[meta-oe,1/2] redis: Upgrade to 7.0.8

Message ID	20230118021158.1169517-1-chee.yang.lee@intel.com
State	Under Review
Headers	show Return-Path: <chee.yang.lee@intel.com> ip: 192.55.52.120, mailfrom: chee.yang.lee@intel.com) From: chee.yang.lee@intel.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 1/2] redis: Upgrade to 7.0.8 Date: Wed, 18 Jan 2023 10:11:57 +0800 Message-Id: <20230118021158.1169517-1-chee.yang.lee@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,1/2] redis: Upgrade to 7.0.8 \| expand [meta-oe,1/2] redis: Upgrade to 7.0.8 [meta-oe,2/2] redis: Upgrade to 6.2.9

Message ID

20230118021158.1169517-1-chee.yang.lee@intel.com

State

Under Review

Headers

From: chee.yang.lee@intel.com
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][PATCH 1/2] redis: Upgrade to 7.0.8
Date: Wed, 18 Jan 2023 10:11:57 +0800
Message-Id: <20230118021158.1169517-1-chee.yang.lee@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,1/2] redis: Upgrade to 7.0.8 | expand

Commit Message

Lee, Chee Yang Jan. 18, 2023, 2:11 a.m. UTC

From: Chee Yang Lee <chee.yang.lee@intel.com>

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic
(CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and
ZRANDMEMBER
commands can lead to denial-of-service

Bug Fixes

Avoid possible hang when client issues long KEYS, SRANDMEMBER,
HRANDFIELD,
and ZRANDMEMBER commands and gets disconnected by client output buffer
limit (#11676)
Make sure that fork child doesn't do incremental rehashing (#11692)
Fix a bug where blocking commands with a sub-second timeout would block
forever (#11688)
Fix sentinel issue if replica changes IP (#11590)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
 .../recipes-extended/redis/{redis_7.0.7.bb => redis_7.0.8.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-extended/redis/{redis_7.0.7.bb => redis_7.0.8.bb} (96%)

diff --git a/meta-oe/recipes-extended/redis/redis_7.0.7.bb b/meta-oe/recipes-extended/redis/redis_7.0.8.bb
similarity index 96%
rename from meta-oe/recipes-extended/redis/redis_7.0.7.bb
rename to meta-oe/recipes-extended/redis/redis_7.0.8.bb
index 58055166cc..fe1db9f986 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.7.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.8.bb
@@ -19,7 +19,7 @@  SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://GNU_SOURCE-7.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
            "
-SRC_URI[sha256sum] = "8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586"
+SRC_URI[sha256sum] = "06a339e491306783dcf55b97f15a5dbcbdc01ccbde6dc23027c475cab735e914"
 
 inherit autotools-brokensep update-rc.d systemd useradd

[meta-oe,1/2] redis: Upgrade to 7.0.8

Commit Message

Patch