[meta-oe,scarthgap,3/3] redis: upgrade 6.2.18 -> 6.2.20

Message ID	20251015042222.121285-3-vanusuri@mvista.com
State	New
Headers	show Return-Path: <vanusuri@mvista.com> ip: 209.85.210.175, mailfrom: vanusuri@mvista.com) From: vanusuri@mvista.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari <skandigraun@gmail.com>, Khem Raj <raj.khem@gmail.com>, Vijay Anusuri <vanusuri@mvista.com> Subject: [oe][meta-oe][scarthgap][PATCH 3/3] redis: upgrade 6.2.18 -> 6.2.20 Date: Wed, 15 Oct 2025 09:52:22 +0530 Message-Id: <20251015042222.121285-3-vanusuri@mvista.com> In-Reply-To: <20251015042222.121285-1-vanusuri@mvista.com> References: <20251015042222.121285-1-vanusuri@mvista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,scarthgap,1/3] redis: upgrade 6.2.14 -> 6.2.16 \| expand [meta-oe,scarthgap,1/3] redis: upgrade 6.2.14 -> 6.2.16 [meta-oe,scarthgap,2/3] redis: upgrade 6.2.16 -> 6.2.18 [meta-oe,scarthgap,3/3] redis: upgrade 6.2.18 -> 6.2.20

Message ID

20251015042222.121285-3-vanusuri@mvista.com

State

New

Headers

From: vanusuri@mvista.com
To: openembedded-devel@lists.openembedded.org
Cc: Gyorgy Sarvari <skandigraun@gmail.com>,
	Khem Raj <raj.khem@gmail.com>,
	Vijay Anusuri <vanusuri@mvista.com>
Subject: [oe][meta-oe][scarthgap][PATCH 3/3] redis: upgrade 6.2.18 -> 6.2.20
Date: Wed, 15 Oct 2025 09:52:22 +0530
Message-Id: <20251015042222.121285-3-vanusuri@mvista.com>
In-Reply-To: <20251015042222.121285-1-vanusuri@mvista.com>
References: <20251015042222.121285-1-vanusuri@mvista.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,scarthgap,1/3] redis: upgrade 6.2.14 -> 6.2.16 | expand

Commit Message

Vijay Anusuri Oct. 15, 2025, 4:22 a.m. UTC

From: Gyorgy Sarvari <skandigraun@gmail.com>

Changelog:

6.2.19:
(CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
(CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error

6.2.20:
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a22715b82584696dec489914d8bb9ccf73b5600)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 .../recipes-extended/redis/{redis_6.2.18.bb => redis_6.2.20.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-extended/redis/{redis_6.2.18.bb => redis_6.2.20.bb} (96%)

Comments

Vijay Anusuri Oct. 30, 2025, 4:09 p.m. UTC | #1

Hi Team,

Any Update on this ?

Thanks & Regards,
Vijay

On Wed, Oct 15, 2025 at 9:52 AM <vanusuri@mvista.com> wrote:

> From: Gyorgy Sarvari <skandigraun@gmail.com>
>
> Changelog:
>
> 6.2.19:
> (CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
> (CVE-2025-48367) Retry accepting other connections even if the accepted
> connection reports an error
>
> 6.2.20:
> (CVE-2025-49844) A Lua script may lead to remote code execution
> (CVE-2025-46817) A Lua script may lead to integer overflow and potential
> RCE
> (CVE-2025-46818) A Lua script can be executed in the context of another
> user
> (CVE-2025-46819) LUA out-of-bound read
>
> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> (cherry picked from commit 1a22715b82584696dec489914d8bb9ccf73b5600)
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---
>  .../recipes-extended/redis/{redis_6.2.18.bb => redis_6.2.20.bb} | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>  rename meta-oe/recipes-extended/redis/{redis_6.2.18.bb => redis_6.2.20.bb}
> (96%)
>
> diff --git a/meta-oe/recipes-extended/redis/redis_6.2.18.bb
> b/meta-oe/recipes-extended/redis/redis_6.2.20.bb
> similarity index 96%
> rename from meta-oe/recipes-extended/redis/redis_6.2.18.bb
> rename to meta-oe/recipes-extended/redis/redis_6.2.20.bb
> index a5938b641a..6eaf885f2f 100644
> --- a/meta-oe/recipes-extended/redis/redis_6.2.18.bb
> +++ b/meta-oe/recipes-extended/redis/redis_6.2.20.bb
> @@ -18,7 +18,7 @@ SRC_URI = "
> http://download.redis.io/releases/${BP}.tar.gz \
>             file://0006-Define-correct-gregs-for-RISCV32.patch \
>            "
>
> -SRC_URI[sha256sum] =
> "470c75bac73d7390be4dd66479c6f29e86371c5d380ce0c7efb4ba2bbda3612d"
> +SRC_URI[sha256sum] =
> "7f8b8a7aed53c445a877adf9e3743cdd323518524170135a58c0702f2dba6ef4"
>
>  inherit autotools-brokensep update-rc.d systemd useradd
>
> --
> 2.25.1
>
>

diff --git a/meta-oe/recipes-extended/redis/redis_6.2.18.bb b/meta-oe/recipes-extended/redis/redis_6.2.20.bb
similarity index 96%
rename from meta-oe/recipes-extended/redis/redis_6.2.18.bb
rename to meta-oe/recipes-extended/redis/redis_6.2.20.bb
index a5938b641a..6eaf885f2f 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.18.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.20.bb
@@ -18,7 +18,7 @@  SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
           "
 
-SRC_URI[sha256sum] = "470c75bac73d7390be4dd66479c6f29e86371c5d380ce0c7efb4ba2bbda3612d"
+SRC_URI[sha256sum] = "7f8b8a7aed53c445a877adf9e3743cdd323518524170135a58c0702f2dba6ef4"
 
 inherit autotools-brokensep update-rc.d systemd useradd

[meta-oe,scarthgap,3/3] redis: upgrade 6.2.18 -> 6.2.20

Commit Message

Comments

Patch