Received: by mail.netbsd.org (Postfix, from userid 605) id 23D2984E7B; Mon, 4 Oct 2021 18:55:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6002384D55 for ; Mon, 4 Oct 2021 18:55:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id XmSi7-ap6QEp for ; Mon, 4 Oct 2021 18:55:36 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 8692284C71 for ; Mon, 4 Oct 2021 18:55:36 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 7F8D3FA97; Mon, 4 Oct 2021 18:55:36 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1633373736166020" MIME-Version: 1.0 Date: Mon, 4 Oct 2021 18:55:36 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/databases/redis To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20211004185536.7F8D3FA97@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1633373736166020 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: adam Date: Mon Oct 4 18:55:36 UTC 2021 Modified Files: pkgsrc/databases/redis: Makefile distinfo pkgsrc/databases/redis/patches: patch-src_Makefile Log Message: redis: updated to 6.2.6 Redis 6.2.6 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2021-41099) Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value [reported by yiyuaner]. * (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms [reported by Microsoft Vulnerability Research]. * (CVE-2021-32687) Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value [reported by Pawel Wieczorkiewicz, AWS]. * (CVE-2021-32675) Denial Of Service when processing RESP request payloads with a large number of elements on many connections. * (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by Meir Shpilraien]. * (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value [reported by sundb]. * (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit [reported by sundb]. * (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer overflow [reported by Meir Shpilraien]. Bug fixes that involve behavior changes: * GEO* STORE with empty source key deletes the destination key and return 0 Previously it would have returned an empty array like the non-STORE variant. * PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions This actually changed in 6.2.0 but was overlooked and omitted from the release notes. Bug fixes that are only applicable to previous releases of Redis 6.2: * Fix CLIENT PAUSE, used an old timeout from previous PAUSE * Fix CLIENT PAUSE in a replica would mess the replication offset * Add some missing error statistics in INFO errorstats Other bug fixes: * Fix incorrect reply of COMMAND command key positions for MIGRATE command * Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) * Fix the wrong mis-detection of sync_file_range system call, affecting performance CLI tools: * When redis-cli received ASK response, it didn't handle it Improvements: * Add latency monitor sample when key is deleted via lazy expire * Sanitize corrupt payload improvements * Delete empty keys when loading RDB file or handling a RESTORE command To generate a diff of this commit: cvs rdiff -u -r1.71 -r1.72 pkgsrc/databases/redis/Makefile cvs rdiff -u -r1.62 -r1.63 pkgsrc/databases/redis/distinfo cvs rdiff -u -r1.4 -r1.5 pkgsrc/databases/redis/patches/patch-src_Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1633373736166020 Content-Disposition: inline Content-Length: 3378 