This fixes:
(CVE-2022-24736) An attacker attempting to load a specially crafted
Lua script can cause NULL pointer dereference which will result with
a crash of the redis-server process. This issue affects all versions
of Redis.
(CVE-2022-24735) By exploiting weaknesses in the Lua script
execution environment, an attacker with access to Redis can inject
Lua code that will execute with the (potentially higher) privileges
of another Redis user.
ok tb
The Redis port was hacked up to make use of Lua 5.1 from ports. This is a
bad idea since there are known Redis exploits coming from bytecode in Lua.
The Lua bundled by Redis has this neutered. In addition, this allows us to
get rid of some atrocious hackery which will be a major headache when
upstream will update its bundled Lua.
ok sthen
In Redis 2.8.12, this patch was needed due to TCP_KEEPIDLE.
Since Redis 4.0.1, the code is guarded by #if defined(__GLIBC__) && ...
so adding && !defined(__OpenBSD__) doesn't make a difference.
Redis 6.2 includes many new commands and improvements, but no big features. It
mainly makes Redis more complete and addresses issues that have been requested
by many users frequently or for a long time.
https://github.com/redis/redis/blob/6.2/00-RELEASENOTES
This version includes a security fix for ILP32 arches (CVE-2021-21309)
If you used Redis on some Big Endian Arch (like sparc64) with
previous 6.0.x versions, you should really have a look at
https://github.com/redis/redis/pull/8270 to "consider the
compatibility implications with RESTORE, replication and
persistence".
Tests pass on amd64 and sparc64 (with the usual occasional replica
hiccup on sparc64).
Positive feedback from Mark Patruck.
Help from, and ok tb@
The incorrect assumption in zmalloc_usable_size() was corrected upstream,
so we can get rid of the local patch. Add a new patch for a long long
time_t format string, with a tweak from jca.
ok danj
Changelog: https://github.com/redis/redis/blob/6.0.9/00-RELEASENOTES
ok rsadowski
Upgrade urgency HIGH: Anyone who's using Redis 6.0.7 with Sentinel or
CONFIG REWRITE command is affected and should upgrade ASAP, see #7760.
[https://github.com/redis/redis/issues/7760]
Bug fixes:
* CONFIG REWRITE after setting oom-score-adj-values either via CONFIG SET or
loading it from a config file, will generate a corrupt config file that will
cause Redis to fail to start
* Fix issue with redis-cli --pipe on MacOS
* Fix RESP3 response for HKEYS/HVALS on non-existing key
* Various small bug fixes
Full release notes:
https://github.com/redis/redis/blob/6.0.8/00-RELEASENOTES
Upgrade urgency for both 6.0.6 and 6.0.7 is MODERATE, see changelog for
details. Notably, the fix for the sentinel crash was merged upstream.
https://raw.githubusercontent.com/antirez/redis/6.0/00-RELEASENOTES
There is another test that occasionally fails since 6.0.6:
[err]: Piping raw protocol in tests/integration/redis-cli.tcl
Tested on amd64 and macppc, build tested with clang and egcc on sparc64.
Thanks to danj for testing and okaying 6.0.6.
ok sthen
The Redis sentinel would crash with a segfault after a few minutes because
it tried to read from a page without read permissions. Check up front
whether the sds is long enough to contain redis:slave or redis:master
before memcmp() as is done everywhere else in sentinelRefreshInstanceInfo().
From Nam Nguyen
of memory leaks. Add a patch for a time_t truncation issue on
architectures with 32 bit longs. The update results in one test
failure showing much more often on sparc64:
*** [err]: pending querybuf: check size of pending_querybuf after set a big value in tests/unit/pendingquerybuf.tcl
the used_memory of replica is much larger than master. Master:35666976 Replica:69051032
Tests by Uwe Werler.
ok kn, "move forward" danj
Release notes:
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Users should have no problem migrating from 4.0 to 5.0.
Backward incompatible changes are listed at the end of the release notes:
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Tested by cwen, danj, kmos, sthen and myself on amd64, arm64, armv7 (4.0
was broken, 5.0 is still broken), i386, macppc, and sparc64 (tests get
flakier with this update). Many thanks to kmos for his efforts.
Help with the initial patch from mikeb. Signed char fix from cwen;
config file consolidation by danj; Makefile tweaks from sthen.
ok danj kmos sthen
Drop -funwind-tables which leads to undefined references to libunwind
symbols. This seems to be needed by the libunwind support in jemalloc,
which we do not use.
Reported (and fixed differently) by Markus Hennecke, ok sthen@ kn@, maintainer timeout
