Received: by mail.netbsd.org (Postfix, from userid 605) id 232CB84D55; Sat, 26 Nov 2022 17:28:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 5154D84D4D for ; Sat, 26 Nov 2022 17:28:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id jeZS4nnmbjkQ for ; Sat, 26 Nov 2022 17:28:11 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id C046084D37 for ; Sat, 26 Nov 2022 17:28:11 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id B4DFDFA90; Sat, 26 Nov 2022 17:28:11 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1669483691241550" MIME-Version: 1.0 Date: Sat, 26 Nov 2022 17:28:11 +0000 From: "S.P.Zeidler" Subject: CVS commit: [pkgsrc-2022Q3] pkgsrc/databases/redis To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20221126172811.B4DFDFA90@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1669483691241550 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: spz Date: Sat Nov 26 17:28:11 UTC 2022 Modified Files: pkgsrc/databases/redis [pkgsrc-2022Q3]: Makefile distinfo pkgsrc/databases/redis/patches [pkgsrc-2022Q3]: patch-src_Makefile Log Message: Pullup ticket #6705 - requested by bsiegert databases/redis: security update Revisions pulled up: - databases/redis/Makefile 1.74 - databases/redis/distinfo 1.67 - databases/redis/patches/patch-src_Makefile 1.6 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: adam Date: Tue Nov 22 19:11:11 UTC 2022 Modified Files: pkgsrc/databases/redis: Makefile distinfo pkgsrc/databases/redis/patches: patch-src_Makefile Log Message: redis: updated to 7.0.5 Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022 ======================================== Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer [reported by Xion (SeungHyun Lee) of KAIST GoN]. Module API changes ========= * Fix RM_Call execution of scripts when used with M/W/S flags to properly handle script flags * Fix RM_SetAbsExpire and RM_GetAbsExpire API registration Bug Fixes ==== * Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 * Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover * Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?' * Fix a crash when a Lua script returns a meta-table Fixes for issues in previous releases of Redis 7.0 -------------------------------------------------- * Fix redis-cli to do DNS lookup before sending CLUSTER MEET * Fix crash when a key is lazy expired during cluster key migration * Fix AOF rewrite to fsync the old AOF file when a new one is created * Fix some crashes involving a list containing entries larger than 1GB * Correctly handle scripts with a non-read-only shebang on a cluster replica * Fix memory leak when unloading a module * Fix bug with scripts ignoring client tracking NOLOOP * Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC * Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission * Fix missing sections for INFO ALL when also requesting a module info section ======================================== Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022 ======================================== Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. The problem affects Redis versions 7.0.0 or newer. ======================================== Redis 7.0.3 Released Monday Jul 11 12:00:00 IST 2022 ======================================== Upgrade urgency: MODERATE, specifically if you're using a previous release of Redis 7.0, contains fixes for bugs in previous 7.0 releases. Performance and resource utilization improvements ======================== * Optimize zset conversion on large ZRANGESTORE * Optimize the performance of sending PING on large clusters * Allow for faster restart of Redis in cluster mode INFO fields and introspection changes ================== * Add missing sharded pubsub keychannel count to CLIENT LIST * Add missing pubsubshard_channels field in INFO STATS Module API changes ========= * Add RM_StringToULongLong and RM_CreateStringFromULongLong * Add RM_SetClientNameById and RM_GetClientNameById Changes in CLI tools ========== * Add missing cluster-port support to redis-cli --cluster Other General Improvements ============= * Account sharded pubsub channels memory consumption * Allow ECHO in loading and stale modes * Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key commands when the node only has some of the keys Bug Fixes ==== * TLS: Notify clients on connection shutdown * Fsync directory while persisting AOF manifest, RDB file, and config file * Script that made modification will not break with unexpected NOREPLICAS error * Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER after a replica reboots * Cluster: Fix crash during handshake and cluster shards call Fixes for issues in previous releases of Redis 7.0 -------------------------------------------------- * TLS: Fix issues with large replies * Correctly report the startup warning for vm.overcommit_memory * redis-server command line allow passing config name and value in the same argument * Support --save command line argument