From 65888ed61cbf3b7dd337eded114ae123a5bce070 Mon Sep 17 00:00:00 2001 From: danj Date: Thu, 28 Apr 2022 03:02:36 +0000 Subject: [PATCH] Update to redis-6.2.7 This fixes: (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. This issue affects all versions of Redis. (CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. ok tb --- databases/redis/Makefile | 2 +- databases/redis/distinfo | 4 ++-- databases/redis/patches/patch-redis_conf | 14 +++++++------- databases/redis/patches/patch-src_Makefile | 8 ++++---- databases/redis/patches/patch-src_server_h | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/databases/redis/Makefile b/databases/redis/Makefile index dfaa7fbe34f..05588ecfe7d 100644 --- a/databases/redis/Makefile +++ b/databases/redis/Makefile @@ -1,6 +1,6 @@ COMMENT = persistent key-value database -DISTNAME = redis-6.2.6 +DISTNAME = redis-6.2.7 CATEGORIES = databases HOMEPAGE = https://redis.io/ diff --git a/databases/redis/distinfo b/databases/redis/distinfo index c938d318893..e12dac9672f 100644 --- a/databases/redis/distinfo +++ b/databases/redis/distinfo @@ -1,2 +1,2 @@ -SHA256 (redis-6.2.6.tar.gz) = WyuLelARHvOVvxwdW+EebhZ6wBgSUFXaqLXCMXrhMas= -SIZE (redis-6.2.6.tar.gz) = 2476542 +SHA256 (redis-6.2.7.tar.gz) = t6ecw7RtPG61L6N93jSkpggkB569+zq/u/oDWUfFUxk= +SIZE (redis-6.2.7.tar.gz) = 2487287 diff --git a/databases/redis/patches/patch-redis_conf b/databases/redis/patches/patch-redis_conf index b05c6825fd5..3d80bb91e13 100644 --- a/databases/redis/patches/patch-redis_conf +++ b/databases/redis/patches/patch-redis_conf @@ -18,7 +18,7 @@ Index: redis.conf # Close the connection after a client is idle for N seconds (0 to disable) timeout 0 -@@ -182,6 +182,7 @@ tcp-keepalive 300 +@@ -184,6 +184,7 @@ tcp-keepalive 300 # of these, and will not implicitly use the system wide configuration. # # tls-ca-cert-file ca.crt @@ -26,7 +26,7 @@ Index: redis.conf # tls-ca-cert-dir /etc/ssl/certs # By default, clients (including replica servers) on a TLS port are required -@@ -215,14 +216,14 @@ tcp-keepalive 300 +@@ -217,14 +218,14 @@ tcp-keepalive 300 # # tls-protocols "TLSv1.2 TLSv1.3" @@ -43,7 +43,7 @@ Index: redis.conf # information about the syntax of this string, and specifically for TLSv1.3 # ciphersuites. # -@@ -252,9 +253,9 @@ tcp-keepalive 300 +@@ -254,9 +255,9 @@ tcp-keepalive 300 ################################# GENERAL ##################################### # By default Redis does not run as a daemon. Use 'yes' if you need it. @@ -55,7 +55,7 @@ Index: redis.conf # If you run Redis from upstart or systemd, Redis can interact with your # supervision tree. Options: -@@ -279,14 +280,14 @@ daemonize no +@@ -281,14 +282,14 @@ daemonize no # # When the server runs non daemonized, no pid file is created if none is # specified in the configuration. When the server is daemonized, the pid file @@ -72,7 +72,7 @@ Index: redis.conf # Specify the server verbosity level. # This can be one of: -@@ -299,17 +300,18 @@ loglevel notice +@@ -301,17 +302,18 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # Redis to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null @@ -96,7 +96,7 @@ Index: redis.conf # To disable the built in crash log, which will possibly produce cleaner core # dumps when they are needed, uncomment the following: -@@ -451,7 +453,7 @@ rdb-del-sync-files no +@@ -453,7 +455,7 @@ rdb-del-sync-files no # The Append Only File will also be created inside this directory. # # Note that you must specify a directory here, not a file name. @@ -105,7 +105,7 @@ Index: redis.conf ################################# REPLICATION ################################# -@@ -963,6 +965,7 @@ acllog-max-len 128 +@@ -965,6 +967,7 @@ acllog-max-len 128 # limit accordingly in case of very large clusters. # # maxclients 10000 diff --git a/databases/redis/patches/patch-src_Makefile b/databases/redis/patches/patch-src_Makefile index f0f957b76c2..96b97d283b6 100644 --- a/databases/redis/patches/patch-src_Makefile +++ b/databases/redis/patches/patch-src_Makefile @@ -5,7 +5,7 @@ Changes in this file: Index: src/Makefile --- src/Makefile.orig +++ src/Makefile -@@ -64,7 +64,7 @@ ifneq (,$(filter aarch64 armv,$(uname_M))) +@@ -66,7 +66,7 @@ ifneq (,$(filter aarch64 armv,$(uname_M))) CFLAGS+=-funwind-tables else ifneq (,$(findstring armv,$(uname_M))) @@ -14,7 +14,7 @@ Index: src/Makefile endif endif -@@ -95,7 +95,7 @@ DEBUG=-g -ggdb +@@ -97,7 +97,7 @@ DEBUG=-g -ggdb # Linux ARM32 needs -latomic at linking time ifneq (,$(findstring armv,$(uname_M))) @@ -23,7 +23,7 @@ Index: src/Makefile endif ifeq ($(uname_S),SunOS) -@@ -388,7 +388,7 @@ distclean: clean +@@ -390,7 +390,7 @@ distclean: clean .PHONY: distclean test: $(REDIS_SERVER_NAME) $(REDIS_CHECK_AOF_NAME) $(REDIS_CLI_NAME) $(REDIS_BENCHMARK_NAME) @@ -32,7 +32,7 @@ Index: src/Makefile test-modules: $(REDIS_SERVER_NAME) @(cd ..; ./runtest-moduleapi) -@@ -431,7 +431,7 @@ src/help.h: +@@ -433,7 +433,7 @@ src/help.h: @../utils/generate-command-help.rb > help.h install: all diff --git a/databases/redis/patches/patch-src_server_h b/databases/redis/patches/patch-src_server_h index 94d2740981a..bb73c505cd9 100644 --- a/databases/redis/patches/patch-src_server_h +++ b/databases/redis/patches/patch-src_server_h @@ -1,7 +1,7 @@ Index: src/server.h --- src/server.h.orig +++ src/server.h -@@ -107,7 +107,7 @@ typedef long long ustime_t; /* microsecond time type. +@@ -108,7 +108,7 @@ typedef long long ustime_t; /* microsecond time type. #define RDB_EOF_MARK_SIZE 40 #define CONFIG_REPL_BACKLOG_MIN_SIZE (1024*16) /* 16k */ #define CONFIG_BGSAVE_RETRY_DELAY 5 /* Wait a few secs before trying again. */