similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/0001-hiredis-use-default-CC-if-it-is-set.patch
rename to meta-oe/recipes-extended/redis/redis-7.2.11/0001-hiredis-use-default-CC-if-it-is-set.patch
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/0002-lua-update-Makefile-to-use-environment-build-setting.patch
rename to meta-oe/recipes-extended/redis/redis-7.2.11/0002-lua-update-Makefile-to-use-environment-build-setting.patch
similarity index 86%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/0003-hack-to-force-use-of-libc-malloc.patch
rename to meta-oe/recipes-extended/redis/redis-7.2.11/0003-hack-to-force-use-of-libc-malloc.patch
@@ -19,10 +19,10 @@ Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
src/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/src/Makefile b/src/Makefile
-index ecbd275..39decee 100644
---- a/src/Makefile
-+++ b/src/Makefile
+Index: redis-7.2.10/src/Makefile
+===================================================================
+--- redis-7.2.10.orig/src/Makefile
++++ redis-7.2.10/src/Makefile
@@ -13,7 +13,8 @@
# Just use 'make dep', but this is only needed by developers.
similarity index 79%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/0004-src-Do-not-reset-FINAL_LIBS.patch
rename to meta-oe/recipes-extended/redis/redis-7.2.11/0004-src-Do-not-reset-FINAL_LIBS.patch
@@ -15,11 +15,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
src/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/Makefile b/src/Makefile
-index 39decee..f5efe82 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -119,7 +119,7 @@ endif
+Index: redis-7.2.10/src/Makefile
+===================================================================
+--- redis-7.2.10.orig/src/Makefile
++++ redis-7.2.10/src/Makefile
+@@ -122,7 +122,7 @@ endif
FINAL_CFLAGS=$(STD) $(WARN) $(OPT) $(DEBUG) $(CFLAGS) $(REDIS_CFLAGS)
FINAL_LDFLAGS=$(LDFLAGS) $(REDIS_LDFLAGS) $(DEBUG)
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch
rename to meta-oe/recipes-extended/redis/redis-7.2.11/0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/0006-Define-correct-gregs-for-RISCV32.patch
rename to meta-oe/recipes-extended/redis/redis-7.2.11/0006-Define-correct-gregs-for-RISCV32.patch
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/init-redis-server
rename to meta-oe/recipes-extended/redis/redis-7.2.11/init-redis-server
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/redis.conf
rename to meta-oe/recipes-extended/redis/redis-7.2.11/redis.conf
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7.2.8/redis.service
rename to meta-oe/recipes-extended/redis/redis-7.2.11/redis.service
deleted file mode 100644
@@ -1,218 +0,0 @@
-From 50188747cbfe43528d2719399a2a3c9599169445 Mon Sep 17 00:00:00 2001
-From: "debing.sun" <debing.sun@redis.com>
-Date: Wed, 7 May 2025 18:25:06 +0800
-Subject: [PATCH] Fix out of bounds write in hyperloglog commands
- (CVE-2025-32023)
-
-Co-authored-by: oranagra <oran@redislabs.com>
-
-Upstream-Status: Backport [https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445]
-CVE: CVE-2025-32023
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/hyperloglog.c | 47 +++++++++++++++++++++++++++++++----
- tests/unit/hyperloglog.tcl | 51 ++++++++++++++++++++++++++++++++++++++
