Accepting request 1080241 from server:database

OBS-URL: https://build.opensuse.org/request/show/1080241
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/redis?expand=0&rev=88

Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch

@@ -1,115 +0,0 @@
-From 2a2a582e7cd99ba3b531336b8bd41df2b566e619 Mon Sep 17 00:00:00 2001
-From: Oran Agra <oran@redislabs.com>
-Date: Tue, 21 Feb 2023 15:16:13 +0200
-Subject: [PATCH] Integer Overflow in RAND commands can lead to assertion
- (CVE-2023-25155)
-
-Issue happens when passing a negative long value that greater than
-the max positive value that the long can store.
----
- src/t_hash.c             | 4 ++--
- src/t_set.c              | 2 +-
- src/t_zset.c             | 4 ++--
- tests/unit/type/hash.tcl | 2 ++
- tests/unit/type/set.tcl  | 5 +++++
- tests/unit/type/zset.tcl | 2 ++
- 6 files changed, 14 insertions(+), 5 deletions(-)
-
-diff --git a/src/t_hash.c b/src/t_hash.c
-index 754315080..f4ddccc62 100644
---- a/src/t_hash.c
-+++ b/src/t_hash.c
-@@ -1120,13 +1120,13 @@ void hrandfieldCommand(client *c) {
-     listpackEntry ele;
- 
-     if (c->argc >= 3) {
--        if (getLongFromObjectOrReply(c,c->argv[2],&l,NULL) != C_OK) return;
-+        if (getRangeLongFromObjectOrReply(c,c->argv[2],-LONG_MAX,LONG_MAX,&l,NULL) != C_OK) return;
-         if (c->argc > 4 || (c->argc == 4 && strcasecmp(c->argv[3]->ptr,"withvalues"))) {
-             addReplyErrorObject(c,shared.syntaxerr);
-             return;
-         } else if (c->argc == 4) {
-             withvalues = 1;
--            if (l < LONG_MIN/2 || l > LONG_MAX/2) {
-+            if (l < -LONG_MAX/2 || l > LONG_MAX/2) {
-                 addReplyError(c,"value is out of range");
-                 return;
-             }
-diff --git a/src/t_set.c b/src/t_set.c
-index b01729f0a..dff66d052 100644
---- a/src/t_set.c
-+++ b/src/t_set.c
-@@ -665,7 +665,7 @@ void srandmemberWithCountCommand(client *c) {
- 
-     dict *d;
- 
--    if (getLongFromObjectOrReply(c,c->argv[2],&l,NULL) != C_OK) return;
-+    if (getRangeLongFromObjectOrReply(c,c->argv[2],-LONG_MAX,LONG_MAX,&l,NULL) != C_OK) return;
-     if (l >= 0) {
-         count = (unsigned long) l;
-     } else {
-diff --git a/src/t_zset.c b/src/t_zset.c
-index 3cd2d2438..a9b5031ea 100644
---- a/src/t_zset.c
-+++ b/src/t_zset.c
-@@ -4289,13 +4289,13 @@ void zrandmemberCommand(client *c) {
-     listpackEntry ele;
- 
-     if (c->argc >= 3) {
--        if (getLongFromObjectOrReply(c,c->argv[2],&l,NULL) != C_OK) return;
-+        if (getRangeLongFromObjectOrReply(c,c->argv[2],-LONG_MAX,LONG_MAX,&l,NULL) != C_OK) return;
-         if (c->argc > 4 || (c->argc == 4 && strcasecmp(c->argv[3]->ptr,"withscores"))) {
-             addReplyErrorObject(c,shared.syntaxerr);
-             return;
-         } else if (c->argc == 4) {
-             withscores = 1;
--            if (l < LONG_MIN/2 || l > LONG_MAX/2) {
-+            if (l < -LONG_MAX/2 || l > LONG_MAX/2) {
-                 addReplyError(c,"value is out of range");
-                 return;
-             }
-diff --git a/tests/unit/type/hash.tcl b/tests/unit/type/hash.tcl
-index fcb42e81e..4edb146ed 100644
---- a/tests/unit/type/hash.tcl
-+++ b/tests/unit/type/hash.tcl
-@@ -74,6 +74,8 @@ start_server {tags {"hash"}} {
-     test "HRANDFIELD count overflow" {
-         r hmset myhash a 1
-         assert_error {*value is out of range*} {r hrandfield myhash -9223372036854770000 withvalues}
-+        assert_error {*value is out of range*} {r hrandfield myhash -9223372036854775808 withvalues}
-+        assert_error {*value is out of range*} {r hrandfield myhash -9223372036854775808}
-     } {}
- 
-     test "HRANDFIELD with <count> against non existing key" {
-diff --git a/tests/unit/type/set.tcl b/tests/unit/type/set.tcl
-index 30b6dc5d7..5257dccea 100644
---- a/tests/unit/type/set.tcl
-+++ b/tests/unit/type/set.tcl
-@@ -645,6 +645,11 @@ start_server {
-         r srandmember nonexisting_key 100
-     } {}
- 
-+    test "SRANDMEMBER count overflow" {
-+        r sadd myset a
-+        assert_error {*value is out of range*} {r srandmember myset -9223372036854775808}
-+    } {}
-+
-     # Make sure we can distinguish between an empty array and a null response
-     r readraw 1
- 
-diff --git a/tests/unit/type/zset.tcl b/tests/unit/type/zset.tcl
-index a758aee46..88c0bcb43 100644
---- a/tests/unit/type/zset.tcl
-+++ b/tests/unit/type/zset.tcl
-@@ -2303,6 +2303,8 @@ start_server {tags {"zset"}} {
-     test "ZRANDMEMBER count overflow" {
-         r zadd myzset 0 a
-         assert_error {*value is out of range*} {r zrandmember myzset -9223372036854770000 withscores}
-+        assert_error {*value is out of range*} {r zrandmember myzset -9223372036854775808 withscores}
-+        assert_error {*value is out of range*} {r zrandmember myzset -9223372036854775808}
-     } {}
- 
-     # Make sure we can distinguish between an empty array and a null response
--- 
-2.35.3
-

