Compare commits
2 Commits
imports/c8
...
c8-stream-
Author | SHA1 | Date | |
---|---|---|---|
|
a48937d889 | ||
|
1b73a5a44c |
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/redis-6.0.9.tar.gz
|
||||
SOURCES/redis-6.2.7.tar.gz
|
||||
SOURCES/redis-doc-8d4bf9b.tar.gz
|
||||
|
@ -1,2 +1,2 @@
|
||||
416ab41ac74be959ad4192462eecaa8ba9a6d3b7 SOURCES/redis-6.0.9.tar.gz
|
||||
b01ef3f117c9815dea41bf2609e489a03c3a5ab1 SOURCES/redis-6.2.7.tar.gz
|
||||
45ec7c3b4a034891252507febace7e25ee64b4d9 SOURCES/redis-doc-8d4bf9b.tar.gz
|
||||
|
@ -1,29 +0,0 @@
|
||||
From 79ed52edf84676786e5817cddb8914c5925144c7 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <fedora@famillecollet.com>
|
||||
Date: Fri, 9 Sep 2016 17:23:27 +0200
|
||||
Subject: [PATCH 2/3] install redis-check-rdb as a symlink instead of
|
||||
duplicating the binary
|
||||
|
||||
---
|
||||
src/Makefile | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
index 2a68649..585c95b 100644
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -307,9 +307,9 @@ install: all
|
||||
$(REDIS_INSTALL) $(REDIS_SERVER_NAME) $(INSTALL_BIN)
|
||||
$(REDIS_INSTALL) $(REDIS_BENCHMARK_NAME) $(INSTALL_BIN)
|
||||
$(REDIS_INSTALL) $(REDIS_CLI_NAME) $(INSTALL_BIN)
|
||||
- $(REDIS_INSTALL) $(REDIS_CHECK_RDB_NAME) $(INSTALL_BIN)
|
||||
- $(REDIS_INSTALL) $(REDIS_CHECK_AOF_NAME) $(INSTALL_BIN)
|
||||
@ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_SENTINEL_NAME)
|
||||
+ @ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_CHECK_RDB_NAME)
|
||||
+ @ln -sf $(REDIS_SERVER_NAME) $(INSTALL_BIN)/$(REDIS_CHECK_AOF_NAME)
|
||||
|
||||
uninstall:
|
||||
rm -f $(INSTALL_BIN)/{$(REDIS_SERVER_NAME),$(REDIS_BENCHMARK_NAME),$(REDIS_CLI_NAME),$(REDIS_CHECK_RDB_NAME),$(REDIS_CHECK_AOF_NAME),$(REDIS_SENTINEL_NAME)}
|
||||
--
|
||||
2.24.1
|
||||
|
@ -1,27 +0,0 @@
|
||||
From 394614a5f91d88380f480c4610926a865b5b0f16 Mon Sep 17 00:00:00 2001
|
||||
From: Oran Agra <oran@redislabs.com>
|
||||
Date: Mon, 3 May 2021 08:32:31 +0300
|
||||
Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477)
|
||||
|
||||
An integer overflow bug in Redis version 6.0 or newer could be exploited using
|
||||
the STRALGO LCS command to corrupt the heap and potentially result with remote
|
||||
code execution.