- 2 files changed, 93 insertions(+), 5 deletions(-)
-
-diff --git a/src/hyperloglog.c b/src/hyperloglog.c
-index 1a74f47..ca592a0 100644
---- a/src/hyperloglog.c
-+++ b/src/hyperloglog.c
-@@ -587,6 +587,7 @@ int hllSparseToDense(robj *o) {
- struct hllhdr *hdr, *oldhdr = (struct hllhdr*)sparse;
- int idx = 0, runlen, regval;
- uint8_t *p = (uint8_t*)sparse, *end = p+sdslen(sparse);
-+ int valid = 1;
-
- /* If the representation is already the right one return ASAP. */
- hdr = (struct hllhdr*) sparse;
-@@ -606,16 +607,27 @@ int hllSparseToDense(robj *o) {
- while(p < end) {
- if (HLL_SPARSE_IS_ZERO(p)) {
- runlen = HLL_SPARSE_ZERO_LEN(p);
-+ if ((runlen + idx) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- idx += runlen;
- p++;
- } else if (HLL_SPARSE_IS_XZERO(p)) {
- runlen = HLL_SPARSE_XZERO_LEN(p);
-+ if ((runlen + idx) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- idx += runlen;
- p += 2;
- } else {
- runlen = HLL_SPARSE_VAL_LEN(p);
- regval = HLL_SPARSE_VAL_VALUE(p);
-- if ((runlen + idx) > HLL_REGISTERS) break; /* Overflow. */
-+ if ((runlen + idx) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- while(runlen--) {
- HLL_DENSE_SET_REGISTER(hdr->registers,idx,regval);
- idx++;
-@@ -626,7 +638,7 @@ int hllSparseToDense(robj *o) {
-
- /* If the sparse representation was valid, we expect to find idx
- * set to HLL_REGISTERS. */
-- if (idx != HLL_REGISTERS) {
-+ if (!valid || idx != HLL_REGISTERS) {
- sdsfree(dense);
- return C_ERR;
- }
-@@ -923,27 +935,40 @@ int hllSparseAdd(robj *o, unsigned char *ele, size_t elesize) {
- void hllSparseRegHisto(uint8_t *sparse, int sparselen, int *invalid, int* reghisto) {
- int idx = 0, runlen, regval;
- uint8_t *end = sparse+sparselen, *p = sparse;
-+ int valid = 1;
-
- while(p < end) {
- if (HLL_SPARSE_IS_ZERO(p)) {
- runlen = HLL_SPARSE_ZERO_LEN(p);
-+ if ((runlen + idx) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- idx += runlen;
- reghisto[0] += runlen;
- p++;
- } else if (HLL_SPARSE_IS_XZERO(p)) {
- runlen = HLL_SPARSE_XZERO_LEN(p);
-+ if ((runlen + idx) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- idx += runlen;
- reghisto[0] += runlen;
- p += 2;
- } else {
- runlen = HLL_SPARSE_VAL_LEN(p);
- regval = HLL_SPARSE_VAL_VALUE(p);
-+ if ((runlen + idx) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- idx += runlen;
- reghisto[regval] += runlen;
- p++;
- }
- }
-- if (idx != HLL_REGISTERS && invalid) *invalid = 1;
-+ if ((!valid || idx != HLL_REGISTERS) && invalid) *invalid = 1;
- }
-
- /* ========================= HyperLogLog Count ==============================
-@@ -1091,22 +1116,34 @@ int hllMerge(uint8_t *max, robj *hll) {
- } else {
- uint8_t *p = hll->ptr, *end = p + sdslen(hll->ptr);
- long runlen, regval;
-+ int valid = 1;
-
- p += HLL_HDR_SIZE;
- i = 0;
- while(p < end) {
- if (HLL_SPARSE_IS_ZERO(p)) {
- runlen = HLL_SPARSE_ZERO_LEN(p);
-+ if ((runlen + i) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- i += runlen;
- p++;
- } else if (HLL_SPARSE_IS_XZERO(p)) {
- runlen = HLL_SPARSE_XZERO_LEN(p);
-+ if ((runlen + i) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- i += runlen;
- p += 2;
- } else {
- runlen = HLL_SPARSE_VAL_LEN(p);
- regval = HLL_SPARSE_VAL_VALUE(p);