String-pattern-matching-had-exponential-time-complex.patch

@@ -1,88 +0,0 @@
-From 0825552565e5fdab2e87950579c4f0bedded3e3c Mon Sep 17 00:00:00 2001
-From: Tom Levy <tomlevy93@gmail.com>
-Date: Tue, 21 Feb 2023 15:14:30 +0200
-Subject: [PATCH] String pattern matching had exponential time complexity on
- pathological patterns (CVE-2022-36021)
-
-Authenticated users can use string matching commands with a
-specially crafted pattern to trigger a denial-of-service attack on Redis,
-causing it to hang and consume 100% CPU time.
----
- src/util.c              | 27 +++++++++++++++++++++++----
- tests/unit/keyspace.tcl |  6 ++++++
- 2 files changed, 29 insertions(+), 4 deletions(-)
-
-diff --git a/src/util.c b/src/util.c
-index e1524b5e3..8ce2c5fca 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -50,8 +50,8 @@
- #include "config.h"
- 
- /* Glob-style pattern matching. */
--int stringmatchlen(const char *pattern, int patternLen,
--        const char *string, int stringLen, int nocase)
-+static int stringmatchlen_impl(const char *pattern, int patternLen,
-+        const char *string, int stringLen, int nocase, int *skipLongerMatches)
- {
-     while(patternLen && stringLen) {
-         switch(pattern[0]) {
-@@ -63,12 +63,25 @@ int stringmatchlen(const char *pattern, int patternLen,
-             if (patternLen == 1)
-                 return 1; /* match */
-             while(stringLen) {
--                if (stringmatchlen(pattern+1, patternLen-1,
--                            string, stringLen, nocase))
-+                if (stringmatchlen_impl(pattern+1, patternLen-1,
-+                            string, stringLen, nocase, skipLongerMatches))
-                     return 1; /* match */
-+                if (*skipLongerMatches)
-+                    return 0; /* no match */
-                 string++;
-                 stringLen--;
-             }
-+            /* There was no match for the rest of the pattern starting
-+             * from anywhere in the rest of the string. If there were
-+             * any '*' earlier in the pattern, we can terminate the
-+             * search early without trying to match them to longer
-+             * substrings. This is because a longer match for the
-+             * earlier part of the pattern would require the rest of the
-+             * pattern to match starting later in the string, and we
-+             * have just determined that there is no match for the rest
-+             * of the pattern starting from anywhere in the current
-+             * string. */
-+            *skipLongerMatches = 1;
-             return 0; /* no match */
-             break;
-         case '?':
-@@ -170,6 +183,12 @@ int stringmatchlen(const char *pattern, int patternLen,
-     return 0;
- }
- 
-+int stringmatchlen(const char *pattern, int patternLen,
-+        const char *string, int stringLen, int nocase) {
-+    int skipLongerMatches = 0;
-+    return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
-+}
-+
- int stringmatch(const char *pattern, const char *string, int nocase) {
-     return stringmatchlen(pattern,strlen(pattern),string,strlen(string),nocase);
- }
-diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
-index f5f971140..437f71fa1 100644
---- a/tests/unit/keyspace.tcl
-+++ b/tests/unit/keyspace.tcl
-@@ -489,4 +489,10 @@ start_server {tags {"keyspace"}} {
-         r keys *
-         r keys *
-     } {dlskeriewrioeuwqoirueioqwrueoqwrueqw}
-+
-+    test {Regression for pattern matching long nested loops} {
-+        r flushdb
-+        r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
-+        r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b"
-+    } {}
- }
--- 
-2.35.3
-

