Compare commits
No commits in common. "c8-stream-6" and "imports/c8-stream-6/redis-6.0.9-3.module+el8.4.0+10984+ed187465" have entirely different histories.
c8-stream-
...
imports/c8
|
@ -1,2 +1,2 @@
|
||||||
SOURCES/redis-6.2.7.tar.gz
|
SOURCES/redis-6.0.9.tar.gz
|
||||||
SOURCES/redis-doc-8d4bf9b.tar.gz
|
SOURCES/redis-doc-8d4bf9b.tar.gz
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
b01ef3f117c9815dea41bf2609e489a03c3a5ab1 SOURCES/redis-6.2.7.tar.gz
|
416ab41ac74be959ad4192462eecaa8ba9a6d3b7 SOURCES/redis-6.0.9.tar.gz
|
||||||
45ec7c3b4a034891252507febace7e25ee64b4d9 SOURCES/redis-doc-8d4bf9b.tar.gz
|
45ec7c3b4a034891252507febace7e25ee64b4d9 SOURCES/redis-doc-8d4bf9b.tar.gz
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
From 79ed52edf84676786e5817cddb8914c5925144c7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Remi Collet <fedora@famillecollet.com>
|
||||||
|
Date: Fri, 9 Sep 2016 17:23:27 +0200
|
||||||
|
Subject: [PATCH 2/3] install redis-check-rdb as a symlink instead of
|
||||||
|
duplicating the binary
|
||||||
|
|
||||||
|
---
|
||||||
|
src/Makefile | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/Makefile b/src/Makefile
|
||||||
|
index 2a68649..585c95b 100644
|
||||||
|
--- a/src/Makefile
|
||||||
|
+++ b/src/Makefile
|
||||||
|
@@ -307,9 +307,9 @@ install: all
|
||||||
|
$(REDIS_INSTALL) $(REDIS_SERVER_NAME) $(INSTALL_BIN)
|
||||||
|
$(REDIS_INSTALL) $(REDIS_BENCHMARK_NAME) $(INSTALL_BIN)
|
||||||
|
$(REDIS_INSTALL) $(REDIS_CLI_NAME) $(INSTALL_BIN)
|
||||||
|
- $(REDIS_INSTALL) $(REDIS_CHECK_RDB_NAME) $(INSTALL_BIN)
|
||||||
|
- $(REDIS_INSTALL) $(REDIS_CHECK_AOF_NAME) $(INSTALL_BIN)
|
||||||
|
@ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_SENTINEL_NAME)
|
||||||
|
+ @ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_CHECK_RDB_NAME)
|
||||||
|
+ @ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_CHECK_AOF_NAME)
|
||||||
|
|
||||||
|
uninstall:
|
||||||
|
rm -f $(INSTALL_BIN)/{$(REDIS_SERVER_NAME),$(REDIS_BENCHMARK_NAME),$(REDIS_CLI_NAME),$(REDIS_CHECK_RDB_NAME),$(REDIS_CHECK_AOF_NAME),$(REDIS_SENTINEL_NAME)}
|
||||||
|
--
|
||||||
|
2.24.1
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
From 394614a5f91d88380f480c4610926a865b5b0f16 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Oran Agra <oran@redislabs.com>
|
||||||
|
Date: Mon, 3 May 2021 08:32:31 +0300
|
||||||
|
Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477)
|
||||||
|
|
||||||
|
An integer overflow bug in Redis version 6.0 or newer could be exploited using
|
||||||
|
the STRALGO LCS command to corrupt the heap and potentially result with remote
|
||||||
|
code execution.
