From 1afa5bfe4bec197168b1b42b978516ec3900955ff56693f64377a0c275b82eb6 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Mon, 21 Aug 2023 08:20:31 +0000 Subject: [PATCH 1/3] Accepting request 1104035 from home:darix:apps - redis 7.2.0 - Bug Fixes - redis-cli in cluster mode handles unknown-endpoint (#12273) - Update request / response policy hints for a few commands (#12417) - Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451) - Fix false success and a memory leak for ACL selector with bad parenthesis combination (#12452) - Fix the assertion when script timeout occurs after it signaled a blocked client (#12459) - Fixes for issues in previous releases of Redis 7.2 - Update MONITOR client's memory correctly for INFO and client-eviction (#12420) - The response of cluster nodes was unnecessarily adding an extra comma when no hostname was present. (#12411) - refreshed redis-conf.patch: - switch to autosetup now that we switched the last patch to patch level 1 OBS-URL: https://build.opensuse.org/request/show/1104035 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=228 --- redis-7.0.12.tar.gz | 3 --- redis-7.2.0.tar.gz | 3 +++ redis-conf.patch | 36 +++++++++++++++++++----------------- redis.changes | 23 +++++++++++++++++++++++ redis.hashes | 1 + redis.spec | 7 ++----- 6 files changed, 48 insertions(+), 25 deletions(-) delete mode 100644 redis-7.0.12.tar.gz create mode 100644 redis-7.2.0.tar.gz diff --git a/redis-7.0.12.tar.gz b/redis-7.0.12.tar.gz deleted file mode 100644 index 97e98a8..0000000 --- a/redis-7.0.12.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9dd83d5b278bb2bf0e39bfeb75c3e8170024edbaf11ba13b7037b2945cf48ab7 -size 2992216 diff --git a/redis-7.2.0.tar.gz b/redis-7.2.0.tar.gz new file mode 100644 index 0000000..618b12c --- /dev/null +++ b/redis-7.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8b12e242647635b419a0e1833eda02b65bf64e39eb9e509d9db4888fb3124943 +size 3381269 diff --git a/redis-conf.patch b/redis-conf.patch index 39b36ea..e21188f 100644 --- a/redis-conf.patch +++ b/redis-conf.patch @@ -1,8 +1,8 @@ -Index: redis.conf -=================================================================== ---- redis.conf.orig -+++ redis.conf -@@ -244,7 +244,7 @@ +diff --git a/redis.conf b/redis.conf +index 97f077b0d..6ba6b290e 100644 +--- a/redis.conf ++++ b/redis.conf +@@ -306,7 +306,7 @@ tcp-keepalive 300 # By default Redis does not run as a daemon. Use 'yes' if you need it. # Note that Redis will write a pid file in /var/run/redis.pid when daemonized. # When Redis is supervised by upstart or systemd, this parameter has no impact. @@ -11,7 +11,7 @@ Index: redis.conf # If you run Redis from upstart or systemd, Redis can interact with your # supervision tree. Options: -@@ -262,7 +262,7 @@ +@@ -324,7 +324,7 @@ daemonize no # The default is "no". To run under upstart/systemd, you can simply uncomment # the line below: # @@ -20,7 +20,7 @@ Index: redis.conf # If a pid file is specified, Redis writes it where specified at startup # and removes it at exit. -@@ -276,7 +276,7 @@ +@@ -338,7 +338,7 @@ daemonize no # # Note that on modern Linux systems "/run/redis.pid" is more conforming # and should be used instead. @@ -29,7 +29,7 @@ Index: redis.conf # Specify the server verbosity level. # This can be one of: -@@ -289,7 +289,8 @@ +@@ -352,7 +352,8 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # Redis to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null @@ -39,7 +39,7 @@ Index: redis.conf # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. -@@ -441,7 +442,7 @@ +@@ -507,7 +508,7 @@ rdb-del-sync-files no # The Append Only File will also be created inside this directory. # # Note that you must specify a directory here, not a file name. @@ -48,11 +48,11 @@ Index: redis.conf ################################# REPLICATION ################################# -Index: sentinel.conf -=================================================================== ---- sentinel.conf.orig -+++ sentinel.conf -@@ -24,16 +24,18 @@ +diff --git a/sentinel.conf b/sentinel.conf +index b7b3604f0..8262608ad 100644 +--- a/sentinel.conf ++++ b/sentinel.conf +@@ -13,11 +13,12 @@ port 26379 # Note that Redis will write a pid file in /var/run/redis-sentinel.pid when # daemonized. daemonize no @@ -64,12 +64,14 @@ Index: sentinel.conf -pidfile /var/run/redis-sentinel.pid +pidfile /run/redis/sentinel-default.pid + # Specify the server verbosity level. + # This can be one of: +@@ -31,7 +32,7 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # Sentinel to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null -logfile "" -+loglevel notice +logfile /var/log/redis/sentinel-default.log - # sentinel announce-ip - # sentinel announce-port + # To enable logging to the system logger, just set 'syslog-enabled' to yes, + # and optionally update the other syslog parameters to suit your needs. diff --git a/redis.changes b/redis.changes index 04656d6..7d66327 100644 --- a/redis.changes +++ b/redis.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Tue Aug 15 11:28:07 UTC 2023 - Marcus Rueckert + +- redis 7.2.0 + - Bug Fixes + - redis-cli in cluster mode handles unknown-endpoint (#12273) + - Update request / response policy hints for a few commands + (#12417) + - Ensure that the function load timeout is disabled during + loading from RDB/AOF and on replicas. (#12451) + - Fix false success and a memory leak for ACL selector with bad + parenthesis combination (#12452) + - Fix the assertion when script timeout occurs after it + signaled a blocked client (#12459) + - Fixes for issues in previous releases of Redis 7.2 + - Update MONITOR client's memory correctly for INFO and + client-eviction (#12420) + - The response of cluster nodes was unnecessarily adding an + extra comma when no hostname was present. (#12411) +- refreshed redis-conf.patch: +- switch to autosetup now that we switched the last patch to patch + level 1 + ------------------------------------------------------------------- Wed Jul 12 14:10:43 UTC 2023 - Danilo Spinella diff --git a/redis.hashes b/redis.hashes index 234a71b..9988ba4 100644 --- a/redis.hashes +++ b/redis.hashes @@ -163,3 +163,4 @@ hash redis-6.0.20.tar.gz sha256 173d4c5f44b5d7186da96c4adc5cb20e8018b50ec3a8dfe0 hash redis-6.2.13.tar.gz sha256 89ff27c80d420456a721ccfb3beb7cc628d883c53059803513749e13214a23d1 http://download.redis.io/releases/redis-6.2.13.tar.gz hash redis-7.0.12.tar.gz sha256 9dd83d5b278bb2bf0e39bfeb75c3e8170024edbaf11ba13b7037b2945cf48ab7 http://download.redis.io/releases/redis-7.0.12.tar.gz hash redis-7.2-rc3.tar.gz sha256 4035e2b146ca1eb43b4188ca30a6d7be1a4d40ac2dfdf58db8f885517bbab41a http://download.redis.io/releases/redis-7.2-rc3.tar.gz +hash redis-7.2.0.tar.gz sha256 8b12e242647635b419a0e1833eda02b65bf64e39eb9e509d9db4888fb3124943 http://download.redis.io/releases/redis-7.2.0.tar.gz diff --git a/redis.spec b/redis.spec index 8bf758f..22b5421 100644 --- a/redis.spec +++ b/redis.spec @@ -20,7 +20,7 @@ %define _log_dir %{_localstatedir}/log/%{name} %define _conf_dir %{_sysconfdir}/%{name} Name: redis -Version: 7.0.12 +Version: 7.2.0 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause @@ -63,10 +63,7 @@ different kind of sorting abilities. %prep echo "`grep -F %{name}-%{version}.tar.gz %{SOURCE10} | cut -d' ' -f4` %{SOURCE0}" | sha256sum -c -%setup -q -%patch0 -%patch3 -p1 -%patch4 -p1 +%autosetup -p1 %build export HOST=OBS # for reproducible builds From 8b2bf3dac8854727b50e49ecf8b4db566798a87ce4ffe3e9adb265746bc8723e Mon Sep 17 00:00:00 