redis-7.0.11.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3
+size 2988485

redis-7.0.8.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:06a339e491306783dcf55b97f15a5dbcbdc01ccbde6dc23027c475cab735e914
-size 2981212

redis.changes

@@ -1,3 +1,66 @@
+-------------------------------------------------------------------
+Mon Apr 17 17:14:26 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
+
+- redis 7.0.11
+  - (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT
+    command to create an invalid hash field that will crash Redis
+    on access (boo#1210548)
+  - Add a missing fsync of AOF file in rare cases
+  - Disconnect pub-sub subscribers when revoking allchannels
+    permission
+  - Fix a compiler fortification induced crash when used with link
+    time optimizations
+- Drop get-old-size-calculations.patch:
+  replaced with proper fix
+
+-------------------------------------------------------------------
+Fri Mar 24 19:18:24 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
+
+- Added get-old-size-calculations.patch:
+  my workaround for https://github.com/redis/redis/issues/11965
+
+-------------------------------------------------------------------
+Mon Mar 20 21:22:02 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- redis 7.0.10
+  * CVE-2023-28425: Specially crafted MSETNX command can lead to
+    assertion and denial-of-service (boo#1209528)
+  * Large blocks of replica client output buffer may lead to psync
+    loops and unnecessary memory usage
+  * Fix CLIENT REPLY OFF|SKIP to not silence push notifications
+  * Trim excessive memory usage in stream nodes when exceeding
+    `stream-node-max-bytes`
+  * Fix module RM_Call commands failing with OOM when maxmemory is
+    changed to zero
+
+-------------------------------------------------------------------
+Mon Mar 20 21:16:24 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- redis 7.0.9
+  * CVE-2023-25155: Specially crafted SRANDMEMBER, ZRANDMEMBER, and
+    HRANDFIELD commands can trigger an integer overflow, resulting
+    in a runtime assertion and termination of the Redis server
+    process. Previously patched, drop
+    Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch
+  * CVE-2022-36021: String matching commands (like SCAN or KEYS)
+    with a specially crafted pattern to trigger a denial-of-service
+    attack on Redis, causing it to hang and consume 100% CPU time.
+    Previously upatched, drop 
+    String-pattern-matching-had-exponential-time-complex.patch
+  * Fix a crash when reaching the maximum invalidations limit of
+    client-side tracking
+  * Fix a crash when SPUBLISH is used after passing the
+    cluster-link-sendbuf-limit
+  * Fix possible memory corruption in FLUSHALL when a client
+    watches more than one key
+  * Fix cluster inbound link keepalive time
+  * Flush propagation list in active-expire of writable replicas to
+    fix an assertion
+  * Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as
+    MULTI-EXEC
+  * Avoid realloc to reduce size of strings when it is unneeded
+  * Improve CLUSTER SLOTS reply efficiency for non-continuous slots
+
 -------------------------------------------------------------------
 Wed Mar  1 16:29:28 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com>
 

