pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2022Q3]: pkgsrc/databases/redis Pullup ticket #6705 - requeste...
details: https://anonhg.NetBSD.org/pkgsrc/rev/4228c3a7eaf2
branches: pkgsrc-2022Q3
changeset: 388919:4228c3a7eaf2
user: spz <spz%pkgsrc.org@localhost>
date: Sat Nov 26 17:28:11 2022 +0000
description:
Pullup ticket #6705 - requested by bsiegert
databases/redis: security update
Revisions pulled up:
- databases/redis/Makefile 1.74
- databases/redis/distinfo 1.67
- databases/redis/patches/patch-src_Makefile 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Tue Nov 22 19:11:11 UTC 2022
Modified Files:
pkgsrc/databases/redis: Makefile distinfo
pkgsrc/databases/redis/patches: patch-src_Makefile
Log Message:
redis: updated to 7.0.5
Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Module API changes
=========
* Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags
* Fix RM_SetAbsExpire and RM_GetAbsExpire API registration
Bug Fixes
====
* Fix a hang when eviction is combined with lazy-free and
maxmemory-eviction-tenacity is set to 100
* Fix a crash when a replica may attempt to set itself as its master
as a result of a manual failover
* Fix a bug where a cluster-enabled replica node may permanently set
its master's hostname to '?'
* Fix a crash when a Lua script returns a meta-table
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* Fix redis-cli to do DNS lookup before sending CLUSTER MEET
* Fix crash when a key is lazy expired during cluster key migration
* Fix AOF rewrite to fsync the old AOF file when a new one is created
* Fix some crashes involving a list containing entries larger than 1GB
* Correctly handle scripts with a non-read-only shebang on a cluster replica
* Fix memory leak when unloading a module
* Fix bug with scripts ignoring client tracking NOLOOP
* Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL /
SWAPDB is used inside MULTI-EXEC
* Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed
with read-only key permission
* Fix missing sections for INFO ALL when also requesting a module info section
========================================
Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
========================================
Redis 7.0.3 Released Monday Jul 11 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Performance and resource utilization improvements
========================
* Optimize zset conversion on large ZRANGESTORE
* Optimize the performance of sending PING on large clusters
* Allow for faster restart of Redis in cluster mode
INFO fields and introspection changes
==================
* Add missing sharded pubsub keychannel count to CLIENT LIST
* Add missing pubsubshard_channels field in INFO STATS
Module API changes
=========
* Add RM_StringToULongLong and RM_CreateStringFromULongLong
* Add RM_SetClientNameById and RM_GetClientNameById
Changes in CLI tools
==========
* Add missing cluster-port support to redis-cli --cluster
Other General Improvements
=============
* Account sharded pubsub channels memory consumption
* Allow ECHO in loading and stale modes
* Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
commands when the node only has some of the keys
Bug Fixes
====
* TLS: Notify clients on connection shutdown
* Fsync directory while persisting AOF manifest, RDB file, and config file
* Script that made modification will not break with unexpected NOREPLICAS error
* Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
after a replica reboots
* Cluster: Fix crash during handshake and cluster shards call
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* TLS: Fix issues with large replies
* Correctly report the startup warning for vm.overcommit_memory
* redis-server command line allow passing config name and value in the
same argument
* Support --save command line argument with no value for backwards compatibility
* Fix CLUSTER RESET command regression requiring an argument
========================================
Redis 7.0.2 Released Sunday Jun 12 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Bug Fixes
====
* Fixed SET and BITFIELD commands being wrongly marked movablekeys
Regression in 7.0 possibly resulting in excessive roundtrip from
cluster clients.
* Fix crash when /proc/sys/vm/overcommit_memory is inaccessible
Regression in 7.0.1 resulting in crash on startup on some configurations.
========================================
Redis 7.0.1 Released Wed Jun 8 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains some behavior changes for new 7.0 features and important
fixes for bugs in previous 7.0 releases.
Improvements
======
* Add warning for suspected slow system clocksource setting
Add --check-system command line option.
