diff options
authorwangmy <wangmy@fujitsu.com>2021-10-13 07:49:34 +0800
committerArmin Kuster <akuster808@gmail.com>2021-10-23 08:04:34 -0700
commitfeb4ef9fe883ed703cf51c23de9a453ddb88bba6 (patch)
parentc61d6336c97147758359d84f271351cc67156ad2 (diff)
redis: upgrade 6.2.5 -> 6.2.6
Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: (CVE-2021-41099) Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value [reported by yiyuaner]. (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms [reported by Microsoft Vulnerability Research]. (CVE-2021-32687) Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value [reported by Pawel Wieczorkiewicz, AWS]. (CVE-2021-32675) Denial Of Service when processing RESP request payloads with a large number of elements on many connections. (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by Meir Shpilraien]. (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value [reported by sundb]. (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit [reported by sundb]. (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer overflow [reported by Meir Shpilraien]. Bug fixes that involve behavior changes: GEO* STORE with empty source key deletes the destination key and return 0 (#9271) Previously it would have returned an empty array like the non-STORE variant. PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions (#9209) This actually changed in 6.2.0 but was overlooked and omitted from the release notes. Bug fixes that are only applicable to previous releases of Redis 6.2: Fix CLIENT PAUSE, used an old timeout from previous PAUSE (#9477) Fix CLIENT PAUSE in a replica would mess the replication offset (#9448) Add some missing error statistics in INFO errorstats (#9328) Other bug fixes: Fix incorrect reply of COMMAND command key positions for MIGRATE command (#9455) Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416) Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371) CLI tools: When redis-cli received ASK response, it didn't handle it (#8930) Improvements: Add latency monitor sample when key is deleted via lazy expire (#9317) Sanitize corrupt payload improvements (#9321, #9399) Delete empty keys when loading RDB file or handling a RESTORE command (#9297, #9349) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c48feb5f184738e88e9dac4e4f9d8598743f7109) Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-oe/recipes-extended/redis/redis_6.2.6.bb (renamed from meta-oe/recipes-extended/redis/redis_6.2.5.bb)2
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.5.bb b/meta-oe/recipes-extended/redis/redis_6.2.6.bb
index 58d759b59d..87fade7e04 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.5.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.6.bb
@@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
file://GNU_SOURCE.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
-SRC_URI[sha256sum] = "4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae"
+SRC_URI[sha256sum] = "5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab"
inherit autotools-brokensep update-rc.d systemd useradd