Hi,
Here's a diff to update to the latest redis release.
Changelogs:
https://github.com/redis/redis/releases/tag/6.2.2
https://github.com/redis/redis/releases/tag/6.2.3
6.2.2 Upgrade urgency: HIGH, if you're using ACL and pub/sub, CONFIG
REWRITE, or suffering from performance regression. see below.
6.2.3 Upgrade urgency: SECURITY, Contains fixes to security issues that
affect authenticated client connections. LOW otherwise.
Integer overflow in STRALGO LCS command (CVE-2021-29477):
An integer overflow bug in Redis version 6.0 or newer could be
exploited using the STRALGO LCS command to corrupt the heap and
potentially result in remote code execution. The integer overflow bug
exists in all versions of Redis starting with 6.0.
A test has been failing since 6.2.2:
!!! WARNING The following tests failed:
*** [err]: client tracking don't cause eviction feedback loop in
tests/unit/maxmemory.tcl
Expected '0' to be between to '200' and '300' (context: type eval line 48 cmd
{assert_range [r dbsize] 200 300} proc ::test)
Cleanup: may take some time... OK
And while there take maintainership.
Test reports/comments? OK?
Cheers,
Daniel
Index: Makefile
===================================================================
RCS file: /cvs/ports/databases/redis/Makefile,v
retrieving revision 1.121
diff -u -p -r1.121 Makefile
--- Makefile 16 Mar 2021 21:18:38 -0000 1.121
+++ Makefile 4 May 2021 13:57:43 -0000
@@ -2,10 +2,11 @@
COMMENT = persistent key-value database
-DISTNAME = redis-6.2.1
+DISTNAME = redis-6.2.3
CATEGORIES = databases
HOMEPAGE = https://redis.io/
-REVISION = 0
+
+MAINTAINER = Daniel Jakots <o...@chown.me>
# BSD
PERMIT_PACKAGE = Yes
Index: distinfo
===================================================================
RCS file: /cvs/ports/databases/redis/distinfo,v
retrieving revision 1.94
diff -u -p -r1.94 distinfo
--- distinfo 6 Mar 2021 17:42:12 -0000 1.94
+++ distinfo 4 May 2021 13:57:43 -0000
@@ -1,2 +1,2 @@
-SHA256 (redis-6.2.1.tar.gz) = zSIlBQEsziCyVoL8qTHsk70hrpLLSr/nQs97dqqQdSA=
-SIZE (redis-6.2.1.tar.gz) = 2438367
+SHA256 (redis-6.2.3.tar.gz) = mO19UytelnH13wglu3Hw83SDoWVGNkBJOExj24dkUSs=
+SIZE (redis-6.2.3.tar.gz) = 2456050
Index: patches/patch-redis_conf
===================================================================
RCS file: /cvs/ports/databases/redis/patches/patch-redis_conf,v
retrieving revision 1.26
diff -u -p -r1.26 patch-redis_conf
--- patches/patch-redis_conf 16 Mar 2021 21:18:38 -0000 1.26
+++ patches/patch-redis_conf 4 May 2021 13:57:43 -0000
@@ -24,7 +24,7 @@ Index: redis.conf
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
-@@ -172,6 +172,7 @@ tcp-keepalive 300
+@@ -182,6 +182,7 @@ tcp-keepalive 300
# of these, and will not implicitly use the system wide configuration.
#
# tls-ca-cert-file ca.crt
@@ -32,7 +32,7 @@ Index: redis.conf
# tls-ca-cert-dir /etc/ssl/certs
# By default, clients (including replica servers) on a TLS port are required
-@@ -205,14 +206,14 @@ tcp-keepalive 300
+@@ -215,14 +216,14 @@ tcp-keepalive 300
#
# tls-protocols "TLSv1.2 TLSv1.3"
@@ -49,7 +49,7 @@ Index: redis.conf
# information about the syntax of this string, and specifically for TLSv1.3
# ciphersuites.
#
-@@ -242,9 +243,9 @@ tcp-keepalive 300
+@@ -252,9 +253,9 @@ tcp-keepalive 300
################################# GENERAL
#####################################
# By default Redis does not run as a daemon. Use 'yes' if you need it.
@@ -61,7 +61,7 @@ Index: redis.conf
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
-@@ -269,14 +270,14 @@ daemonize no
+@@ -279,14 +280,14 @@ daemonize no
#
# When the server runs non daemonized, no pid file is created if none is
# specified in the configuration. When the server is daemonized, the pid file
@@ -78,7 +78,7 @@ Index: redis.conf
# Specify the server verbosity level.
# This can be one of:
-@@ -289,17 +290,18 @@ loglevel notice
+@@ -299,17 +300,18 @@ loglevel notice
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
@@ -102,7 +102,7 @@ Index: redis.conf
# To disable the built in crash log, which will possibly produce cleaner core
# dumps when they are needed, uncomment the following:
-@@ -441,7 +443,7 @@ rdb-del-sync-files no
+@@ -451,7 +453,7 @@ rdb-del-sync-files no
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
@@ -111,7 +111,7 @@ Index: redis.conf
################################# REPLICATION
#################################
-@@ -941,6 +943,7 @@ acllog-max-len 128
+@@ -963,6 +965,7 @@ acllog-max-len 128
# limit accordingly in case of very large clusters.
#
# maxclients 10000
Index: patches/patch-src_Makefile
===================================================================
RCS file: /cvs/ports/databases/redis/patches/patch-src_Makefile,v
retrieving revision 1.40
diff -u -p -r1.40 patch-src_Makefile
--- patches/patch-src_Makefile 16 Mar 2021 21:18:38 -0000 1.40
+++ patches/patch-src_Makefile 4 May 2021 13:57:43 -0000
@@ -16,16 +16,16 @@ Index: src/Makefile
endif
endif
-@@ -98,7 +98,7 @@ ifneq (,$(filter aarch64 armv,$(uname_M)))
- FINAL_LIBS+=-latomic
- else
+@@ -95,7 +95,7 @@ DEBUG=-g -ggdb
+
+ # Linux ARM32 needs -latomic at linking time
ifneq (,$(findstring armv,$(uname_M)))
- FINAL_LIBS+=-latomic
+# FINAL_LIBS+=-latomic
endif
- endif
-@@ -376,7 +376,7 @@ distclean: clean
+ ifeq ($(uname_S),SunOS)
+@@ -380,7 +380,7 @@ distclean: clean
.PHONY: distclean
test: $(REDIS_SERVER_NAME) $(REDIS_CHECK_AOF_NAME) $(REDIS_CLI_NAME)
$(REDIS_BENCHMARK_NAME)
@@ -34,12 +34,12 @@ Index: src/Makefile
test-sentinel: $(REDIS_SENTINEL_NAME) $(REDIS_CLI_NAME)
@(cd ..; ./runtest-sentinel)
-@@ -416,7 +416,7 @@ src/help.h:
+@@ -420,7 +420,7 @@ src/help.h:
@../utils/generate-command-help.rb > help.h
install: all
- @mkdir -p $(INSTALL_BIN)
+ $(INSTALL_DIR) $(INSTALL_BIN)
- $(REDIS_INSTALL) $(REDIS_SERVER_NAME) $(INSTALL_BIN)
- $(REDIS_INSTALL) $(REDIS_BENCHMARK_NAME) $(INSTALL_BIN)
- $(REDIS_INSTALL) $(REDIS_CLI_NAME) $(INSTALL_BIN)
+ $(call MAKE_INSTALL,$(REDIS_SERVER_NAME),$(INSTALL_BIN))
+ $(call MAKE_INSTALL,$(REDIS_BENCHMARK_NAME),$(INSTALL_BIN))
+ $(call MAKE_INSTALL,$(REDIS_CLI_NAME),$(INSTALL_BIN))
Index: patches/patch-src_debug_c
===================================================================
RCS file: patches/patch-src_debug_c
diff -N patches/patch-src_debug_c
--- patches/patch-src_debug_c 17 Mar 2021 06:25:55 -0000 1.6
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-src_debug_c,v 1.6 2021/03/17 06:25:55 tb Exp $
-
-time_t is long long on OpenBSD
-https://github.com/redis/redis/pull/8662
-
-Index: src/debug.c
---- src/debug.c.orig
-+++ src/debug.c
-@@ -473,7 +473,7 @@ NULL
- } else if (!strcasecmp(c->argv[1]->ptr,"segfault")) {
- *((char*)-1) = 'x';
- } else if (!strcasecmp(c->argv[1]->ptr,"panic")) {
-- serverPanic("DEBUG PANIC called at Unix time %ld", time(NULL));
-+ serverPanic("DEBUG PANIC called at Unix time %lld", (long
long)time(NULL));
- } else if (!strcasecmp(c->argv[1]->ptr,"restart") ||
- !strcasecmp(c->argv[1]->ptr,"crash-and-recover"))
- {
Index: patches/patch-src_networking_c
===================================================================
RCS file: patches/patch-src_networking_c
diff -N patches/patch-src_networking_c
--- patches/patch-src_networking_c 17 Mar 2021 06:25:55 -0000 1.8
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-src_networking_c,v 1.8 2021/03/17 06:25:55 tb Exp $
-
-time_t is long long, so use llabs to avoid truncation
-https://github.com/redis/redis/pull/8662
-
-Index: src/networking.c
---- src/networking.c.orig
-+++ src/networking.c
-@@ -3007,7 +3007,7 @@ void securityWarningCommand(client *c) {
- static time_t logged_time;
- time_t now = time(NULL);
-
-- if (labs(now-logged_time) > 60) {
-+ if (llabs(now-logged_time) > 60) {
- serverLog(LL_WARNING,"Possible SECURITY ATTACK detected. It looks
like somebody is sending POST or Host: commands to Redis. This is likely due to
an attacker attempting to use Cross Protocol Scripting to compromise your Redis
instance. Connection aborted.");
- logged_time = now;
- }
Index: patches/patch-src_tls_c
===================================================================
RCS file: patches/patch-src_tls_c
diff -N patches/patch-src_tls_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_tls_c 4 May 2021 13:57:43 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: src/tls.c
+--- src/tls.c.orig
++++ src/tls.c
+@@ -174,7 +174,7 @@ void tlsCleanup(void) {
+ redis_tls_client_ctx = NULL;
+ }
+
+- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ #if OPENSSL_VERSION_NUMBER >= 0x10100000L &&
!defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_cleanup();
+ #endif
+ }