* Allow read-only scripts (*_RO commands, and ones with `no-writes` flag)
during CLIENT PAUSE WRITE
* Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO
* redis-server command line arguments now accept one string with spaces
for multi-arg configs
Potentially Breaking Changes
==============
* Omitting a config option value in command line argument no longer works
* Hide the `may_replicate` flag from the COMMAND command response
Potentially Breaking Changes for new Redis 7.0 features
-------------------------------------------------------
* Protocol: Sharded pubsub publish emits `smessage` instead of `message`
* CLUSTER SHARDS returns slots as RESP integers, not strings
* Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes)
* Scripts that declare the `no-writes` flag are implicitly `allow-oom` too
Changes in CLI tools
==========
* redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C
Platform / toolchain support related improvements
========================
* Support tcp-keepalive config interval on MacOs
* Support RSS metrics on Haiku OS
INFO fields and introspection changes
==================
* Add isolated network metrics for replication.
Module API changes
=========
* Add two more new checks to RM_Call script mode
* Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands
* Add module API RM_MallocUsableSize
* Add missing REDISMODULE_NOTIFY_NEW
* Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements
* Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug
* Fix bugs in enum configs with overlapping bit flags
Bug Fixes
====
* FLUSHALL correctly resets rdb_changes_since_last_save INFO field
* FLUSHDB is now propagated to replicas / AOF, even if the db is empty
* Replica fail and retry the PSYNC if the master is unresponsive
* Fix ZRANGESTORE crash when zset_max_listpack_entries is 0
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* CONFIG REWRITE could cause a config change to be dropped for aliased configs
* CONFIG REWRITE would omit rename-command and include lines
NOTE: Affected users who used Redis 7.0.0 to rewrite their configuration file
should review and fix the file.
* Fix broken protocol after MISCONF (persistence) error
* Fix --save command line regression
* Fix possible regression around TLS config changes. re-load files even if the
file name didn't change.
* Re-add SENTINEL SLAVES command, missing in redis 7.0
* BZMPOP gets unblocked by non-key args and returns them
* Fix possible memory leak in XADD and XTRIM
========================================
Redis 7.0.0 GA Released Wed Apr 27 12:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav].
* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
New Features
======
* Keyspace event for new keys
Command replies that have been extended
---------------------------------------
* COMMAND DOCS shows deprecated_since field in command args
* COMMAND DOCS shows module name where applicable
Potentially Breaking Changes
==============
* Replicas panic when they fail writing persistence
* Prevent cross slot operations in functions and scripts with shebang
* Rephrased some error responses about invalid commands or args
* Lua scripts do not have access to the print() function
Performance and resource utilization improvements
========================
* Speed optimization in streams
* Speed optimization in command execution pipeline
* Speed optimization in listpack encoded sorted
* Speed optimization in latency tracking at INFO (relevant for 7.0 RCs)
* Speed optimization when there are many replicas (relevant for 7.0 RCs)
New configuration options
============
* Allow ignoring disk persistence errors on replicas
* Allow abort with panic when replica fails to execute a command sent
by the master
* Allow configuring shutdown flags of SIGTERM and SIGINT
* Allow attaching an operating system-specific identifier to Redis sockets
Module API changes
=========
* Add argument specifying ACL reason for module log entry
Breaking API compatibility with 7.0 RCs
* Add the deprecated_since field in command args of COMMAND DOCS
Breaking API/ABI compatibility with 7.0 RCs