2001 From: Danilo Spinella Date: Thu, 7 Sep 2023 15:05:44 +0000 Subject: [PATCH 2/3] Accepting request 1109571 from home:dspinella:branches:server:database - redis 7.2.1: * (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. (bsc#1215094) * Fix crashes when joining a node to an existing 7.0 Redis Cluster * Correct request_policy and response_policy command tips on for some admin / configuration commands - Refresh redis.hashes OBS-URL: https://build.opensuse.org/request/show/1109571 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=229 --- redis-7.2.0.tar.gz | 3 --- redis-7.2.1.tar.gz | 3 +++ redis.changes | 12 ++++++++++++ redis.hashes | 2 ++ redis.spec | 2 +- 5 files changed, 18 insertions(+), 4 deletions(-) delete mode 100644 redis-7.2.0.tar.gz create mode 100644 redis-7.2.1.tar.gz diff --git a/redis-7.2.0.tar.gz b/redis-7.2.0.tar.gz deleted file mode 100644 index 618b12c..0000000 --- a/redis-7.2.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8b12e242647635b419a0e1833eda02b65bf64e39eb9e509d9db4888fb3124943 -size 3381269 diff --git a/redis-7.2.1.tar.gz b/redis-7.2.1.tar.gz new file mode 100644 index 0000000..8e02c65 --- /dev/null +++ b/redis-7.2.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5c76d990a1b1c5f949bcd1eed90d0c8a4f70369bdbdcb40288c561ddf88967a4 +size 3383319 diff --git a/redis.changes b/redis.changes index 7d66327..40a7501 100644 --- a/redis.changes +++ b/redis.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Sep 7 14:31:26 UTC 2023 - Danilo Spinella + +- redis 7.2.1: + * (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and, + as a result, may grant users executing this command access to keys that are not + explicitly authorized by the ACL configuration. (bsc#1215094) + * Fix crashes when joining a node to an existing 7.0 Redis Cluster + * Correct request_policy and response_policy command tips on for some admin / + configuration commands +- Refresh redis.hashes + ------------------------------------------------------------------- Tue Aug 15 11:28:07 UTC 2023 - Marcus Rueckert diff --git a/redis.hashes b/redis.hashes index 9988ba4..bd6ecd6 100644 --- a/redis.hashes +++ b/redis.hashes @@ -164,3 +164,5 @@ hash redis-6.2.13.tar.gz sha256 89ff27c80d420456a721ccfb3beb7cc628d883c530598035 hash redis-7.0.12.tar.gz sha256 9dd83d5b278bb2bf0e39bfeb75c3e8170024edbaf11ba13b7037b2945cf48ab7 http://download.redis.io/releases/redis-7.0.12.tar.gz hash redis-7.2-rc3.tar.gz sha256 4035e2b146ca1eb43b4188ca30a6d7be1a4d40ac2dfdf58db8f885517bbab41a http://download.redis.io/releases/redis-7.2-rc3.tar.gz hash redis-7.2.0.tar.gz sha256 8b12e242647635b419a0e1833eda02b65bf64e39eb9e509d9db4888fb3124943 http://download.redis.io/releases/redis-7.2.0.tar.gz +hash redis-7.0.13.tar.gz sha256 97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673 http://download.redis.io/releases/redis-7.0.13.tar.gz +hash redis-7.2.1.tar.gz sha256 5c76d990a1b1c5f949bcd1eed90d0c8a4f70369bdbdcb40288c561ddf88967a4 http://download.redis.io/releases/redis-7.2.1.tar.gz diff --git a/redis.spec b/redis.spec index 22b5421..2dee06f 100644 --- a/redis.spec +++ b/redis.spec @@ -20,7 +20,7 @@ %define _log_dir %{_localstatedir}/log/%{name} %define _conf_dir %{_sysconfdir}/%{name} Name: redis -Version: 7.2.0 +Version: 7.2.1 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause From 9a6b379be31d8619aa2ada44f5e74f3e8d662d3c159bc3b9371fe11f6059f43f Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Mon, 23 Oct 2023 13:27:44 +0000 Subject: [PATCH 3/3] Accepting request 1119207 from home:dspinella:branches:server:database - redis 7.2.2: * (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup, bsc#1216376 * WAITAOF could timeout in the absence of write traffic in case a new AOF is created and an