|
||||||
|
|
||||||
|
(cherry picked from commit f0c5f920d0f88bd8aa376a2c05af4902789d1ef9)
|
||||||
|
---
|
||||||
|
src/t_string.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/t_string.c b/src/t_string.c
|
||||||
|
index 4886f7e44388..5310a297db16 100644
|
||||||
|
--- a/src/t_string.c
|
||||||
|
+++ b/src/t_string.c
|
||||||
|
@@ -576,7 +576,7 @@ void stralgoLCS(client *c) {
|
||||||
|
/* Setup an uint32_t array to store at LCS[i,j] the length of the
|
||||||
|
* LCS A0..i-1, B0..j-1. Note that we have a linear array here, so
|
||||||
|
* we index it as LCS[j+(blen+1)*j] */
|
||||||
|
- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t));
|
||||||
|
+ uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
|
||||||
|
#define LCS(A,B) lcs[(B)+((A)*(blen+1))]
|
||||||
|
|
||||||
|
/* Start building the LCS table. */
|
|
@ -7,10 +7,9 @@ Revert: 90555566ed5cbd3e1c3df1293ba3bbf6098e34c3
|
||||||
See discussion about this breaking change in
|
See discussion about this breaking change in
|
||||||
https://github.com/redis/redis/issues/8051
|
https://github.com/redis/redis/issues/8051
|
||||||
|
|
||||||
diff -up ./src/config.c.rev ./src/config.c
|
--- redis-6.0.9/src/config.c 2020-10-27 08:12:01.000000000 +0100
|
||||||
--- ./src/config.c.rev 2022-05-09 14:48:31.118296748 +0200
|
+++ redis-6.0.8/src/config.c 2020-09-10 13:09:00.000000000 +0200
|
||||||
+++ ./src/config.c 2022-05-09 14:48:41.571163767 +0200
|
@@ -1568,62 +1568,60 @@
|
||||||
@@ -1605,62 +1605,60 @@ void rewriteConfigRemoveOrphaned(struct
|
|
||||||
dictReleaseIterator(di);
|
dictReleaseIterator(di);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -42,6 +41,39 @@ diff -up ./src/config.c.rev ./src/config.c
|
||||||
- serverLog(LL_WARNING, "Config file full path is too long");
|
- serverLog(LL_WARNING, "Config file full path is too long");
|
||||||
- errno = ENAMETOOLONG;
|
- errno = ENAMETOOLONG;
|
||||||
- return retval;
|
- return retval;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
-#ifdef _GNU_SOURCE
|
||||||
|
- fd = mkostemp(tmp_conffile, O_CLOEXEC);
|
||||||
|
-#else
|
||||||
|
- /* There's a theoretical chance here to leak the FD if a module thread forks & execv in the middle */
|
||||||
|
- fd = mkstemp(tmp_conffile);
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
- if (fd == -1) {
|
||||||
|
- serverLog(LL_WARNING, "Could not create tmp config file (%s)", strerror(errno));
|
||||||
|
- return retval;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- while (offset < sdslen(content)) {
|
||||||
|
- written_bytes = write(fd, content + offset, sdslen(content) - offset);
|
||||||
|
- if (written_bytes <= 0) {
|
||||||
|
- if (errno == EINTR) continue; /* FD is blocking, no other retryable errors */
|
||||||
|
- serverLog(LL_WARNING, "Failed after writing (%zd) bytes to tmp config file (%s)", offset, strerror(errno));
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
- offset+=written_bytes;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (fsync(fd))
|
||||||
|
- serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno));
|
||||||
|
- else if (fchmod(fd, 0644) == -1)
|
||||||
|
- serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno));
|
||||||
|
- else if (rename(tmp_conffile, configfile) == -1)
|
||||||
|
- serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno));
|
||||||
|
- else {
|
||||||
|
- retval = 0;
|
||||||
|
- serverLog(LL_DEBUG, "Rewritten config file (%s) successfully", configfile);
|
||||||
+ int retval = 0;
|
+ int retval = 0;
|
||||||
+ int fd = open(configfile,O_RDWR|O_CREAT,0644);
|
+ int fd = open(configfile,O_RDWR|O_CREAT,0644);
