diff mbox series

[kirkstone,meta-oe] redis: upgrade 7.0.9 -> 7.0.10

Message ID 20230322082921.2464069-1-changqing.li@windriver.com
State New
Headers show
Series [kirkstone,meta-oe] redis: upgrade 7.0.9 -> 7.0.10 | expand

Commit Message

Changqing Li March 22, 2023, 8:29 a.m. UTC
From: Changqing Li <changqing.li@windriver.com>

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service

Bug Fixes
Large blocks of replica client output buffer may lead to PSYNC loops and unnecessary memory usage (#11666)
Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
 .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb} (96%)

Comments

akuster808 March 22, 2023, 11:20 a.m. UTC | #1
On 3/22/23 4:29 AM, Changqing Li wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Upgrade urgency: SECURITY, contains fixes to security issues.
>
> Security Fixes:
>
> (CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service

I am applying this to langdale then kirkstone

-armin
>
> Bug Fixes
> Large blocks of replica client output buffer may lead to PSYNC loops and unnecessary memory usage (#11666)
> Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
> Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
> Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
>   .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>   rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb} (96%)
>
> diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
> similarity index 96%
> rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
> rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
> index e4b2d45a4..5f972033f 100644
> --- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
> +++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
> @@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
>              file://GNU_SOURCE.patch \
>              file://0006-Define-correct-gregs-for-RISCV32.patch \
>              "
> -SRC_URI[sha256sum] = "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
> +SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
>   
>   inherit autotools-brokensep update-rc.d systemd useradd
>   
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#101631): https://lists.openembedded.org/g/openembedded-devel/message/101631
> Mute This Topic: https://lists.openembedded.org/mt/97773847/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
akuster808 March 22, 2023, 11:23 a.m. UTC | #2
On 3/22/23 4:29 AM, Changqing Li wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Upgrade urgency: SECURITY, contains fixes to security issues.
>
> Security Fixes:
>
> (CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service

Was this sent to master?
>
> Bug Fixes
> Large blocks of replica client output buffer may lead to PSYNC loops and unnecessary memory usage (#11666)
> Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
> Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
> Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
>   .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>   rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb} (96%)
>
> diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
> similarity index 96%
> rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
> rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
> index e4b2d45a4..5f972033f 100644
> --- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
> +++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
> @@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
>              file://GNU_SOURCE.patch \
>              file://0006-Define-correct-gregs-for-RISCV32.patch \
>              "
> -SRC_URI[sha256sum] = "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
> +SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
>   
>   inherit autotools-brokensep update-rc.d systemd useradd
>   
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#101631): https://lists.openembedded.org/g/openembedded-devel/message/101631
> Mute This Topic: https://lists.openembedded.org/mt/97773847/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Changqing Li March 23, 2023, 1:33 a.m. UTC | #3
On 3/22/23 19:23, akuster808 wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender 
> and know the content is safe.
>
> On 3/22/23 4:29 AM, Changqing Li wrote:
>> From: Changqing Li <changqing.li@windriver.com>
>>
>> Upgrade urgency: SECURITY, contains fixes to security issues.
>>
>> Security Fixes:
>>
>> (CVE-2023-28425) Specially crafted MSETNX command can lead to 
>> assertion and denial-of-service
>
> Was this sent to master?

Yes,  It is another patch, because  the context of the changed line is a 
little different.

Regards

Changqing

>>
>> Bug Fixes
>> Large blocks of replica client output buffer may lead to PSYNC loops 
>> and unnecessary memory usage (#11666)
>> Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
>> Trim excessive memory usage in stream nodes when exceeding 
>> stream-node-max-bytes (#11885)
>> Fix module RM_Call commands failing with OOM when maxmemory is 
>> changed to zero (#11319)
>>
>> Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> ---
>>   .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>   rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb => 
>> redis_7.0.10.bb} (96%)
>>
>> diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb 
>> b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
>> similarity index 96%
>> rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
>> rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
>> index e4b2d45a4..5f972033f 100644
>> --- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
>> +++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
>> @@ -19,7 +19,7 @@ SRC_URI = 
>> "http://download.redis.io/releases/${BP}.tar.gz \
>>              file://GNU_SOURCE.patch \
>>              file://0006-Define-correct-gregs-for-RISCV32.patch \
>>              "
>> -SRC_URI[sha256sum] = 
>> "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
>> +SRC_URI[sha256sum] = 
>> "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
>>
>>   inherit autotools-brokensep update-rc.d systemd useradd
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#101631): 
>> https://lists.openembedded.org/g/openembedded-devel/message/101631
>> Mute This Topic: https://lists.openembedded.org/mt/97773847/3616698
>> Group Owner: openembedded-devel+owner@lists.openembedded.org
>> Unsubscribe: 
>> https://lists.openembedded.org/g/openembedded-devel/unsub 
>> [akuster808@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
>
Martin Jansa April 21, 2023, 11:04 a.m. UTC | #4
What's the status of these changes? I don't see them in
kirkstone-next/langdale-next nor contrib/stable/kirkstone-nut
contrib/stable/langdale-nut

