Compare commits

...

2 Commits

Author SHA1 Message Date
CentOS Sources a48937d889 import redis-6.2.7-1.module+el8.7.0+15197+cc495aeb 2022-11-08 14:58:29 +00:00
CentOS Sources 1b73a5a44c import redis-6.0.9-5.module+el8.4.0+12929+1bb0d2aa 2021-10-20 12:48:28 +00:00
6 changed files with 64 additions and 111 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/redis-6.0.9.tar.gz
SOURCES/redis-6.2.7.tar.gz
SOURCES/redis-doc-8d4bf9b.tar.gz

View File

@ -1,2 +1,2 @@
416ab41ac74be959ad4192462eecaa8ba9a6d3b7 SOURCES/redis-6.0.9.tar.gz
b01ef3f117c9815dea41bf2609e489a03c3a5ab1 SOURCES/redis-6.2.7.tar.gz
45ec7c3b4a034891252507febace7e25ee64b4d9 SOURCES/redis-doc-8d4bf9b.tar.gz

View File

@ -1,29 +0,0 @@
From 79ed52edf84676786e5817cddb8914c5925144c7 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Fri, 9 Sep 2016 17:23:27 +0200
Subject: [PATCH 2/3] install redis-check-rdb as a symlink instead of
duplicating the binary
---
src/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
index 2a68649..585c95b 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -307,9 +307,9 @@ install: all
$(REDIS_INSTALL) $(REDIS_SERVER_NAME) $(INSTALL_BIN)
$(REDIS_INSTALL) $(REDIS_BENCHMARK_NAME) $(INSTALL_BIN)
$(REDIS_INSTALL) $(REDIS_CLI_NAME) $(INSTALL_BIN)
- $(REDIS_INSTALL) $(REDIS_CHECK_RDB_NAME) $(INSTALL_BIN)
- $(REDIS_INSTALL) $(REDIS_CHECK_AOF_NAME) $(INSTALL_BIN)
@ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_SENTINEL_NAME)
+ @ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_CHECK_RDB_NAME)
+ @ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_CHECK_AOF_NAME)
uninstall:
rm -f $(INSTALL_BIN)/{$(REDIS_SERVER_NAME),$(REDIS_BENCHMARK_NAME),$(REDIS_CLI_NAME),$(REDIS_CHECK_RDB_NAME),$(REDIS_CHECK_AOF_NAME),$(REDIS_SENTINEL_NAME)}
--
2.24.1

View File

@ -1,27 +0,0 @@
From 394614a5f91d88380f480c4610926a865b5b0f16 Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Mon, 3 May 2021 08:32:31 +0300
Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477)
An integer overflow bug in Redis version 6.0 or newer could be exploited using
the STRALGO LCS command to corrupt the heap and potentially result with remote
code execution.
(cherry picked from commit f0c5f920d0f88bd8aa376a2c05af4902789d1ef9)
---
src/t_string.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/t_string.c b/src/t_string.c
index 4886f7e44388..5310a297db16 100644
--- a/src/t_string.c
+++ b/src/t_string.c
@@ -576,7 +576,7 @@ void stralgoLCS(client *c) {
/* Setup an uint32_t array to store at LCS[i,j] the length of the
* LCS A0..i-1, B0..j-1. Note that we have a linear array here, so
* we index it as LCS[j+(blen+1)*j] */
- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t));
+ uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
#define LCS(A,B) lcs[(B)+((A)*(blen+1))]
/* Start building the LCS table. */

