deleted file mode 100644
@@ -1,72 +0,0 @@
-From 7f486ea6eebf0afce74f2e59763b9b82b78629dc Mon Sep 17 00:00:00 2001
-From: Yossi Gottlieb <yossigo@gmail.com>
-Date: Wed, 11 Oct 2023 22:45:34 +0300
-Subject: [PATCH] Fix issue of listen before chmod on Unix sockets
- (CVE-2023-45145)
-
-Before this commit, Unix socket setup performed chmod(2) on the socket
-file after calling listen(2). Depending on what umask is used, this
-could leave the file with the wrong permissions for a short period of
-time. As a result, another process could exploit this race condition and
-establish a connection that would otherwise not be possible.
-
-We now make sure the socket permissions are set up prior to calling
-listen(2).
-
-(cherry picked from commit a11b3bc34a054818f2ac70e50adfc542ca1cba42)
-
-CVE: CVE-2023-45145
-
-Upstream-Status: Backport [https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc]
-
-Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
----
- src/anet.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/src/anet.c b/src/anet.c
-index a121c27..91f6171 100644
---- a/src/anet.c
-+++ b/src/anet.c
-@@ -397,13 +397,16 @@ int anetUnixGenericConnect(char *err, const char *path, int flags)
- return s;
- }
-
--static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) {
-+static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) {
- if (bind(s,sa,len) == -1) {
- anetSetError(err, "bind: %s", strerror(errno));
- close(s);
- return ANET_ERR;
- }
-
-+ if (sa->sa_family == AF_LOCAL && perm)
-+ chmod(((struct sockaddr_un *) sa)->sun_path, perm);
-+
- if (listen(s, backlog) == -1) {
- anetSetError(err, "listen: %s", strerror(errno));
- close(s);
-@@ -447,7 +450,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl
-
- if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error;
- if (anetSetReuseAddr(err,s) == ANET_ERR) goto error;
-- if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR;
-+ if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog,0) == ANET_ERR) s = ANET_ERR;
- goto end;
- }
- if (p == NULL) {
-@@ -484,10 +487,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog)
- memset(&sa,0,sizeof(sa));
- sa.sun_family = AF_LOCAL;
- strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1);
-- if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR)
-+ if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR)
- return ANET_ERR;
-- if (perm)
-- chmod(sa.sun_path, perm);
- return s;
- }
-
-2.40.0
-
deleted file mode 100644
@@ -1,68 +0,0 @@
-From 9317bf64659b33166a943ec03d5d9b954e86afb0 Mon Sep 17 00:00:00 2001
-From: Oran Agra <oran@redislabs.com>
-Date: Wed, 2 Oct 2024 20:11:01 +0300
-Subject: [PATCH] Prevent pattern matching abuse (CVE-2024-31228)
-
-CVE: CVE-2024-31228
-
-Upstream-Status: Backport[https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0]
-
-Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
----
- src/util.c | 9 ++++++---
- tests/unit/keyspace.tcl | 6 ++++++
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/src/util.c b/src/util.c
-index e122a26..5763a2b 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -46,8 +46,11 @@
-
- /* Glob-style pattern matching. */
- static int stringmatchlen_impl(const char *pattern, int patternLen,
-- const char *string, int stringLen, int nocase, int *skipLongerMatches)
-+ const char *string, int stringLen, int nocase, int *skipLongerMatches, int nesting)
- {
-+ /* Protection against abusive patterns. */
-+ if (nesting > 1000) return 0;
-+
- while(patternLen && stringLen) {
- switch(pattern[0]) {
- case '*':
-@@ -59,7 +62,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
- return 1; /* match */
- while(stringLen) {
- if (stringmatchlen_impl(pattern+1, patternLen-1,
-- string, stringLen, nocase, skipLongerMatches))
-+ string, stringLen, nocase, skipLongerMatches, nesting+1))
- return 1; /* match */
- if (*skipLongerMatches)
- return 0; /* no match */
-@@ -181,7 +184,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
- int stringmatchlen(const char *pattern, int patternLen,
- const char *string, int stringLen, int nocase) {
- int skipLongerMatches = 0;
-- return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
-+ return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches,0);
- }
-
- int stringmatch(const char *pattern, const char *string, int nocase) {
-diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
-index 92029a7..70bc252 100644
---- a/tests/unit/keyspace.tcl
-+++ b/tests/unit/keyspace.tcl
-@@ -485,4 +485,10 @@ start_server {tags {"keyspace"}} {
- r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
- r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b"
- } {}
-+
-+ test {Regression for pattern matching very long nested loops} {
-+ r flushdb
-+ r SET [string repeat "a" 50000] 1
-+ r KEYS [string repeat "*?" 50000]
-+ } {}
- }
-2.40.0
-
deleted file mode 100644
@@ -1,49 +0,0 @@
-From 1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 Mon Sep 17 00:00:00 2001
-From: Oran Agra <oran@redislabs.com>
-Date: Wed, 2 Oct 2024 19:54:06 +0300
-Subject: [PATCH] Fix lua bit.tohex (CVE-2024-31449)
-
-INT_MIN value must be explicitly checked, and cannot be negated.