|
||||
|
||||
(cherry picked from commit f0c5f920d0f88bd8aa376a2c05af4902789d1ef9)
|
||||
---
|
||||
src/t_string.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/t_string.c b/src/t_string.c
|
||||
index 4886f7e44388..5310a297db16 100644
|
||||
--- a/src/t_string.c
|
||||
+++ b/src/t_string.c
|
||||
@@ -576,7 +576,7 @@ void stralgoLCS(client *c) {
|
||||
/* Setup an uint32_t array to store at LCS[i,j] the length of the
|
||||
* LCS A0..i-1, B0..j-1. Note that we have a linear array here, so
|
||||
* we index it as LCS[j+(blen+1)*j] */
|
||||
- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t));
|
||||
+ uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
|
||||
#define LCS(A,B) lcs[(B)+((A)*(blen+1))]
|
||||
|
||||
/* Start building the LCS table. */
|
@ -7,9 +7,10 @@ Revert: 90555566ed5cbd3e1c3df1293ba3bbf6098e34c3
|
||||
See discussion about this breaking change in
|
||||
https://github.com/redis/redis/issues/8051
|
||||
|
||||
--- redis-6.0.9/src/config.c 2020-10-27 08:12:01.000000000 +0100
|
||||
+++ redis-6.0.8/src/config.c 2020-09-10 13:09:00.000000000 +0200
|
||||
@@ -1568,62 +1568,60 @@
|
||||
diff -up ./src/config.c.rev ./src/config.c
|
||||
--- ./src/config.c.rev 2022-05-09 14:48:31.118296748 +0200
|
||||
+++ ./src/config.c 2022-05-09 14:48:41.571163767 +0200
|
||||
@@ -1605,62 +1605,60 @@ void rewriteConfigRemoveOrphaned(struct
|
||||
dictReleaseIterator(di);
|
||||
}
|
||||
|
||||
@ -41,39 +42,6 @@ https://github.com/redis/redis/issues/8051
|
||||
- serverLog(LL_WARNING, "Config file full path is too long");
|
||||
- errno = ENAMETOOLONG;
|
||||
- return retval;
|
||||
- }
|
||||
-
|
||||
-#ifdef _GNU_SOURCE
|
||||
- fd = mkostemp(tmp_conffile, O_CLOEXEC);
|
||||
-#else
|
||||
- /* There's a theoretical chance here to leak the FD if a module thread forks & execv in the middle */
|
||||
- fd = mkstemp(tmp_conffile);
|
||||
-#endif
|
||||
-
|
||||
- if (fd == -1) {
|
||||
- serverLog(LL_WARNING, "Could not create tmp config file (%s)", strerror(errno));
|
||||
- return retval;
|
||||
- }
|
||||
-
|
||||
- while (offset < sdslen(content)) {
|
||||
- written_bytes = write(fd, content + offset, sdslen(content) - offset);
|
||||
- if (written_bytes <= 0) {
|
||||
- if (errno == EINTR) continue; /* FD is blocking, no other retryable errors */
|
||||
- serverLog(LL_WARNING, "Failed after writing (%zd) bytes to tmp config file (%s)", offset, strerror(errno));
|
||||
- goto cleanup;
|
||||
- }
|
||||
- offset+=written_bytes;
|
||||
- }
|
||||
-
|
||||
- if (fsync(fd))
|
||||
- serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno));
|
||||
- else if (fchmod(fd, 0644) == -1)
|
||||
- serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno));
|
||||
- else if (rename(tmp_conffile, configfile) == -1)
|
||||
- serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno));
|
||||
- else {
|
||||
- retval = 0;
|
||||
- serverLog(LL_DEBUG, "Rewritten config file (%s) successfully", configfile);
|
||||
+ int retval = 0;
|
||||
+ int fd = open(configfile,O_RDWR|O_CREAT,0644);
|
||||
+ int content_size = sdslen(content), padding = 0;
|
||||
@ -86,8 +54,18 @@ https://github.com/redis/redis/issues/8051
|
||||
+ if (fstat(fd,&sb) == -1) {
|
||||
+ close(fd);
|
||||
+ return -1; /* errno set by fstat(). */
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
-#ifdef _GNU_SOURCE
|
||||
- fd = mkostemp(tmp_conffile, O_CLOEXEC);
|
||||
-#else
|
||||
- /* There's a theoretical chance here to leak the FD if a module thread forks & execv in the middle */
|
||||
- fd = mkstemp(tmp_conffile);
|
||||
-#endif
|
||||
-
|
||||
- if (fd == -1) {
|
||||
- serverLog(LL_WARNING, "Could not create tmp config file (%s)", strerror(errno));
|
||||
- return retval;
|
||||
+ /* 2) Pad the content at least match the old file size. */
|
||||
+ content_padded = sdsdup(content);
|
||||
+ if (content_size < sb.st_size) {
|
||||
@ -97,20 +75,38 @@ https://github.com/redis/redis/issues/8051
|
||||
+ content_padded = sdsgrowzero(content_padded,sb.st_size);
|
||||
+ content_padded[content_size] = '\n';
|
||||
+ memset(content_padded+content_size+1,'#',padding-1);
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