* Add module API flag for using enum configs as bit flags
* Add RM_PublishMessageShard
* Add RM_MallocSizeString, RM_MallocSizeDict
* Add RM_TryAlloc
Bug Fixes
====
* Replica report disk persistence errors in PING
* Fixes around rejecting commands on replicas and AOF when they must
be respected
* Durability fixes for appendfsync=always policy
Fixes for issues in previous release candidates of Redis 7.0
------------------------------------------------------------
* Fix possible crash on CONFIG REWRITE
* Fix regression not aborting transaction on errors
* Fix auto-aof-rewrite-percentage based AOFRW trigger after restart
* Fix bugs when AOF enabled after startup, in case of failure before
the first rewrite completes
* Fix RM_Yield module API bug processing future commands of the current client
To generate a diff of this commit:
cvs rdiff -u -r1.73 -r1.74 pkgsrc/databases/redis/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/databases/redis/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/databases/redis/patches/patch-src_Makefile
diffstat:
databases/redis/Makefile | 4 ++--
databases/redis/distinfo | 10 +++++-----
databases/redis/patches/patch-src_Makefile | 12 ++++++------
3 files changed, 13 insertions(+), 13 deletions(-)
diffs (68 lines):
diff -r 3afc14c36e0a -r 4228c3a7eaf2 databases/redis/Makefile
--- a/databases/redis/Makefile Sat Nov 26 17:01:44 2022 +0000
+++ b/databases/redis/Makefile Sat Nov 26 17:28:11 2022 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.73 2022/05/13 11:24:27 wiz Exp $
+# $NetBSD: Makefile,v 1.73.4.1 2022/11/26 17:28:11 spz Exp $
-DISTNAME= redis-6.2.7
+DISTNAME= redis-7.0.5
CATEGORIES= databases
MASTER_SITES= http://download.redis.io/releases/
diff -r 3afc14c36e0a -r 4228c3a7eaf2 databases/redis/distinfo
--- a/databases/redis/distinfo Sat Nov 26 17:01:44 2022 +0000
+++ b/databases/redis/distinfo Sat Nov 26 17:28:11 2022 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.66 2022/05/13 11:24:27 wiz Exp $
+$NetBSD: distinfo,v 1.66.4.1 2022/11/26 17:28:11 spz Exp $
-BLAKE2s (redis-6.2.7.tar.gz) = 07fed6643f55bce72e5b2ca80d6f0aeaad287c1cca56db9a065d941de7563310
-SHA512 (redis-6.2.7.tar.gz) = d113094b8e31754915db7f0317d9b7969e034af3a7bac2ae0cbfad6cc61ba3aae35e9709c435abc1024a96f914df7a760b3cd18d06c375b541cfa837d1c5b953
-Size (redis-6.2.7.tar.gz) = 2487287 bytes
+BLAKE2s (redis-7.0.5.tar.gz) = c0e5e176bf68251483c633f7759fbd12be30a1f23f9aae3ee44f1c17562016e3
+SHA512 (redis-7.0.5.tar.gz) = 16ff920cb8df4d82e78ef34209285024aa98189be8acbca86b10fb3064dcc70eac60206aadece6af08406860ed01a004ce3aaa86be896ea36c7f486686646753
+Size (redis-7.0.5.tar.gz) = 2968205 bytes
SHA1 (patch-redis.conf) = ee657a9d82711263ceb0fb8f7d8059ed23528fe9
-SHA1 (patch-src_Makefile) = 0b6f68bbb2cbf9aad655611bdd9aee8f3ed4e850
+SHA1 (patch-src_Makefile) = 2c23fb065e827e0cb25fdfba1bc1976db03dc789
SHA1 (patch-src_hyperloglog.c) = e9bdd3c630024a6fbe02c2c1d85e26131ad938cf
SHA1 (patch-src_object.c) = 30ffaec9c7e6135e3a5576cd1a35d7bcec668299
diff -r 3afc14c36e0a -r 4228c3a7eaf2 databases/redis/patches/patch-src_Makefile
--- a/databases/redis/patches/patch-src_Makefile Sat Nov 26 17:01:44 2022 +0000
+++ b/databases/redis/patches/patch-src_Makefile Sat Nov 26 17:28:11 2022 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-src_Makefile,v 1.5 2021/10/04 18:55:36 adam Exp $
+$NetBSD: patch-src_Makefile,v 1.5.8.1 2022/11/26 17:28:11 spz Exp $
Add DESTDIR support.
Fix NetBSD support.
---- src/Makefile.orig 2021-10-04 10:59:40.000000000 +0000
+--- src/Makefile.orig 2022-09-21 19:42:01.000000000 +0000
+++ src/Makefile
-@@ -45,8 +45,8 @@ else
+@@ -47,8 +47,8 @@ else
endif
PREFIX?=/usr/local
@@ -15,8 +15,8 @@
+INSTALL=$(BSD_INSTALL_PROGRAM)
PKG_CONFIG?=pkg-config
- # Default allocator defaults to Jemalloc if it's not an ARM
-@@ -151,6 +151,10 @@ ifeq ($(uname_S),NetBSD)
+ ifndef PYTHON
+@@ -178,6 +178,10 @@ ifeq ($(uname_S),NetBSD)
FINAL_LIBS+= -lexecinfo
endif
else
@@ -27,7 +27,7 @@
ifeq ($(uname_S),FreeBSD)
# FreeBSD
FINAL_LIBS+= -lpthread -lexecinfo
-@@ -186,6 +190,7 @@ endif
+@@ -213,6 +217,7 @@ endif
endif
endif
endif
Home |
Main Index |
Thread Index |
Old Index