Bugfix update to redis-2.6.14

2013-07-02 06:03:35 +00:00 · 2013-07-02 06:03:35 +00:00 · 0b59cf12ed
commit 0b59cf12ed
parent 6dee1453d2
3 changed files with 8 additions and 8 deletions
--- a/databases/redis/Makefile
+++ b/databases/redis/Makefile
@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.54 2013/05/16 16:05:49 dcoppa Exp $
+# $OpenBSD: Makefile,v 1.55 2013/07/02 06:03:35 dcoppa Exp $

 COMMENT =		persistent key-value database
-DISTNAME =		redis-2.6.13
+DISTNAME =		redis-2.6.14
 CATEGORIES =		databases
 HOMEPAGE =		http://redis.io/

--- a/databases/redis/distinfo
+++ b/databases/redis/distinfo
@ -1,2 +1,2 @@
-SHA256 (redis-2.6.13.tar.gz) = O5Q5Y2xYyga+5Tig9ymOAqM/z5i4+oRcCwz4VndR6Ug=
-SIZE (redis-2.6.13.tar.gz) = 994331
+SHA256 (redis-2.6.14.tar.gz) = /fYcaT5cSQi0u0TEKNSit1aPBVZsFExY/fGcXLEqnK8=
+SIZE (redis-2.6.14.tar.gz) = 995036
--- a/databases/redis/patches/patch-src_scripting_c
+++ b/databases/redis/patches/patch-src_scripting_c
@ -1,12 +1,12 @@
-$OpenBSD: patch-src_scripting_c,v 1.1 2012/11/26 15:24:13 dcoppa Exp $
+$OpenBSD: patch-src_scripting_c,v 1.2 2013/07/02 06:03:35 dcoppa Exp $

 Remove dofile() from Redis Lua scripting, because it allows an
 attacker to enumerate filesystem contents. See:
 http://blog.liftsecurity.io/post/35714931664/filesystem-enumeration-using-redis-and-lua

--- src/scripting.c.orig	Mon Nov 26 16:45:10 2012
-+++ src/scripting.c	Mon Nov 26 16:46:01 2012
-@@ -480,6 +480,8 @@ void luaLoadLibraries(lua_State *lua) {
+--- src/scripting.c.orig	Thu Jun 20 10:36:40 2013
+++ src/scripting.c	Tue Jul  2 07:37:57 2013
+@@ -481,6 +481,8 @@ void luaLoadLibraries(lua_State *lua) {
 void luaRemoveUnsupportedFunctions(lua_State *lua) {
     lua_pushnil(lua);
     lua_setglobal(lua,"loadfile");