View File

@ -7,9 +7,10 @@ Revert: 90555566ed5cbd3e1c3df1293ba3bbf6098e34c3
See discussion about this breaking change in
https://github.com/redis/redis/issues/8051
--- redis-6.0.9/src/config.c 2020-10-27 08:12:01.000000000 +0100
+++ redis-6.0.8/src/config.c 2020-09-10 13:09:00.000000000 +0200
@@ -1568,62 +1568,60 @@
diff -up ./src/config.c.rev ./src/config.c
--- ./src/config.c.rev 2022-05-09 14:48:31.118296748 +0200
+++ ./src/config.c 2022-05-09 14:48:41.571163767 +0200
@@ -1605,62 +1605,60 @@ void rewriteConfigRemoveOrphaned(struct
dictReleaseIterator(di);
}
@ -41,39 +42,6 @@ https://github.com/redis/redis/issues/8051
- serverLog(LL_WARNING, "Config file full path is too long");
- errno = ENAMETOOLONG;
- return retval;
- }
-
-#ifdef _GNU_SOURCE
- fd = mkostemp(tmp_conffile, O_CLOEXEC);
-#else
- /* There's a theoretical chance here to leak the FD if a module thread forks & execv in the middle */
- fd = mkstemp(tmp_conffile);
-#endif
-
- if (fd == -1) {
- serverLog(LL_WARNING, "Could not create tmp config file (%s)", strerror(errno));
- return retval;
- }
-
- while (offset < sdslen(content)) {
- written_bytes = write(fd, content + offset, sdslen(content) - offset);
- if (written_bytes <= 0) {
- if (errno == EINTR) continue; /* FD is blocking, no other retryable errors */
- serverLog(LL_WARNING, "Failed after writing (%zd) bytes to tmp config file (%s)", offset, strerror(errno));
- goto cleanup;
- }
- offset+=written_bytes;
- }
-
- if (fsync(fd))
- serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno));
- else if (fchmod(fd, 0644) == -1)
- serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno));
- else if (rename(tmp_conffile, configfile) == -1)
- serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno));
- else {
- retval = 0;
- serverLog(LL_DEBUG, "Rewritten config file (%s) successfully", configfile);
+ int retval = 0;
+ int fd = open(configfile,O_RDWR|O_CREAT,0644);
+ int content_size = sdslen(content), padding = 0;
@ -86,8 +54,18 @@ https://github.com/redis/redis/issues/8051
+ if (fstat(fd,&sb) == -1) {
+ close(fd);
+ return -1; /* errno set by fstat(). */
+ }
+
}
-#ifdef _GNU_SOURCE
- fd = mkostemp(tmp_conffile, O_CLOEXEC);
-#else
- /* There's a theoretical chance here to leak the FD if a module thread forks & execv in the middle */
- fd = mkstemp(tmp_conffile);
-#endif
-
- if (fd == -1) {
- serverLog(LL_WARNING, "Could not create tmp config file (%s)", strerror(errno));
- return retval;
+ /* 2) Pad the content at least match the old file size. */
+ content_padded = sdsdup(content);
+ if (content_size < sb.st_size) {
@ -97,20 +75,38 @@ https://github.com/redis/redis/issues/8051
+ content_padded = sdsgrowzero(content_padded,sb.st_size);
+ content_padded[content_size] = '\n';
+ memset(content_padded+content_size+1,'#',padding-1);
+ }
+
}
- while (offset < sdslen(content)) {
- written_bytes = write(fd, content + offset, sdslen(content) - offset);
- if (written_bytes <= 0) {
- if (errno == EINTR) continue; /* FD is blocking, no other retryable errors */
- serverLog(LL_WARNING, "Failed after writing (%zd) bytes to tmp config file (%s)", offset, strerror(errno));
- goto cleanup;
- }
- offset+=written_bytes;
+ /* 3) Write the new content using a single write(2). */
+ if (write(fd,content_padded,strlen(content_padded)) == -1) {
+ retval = -1;
+ goto cleanup;
+ }
+
}
- if (fsync(fd))
- serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno));
- else if (fchmod(fd, 0644 & ~server.umask) == -1)
- serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno));
- else if (rename(tmp_conffile, configfile) == -1)
- serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno));
- else {
- retval = 0;
- serverLog(LL_DEBUG, "Rewritten config file (%s) successfully", configfile);
- }
+ /* 4) Truncate the file to the right length if we used padding. */
+ if (padding) {
+ if (ftruncate(fd,content_size) == -1) {
+ /* Non critical error... */
+ }
}
+ }
cleanup:
+ sdsfree(content_padded);
@ -119,4 +115,3 @@ https://github.com/redis/redis/issues/8051
return retval;
}

View File

@ -19,8 +19,8 @@
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
Name: redis
Version: 6.0.9
Release: 3%{?dist}
Version: 6.2.7
Release: 1%{?dist}
Summary: A persistent key-value database
# redis, jemalloc, linenoise, lzf, hiredis are BSD
# lua is MIT
@ -46,13 +46,10 @@ Source10: https://github.com/antirez/%{name}-doc/archive/%{doc_commit}/
# Update configuration for Fedora
# https://github.com/antirez/redis/pull/3491 - man pages
Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch
# https://github.com/antirez/redis/pull/3494 - symlink
Patch0002: 0002-install-redis-check-rdb-as-a-symlink-instead-of-dupl.patch
# revert BC break
Patch0003: redis-config.patch
# Security patches
Patch100: redis-CVE-2021-26477.patch
BuildRequires: gcc
%if %{with tests}
@ -70,7 +67,7 @@ Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# from deps/hiredis/hiredis.h
Provides: bundled(hiredis) = 0.14.0
Provides: bundled(hiredis) = 1.0.0
# from deps/jemalloc/VERSION
Provides: bundled(jemalloc) = 5.1.0
# from deps/lua/src/lua.h
@ -135,9 +132,7 @@ administration and development.
%setup -q
mv ../%{name}-doc-%{doc_commit} doc
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
%patch100 -p1 -b .cve29477
%patch0003 -p1 -b .rev
mv deps/lua/COPYRIGHT COPYRIGHT-lua
mv deps/jemalloc/COPYING COPYING-jemalloc
@ -286,6 +281,25 @@ exit 0
%changelog
* Mon May 9 2022 Remi Collet <rcollet@redhat.com> - 6.2.7-1
- rebase to 6.2.7 #1999873
* Mon Oct 11 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-5
- fix denial of service via Redis Standard Protocol (RESP) request
CVE-2021-32675
* Fri Oct 8 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-4
- fix lua scripts can overflow the heap-based Lua stack
CVE-2021-32626
- fix integer overflow issue with Streams
CVE-2021-32627
- fix integer overflow bug in the ziplist data structure
CVE-2021-32628
- fix integer overflow issue with intsets
CVE-2021-32687
- fix integer overflow issue with strings
CVE-2021-41099
* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3
- fix integer overflow via STRALGO LCS command
CVE-2021-29477