- while (offset < sdslen(content)) {
|
||||
- written_bytes = write(fd, content + offset, sdslen(content) - offset);
|
||||
- if (written_bytes <= 0) {
|
||||
- if (errno == EINTR) continue; /* FD is blocking, no other retryable errors */
|
||||
- serverLog(LL_WARNING, "Failed after writing (%zd) bytes to tmp config file (%s)", offset, strerror(errno));
|
||||
- goto cleanup;
|
||||
- }
|
||||
- offset+=written_bytes;
|
||||
+ /* 3) Write the new content using a single write(2). */
|
||||
+ if (write(fd,content_padded,strlen(content_padded)) == -1) {
|
||||
+ retval = -1;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
- if (fsync(fd))
|
||||
- serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno));
|
||||
- else if (fchmod(fd, 0644 & ~server.umask) == -1)
|
||||
- serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno));
|
||||
- else if (rename(tmp_conffile, configfile) == -1)
|
||||
- serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno));
|
||||
- else {
|
||||
- retval = 0;
|
||||
- serverLog(LL_DEBUG, "Rewritten config file (%s) successfully", configfile);
|
||||
- }
|
||||
+ /* 4) Truncate the file to the right length if we used padding. */
|
||||
+ if (padding) {
|
||||
+ if (ftruncate(fd,content_size) == -1) {
|
||||
+ /* Non critical error... */
|
||||
+ }
|
||||
}
|
||||
+ }
|
||||
|
||||
cleanup:
|
||||
+ sdsfree(content_padded);
|
||||
@ -119,4 +115,3 @@ https://github.com/redis/redis/issues/8051
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
||||
|
@ -19,8 +19,8 @@
|
||||
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
|
||||
|
||||
Name: redis
|
||||
Version: 6.0.9
|
||||
Release: 3%{?dist}
|
||||
Version: 6.2.7
|
||||
Release: 1%{?dist}
|
||||
Summary: A persistent key-value database
|
||||
# redis, jemalloc, linenoise, lzf, hiredis are BSD
|
||||
# lua is MIT
|
||||
@ -46,13 +46,10 @@ Source10: https://github.com/antirez/%{name}-doc/archive/%{doc_commit}/
|
||||
# Update configuration for Fedora
|
||||
# https://github.com/antirez/redis/pull/3491 - man pages
|
||||
Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch
|
||||
# https://github.com/antirez/redis/pull/3494 - symlink
|
||||
Patch0002: 0002-install-redis-check-rdb-as-a-symlink-instead-of-dupl.patch
|
||||
# revert BC break
|
||||
Patch0003: redis-config.patch
|
||||
|
||||
# Security patches
|
||||
Patch100: redis-CVE-2021-26477.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
%if %{with tests}
|
||||
@ -70,7 +67,7 @@ Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
# from deps/hiredis/hiredis.h
|
||||
Provides: bundled(hiredis) = 0.14.0
|
||||
Provides: bundled(hiredis) = 1.0.0
|
||||
# from deps/jemalloc/VERSION
|
||||
Provides: bundled(jemalloc) = 5.1.0
|
||||
# from deps/lua/src/lua.h
|
||||
@ -135,9 +132,7 @@ administration and development.
|
||||
%setup -q
|
||||
mv ../%{name}-doc-%{doc_commit} doc
|
||||
%patch0001 -p1
|
||||
%patch0002 -p1
|
||||
%patch0003 -p1
|
||||
%patch100 -p1 -b .cve29477
|
||||
%patch0003 -p1 -b .rev
|
||||
|
||||
mv deps/lua/COPYRIGHT COPYRIGHT-lua
|
||||
mv deps/jemalloc/COPYING COPYING-jemalloc
|
||||
@ -286,6 +281,25 @@ exit 0
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon May 9 2022 Remi Collet <rcollet@redhat.com> - 6.2.7-1
|
||||
- rebase to 6.2.7 #1999873
|
||||
|
||||
* Mon Oct 11 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-5
|
||||
- fix denial of service via Redis Standard Protocol (RESP) request
|
||||
CVE-2021-32675
|
||||
|
||||
* Fri Oct 8 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-4
|
||||
- fix lua scripts can overflow the heap-based Lua stack
|
||||
CVE-2021-32626
|
||||
- fix integer overflow issue with Streams
|
||||
CVE-2021-32627
|
||||
- fix integer overflow bug in the ziplist data structure
|
||||
CVE-2021-32628
|
||||
- fix integer overflow issue with intsets
|
||||
CVE-2021-32687
|
||||
- fix integer overflow issue with strings
|
||||
CVE-2021-41099
|
||||
|
||||
* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3
|
||||
- fix integer overflow via STRALGO LCS command
|
||||
CVE-2021-29477
|
||||
|
Loading…
Reference in New Issue
Block a user