with no value for backwards compatibility * Fix CLUSTER RESET command regression requiring an argument ======================================== Redis 7.0.2 Released Sunday Jun 12 12:00:00 IST 2022 ======================================== Upgrade urgency: MODERATE, specifically if you're using a previous release of Redis 7.0, contains fixes for bugs in previous 7.0 releases. Bug Fixes ==== * Fixed SET and BITFIELD commands being wrongly marked movablekeys Regression in 7.0 possibly resulting in excessive roundtrip from cluster clients. * Fix crash when /proc/sys/vm/overcommit_memory is inaccessible Regression in 7.0.1 resulting in crash on startup on some configurations. ======================================== Redis 7.0.1 Released Wed Jun 8 12:00:00 IST 2022 ======================================== Upgrade urgency: MODERATE, specifically if you're using a previous release of Redis 7.0, contains some behavior changes for new 7.0 features and important fixes for bugs in previous 7.0 releases. Improvements ====== * Add warning for suspected slow system clocksource setting Add --check-system command line option. * Allow read-only scripts (*_RO commands, and ones with `no-writes` flag) during CLIENT PAUSE WRITE * Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO * redis-server command line arguments now accept one string with spaces for multi-arg configs Potentially Breaking Changes ============== * Omitting a config option value in command line argument no longer works * Hide the `may_replicate` flag from the COMMAND command response Potentially Breaking Changes for new Redis 7.0 features ------------------------------------------------------- * Protocol: Sharded pubsub publish emits `smessage` instead of `message` * CLUSTER SHARDS returns slots as RESP integers, not strings * Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes) * Scripts that declare the `no-writes` flag are implicitly `allow-oom` too Changes in CLI tools ========== * redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C Platform / toolchain support related improvements ======================== * Support tcp-keepalive config interval on MacOs * Support RSS metrics on Haiku OS INFO fields and introspection changes ================== * Add isolated network metrics for replication. Module API changes ========= * Add two more new checks to RM_Call script mode * Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands * Add module API RM_MallocUsableSize * Add missing REDISMODULE_NOTIFY_NEW * Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements * Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug * Fix bugs in enum configs with overlapping bit flags Bug Fixes ==== * FLUSHALL correctly resets rdb_changes_since_last_save INFO field * FLUSHDB is now propagated to replicas / AOF, even if the db is empty * Replica fail and retry the PSYNC if the master is unresponsive * Fix ZRANGESTORE crash when zset_max_listpack_entries is 0 Fixes for issues in previous releases of Redis 7.0 -------------------------------------------------- * CONFIG REWRITE could cause a config change to be dropped for aliased configs * CONFIG REWRITE would omit rename-command and include lines NOTE: Affected users who used Redis 7.0.0 to rewrite their configuration file should review and fix the file. * Fix broken protocol after MISCONF (persistence) error * Fix --save command line regression * Fix possible regression around TLS config changes. re-load files even if the file name didn't change. * Re-add SENTINEL SLAVES command, missing in redis 7.0 * BZMPOP gets unblocked by non-key args and returns them * Fix possible memory leak in XADD and XTRIM ======================================== Redis 7.0.0 GA Released Wed Apr 27 12:00:00 IST 2022 ======================================== Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. This issue affects all versions of Redis. [reported by Aviv Yahav]. * (CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. [reported by Aviv Yahav]. New Features ====== * Keyspace event for new keys Command replies that have been extended --------------------------------------- * COMMAND DOCS shows deprecated_since field in command args * COMMAND DOCS shows module name where applicable Potentially Breaking Changes ============== * Replicas panic when they fail writing persistence * Prevent cross slot operations in functions and scripts with shebang * Rephrased some error responses about invalid commands or args * Lua scripts do not have access to the print() function Performance and resource utilization improvements ======================== * Speed optimization in streams * Speed optimization in command execution pipeline * Speed optimization in listpack encoded sorted * Speed optimization in latency tracking at INFO (relevant for 7.0 RCs) * Speed optimization when there are many replicas (relevant for 7.0 RCs) New configuration options ============ * Allow ignoring disk persistence errors on replicas * Allow