AOF rewrite can't immediately start * Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2 nodes * Fix the return type of the slot number in cluster shards to integer, which makes it consistent with past behavior * Fix CLUSTER commands are called from modules or scripts to return TLS info appropriately redis-cli, fix crash on reconnect when in SUBSCRIBE mode * Fix overflow calculation for next timer event OBS-URL: https://build.opensuse.org/request/show/1119207 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=230 --- redis-7.2.1.tar.gz | 3 --- redis-7.2.2.tar.gz | 3 +++ redis.changes | 18 ++++++++++++++++++ redis.hashes | 3 +++ redis.spec | 2 +- 5 files changed, 25 insertions(+), 4 deletions(-) delete mode 100644 redis-7.2.1.tar.gz create mode 100644 redis-7.2.2.tar.gz diff --git a/redis-7.2.1.tar.gz b/redis-7.2.1.tar.gz deleted file mode 100644 index 8e02c65..0000000 --- a/redis-7.2.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5c76d990a1b1c5f949bcd1eed90d0c8a4f70369bdbdcb40288c561ddf88967a4 -size 3383319 diff --git a/redis-7.2.2.tar.gz b/redis-7.2.2.tar.gz new file mode 100644 index 0000000..fc8d3d8 --- /dev/null +++ b/redis-7.2.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ca999be08800edc6d265379c4c7aafad92f0ee400692e4e2d69829ab4b4c3d08 +size 3384618 diff --git a/redis.changes b/redis.changes index 40a7501..8731569 100644 --- a/redis.changes +++ b/redis.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Fri Oct 20 10:03:33 UTC 2023 - Danilo Spinella + +- redis 7.2.2: + * (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a + race condition that can be used by another process to bypass desired Unix + socket permissions on startup, bsc#1216376 + * WAITAOF could timeout in the absence of write traffic in case a new AOF is + created and an AOF rewrite can't immediately start + * Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2 + nodes + * Fix the return type of the slot number in cluster shards to integer, which + makes it consistent with past behavior + * Fix CLUSTER commands are called from modules or scripts to return TLS info + appropriately + redis-cli, fix crash on reconnect when in SUBSCRIBE mode + * Fix overflow calculation for next timer event + ------------------------------------------------------------------- Thu Sep 7 14:31:26 UTC 2023 - Danilo Spinella diff --git a/redis.hashes b/redis.hashes index bd6ecd6..a4d24d0 100644 --- a/redis.hashes +++ b/redis.hashes @@ -166,3 +166,6 @@ hash redis-7.2-rc3.tar.gz sha256 4035e2b146ca1eb43b4188ca30a6d7be1a4d40ac2dfdf58 hash redis-7.2.0.tar.gz sha256 8b12e242647635b419a0e1833eda02b65bf64e39eb9e509d9db4888fb3124943 http://download.redis.io/releases/redis-7.2.0.tar.gz hash redis-7.0.13.tar.gz sha256 97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673 http://download.redis.io/releases/redis-7.0.13.tar.gz hash redis-7.2.1.tar.gz sha256 5c76d990a1b1c5f949bcd1eed90d0c8a4f70369bdbdcb40288c561ddf88967a4 http://download.redis.io/releases/redis-7.2.1.tar.gz +hash redis-6.2.14.tar.gz sha256 34e74856cbd66fdb3a684fb349d93961d8c7aa668b06f81fd93ff267d09bc277 http://download.redis.io/releases/redis-6.2.14.tar.gz +hash redis-7.0.14.tar.gz sha256 7e1cdf347f4970ea39d5b7fdb19aedec4c21942e202de65bdeb782d38d2f299f http://download.redis.io/releases/redis-7.0.14.tar.gz +hash redis-7.2.2.tar.gz sha256 ca999be08800edc6d265379c4c7aafad92f0ee400692e4e2d69829ab4b4c3d08 http://download.redis.io/releases/redis-7.2.2.tar.gz diff --git a/redis.spec b/redis.spec index 2dee06f..a8743e4 100644 --- a/redis.spec +++ b/redis.spec @@ -20,7 +20,7 @@ %define _log_dir %{_localstatedir}/log/%{name} %define _conf_dir %{_sysconfdir}/%{name} Name: redis -Version: 7.2.1 +Version: 7.2.2 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause