Released earlier today. According to the changelog [1]: Upgrade urgency HIGH: This release fixes security issues.
HIGH means that there is a critical bug that affects a subset of users. I'm unsure which one of the listed bugs that is, though. The source diff to 5.0.7 is relatively small and there should not be any fallout from backwards-incompatible changes. The new hunk in src/Makefile fixes the build on armv7 (the resulting redis-server binary is still completely broken). I added a fix for a small 32-bit time_t truncation issue in src/networking.c. Built and regress tests run successfully on amd64, macppc and sparc64. Some further light testing on amd64 with some toy databases. [1]: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES Index: Makefile =================================================================== RCS file: /var/cvs/ports/databases/redis/Makefile,v retrieving revision 1.109 diff -u -p -r1.109 Makefile --- Makefile 11 Feb 2020 08:11:13 -0000 1.109 +++ Makefile 12 Mar 2020 19:15:42 -0000 @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.109 2020/02/11 08:11:13 tb Exp $ COMMENT = persistent key-value database -DISTNAME = redis-5.0.7 +DISTNAME = redis-5.0.8 CATEGORIES = databases HOMEPAGE = https://redis.io/ Index: distinfo =================================================================== RCS file: /var/cvs/ports/databases/redis/distinfo,v retrieving revision 1.84 diff -u -p -r1.84 distinfo --- distinfo 11 Feb 2020 08:11:13 -0000 1.84 +++ distinfo 12 Mar 2020 19:17:51 -0000 @@ -1,2 +1,2 @@ -SHA256 (redis-5.0.7.tar.gz) = Ydt06r9oAfBX/SS1kCMvLzN9QiKA/RlIbsoDvofTqCs= -SIZE (redis-5.0.7.tar.gz) = 1984203 +SHA256 (redis-5.0.8.tar.gz) = 88fqxC9DMyao2YG1DboBaf369Gq7I/zaL5M6dVLuTtc= +SIZE (redis-5.0.8.tar.gz) = 1985757 Index: patches/patch-src_Makefile =================================================================== RCS file: /var/cvs/ports/databases/redis/patches/patch-src_Makefile,v retrieving revision 1.30 diff -u -p -r1.30 patch-src_Makefile --- patches/patch-src_Makefile 11 Feb 2020 08:11:13 -0000 1.30 +++ patches/patch-src_Makefile 12 Mar 2020 19:57:00 -0000 @@ -28,7 +28,16 @@ Index: src/Makefile endif endif -@@ -127,7 +128,7 @@ endif +@@ -82,7 +83,7 @@ ifneq (,$(filter aarch64 armv,$(uname_M))) + FINAL_LIBS+=-latomic + else + ifneq (,$(findstring armv,$(uname_M))) +- FINAL_LIBS+=-latomic ++# FINAL_LIBS+=-latomic + endif + endif + +@@ -136,7 +137,7 @@ endif endif endif # Include paths to dependencies @@ -37,7 +46,7 @@ Index: src/Makefile ifeq ($(MALLOC),tcmalloc) FINAL_CFLAGS+= -DUSE_TCMALLOC -@@ -165,6 +166,7 @@ endif +@@ -174,6 +175,7 @@ endif REDIS_SERVER_NAME=redis-server REDIS_SENTINEL_NAME=redis-sentinel REDIS_SERVER_OBJ=adlist.o quicklist.o ae.o anet.o dict.o server.o sds.o zmalloc.o lzf_c.o lzf_d.o pqsort.o zipmap.o sha1.o ziplist.o release.o networking.o util.o object.o db.o replication.o rdb.o t_string.o t_list.o t_set.o t_zset.o t_hash.o config.o aof.o pubsub.o multi.o debug.o sort.o intset.o syncio.o cluster.o crc16.o endianconv.o slowlog.o scripting.o bio.o rio.o rand.o memtest.o crc64.o bitops.o sentinel.o notify.o setproctitle.o blocked.o hyperloglog.o latency.o sparkline.o redis-check-rdb.o redis-check-aof.o geo.o lazyfree.o module.o evict.o expire.o geohash.o geohash_helper.o childinfo.o defrag.o siphash.o rax.o t_stream.o listpack.o localtime.o lolwut.o lolwut5.o @@ -45,7 +54,7 @@ Index: src/Makefile REDIS_CLI_NAME=redis-cli REDIS_CLI_OBJ=anet.o adlist.o dict.o redis-cli.o zmalloc.o release.o anet.o ae.o crc64.o siphash.o crc16.o REDIS_BENCHMARK_NAME=redis-benchmark -@@ -216,7 +218,7 @@ endif +@@ -225,7 +227,7 @@ endif # redis-server $(REDIS_SERVER_NAME): $(REDIS_SERVER_OBJ) @@ -54,7 +63,7 @@ Index: src/Makefile # redis-sentinel $(REDIS_SENTINEL_NAME): $(REDIS_SERVER_NAME) -@@ -259,7 +261,7 @@ distclean: clean +@@ -268,7 +270,7 @@ distclean: clean .PHONY: distclean test: $(REDIS_SERVER_NAME) $(REDIS_CHECK_AOF_NAME) @@ -63,7 +72,7 @@ Index: src/Makefile test-sentinel: $(REDIS_SENTINEL_NAME) @(cd ..; ./runtest-sentinel) -@@ -303,13 +305,14 @@ src/help.h: +@@ -312,13 +314,14 @@ src/help.h: @../utils/generate-command-help.rb > help.h install: all Index: patches/patch-src_networking_c =================================================================== RCS file: patches/patch-src_networking_c diff -N patches/patch-src_networking_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_networking_c 12 Mar 2020 19:59:42 -0000 @@ -0,0 +1,14 @@ +$OpenBSD$ + +Index: src/networking.c +--- src/networking.c.orig ++++ src/networking.c +@@ -1939,7 +1939,7 @@ void securityWarningCommand(client *c) { + static time_t logged_time; + time_t now = time(NULL); + +- if (labs(now-logged_time) > 60) { ++ if (llabs(now-logged_time) > 60) { + serverLog(LL_WARNING,"Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted."); + logged_time = now; + }