redis.hashes

@@ -148,3 +148,12 @@ hash redis-7.0.6.tar.gz sha256 7b33a7e890d13e27af1f246acb16312669ad8a1d56ce8f807
 hash redis-7.0.7.tar.gz sha256 8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586 http://download.redis.io/releases/redis-7.0.7.tar.gz
 hash redis-7.0.8.tar.gz sha256 06a339e491306783dcf55b97f15a5dbcbdc01ccbde6dc23027c475cab735e914 http://download.redis.io/releases/redis-7.0.8.tar.gz
 hash redis-6.2.9.tar.gz sha256 9661b2c6b1cc9bf2999471b37a4d759fa5e747d408142c18af8792ebd8384a2a http://download.redis.io/releases/redis-6.2.9.tar.gz
+hash redis-6.0.17.tar.gz sha256 ad50bf7c6bf98d7bf3c626bdd5588368f52c82c8d41869cca024455f651e7bfc http://download.redis.io/releases/redis-6.0.17.tar.gz
+hash redis-6.2.10.tar.gz sha256 22684f66d272379b91e3e53693918b535e2a6e54b9d14e1cad171658e0eefeca http://download.redis.io/releases/redis-6.2.10.tar.gz
+hash redis-6.0.18.tar.gz sha256 d7b4f2a97fcab96727284092b0a4aa854af47d570803fa0e7a0345359743836e http://download.redis.io/releases/redis-6.0.18.tar.gz
+hash redis-6.2.11.tar.gz sha256 8c75fb9cdd01849e92c23f30cb7fe205ea0032a38d11d46af191014e9acc3098 http://download.redis.io/releases/redis-6.2.11.tar.gz
+hash redis-7.0.9.tar.gz sha256 f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65 http://download.redis.io/releases/redis-7.0.9.tar.gz
+hash redis-7.0.10.tar.gz sha256 1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131 http://download.redis.io/releases/redis-7.0.10.tar.gz
+hash redis-7.0.11.tar.gz sha256 ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3 http://download.redis.io/releases/redis-7.0.11.tar.gz
+hash redis-6.2.12.tar.gz sha256 75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b http://download.redis.io/releases/redis-6.2.12.tar.gz
+hash redis-6.0.19.tar.gz sha256 55e26318c3d9c53a77a6e802f60524afdddd057a2e965cebcf781a0a72f0e3e6 http://download.redis.io/releases/redis-6.0.19.tar.gz

redis.spec

@@ -20,7 +20,7 @@
 %define _log_dir        %{_localstatedir}/log/%{name}
 %define _conf_dir       %{_sysconfdir}/%{name}
 Name:           redis
-Version:        7.0.8
+Version:        7.0.11
 Release:        0
 Summary:        Persistent key-value database
 License:        BSD-3-Clause
@@ -40,10 +40,6 @@ Source10:       https://raw.githubusercontent.com/redis/redis-hashes/master/READ
 Patch0:         %{name}-conf.patch
 Patch3:         reproducible.patch
 Patch4:         ppc-atomic.patch
-# PATCH-FIX-UPSTREAM -- based on commit 0825552 (bsc#1208790 CVE-2022-36021)
-Patch5:         String-pattern-matching-had-exponential-time-complex.patch
-# PATCH-FIX-UPSTREAM -- based on commit 2a2a582 (bsc#1208793 CVE-2023-25155)
-Patch6:         Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch
 BuildRequires:  jemalloc-devel
 BuildRequires:  libopenssl-devel >= 1.1.1
 BuildRequires:  pkgconfig
@@ -71,8 +67,6 @@ echo "`grep -F %{name}-%{version}.tar.gz %{SOURCE10} | cut -d' ' -f4`  %{SOURCE0
 %patch0
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
-%patch6 -p1
 
 %build
 export HOST=OBS # for reproducible builds