|
||||||
+ int content_size = sdslen(content), padding = 0;
|
+ int content_size = sdslen(content), padding = 0;
|
||||||
|
@ -54,18 +86,8 @@ diff -up ./src/config.c.rev ./src/config.c
|
||||||
+ if (fstat(fd,&sb) == -1) {
|
+ if (fstat(fd,&sb) == -1) {
|
||||||
+ close(fd);
|
+ close(fd);
|
||||||
+ return -1; /* errno set by fstat(). */
|
+ return -1; /* errno set by fstat(). */
|
||||||
}
|
+ }
|
||||||
|
+
|
||||||
-#ifdef _GNU_SOURCE
|
|
||||||
- fd = mkostemp(tmp_conffile, O_CLOEXEC);
|
|
||||||
-#else
|
|
||||||
- /* There's a theoretical chance here to leak the FD if a module thread forks & execv in the middle */
|
|
||||||
- fd = mkstemp(tmp_conffile);
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
- if (fd == -1) {
|
|
||||||
- serverLog(LL_WARNING, "Could not create tmp config file (%s)", strerror(errno));
|
|
||||||
- return retval;
|
|
||||||
+ /* 2) Pad the content at least match the old file size. */
|
+ /* 2) Pad the content at least match the old file size. */
|
||||||
+ content_padded = sdsdup(content);
|
+ content_padded = sdsdup(content);
|
||||||
+ if (content_size < sb.st_size) {
|
+ if (content_size < sb.st_size) {
|
||||||
|
@ -75,38 +97,20 @@ diff -up ./src/config.c.rev ./src/config.c
|
||||||
+ content_padded = sdsgrowzero(content_padded,sb.st_size);
|
+ content_padded = sdsgrowzero(content_padded,sb.st_size);
|
||||||
+ content_padded[content_size] = '\n';
|
+ content_padded[content_size] = '\n';
|
||||||
+ memset(content_padded+content_size+1,'#',padding-1);
|
+ memset(content_padded+content_size+1,'#',padding-1);
|
||||||
}
|
+ }
|
||||||
|
+
|
||||||
- while (offset < sdslen(content)) {
|
|
||||||
- written_bytes = write(fd, content + offset, sdslen(content) - offset);
|
|
||||||
- if (written_bytes <= 0) {
|
|
||||||
- if (errno == EINTR) continue; /* FD is blocking, no other retryable errors */
|
|
||||||
- serverLog(LL_WARNING, "Failed after writing (%zd) bytes to tmp config file (%s)", offset, strerror(errno));
|
|
||||||
- goto cleanup;
|
|
||||||
- }
|
|
||||||
- offset+=written_bytes;
|
|
||||||
+ /* 3) Write the new content using a single write(2). */
|
+ /* 3) Write the new content using a single write(2). */
|
||||||
+ if (write(fd,content_padded,strlen(content_padded)) == -1) {
|
+ if (write(fd,content_padded,strlen(content_padded)) == -1) {
|
||||||
+ retval = -1;
|
+ retval = -1;
|
||||||
+ goto cleanup;
|
+ goto cleanup;
|
||||||
}
|
+ }
|
||||||
|
+
|
||||||
- if (fsync(fd))
|
|
||||||
- serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno));
|
|
||||||
- else if (fchmod(fd, 0644 & ~server.umask) == -1)
|
|
||||||
- serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno));
|
|
||||||
- else if (rename(tmp_conffile, configfile) == -1)
|
|
||||||
- serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno));
|
|
||||||
- else {
|
|
||||||
- retval = 0;
|
|
||||||
- serverLog(LL_DEBUG, "Rewritten config file (%s) successfully", configfile);
|
|
||||||
- }
|
|
||||||
+ /* 4) Truncate the file to the right length if we used padding. */
|
+ /* 4) Truncate the file to the right length if we used padding. */
|
||||||
+ if (padding) {
|
+ if (padding) {
|
||||||
+ if (ftruncate(fd,content_size) == -1) {
|
+ if (ftruncate(fd,content_size) == -1) {
|
||||||
+ /* Non critical error... */
|
+ /* Non critical error... */
|
||||||
+ }
|
+ }
|
||||||
+ }
|
}
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
+ sdsfree(content_padded);
|
+ sdsfree(content_padded);
|
||||||
|
@ -115,3 +119,4 @@ diff -up ./src/config.c.rev ./src/config.c
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -19,8 +19,8 @@
