32675: Denial Of Service when processing RESP request payloads with
+      a large number of elements on many connections (boo#1191303)
+    - CVE-2021-32672: Random heap reading issue with Lua Debugger (boo#1191304)
+    - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
+      data types, when configuring a large, non-default value for
+      hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
+      or zset-max-ziplist-value (boo#1191305)
+    - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
+      configuring a non-default, large value for proto-max-bulk-len and
+      client-query-buffer-limit (boo#1191305)
+    - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer
+      overflow (boo#1191306)
+  * Bug fixes that involve behavior changes:
+    - GEO* STORE with empty source key deletes the destination key and return 0
+      Previously it would have returned an empty array like the non-STORE variant.
+    - PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions
+      This actually changed in 6.2.0 but was overlooked and omitted from the release notes.
+  * Bug fixes that are only applicable to previous releases of Redis 6.2:
+    - Fix CLIENT PAUSE, used an old timeout from previous PAUSE
+    - Fix CLIENT PAUSE in a replica would mess the replication offset
+    - Add some missing error statistics in INFO errorstats
+  * Other bug fixes:
+    - Fix incorrect reply of COMMAND command key positions for MIGRATE command
+    - Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue)
+    - Fix the wrong misdetection of sync_file_range system call, affecting performance
+  * CLI tools:
+    - When redis-cli received ASK response, it didn't handle it
+  * Improvements:
+    - Add latency monitor sample when key is deleted via lazy expire
+    - Sanitize corrupt payload improvements
+    - Delete empty keys when loading RDB file or handling a RESTORE command
+
 -------------------------------------------------------------------
 Thu Jul 22 13:44:32 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/redis.hashes b/redis.hashes
index bd9365a..aeb6ed6 100644
--- a/redis.hashes
+++ b/redis.hashes
@@ -130,3 +130,6 @@ hash redis-6.2.4.tar.gz sha256 ba32c406a10fc2c09426e2be2787d74ff204eb3a2e496d87c
 hash redis-5.0.13.tar.gz sha256 2b617aa2d6ad66c6a5d99fc8590c6b83b40d391fd1184c6eeab30df31f6a7208 http://download.redis.io/releases/redis-5.0.13.tar.gz
 hash redis-6.0.15.tar.gz sha256 4bc295264a95bc94423c162a9eee66135a24a51eefe5f53f18fc9bde5c3a9f74 http://download.redis.io/releases/redis-6.0.15.tar.gz
 hash redis-6.2.5.tar.gz sha256 4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae http://download.redis.io/releases/redis-6.2.5.tar.gz
+hash redis-5.0.14.tar.gz sha256 3ea5024766d983249e80d4aa9457c897a9f079957d0fb1f35682df233f997f32 http://download.redis.io/releases/redis-5.0.14.tar.gz
+hash redis-6.0.16.tar.gz sha256 3639bbf29aca1a1670de1ab2ce224d6511c63969e7e590d3cdf8f7888184fa19 http://download.redis.io/releases/redis-6.0.16.tar.gz
+hash redis-6.2.6.tar.gz sha256 5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab http://download.redis.io/releases/redis-6.2.6.tar.gz
diff --git a/redis.spec b/redis.spec
index 955f8ed..08b88e2 100644
--- a/redis.spec
+++ b/redis.spec
@@ -20,7 +20,7 @@
 %define _log_dir        %{_localstatedir}/log/%{name}
 %define _conf_dir       %{_sysconfdir}/%{name}
 Name:           redis
-Version:        6.2.5
+Version:        6.2.6
 Release:        0
 Summary:        Persistent key-value database
 License:        BSD-3-Clause