abort with panic when replica fails to execute a command sent by the master * Allow configuring shutdown flags of SIGTERM and SIGINT * Allow attaching an operating system-specific identifier to Redis sockets Module API changes ========= * Add argument specifying ACL reason for module log entry Breaking API compatibility with 7.0 RCs * Add the deprecated_since field in command args of COMMAND DOCS Breaking API/ABI compatibility with 7.0 RCs * Add module API flag for using enum configs as bit flags * Add RM_PublishMessageShard * Add RM_MallocSizeString, RM_MallocSizeDict * Add RM_TryAlloc Bug Fixes ==== * Replica report disk persistence errors in PING * Fixes around rejecting commands on replicas and AOF when they must be respected * Durability fixes for appendfsync=always policy Fixes for issues in previous release candidates of Redis 7.0 ------------------------------------------------------------ * Fix possible crash on CONFIG REWRITE * Fix regression not aborting transaction on errors * Fix auto-aof-rewrite-percentage based AOFRW trigger after restart * Fix bugs when AOF enabled after startup, in case of failure before the first rewrite completes * Fix RM_Yield module API bug processing future commands of the current client To generate a diff of this commit: cvs rdiff -u -r1.73 -r1.74 pkgsrc/databases/redis/Makefile cvs rdiff -u -r1.66 -r1.67 pkgsrc/databases/redis/distinfo cvs rdiff -u -r1.5 -r1.6 pkgsrc/databases/redis/patches/patch-src_Makefile To generate a diff of this commit: cvs rdiff -u -r1.73 -r1.73.4.1 pkgsrc/databases/redis/Makefile cvs rdiff -u -r1.66 -r1.66.4.1 pkgsrc/databases/redis/distinfo cvs rdiff -u -r1.5 -r1.5.8.1 \ pkgsrc/databases/redis/patches/patch-src_Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1669483691241550 Content-Disposition: inline Content-Length: 3141 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/databases/redis/Makefile diff -u pkgsrc/databases/redis/Makefile:1.73 pkgsrc/databases/redis/Makefile:1.73.4.1 --- pkgsrc/databases/redis/Makefile:1.73 Fri May 13 11:24:27 2022 +++ pkgsrc/databases/redis/Makefile Sat Nov 26 17:28:11 2022 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.73 2022/05/13 11:24:27 wiz Exp $ +# $NetBSD: Makefile,v 1.73.4.1 2022/11/26 17:28:11 spz Exp $ -DISTNAME= redis-6.2.7 +DISTNAME= redis-7.0.5 CATEGORIES= databases MASTER_SITES= http://download.redis.io/releases/ Index: pkgsrc/databases/redis/distinfo diff -u pkgsrc/databases/redis/distinfo:1.66 pkgsrc/databases/redis/distinfo:1.66.4.1 --- pkgsrc/databases/redis/distinfo:1.66 Fri May 13 11:24:27 2022 +++ pkgsrc/databases/redis/distinfo Sat Nov 26 17:28:11 2022 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.66 2022/05/13 11:24:27 wiz Exp $ +$NetBSD: distinfo,v 1.66.4.1 2022/11/26 17:28:11 spz Exp $ -BLAKE2s (redis-6.2.7.tar.gz) = 07fed6643f55bce72e5b2ca80d6f0aeaad287c1cca56db9a065d941de7563310 -SHA512 (redis-6.2.7.tar.gz) = d113094b8e31754915db7f0317d9b7969e034af3a7bac2ae0cbfad6cc61ba3aae35e9709c435abc1024a96f914df7a760b3cd18d06c375b541cfa837d1c5b953 -Size (redis-6.2.7.tar.gz) = 2487287 bytes +BLAKE2s (redis-7.0.5.tar.gz) = c0e5e176bf68251483c633f7759fbd12be30a1f23f9aae3ee44f1c17562016e3 +SHA512 (redis-7.0.5.tar.gz) = 16ff920cb8df4d82e78ef34209285024aa98189be8acbca86b10fb3064dcc70eac60206aadece6af08406860ed01a004ce3aaa86be896ea36c7f486686646753 +Size (redis-7.0.5.tar.gz) = 2968205 bytes SHA1 (patch-redis.conf) = ee657a9d82711263ceb0fb8f7d8059ed23528fe9 -SHA1 (patch-src_Makefile) = 0b6f68bbb2cbf9aad655611bdd9aee8f3ed4e850 +SHA1 (patch-src_Makefile) = 2c23fb065e827e0cb25fdfba1bc1976db03dc789 SHA1 (patch-src_hyperloglog.c) = e9bdd3c630024a6fbe02c2c1d85e26131ad938cf SHA1 (patch-src_object.c) = 30ffaec9c7e6135e3a5576cd1a35d7bcec668299 Index: pkgsrc/databases/redis/patches/patch-src_Makefile diff -u pkgsrc/databases/redis/patches/patch-src_Makefile:1.5 pkgsrc/databases/redis/patches/patch-src_Makefile:1.5.8.1 --- pkgsrc/databases/redis/patches/patch-src_Makefile:1.5 Mon Oct 4 18:55:36 2021 +++ pkgsrc/databases/redis/patches/patch-src_Makefile Sat Nov 26 17:28:11 2022 @@ -1,11 +1,11 @@ -$NetBSD: patch-src_Makefile,v 1.5 2021/10/04 18:55:36 adam Exp $ +$NetBSD: patch-src_Makefile,v 1.5.8.1 2022/11/26 17:28:11 spz Exp $ Add DESTDIR support. Fix NetBSD support. ---- src/Makefile.orig 2021-10-04 10:59:40.000000000 +0000 +--- src/Makefile.orig 2022-09-21 19:42:01.000000000 +0000 +++ src/Makefile -@@ -45,8 +45,8 @@ else +@@ -47,8 +47,8 @@ else endif PREFIX?=/usr/local @@ -15,8 +15,8 @@ Fix NetBSD support. +INSTALL=$(BSD_INSTALL_PROGRAM) PKG_CONFIG?=pkg-config - # Default allocator defaults to Jemalloc if it's not an ARM -@@ -151,6 +151,10 @@ ifeq ($(uname_S),NetBSD) + ifndef PYTHON +@@ -178,6 +178,10 @@ ifeq ($(uname_S),NetBSD) FINAL_LIBS+= -lexecinfo endif else @@ -27,7 +27,7 @@ Fix NetBSD support. ifeq ($(uname_S),FreeBSD) # FreeBSD FINAL_LIBS+= -lpthread -lexecinfo -@@ -186,6 +190,7 @@ endif +@@ -213,6 +217,7 @@ endif endif endif endif --_----------=_1669483691241550--