Remove dofile() from Redis Lua scripting, because it allows an

attacker to enumerate filesystem contents. See:
http://blog.liftsecurity.io/post/35714931664/filesystem-enumeration-using-redis-and-lua

While here, fix a pasto in redis.conf: "syslog-enabled no" where
"syslog-enabled yes" was intended.

databases/redis/Makefile

@@ -1,7 +1,8 @@
-# $OpenBSD: Makefile,v 1.42 2012/11/23 08:29:42 dcoppa Exp $
+# $OpenBSD: Makefile,v 1.43 2012/11/26 15:24:13 dcoppa Exp $
 
 COMMENT =		persistent key-value database
 DISTNAME =		redis-2.6.5
+REVISION =		0
 CATEGORIES =		databases
 HOMEPAGE =		http://redis.io/
 

databases/redis/patches/patch-redis_conf

@@ -1,4 +1,4 @@
-$OpenBSD: patch-redis_conf,v 1.5 2012/10/23 10:41:23 dcoppa Exp $
+$OpenBSD: patch-redis_conf,v 1.6 2012/11/26 15:24:13 dcoppa Exp $
 --- redis.conf.orig	Mon Oct 22 23:27:18 2012
 +++ redis.conf	Tue Oct 23 10:44:49 2012
 @@ -13,12 +13,13 @@
@@ -39,7 +39,7 @@ $OpenBSD: patch-redis_conf,v 1.5 2012/10/23 10:41:23 dcoppa Exp $
  # To enable logging to the system logger, just set 'syslog-enabled' to yes,
  # and optionally update the other syslog parameters to suit your needs.
 -# syslog-enabled no
-+syslog-enabled no
++syslog-enabled yes
  
  # Specify the syslog identity.
 -# syslog-ident redis

databases/redis/patches/patch-src_scripting_c

@@ -0,0 +1,17 @@
+$OpenBSD: patch-src_scripting_c,v 1.1 2012/11/26 15:24:13 dcoppa Exp $
+
+Remove dofile() from Redis Lua scripting, because it allows an
+attacker to enumerate filesystem contents. See:
+http://blog.liftsecurity.io/post/35714931664/filesystem-enumeration-using-redis-and-lua
+
+--- src/scripting.c.orig	Mon Nov 26 16:45:10 2012
++++ src/scripting.c	Mon Nov 26 16:46:01 2012
+@@ -480,6 +480,8 @@ void luaLoadLibraries(lua_State *lua) {
+ void luaRemoveUnsupportedFunctions(lua_State *lua) {
+     lua_pushnil(lua);
+     lua_setglobal(lua,"loadfile");
++    lua_pushnil(lua);
++    lua_setglobal(lua,"dofile");
+ }
+ 
+ /* This function installs metamethods in the global table _G that prevent