Accepting request 416021 from home:AndreasStieger:branches:server:database

redis 3.2.2, also fix CVE-2013-7458 boo#991250 OBS-URL: https://build.opensuse.org/request/show/416021 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=80
2016-07-30 10:45:11 +00:00 · 2016-07-30 10:45:11 +00:00 · 5761bc737c
commit 5761bc737c
parent 6f41589cf8
5 changed files with 73 additions and 4 deletions
--- a/CVE-2013-7458.patch
+++ b/CVE-2013-7458.patch
@ -0,0 +1,47 @@
 From 71536684a788dc859e42132a2c5a2b7373414375 Mon Sep 17 00:00:00 2001
 From: antirez <antirez@gmail.com>
 Date: Fri, 29 Jul 2016 11:28:16 +0200
 Subject: [PATCH] Update linenoise to fix insecure redis-cli history file
 creation.
 The problem was fixed in antirez/linenoise repository applying a patch
 contributed by @lamby. Here the new version is updated in the Redis
 source tree.
 Close #1418
 Close #3322
 ---
 deps/linenoise/linenoise.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
 diff --git a/deps/linenoise/linenoise.c b/deps/linenoise/linenoise.c
 index a807d9b..fce14a7 100644
 --- a/deps/linenoise/linenoise.c
 +++ b/deps/linenoise/linenoise.c
@@ -111,6 +111,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <ctype.h>
 +#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/ioctl.h>
 #include <unistd.h>
@@ -1160,10 +1161,14 @@ int linenoiseHistorySetMaxLen(int len) {
 /* Save the history in the specified file. On success 0 is returned
  * otherwise -1 is returned. */
 int linenoiseHistorySave(const char *filename) {
 -    FILE *fp = fopen(filename,"w");
 +    mode_t old_umask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
 +    FILE *fp;
     int j;
 +    fp = fopen(filename,"w");
 +    umask(old_umask);
     if (fp == NULL) return -1;
 +    chmod(filename,S_IRUSR|S_IWUSR);
     for (j = 0; j < history_len; j++)
         fprintf(fp,"%s\n",history[j]);
     fclose(fp);
 -- 
 2.6.6
--- a/redis-3.2.1.tar.gz
+++ b/redis-3.2.1.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:df7bfb7b527d99981eba3912ae22703764eb19adda1357818188b22fdd09d5c9
 size 1534696
--- a/redis-3.2.2.tar.gz
+++ b/redis-3.2.2.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:05cf63502b2248b5d39588962100bfa4fcb47dabd56931a8cb60b301b1d8daea
 size 1541030
--- a/redis.changes
+++ b/redis.changes
@ -1,3 +1,23 @@
 -------------------------------------------------------------------
 Sat Jul 30 10:06:22 UTC 2016 - astieger@suse.com
 - Fix CVE-2013-7458: unsafe permissions of command line history
  boo#991250, adding CVE-2013-7458.patch
 -------------------------------------------------------------------
 Sat Jul 30 09:59:59 UTC 2016 - astieger@suse.com
 - redis 3.2.2
 - Highlight bug fixes:
  * Fix Redis server and Sentinel crashes
  * Fix GEORADIUS errors in reported entries
 - New features:
  * slaves support the slave-announce-ip and slave-announce-port
    options.
  * RDB check utlity is now part of Redis and uses the same RDB code
  * redis-check-dump utility is now able to show certain information
    about the RDB file including creating version and date.
 -------------------------------------------------------------------
 Wed Jun 29 12:14:42 UTC 2016 - rmaliska@suse.com
--- a/redis.spec
+++ b/redis.spec
@ -25,7 +25,7 @@
 %bcond_with    systemd
 %endif
 Name:           redis
-Version:        3.2.1
+Version:        3.2.2
 Release:        0
 Summary:        Persistent key-value database
 License:        BSD-3-Clause
@ -42,6 +42,7 @@ Patch0:         %{name}-initscript.patch
 # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines
 Patch1:         %{name}-conf.patch
 Patch2:         redis-enable-bactrace-on-x86-and-ia64-only.patch
 Patch3:         CVE-2013-7458.patch
 BuildRequires:  pkgconfig
 BuildRequires:  procps
 BuildRequires:  tcl
@ -69,6 +70,7 @@ different kind of sorting abilities.
 %patch0
 %patch1
 %patch2
 %patch3 -p1
 %build
 make %{?_smp_mflags} CFLAGS="%{optflags}" V=1