Accepting request 1058769 from home:AndreasStieger:branches:server:database

redis 7.0.8 CVE-2022-35977 boo#1207202 CVE-2023-22458 boo#1207203 OBS-URL: https://build.opensuse.org/request/show/1058769 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=216
2023-01-17 07:53:17 +00:00 · 2023-01-17 07:53:17 +00:00 · b27cec9b30
commit b27cec9b30
parent 096a801a0e
5 changed files with 23 additions and 5 deletions
--- a/redis-7.0.7.tar.gz
+++ b/redis-7.0.7.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586
-size 2979019
--- a/redis-7.0.8.tar.gz
+++ b/redis-7.0.8.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:06a339e491306783dcf55b97f15a5dbcbdc01ccbde6dc23027c475cab735e914
+size 2981212
--- a/redis.changes
+++ b/redis.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Mon Jan 16 21:00:00 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- redis 7.0.8
+  * CVE-2022-35977: Integer overflow in the Redis SETRANGE and
+    SORT/SORT_RO commands can drive Redis to OOM panic boo#1207202
+  * CVE-2023-22458: Integer overflow in the Redis HRANDFIELD and
+    ZRANDMEMBER commands can lead to denial-of-service boo#1207203
+  * Avoid possible hang when client issues long KEYS, SRANDMEMBER,
+    HRANDFIELD, and ZRANDMEMBER commands and gets disconnected by
+    client output buffer limit
+  * Make sure that fork child doesn't do incremental rehashing
+  * Fix a bug where blocking commands with a sub-second timeout
+    would block forever
+  * Fix sentinel issue if replica changes IP
+
 -------------------------------------------------------------------
 Fri Dec 16 13:15:09 UTC 2022 - Michael Ströder <michael@stroeder.com>

--- a/redis.hashes
+++ b/redis.hashes
@ -146,3 +146,5 @@ hash redis-7.0.5.tar.gz sha256 67054cc37b58c125df93bd78000261ec0ef4436a26b40f382
 hash redis-6.2.8.tar.gz sha256 f91ab24bcb42673cb853292eb5d43c2017d11d659854808ed6a529c97297fdfe http://download.redis.io/releases/redis-6.2.8.tar.gz
 hash redis-7.0.6.tar.gz sha256 7b33a7e890d13e27af1f246acb16312669ad8a1d56ce8f807dfbcd3c09aa7bb3 http://download.redis.io/releases/redis-7.0.6.tar.gz
 hash redis-7.0.7.tar.gz sha256 8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586 http://download.redis.io/releases/redis-7.0.7.tar.gz
+hash redis-7.0.8.tar.gz sha256 06a339e491306783dcf55b97f15a5dbcbdc01ccbde6dc23027c475cab735e914 http://download.redis.io/releases/redis-7.0.8.tar.gz
+hash redis-6.2.9.tar.gz sha256 9661b2c6b1cc9bf2999471b37a4d759fa5e747d408142c18af8792ebd8384a2a http://download.redis.io/releases/redis-6.2.9.tar.gz
--- a/redis.spec
+++ b/redis.spec
@ -1,7 +1,7 @@
 #
 # spec file for package redis
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -20,7 +20,7 @@
 %define _log_dir        %{_localstatedir}/log/%{name}
 %define _conf_dir       %{_sysconfdir}/%{name}
 Name:           redis
-Version:        7.0.7
+Version:        7.0.8
 Release:        0
 Summary:        Persistent key-value database
 License:        BSD-3-Clause