forked from pool/redis
Accepting request 416021 from home:AndreasStieger:branches:server:database
redis 3.2.2, also fix CVE-2013-7458 boo#991250 OBS-URL: https://build.opensuse.org/request/show/416021 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=80
This commit is contained in:
parent
6f41589cf8
commit
5761bc737c
47
CVE-2013-7458.patch
Normal file
47
CVE-2013-7458.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From 71536684a788dc859e42132a2c5a2b7373414375 Mon Sep 17 00:00:00 2001
|
||||
From: antirez <antirez@gmail.com>
|
||||
Date: Fri, 29 Jul 2016 11:28:16 +0200
|
||||
Subject: [PATCH] Update linenoise to fix insecure redis-cli history file
|
||||
creation.
|
||||
|
||||
The problem was fixed in antirez/linenoise repository applying a patch
|
||||
contributed by @lamby. Here the new version is updated in the Redis
|
||||
source tree.
|
||||
|
||||
Close #1418
|
||||
Close #3322
|
||||
---
|
||||
deps/linenoise/linenoise.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/deps/linenoise/linenoise.c b/deps/linenoise/linenoise.c
|
||||
index a807d9b..fce14a7 100644
|
||||
--- a/deps/linenoise/linenoise.c
|
||||
+++ b/deps/linenoise/linenoise.c
|
||||
@@ -111,6 +111,7 @@
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <ctype.h>
|
||||
+#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <unistd.h>
|
||||
@@ -1160,10 +1161,14 @@ int linenoiseHistorySetMaxLen(int len) {
|
||||
/* Save the history in the specified file. On success 0 is returned
|
||||
* otherwise -1 is returned. */
|
||||
int linenoiseHistorySave(const char *filename) {
|
||||
- FILE *fp = fopen(filename,"w");
|
||||
+ mode_t old_umask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
|
||||
+ FILE *fp;
|
||||
int j;
|
||||
|
||||
+ fp = fopen(filename,"w");
|
||||
+ umask(old_umask);
|
||||
if (fp == NULL) return -1;
|
||||
+ chmod(filename,S_IRUSR|S_IWUSR);
|
||||
for (j = 0; j < history_len; j++)
|
||||
fprintf(fp,"%s\n",history[j]);
|
||||
fclose(fp);
|
||||
--
|
||||
2.6.6
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:df7bfb7b527d99981eba3912ae22703764eb19adda1357818188b22fdd09d5c9
|
||||
size 1534696
|
3
redis-3.2.2.tar.gz
Normal file
3
redis-3.2.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:05cf63502b2248b5d39588962100bfa4fcb47dabd56931a8cb60b301b1d8daea
|
||||
size 1541030
|
@ -1,3 +1,23 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Jul 30 10:06:22 UTC 2016 - astieger@suse.com
|
||||
|
||||
- Fix CVE-2013-7458: unsafe permissions of command line history
|
||||
boo#991250, adding CVE-2013-7458.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jul 30 09:59:59 UTC 2016 - astieger@suse.com
|
||||
|
||||
- redis 3.2.2
|
||||
- Highlight bug fixes:
|
||||
* Fix Redis server and Sentinel crashes
|
||||
* Fix GEORADIUS errors in reported entries
|
||||
- New features:
|
||||
* slaves support the slave-announce-ip and slave-announce-port
|
||||
options.
|
||||
* RDB check utlity is now part of Redis and uses the same RDB code
|
||||
* redis-check-dump utility is now able to show certain information
|
||||
about the RDB file including creating version and date.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 29 12:14:42 UTC 2016 - rmaliska@suse.com
|
||||
|
||||
|
@ -25,7 +25,7 @@
|
||||
%bcond_with systemd
|
||||
%endif
|
||||
Name: redis
|
||||
Version: 3.2.1
|
||||
Version: 3.2.2
|
||||
Release: 0
|
||||
Summary: Persistent key-value database
|
||||
License: BSD-3-Clause
|
||||
@ -42,6 +42,7 @@ Patch0: %{name}-initscript.patch
|
||||
# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines
|
||||
Patch1: %{name}-conf.patch
|
||||
Patch2: redis-enable-bactrace-on-x86-and-ia64-only.patch
|
||||
Patch3: CVE-2013-7458.patch
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: procps
|
||||
BuildRequires: tcl
|
||||
@ -69,6 +70,7 @@ different kind of sorting abilities.
|
||||
%patch0
|
||||
%patch1
|
||||
%patch2
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
make %{?_smp_mflags} CFLAGS="%{optflags}" V=1
|
||||
|
Loading…
Reference in New Issue
Block a user