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/databases/redis/Makefile diff -u pkgsrc/databases/redis/Makefile:1.71 pkgsrc/databases/redis/Makefile:1.72 --- pkgsrc/databases/redis/Makefile:1.71 Thu Jul 22 09:56:54 2021 +++ pkgsrc/databases/redis/Makefile Mon Oct 4 18:55:36 2021 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.71 2021/07/22 09:56:54 adam Exp $ +# $NetBSD: Makefile,v 1.72 2021/10/04 18:55:36 adam Exp $ -DISTNAME= redis-6.2.5 +DISTNAME= redis-6.2.6 CATEGORIES= databases MASTER_SITES= http://download.redis.io/releases/ Index: pkgsrc/databases/redis/distinfo diff -u pkgsrc/databases/redis/distinfo:1.62 pkgsrc/databases/redis/distinfo:1.63 --- pkgsrc/databases/redis/distinfo:1.62 Thu Jul 22 09:56:54 2021 +++ pkgsrc/databases/redis/distinfo Mon Oct 4 18:55:36 2021 @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.62 2021/07/22 09:56:54 adam Exp $ +$NetBSD: distinfo,v 1.63 2021/10/04 18:55:36 adam Exp $ -SHA1 (redis-6.2.5.tar.gz) = b675f5e883f095c2081f605e3ca31a6d5832383c -RMD160 (redis-6.2.5.tar.gz) = 1c0d20f2c57d2cb0918e58b36a584ecaa3d8d9b0 -SHA512 (redis-6.2.5.tar.gz) = 8c54451032cbb627ec2827251556cba2010e56544baca7ea117b5afd2c2add484acbedd3baf21bdb8fd10672602cf52294a4e26b135c1406d7a723c048275e3a -Size (redis-6.2.5.tar.gz) = 2465302 bytes +SHA1 (redis-6.2.6.tar.gz) = e9fb68dfcee194b438bd0af6e4cbc277a2a425e2 +RMD160 (redis-6.2.6.tar.gz) = 98607041365692d7feb19bf861b4bb32e799047e +SHA512 (redis-6.2.6.tar.gz) = 9b947d26fd9e208627ed22d318ab3d0775ab0be46d98db1c1d158feac671b984e75ce33e647d196face9643f80768af47e678be1b4e1ddd3eb56dff467c46022 +Size (redis-6.2.6.tar.gz) = 2476542 bytes SHA1 (patch-redis.conf) = ee657a9d82711263ceb0fb8f7d8059ed23528fe9 -SHA1 (patch-src_Makefile) = b74e1575d423b9a4d09b6b5e3eeb355d79c27855 +SHA1 (patch-src_Makefile) = 0b6f68bbb2cbf9aad655611bdd9aee8f3ed4e850 SHA1 (patch-src_hyperloglog.c) = e9bdd3c630024a6fbe02c2c1d85e26131ad938cf SHA1 (patch-src_object.c) = 30ffaec9c7e6135e3a5576cd1a35d7bcec668299 Index: pkgsrc/databases/redis/patches/patch-src_Makefile diff -u pkgsrc/databases/redis/patches/patch-src_Makefile:1.4 pkgsrc/databases/redis/patches/patch-src_Makefile:1.5 --- pkgsrc/databases/redis/patches/patch-src_Makefile:1.4 Mon Mar 1 13:19:19 2021 +++ pkgsrc/databases/redis/patches/patch-src_Makefile Mon Oct 4 18:55:36 2021 @@ -1,11 +1,11 @@ -$NetBSD: patch-src_Makefile,v 1.4 2021/03/01 13:19:19 adam Exp $ +$NetBSD: patch-src_Makefile,v 1.5 2021/10/04 18:55:36 adam Exp $ Add DESTDIR support. Fix NetBSD support. ---- src/Makefile.orig 2021-02-22 21:23:58.000000000 +0000 +--- src/Makefile.orig 2021-10-04 10:59:40.000000000 +0000 +++ src/Makefile -@@ -40,8 +40,8 @@ else +@@ -45,8 +45,8 @@ else endif PREFIX?=/usr/local @@ -16,7 +16,7 @@ Fix NetBSD support. PKG_CONFIG?=pkg-config # Default allocator defaults to Jemalloc if it's not an ARM -@@ -152,6 +152,10 @@ ifeq ($(uname_S),NetBSD) +@@ -151,6 +151,10 @@ ifeq ($(uname_S),NetBSD) FINAL_LIBS+= -lexecinfo endif else @@ -27,11 +27,11 @@ Fix NetBSD support. ifeq ($(uname_S),FreeBSD) # FreeBSD FINAL_LIBS+= -lpthread -lexecinfo -@@ -187,6 +191,7 @@ endif +@@ -186,6 +190,7 @@ endif endif endif endif +endif - # Include paths to dependencies - FINAL_CFLAGS+= -I../deps/hiredis -I../deps/linenoise -I../deps/lua/src -I../deps/hdr_histogram + ifdef OPENSSL_PREFIX + OPENSSL_CFLAGS=-I$(OPENSSL_PREFIX)/include --_----------=_1633373736166020--