The current meta-oe/kirkstone redis fails since 7.0.9 upgrade with:

ERROR: redis-7.0.9-r0 do_patch: Fuzz detected:
Applying patch GNU_SOURCE.patch
patching file src/zmalloc.c
Hunk #1 succeeded at 32 with fuzz 2 (offset 4 lines).
ERROR: redis-7.0.9-r0 do_patch: QA Issue: Patch log indicates that patches
do not apply cleanly. [patch-fuzz]

And I don't see this issue fixed here.

I'll send separate patch to fix just patch-fuzz.

On Thu, Mar 23, 2023 at 2:33 AM Changqing Li <changqing.li@eng.windriver.com>
wrote:

>
> On 3/22/23 19:23, akuster808 wrote:
> > CAUTION: This email comes from a non Wind River email account!
> > Do not click links or open attachments unless you recognize the sender
> > and know the content is safe.
> >
> > On 3/22/23 4:29 AM, Changqing Li wrote:
> >> From: Changqing Li <changqing.li@windriver.com>
> >>
> >> Upgrade urgency: SECURITY, contains fixes to security issues.
> >>
> >> Security Fixes:
> >>
> >> (CVE-2023-28425) Specially crafted MSETNX command can lead to
> >> assertion and denial-of-service
> >
> > Was this sent to master?
>
> Yes,  It is another patch, because  the context of the changed line is a
> little different.
>
> Regards
>
> Changqing
>
> >>
> >> Bug Fixes
> >> Large blocks of replica client output buffer may lead to PSYNC loops
> >> and unnecessary memory usage (#11666)
> >> Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
> >> Trim excessive memory usage in stream nodes when exceeding
> >> stream-node-max-bytes (#11885)
> >> Fix module RM_Call commands failing with OOM when maxmemory is
> >> changed to zero (#11319)
> >>
> >> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> >> ---
> >>   .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2
> +-
> >>   1 file changed, 1 insertion(+), 1 deletion(-)
> >>   rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb =>
> >> redis_7.0.10.bb} (96%)
> >>
> >> diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
> >> b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
> >> similarity index 96%
> >> rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
> >> rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
> >> index e4b2d45a4..5f972033f 100644
> >> --- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
> >> +++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
> >> @@ -19,7 +19,7 @@ SRC_URI =
> >> "http://download.redis.io/releases/${BP}.tar.gz \
> >>              file://GNU_SOURCE.patch \
> >>              file://0006-Define-correct-gregs-for-RISCV32.patch \
> >>              "
> >> -SRC_URI[sha256sum] =
> >> "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
> >> +SRC_URI[sha256sum] =
> >> "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
> >>
> >>   inherit autotools-brokensep update-rc.d systemd useradd
> >>
> >>
> >>
> >>
> >
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#101640):
> https://lists.openembedded.org/g/openembedded-devel/message/101640
> Mute This Topic: https://lists.openembedded.org/mt/97773847/3617156
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> Martin.Jansa@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
akuster808 April 22, 2023, 7:14 p.m. UTC | #5
On 4/21/23 7:04 AM, Martin Jansa wrote:
> What's the status of these changes? I don't see them in 
> kirkstone-next/langdale-next nor contrib/stable/kirkstone-nut 
> contrib/stable/langdale-nut

My apologies. I had a question if Master was affected and it was so I 
forgot to keep an eye on the changes in Master for this package.

Thanks for the reminder.