-
-CVE: CVE-2024-31449
-
-Upstream-Status: Backport [https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9]
-
-Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
----
- deps/lua/src/lua_bit.c | 1 +
- tests/unit/scripting.tcl | 6 ++++++
- 2 files changed, 7 insertions(+)
-
-diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c
-index 690df7d..a459ca9 100644
---- a/deps/lua/src/lua_bit.c
-+++ b/deps/lua/src/lua_bit.c
-@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L)
- const char *hexdigits = "0123456789abcdef";
- char buf[8];
- int i;
-+ if (n == INT32_MIN) n = INT32_MIN+1;
- if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; }
- if (n > 8) n = 8;
- for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; }
-diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
-index 9f5ee77..5e2a7f8 100644
---- a/tests/unit/scripting.tcl
-+++ b/tests/unit/scripting.tcl
-@@ -406,6 +406,12 @@ start_server {tags {"scripting"}} {
- set e
- } {ERR*Attempt to modify a readonly table*}
-
-+ test {lua bit.tohex bug} {
-+ set res [r eval {return bit.tohex(65535, -2147483648)} 0]
-+ r ping
-+ set res
-+ } {0000FFFF}
-+
- test {Test an example script DECR_IF_GT} {
- set decr_if_gt {
- local current
-2.40.0
-
deleted file mode 100644
@@ -1,39 +0,0 @@
-From e344b2b5879aa52870e6838212dfb78b7968fcbf Mon Sep 17 00:00:00 2001
-From: YaacovHazan <yaacov.hazan@redis.com>
-Date: Sun, 15 Dec 2024 21:33:11 +0200
-Subject: [PATCH] Fix LUA garbage collector (CVE-2024-46981)
-
-Reset GC state before closing the lua VM to prevent user data
-to be wrongly freed while still might be used on destructor callbacks.
-
-Conflicts:
-Since luaCtx lctx structure introduced in later versions [1]
-used already existed redisServer server structure.
-
-Reference:
-[1] https://github.com/redis/redis/commit/e0cd580aefe13e49df802fec5135e4f22d46e758
-
-CVE: CVE-2024-46981
-
-Upstream-Status: Backport [https://github.com/redis/redis/commit/e344b2b5879aa52870e6838212dfb78b7968fcbf]
-
-Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
----
- src/scripting.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/scripting.c b/src/scripting.c
-index 9b926e8..656d4dd 100644
---- a/src/scripting.c
-+++ b/src/scripting.c
-@@ -1467,6 +1467,7 @@ void scriptingRelease(int async) {
- else
- dictRelease(server.lua_scripts);
- server.lua_scripts_mem = 0;
-+ lua_gc(server.lua, LUA_GCCOLLECT, 0);
- lua_close(server.lua);
- }
-
-2.40.0
-
similarity index 90%
rename from meta-oe/recipes-extended/redis/redis_6.2.12.bb
rename to meta-oe/recipes-extended/redis/redis_6.2.21.bb
@@ -16,12 +16,8 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
file://0001-src-Do-not-reset-FINAL_LIBS.patch \
file://GNU_SOURCE.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
- file://CVE-2023-45145.patch \
- file://CVE-2024-31228.patch \
- file://CVE-2024-31449.patch \
- file://CVE-2024-46981.patch \
"
-SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b"
+SRC_URI[sha256sum] = "6383b32ba8d246f41bbbb83663381f5a5f4c4713235433cec22fc4a47e9b6d5f"
inherit autotools-brokensep update-rc.d systemd useradd
This upgrade contains a list of vunerability fixes: CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-32023, CVE-2025-48367, CVE-2025-21605, CVE-2024-46981, CVE-2024-31449, CVE-2024-31228, CVE-2023-45145, CVE-2022-24834 Dropped the CVE patches that are included above. Release notes: https://github.com/redis/redis/blob/6.2.21/00-RELEASENOTES Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../redis/redis/CVE-2023-45145.patch | 72 ------------------- .../redis/redis/CVE-2024-31228.patch | 68 ------------------ .../redis/redis/CVE-2024-31449.patch | 49 ------------- .../redis/redis/CVE-2024-46981.patch | 39 ---------- .../{redis_6.2.12.bb => redis_6.2.21.bb} | 6 +- 5 files changed, 1 insertion(+), 233 deletions(-) delete mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2023-45145.patch delete mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch delete mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2024-31449.patch delete mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2024-46981.patch rename meta-oe/recipes-extended/redis/{redis_6.2.12.bb => redis_6.2.21.bb} (90%)