|
||||||
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
|
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
|
||||||
|
|
||||||
Name: redis
|
Name: redis
|
||||||
Version: 6.2.7
|
Version: 6.0.9
|
||||||
Release: 1%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: A persistent key-value database
|
Summary: A persistent key-value database
|
||||||
# redis, jemalloc, linenoise, lzf, hiredis are BSD
|
# redis, jemalloc, linenoise, lzf, hiredis are BSD
|
||||||
# lua is MIT
|
# lua is MIT
|
||||||
|
@ -46,10 +46,13 @@ Source10: https://github.com/antirez/%{name}-doc/archive/%{doc_commit}/
|
||||||
# Update configuration for Fedora
|
# Update configuration for Fedora
|
||||||
# https://github.com/antirez/redis/pull/3491 - man pages
|
# https://github.com/antirez/redis/pull/3491 - man pages
|
||||||
Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch
|
Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch
|
||||||
|
# https://github.com/antirez/redis/pull/3494 - symlink
|
||||||
|
Patch0002: 0002-install-redis-check-rdb-as-a-symlink-instead-of-dupl.patch
|
||||||
# revert BC break
|
# revert BC break
|
||||||
Patch0003: redis-config.patch
|
Patch0003: redis-config.patch
|
||||||
|
|
||||||
# Security patches
|
# Security patches
|
||||||
|
Patch100: redis-CVE-2021-26477.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
%if %{with tests}
|
%if %{with tests}
|
||||||
|
@ -67,7 +70,7 @@ Requires(post): systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
# from deps/hiredis/hiredis.h
|
# from deps/hiredis/hiredis.h
|
||||||
Provides: bundled(hiredis) = 1.0.0
|
Provides: bundled(hiredis) = 0.14.0
|
||||||
# from deps/jemalloc/VERSION
|
# from deps/jemalloc/VERSION
|
||||||
Provides: bundled(jemalloc) = 5.1.0
|
Provides: bundled(jemalloc) = 5.1.0
|
||||||
# from deps/lua/src/lua.h
|
# from deps/lua/src/lua.h
|
||||||
|
@ -132,7 +135,9 @@ administration and development.
|
||||||
%setup -q
|
%setup -q
|
||||||
mv ../%{name}-doc-%{doc_commit} doc
|
mv ../%{name}-doc-%{doc_commit} doc
|
||||||
%patch0001 -p1
|
%patch0001 -p1
|
||||||
%patch0003 -p1 -b .rev
|
%patch0002 -p1
|
||||||
|
%patch0003 -p1
|
||||||
|
%patch100 -p1 -b .cve29477
|
||||||
|
|
||||||
mv deps/lua/COPYRIGHT COPYRIGHT-lua
|
mv deps/lua/COPYRIGHT COPYRIGHT-lua
|
||||||
mv deps/jemalloc/COPYING COPYING-jemalloc
|
mv deps/jemalloc/COPYING COPYING-jemalloc
|
||||||
|
@ -281,25 +286,6 @@ exit 0
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon May 9 2022 Remi Collet <rcollet@redhat.com> - 6.2.7-1
|
|
||||||
- rebase to 6.2.7 #1999873
|
|
||||||
|
|
||||||
* Mon Oct 11 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-5
|
|
||||||
- fix denial of service via Redis Standard Protocol (RESP) request
|
|
||||||
CVE-2021-32675
|
|
||||||
|
|
||||||
* Fri Oct 8 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-4
|
|
||||||
- fix lua scripts can overflow the heap-based Lua stack
|
|
||||||
CVE-2021-32626
|
|
||||||
- fix integer overflow issue with Streams
|
|
||||||
CVE-2021-32627
|
|
||||||
- fix integer overflow bug in the ziplist data structure
|
|
||||||
CVE-2021-32628
|
|
||||||
- fix integer overflow issue with intsets
|
|
||||||
CVE-2021-32687
|
|
||||||
- fix integer overflow issue with strings
|
|
||||||
CVE-2021-41099
|
|
||||||
|
|
||||||
* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3
|
* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3
|
||||||
- fix integer overflow via STRALGO LCS command
|
- fix integer overflow via STRALGO LCS command
|
||||||
CVE-2021-29477
|
CVE-2021-29477
|
||||||
|
|
Loading…
Reference in New Issue