- armin
>
> The current meta-oe/kirkstone redis fails since 7.0.9 upgrade with:
>
> ERROR: redis-7.0.9-r0 do_patch: Fuzz detected:
> Applying patch GNU_SOURCE.patch
> patching file src/zmalloc.c
> Hunk #1 succeeded at 32 with fuzz 2 (offset 4 lines).
> ERROR: redis-7.0.9-r0 do_patch: QA Issue: Patch log indicates that 
> patches do not apply cleanly. [patch-fuzz]
>
> And I don't see this issue fixed here.
>
> I'll send separate patch to fix just patch-fuzz.
>
> On Thu, Mar 23, 2023 at 2:33 AM Changqing Li 
> <changqing.li@eng.windriver.com> wrote:
>
>
>     On 3/22/23 19:23, akuster808 wrote:
>     > CAUTION: This email comes from a non Wind River email account!
>     > Do not click links or open attachments unless you recognize the
>     sender
>     > and know the content is safe.
>     >
>     > On 3/22/23 4:29 AM, Changqing Li wrote:
>     >> From: Changqing Li <changqing.li@windriver.com>
>     >>
>     >> Upgrade urgency: SECURITY, contains fixes to security issues.
>     >>
>     >> Security Fixes:
>     >>
>     >> (CVE-2023-28425) Specially crafted MSETNX command can lead to
>     >> assertion and denial-of-service
>     >
>     > Was this sent to master?
>
>     Yes,  It is another patch, because  the context of the changed
>     line is a
>     little different.
>
>     Regards
>
>     Changqing
>
>     >>
>     >> Bug Fixes
>     >> Large blocks of replica client output buffer may lead to PSYNC
>     loops
>     >> and unnecessary memory usage (#11666)
>     >> Fix CLIENT REPLY OFF|SKIP to not silence push notifications
>     (#11875)
>     >> Trim excessive memory usage in stream nodes when exceeding
>     >> stream-node-max-bytes (#11885)
>     >> Fix module RM_Call commands failing with OOM when maxmemory is
>     >> changed to zero (#11319)
>     >>
>     >> Signed-off-by: Changqing Li <changqing.li@windriver.com>
>     >> ---
>     >>   .../recipes-extended/redis/{redis_7.0.9.bb
>     <http://redis_7.0.9.bb> => redis_7.0.10.bb
>     <http://redis_7.0.10.bb>} | 2 +-
>     >>   1 file changed, 1 insertion(+), 1 deletion(-)
>     >>   rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb
>     <http://redis_7.0.9.bb> =>
>     >> redis_7.0.10.bb <http://redis_7.0.10.bb>} (96%)
>     >>
>     >> diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
>     <http://redis_7.0.9.bb>
>     >> b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
>     <http://redis_7.0.10.bb>
>     >> similarity index 96%
>     >> rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
>     <http://redis_7.0.9.bb>
>     >> rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
>     <http://redis_7.0.10.bb>
>     >> index e4b2d45a4..5f972033f 100644
>     >> --- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
>     <http://redis_7.0.9.bb>
>     >> +++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
>     <http://redis_7.0.10.bb>
>     >> @@ -19,7 +19,7 @@ SRC_URI =
>     >> "http://download.redis.io/releases/${BP}.tar.gz
>     <http://download.redis.io/releases/$%7BBP%7D.tar.gz> \
>     >>              file://GNU_SOURCE.patch \
>     >> file://0006-Define-correct-gregs-for-RISCV32.patch \
>     >>              "
>     >> -SRC_URI[sha256sum] =
>     >> "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
>     >> +SRC_URI[sha256sum] =
>     >> "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
>     >>
>     >>   inherit autotools-brokensep update-rc.d systemd useradd
>     >>
>     >>
>     >>
>     >>
>     >
>
>     -=-=-=-=-=-=-=-=-=-=-=-
>     Links: You receive all messages sent to this group.
>     View/Reply Online (#101640):
>     https://lists.openembedded.org/g/openembedded-devel/message/101640
>     Mute This Topic: https://lists.openembedded.org/mt/97773847/3617156
>     Group Owner: openembedded-devel+owner@lists.openembedded.org
>     <mailto:openembedded-devel%2Bowner@lists.openembedded.org>
>     Unsubscribe:
>     https://lists.openembedded.org/g/openembedded-devel/unsub
>     [Martin.Jansa@gmail.com]
>     -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
similarity index 96%
rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
index e4b2d45a4..5f972033f 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
@@ -19,7 +19,7 @@  SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://GNU_SOURCE.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
            "
-SRC_URI[sha256sum] = "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
+SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
 
 inherit autotools-brokensep update-rc.d systemd useradd