[pkgsrc/pkgsrc-2021Q3]: pkgsrc/databases/redis Pullup ticket #6503 - requeste...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2021Q3]: pkgsrc/databases/redis Pullup ticket #6503 - requeste...
From: tm <tm%pkgsrc.org@localhost>
Date: Wed, 06 Oct 2021 22:11:39 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/1f758cfa98a3
branches:  pkgsrc-2021Q3
changeset: 459423:1f758cfa98a3
user:      tm <tm%pkgsrc.org@localhost>
date:      Wed Oct 06 21:12:46 2021 +0000

description:
Pullup ticket #6503 - requested by taca
databases/redis: security fix

Revisions pulled up:
- databases/redis/Makefile                                      1.72
- databases/redis/distinfo                                      1.63
- databases/redis/patches/patch-src_Makefile                    1.5

---
   Module Name: pkgsrc
   Committed By:        adam
   Date:                Mon Oct  4 18:55:36 UTC 2021

   Modified Files:
        pkgsrc/databases/redis: Makefile distinfo
        pkgsrc/databases/redis/patches: patch-src_Makefile

   Log Message:
   redis: updated to 6.2.6

   Redis 6.2.6

   Upgrade urgency: SECURITY, contains fixes to security issues.

   Security Fixes:
   * (CVE-2021-41099) Integer to heap buffer overflow handling certain string
     commands and network payloads, when proto-max-bulk-len is manually configured
     to a non-default, very large value [reported by yiyuaner].
   * (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
     redis-sentinel parsing large multi-bulk replies on some older and less common
     platforms [reported by Microsoft Vulnerability Research].
   * (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
     set-max-intset-entries is manually configured to a non-default, very large
     value [reported by Pawel Wieczorkiewicz, AWS].
   * (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
     a large number of elements on many connections.
   * (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
     Meir Shpilraien].
   * (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
     data types, when configuring a large, non-default value for
     hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
     or zset-max-ziplist-value [reported by sundb].
   * (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
     configuring a non-default, large value for proto-max-bulk-len and
     client-query-buffer-limit [reported by sundb].
   * (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
     overflow [reported by Meir Shpilraien].

   Bug fixes that involve behavior changes:
   * GEO* STORE with empty source key deletes the destination key and return 0
     Previously it would have returned an empty array like the non-STORE variant.
   * PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions
     This actually changed in 6.2.0 but was overlooked and omitted from the release notes.

   Bug fixes that are only applicable to previous releases of Redis 6.2:
   * Fix CLIENT PAUSE, used an old timeout from previous PAUSE
   * Fix CLIENT PAUSE in a replica would mess the replication offset
   * Add some missing error statistics in INFO errorstats

   Other bug fixes:
   * Fix incorrect reply of COMMAND command key positions for MIGRATE command
   * Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue)
   * Fix the wrong mis-detection of sync_file_range system call, affecting performance

   CLI tools:
   * When redis-cli received ASK response, it didn't handle it

   Improvements:
   * Add latency monitor sample when key is deleted via lazy expire
   * Sanitize corrupt payload improvements
   * Delete empty keys when loading RDB file or handling a RESTORE command

diffstat:

 databases/redis/Makefile                   |   4 ++--
 databases/redis/distinfo                   |  12 ++++++------
 databases/redis/patches/patch-src_Makefile |  14 +++++++-------
 3 files changed, 15 insertions(+), 15 deletions(-)

diffs (74 lines):

diff -r 8f860e754b97 -r 1f758cfa98a3 databases/redis/Makefile
--- a/databases/redis/Makefile  Tue Oct 05 21:20:57 2021 +0000
+++ b/databases/redis/Makefile  Wed Oct 06 21:12:46 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.71 2021/07/22 09:56:54 adam Exp $
+# $NetBSD: Makefile,v 1.71.2.1 2021/10/06 21:12:46 tm Exp $
 
-DISTNAME=      redis-6.2.5
+DISTNAME=      redis-6.2.6
 CATEGORIES=    databases
 MASTER_SITES=  http://download.redis.io/releases/
 
diff -r 8f860e754b97 -r 1f758cfa98a3 databases/redis/distinfo
--- a/databases/redis/distinfo  Tue Oct 05 21:20:57 2021 +0000
+++ b/databases/redis/distinfo  Wed Oct 06 21:12:46 2021 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.62 2021/07/22 09:56:54 adam Exp $
+$NetBSD: distinfo,v 1.62.2.1 2021/10/06 21:12:46 tm Exp $
 
