diff --git a/.gitignore b/.gitignore index dd92461..7aae023 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/redis-7.0.12.tar.gz +SOURCES/redis-7.2.6.tar.gz SOURCES/redis-doc-c7880ba.tar.gz diff --git a/.redis.metadata b/.redis.metadata index 53343a8..0429d9a 100644 --- a/.redis.metadata +++ b/.redis.metadata @@ -1,2 +1,2 @@ -cd8190d9289d46be2b3a30dda14ffba8a92abbc8 SOURCES/redis-7.0.12.tar.gz +0d9d539a8cb4239843d97835465c733035950c85 SOURCES/redis-7.2.6.tar.gz b2c7f2bee8e40fc6bd5385c25429fa537e2751c5 SOURCES/redis-doc-c7880ba.tar.gz diff --git a/SOURCES/0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch b/SOURCES/0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch deleted file mode 100644 index a6479b8..0000000 --- a/SOURCES/0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch +++ /dev/null @@ -1,33 +0,0 @@ -From bbace21828d7e82f1c481f0e1caece31b661cbd9 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Mon, 5 Dec 2022 11:10:37 +0100 -Subject: [PATCH 2/2] deps/jemalloc: Do not force building in gnu99 mode -Content-type: text/plain - -The jemalloc configure logic switches to gnu11 mode if available, -and this explicit flags injection prevents that. The main difference -seems to be that in gnu99 mode, is presumed to be -unavailable and is not used. - -Submitted upstream: - ---- - deps/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/deps/Makefile b/deps/Makefile -index 8592e17..d6cb06e 100644 ---- a/deps/Makefile -+++ b/deps/Makefile -@@ -90,7 +90,7 @@ lua: .make-prerequisites - - .PHONY: lua - --JEMALLOC_CFLAGS= -std=gnu99 -Wall -pipe -g3 -O3 -funroll-loops $(CFLAGS) -+JEMALLOC_CFLAGS= -Wall -pipe -g3 -O3 -funroll-loops $(CFLAGS) - JEMALLOC_LDFLAGS= $(LDFLAGS) - - ifneq ($(DEB_HOST_GNU_TYPE),) --- -2.38.1 - diff --git a/SOURCES/redis-CVE-2023-41056.patch b/SOURCES/redis-CVE-2023-41056.patch deleted file mode 100644 index a8cc6a4..0000000 --- a/SOURCES/redis-CVE-2023-41056.patch +++ /dev/null @@ -1,54 +0,0 @@ -From e351099e1119fb89496be578f5232c61ce300224 Mon Sep 17 00:00:00 2001 -From: Oran Agra -Date: Sun, 7 Jan 2024 12:32:44 +0200 -Subject: [PATCH] Fix possible corruption in sdsResize (CVE-2023-41056) - -#11766 introduced a bug in sdsResize where it could forget to update -the sds type in the sds header and then cause an overflow in sdsalloc. -it looks like the only implication of that is a possible assertion in HLL, -but it's hard to rule out possible heap corruption issues with clientsCronResizeQueryBuffer ---- - src/sds.c | 30 ++++++++++++++++-------------- - 1 file changed, 16 insertions(+), 14 deletions(-) - -diff --git a/src/sds.c b/src/sds.c -index 8e5863a3ab8e..71490d5b2522 100644 ---- a/src/sds.c -+++ b/src/sds.c -@@ -348,20 +348,22 @@ sds sdsResize(sds s, size_t size, int would_regrow) { - * type. */ - int use_realloc = (oldtype==type || (type < oldtype && type > SDS_TYPE_8)); - size_t newlen = use_realloc ? oldhdrlen+size+1 : hdrlen+size+1; -- int alloc_already_optimal = 0; -- #if defined(USE_JEMALLOC) -- /* je_nallocx returns the expected allocation size for the newlen. -- * We aim to avoid calling realloc() when using Jemalloc if there is no -- * change in the allocation size, as it incurs a cost even if the -- * allocation size stays the same. */ -- alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh)); -- #endif -- -- if (use_realloc && !alloc_already_optimal) { -- newsh = s_realloc(sh, newlen); -- if (newsh == NULL) return NULL; -- s = (char*)newsh+oldhdrlen; -- } else if (!alloc_already_optimal) { -+ -+ if (use_realloc) { -+ int alloc_already_optimal = 0; -+ #if defined(USE_JEMALLOC) -+ /* je_nallocx returns the expected allocation size for the newlen. -+ * We aim to avoid calling realloc() when using Jemalloc if there is no -+ * change in the allocation size, as it incurs a cost even if the -+ * allocation size stays the same. */ -+ alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh)); -+ #endif -+ if (!alloc_already_optimal) { -+ newsh = s_realloc(sh, newlen); -+ if (newsh == NULL) return NULL; -+ s = (char*)newsh+oldhdrlen; -+ } -+ } else { - newsh = s_malloc(newlen); - if (newsh == NULL) return NULL; - memcpy((char*)newsh+hdrlen, s, len); diff --git a/SPECS/redis.spec b/SPECS/redis.spec index 63bef2b..0e1503d 100644 --- a/SPECS/redis.spec +++ b/SPECS/redis.spec @@ -1,3 +1,4 @@ +# RHEL spec file for redis, from # # Fedora spec file for redis # @@ -22,13 +23,14 @@ %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) Name: redis -Version: 7.0.12 -Release: 2%{?dist} +Version: 7.2.6 +Release: 1%{?dist} Summary: A persistent key-value database # redis, hiredis: BSD-3-Clause # hdrhistogram, jemalloc, lzf, linenoise: BSD-2-Clause # lua: MIT -License: BSD-3-Clause AND BSD-2-Clause AND MIT +# fpconv: BSL-1.0 +License: BSD-3-Clause AND BSD-2-Clause AND MIT AND BSL-1.0 URL: https://redis.io Source0: https://download.redis.io/releases/%{name}-%{version}.tar.gz Source1: %{name}.logrotate @@ -46,10 +48,6 @@ Source10: https://github.com/%{name}/%{name}-doc/archive/%{doc_commit}/ # Update configuration for Fedora # https://github.com/redis/redis/pull/3491 - man pages Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch -Patch0002: 0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch - -# Security patches -Patch100: redis-CVE-2023-41056.patch BuildRequires: make BuildRequires: gcc @@ -69,16 +67,19 @@ Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # from deps/hiredis/hiredis.h -Provides: bundled(hiredis) = 0.14.0 +Provides: bundled(hiredis) = 1.2.0 # from deps/jemalloc/VERSION -Provides: bundled(jemalloc) = 5.2.1 +Provides: bundled(jemalloc) = 5.3.0 # from deps/lua/src/lua.h Provides: bundled(lua-libs) = 5.1.5 # from deps/linenoise/linenoise.h Provides: bundled(linenoise) = 1.0 -Provides: bundled(lzf) +# from src/lzf.h +Provides: bundled(lzf) = 1.5 # from deps/hdr_histogram/README.md Provides: bundled(hdr_histogram) = 0.11.0 +# no version +Provides: bundled(fpconv) %global redis_modules_abi 1 %global redis_modules_dir %{_libdir}/%{name}/modules @@ -133,17 +134,15 @@ administration and development. %prep %setup -q -b 10 -%setup -q mv ../%{name}-doc-%{doc_commit} doc %patch -P0001 -p1 -%patch -P0002 -p1 -%patch -P100 -p1 -mv deps/lua/COPYRIGHT COPYRIGHT-lua -mv deps/jemalloc/COPYING COPYING-jemalloc -mv deps/hiredis/COPYING COPYING-hiredis +mv deps/lua/COPYRIGHT COPYRIGHT-lua +mv deps/jemalloc/COPYING COPYING-jemalloc +mv deps/hiredis/COPYING COPYING-hiredis mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram +mv deps/fpconv/LICENSE.txt LICENSE-fpconv # Configuration file changes sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf @@ -270,6 +269,7 @@ fi %license COPYING-hiredis %license LICENSE-hdrhistogram %license COPYING-hdrhistogram +%license LICENSE-fpconv %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %attr(0750, redis, root) %dir %{_sysconfdir}/%{name} %attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf @@ -306,9 +306,8 @@ fi %changelog -* Tue Feb 6 2024 Remi Collet - 7.0.12-2 -- Heap Buffer Overflow may lead to potential remote code execution - CVE-2023-41056 +* Tue Oct 29 2024 Remi Collet - 7.2.6-1 +- rebase to 7.2.6 RHEL-26628 * Tue Jul 11 2023 Remi Collet - 7.0.12-1 - rebase to 7.0.12 #2221899