-- if ((runlen + i) > HLL_REGISTERS) break; /* Overflow. */
-+ if ((runlen + i) > HLL_REGISTERS) { /* Overflow. */
-+ valid = 0;
-+ break;
-+ }
- while(runlen--) {
- if (regval > max[i]) max[i] = regval;
- i++;
-@@ -1114,7 +1151,7 @@ int hllMerge(uint8_t *max, robj *hll) {
- p++;
- }
- }
-- if (i != HLL_REGISTERS) return C_ERR;
-+ if (!valid || i != HLL_REGISTERS) return C_ERR;
- }
- return C_OK;
- }
-diff --git a/tests/unit/hyperloglog.tcl b/tests/unit/hyperloglog.tcl
-index ee43718..bc90eb2 100644
---- a/tests/unit/hyperloglog.tcl
-+++ b/tests/unit/hyperloglog.tcl
-@@ -137,6 +137,57 @@ start_server {tags {"hll"}} {
- set e
- } {*WRONGTYPE*}
-
-+ test {Corrupted sparse HyperLogLogs doesn't cause overflow and out-of-bounds with XZERO opcode} {
-+ r del hll
-+
-+ # Create a sparse-encoded HyperLogLog header
-+ set pl [string cat "HYLL" [binary format c12 {1 0 0 0 0 0 0 0 0 0 0 0}]]
-+
-+ # Create an XZERO opcode with the maximum run length of 16384(2^14)
-+ set runlen [expr 16384 - 1]
-+ set chunk [binary format cc [expr {0b01000000 | ($runlen >> 8)}] [expr {$runlen & 0xff}]]
-+ # Fill the HLL with more than 131072(2^17) XZERO opcodes to make the total
-+ # run length exceed 4GB, will cause an integer overflow.
-+ set repeat [expr 131072 + 1000]
-+ for {set i 0} {$i < $repeat} {incr i} {
-+ append pl $chunk
-+ }
-+
-+ # Create a VAL opcode with a value that will cause out-of-bounds.
-+ append pl [binary format c 0b11111111]
-+ r set hll $pl
-+
-+ # This should not overflow and out-of-bounds.
-+ assert_error {*INVALIDOBJ*} {r pfcount hll hll}
-+ assert_error {*INVALIDOBJ*} {r pfdebug getreg hll}
-+ r ping
-+ }
-+
-+ test {Corrupted sparse HyperLogLogs doesn't cause overflow and out-of-bounds with ZERO opcode} {
-+ r del hll
-+
-+ # Create a sparse-encoded HyperLogLog header
-+ set pl [string cat "HYLL" [binary format c12 {1 0 0 0 0 0 0 0 0 0 0 0}]]
-+
-+ # # Create an ZERO opcode with the maximum run length of 64(2^6)
-+ set chunk [binary format c [expr {0b00000000 | 0x3f}]]
-+ # Fill the HLL with more than 33554432(2^17) ZERO opcodes to make the total
-+ # run length exceed 4GB, will cause an integer overflow.
-+ set repeat [expr 33554432 + 1000]
-+ for {set i 0} {$i < $repeat} {incr i} {
-+ append pl $chunk
-+ }
-+
-+ # Create a VAL opcode with a value that will cause out-of-bounds.
-+ append pl [binary format c 0b11111111]
-+ r set hll $pl
-+
-+ # This should not overflow and out-of-bounds.
-+ assert_error {*INVALIDOBJ*} {r pfcount hll hll}
-+ assert_error {*INVALIDOBJ*} {r pfdebug getreg hll}
-+ r ping
-+ }
-+
- test {Corrupted dense HyperLogLogs are detected: Wrong length} {
- r del hll
- r pfadd hll a b c
-2.49.0
-
similarity index 95%
rename from meta-oe/recipes-extended/redis/redis_7.2.8.bb
rename to meta-oe/recipes-extended/redis/redis_7.2.11.bb
@@ -16,10 +16,9 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
file://0004-src-Do-not-reset-FINAL_LIBS.patch \
file://0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
- file://CVE-2025-32023.patch \
"
-SRC_URI[sha256sum] = "6be4fdfcdb2e5ac91454438246d00842d2671f792673390e742dfcaf1bf01574"
+SRC_URI[sha256sum] = "2f9886eca68d30114ad6a01da65631f8007d802fd3e6c9fac711251e6390323d"
inherit autotools-brokensep pkgconfig update-rc.d systemd useradd