-SHA1 (redis-6.2.5.tar.gz) = b675f5e883f095c2081f605e3ca31a6d5832383c
-RMD160 (redis-6.2.5.tar.gz) = 1c0d20f2c57d2cb0918e58b36a584ecaa3d8d9b0
-SHA512 (redis-6.2.5.tar.gz) = 8c54451032cbb627ec2827251556cba2010e56544baca7ea117b5afd2c2add484acbedd3baf21bdb8fd10672602cf52294a4e26b135c1406d7a723c048275e3a
-Size (redis-6.2.5.tar.gz) = 2465302 bytes
+SHA1 (redis-6.2.6.tar.gz) = e9fb68dfcee194b438bd0af6e4cbc277a2a425e2
+RMD160 (redis-6.2.6.tar.gz) = 98607041365692d7feb19bf861b4bb32e799047e
+SHA512 (redis-6.2.6.tar.gz) = 9b947d26fd9e208627ed22d318ab3d0775ab0be46d98db1c1d158feac671b984e75ce33e647d196face9643f80768af47e678be1b4e1ddd3eb56dff467c46022
+Size (redis-6.2.6.tar.gz) = 2476542 bytes
 SHA1 (patch-redis.conf) = ee657a9d82711263ceb0fb8f7d8059ed23528fe9
-SHA1 (patch-src_Makefile) = b74e1575d423b9a4d09b6b5e3eeb355d79c27855
+SHA1 (patch-src_Makefile) = 0b6f68bbb2cbf9aad655611bdd9aee8f3ed4e850
 SHA1 (patch-src_hyperloglog.c) = e9bdd3c630024a6fbe02c2c1d85e26131ad938cf
 SHA1 (patch-src_object.c) = 30ffaec9c7e6135e3a5576cd1a35d7bcec668299
diff -r 8f860e754b97 -r 1f758cfa98a3 databases/redis/patches/patch-src_Makefile
--- a/databases/redis/patches/patch-src_Makefile        Tue Oct 05 21:20:57 2021 +0000
+++ b/databases/redis/patches/patch-src_Makefile        Wed Oct 06 21:12:46 2021 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-src_Makefile,v 1.4 2021/03/01 13:19:19 adam Exp $
+$NetBSD: patch-src_Makefile,v 1.4.6.1 2021/10/06 21:12:46 tm Exp $
 
 Add DESTDIR support.
 Fix NetBSD support.
 
---- src/Makefile.orig  2021-02-22 21:23:58.000000000 +0000
+--- src/Makefile.orig  2021-10-04 10:59:40.000000000 +0000
 +++ src/Makefile
-@@ -40,8 +40,8 @@ else
+@@ -45,8 +45,8 @@ else
  endif
  
  PREFIX?=/usr/local
@@ -16,7 +16,7 @@
  PKG_CONFIG?=pkg-config
  
  # Default allocator defaults to Jemalloc if it's not an ARM
-@@ -152,6 +152,10 @@ ifeq ($(uname_S),NetBSD)
+@@ -151,6 +151,10 @@ ifeq ($(uname_S),NetBSD)
            FINAL_LIBS+= -lexecinfo
        endif
  else
@@ -27,11 +27,11 @@
  ifeq ($(uname_S),FreeBSD)
        # FreeBSD
        FINAL_LIBS+= -lpthread -lexecinfo
-@@ -187,6 +191,7 @@ endif
+@@ -186,6 +190,7 @@ endif
  endif
  endif
  endif
 +endif
- # Include paths to dependencies
- FINAL_CFLAGS+= -I../deps/hiredis -I../deps/linenoise -I../deps/lua/src -I../deps/hdr_histogram
  
+ ifdef OPENSSL_PREFIX
+       OPENSSL_CFLAGS=-I$(OPENSSL_PREFIX)/include

Prev by Date: [pkgsrc/trunk]: pkgsrc/graphics opencv opencv-contrib-face: updated to 3.4.15
Next by Date: [pkgsrc/pkgsrc-2021Q3]: pkgsrc/doc doc: Pullup ticket #6503
Previous by Thread: [pkgsrc/trunk]: pkgsrc/graphics opencv opencv-contrib-face: updated to 3.4.15
Next by Thread: [pkgsrc/pkgsrc-2021Q3]: pkgsrc/doc doc: Pullup ticket #6503
Indexes:

Home | Main Index | Thread Index | Old Index