From patchwork Sun Nov 23 16:17:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75253 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63ADBCFD313 for ; Sun, 23 Nov 2025 16:17:39 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.16389.1763914655257818527 for ; Sun, 23 Nov 2025 08:17:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ml+PlS8F; spf=pass (domain: gmail.com, ip: 209.85.221.48, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-42b566859ecso3165974f8f.2 for ; Sun, 23 Nov 2025 08:17:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763914654; x=1764519454; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=0ukY/NhaIPTjyk1D/r3l4nQvB27kkE7IwsQjs4kjq1g=; b=ml+PlS8FBXedoyk1kbCGUNoAnwZAgWkCaQHbnbGaBXU0Xaq183RIJ6PAbT7zuq0weS KnTWLR403GmHBfoeFE1G7d9UyG5WuPHLOHJ63CoT0zPv8fXpVED7f+bVFrMpULeibiGI Dw/+DeAZuKmjDrH2F7zahlEEbPzcW4/vAOkAb9G646GPuR/b/iYsRnvf1ve0rH3becNF LaS0pu6bAZDm7aSxj8gBZKeF3fgO7p3SwAOuUnbDhDITz5mduWH2zjeMHOFFJttAAWUS 7D4ij6vpkUvvJgZFan1XS42do6lf20HORXx2PkGTMEby+koGN+2XIRrHv1s8H6MFCcoh wQpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763914654; x=1764519454; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0ukY/NhaIPTjyk1D/r3l4nQvB27kkE7IwsQjs4kjq1g=; b=Y9H2Tp1Jnk073+7w0NAg+5/vfENXSZWB2WD+Z96qbVpGTPUXQqixdLSkaz6Kla09oz b9161o9M7WXov/BLkSMt0AX3+aOJ35pVpGtW8JK6QxjhAwewKtuXEQ5JQTNKUaedDlYh HflE8UtBZdF2K6JEN69bOjydjsjEBL3Psz2khC29foAtzniVDXAYJbc0dGojQJkRcKtb c1Kfzax0JRURv1qUKvAXqKgM/nhVkkTKuaK6m5waBz9xCgQGlDCHRACQ2jWWxzTyxZqa DqlgBAqiZB0H5CNu205gcAXvZdt/cLF+wvsv0h/zM+HfkKUxbz2FHt30kcXlLZt1vO3n xQbQ== X-Gm-Message-State: AOJu0Yz9twkJuDm07e/IpyUduhFE17qTsBoWsV+9A/wUqSgKxvH3pcqA 6stwdY+YqxApyWp7nGqt2aUUZpUlp+cOnCinn6uO4oisPLE0AB3GXqOZy0zFINpi X-Gm-Gg: ASbGncsCd4nCSDfsVeYEQPW8+vLYA4SvU/Qx3MCmf4p15ByN90xGJ5dnH/eUk3Kru4x IAYomSfgO09pROkfPAIr9GJGOdjLqR/y/5hcvVANH1PSaRPRk/1Z/PL3TvY+/9wJCiaK3Tc/oSt 3fyRiG5iKn3VE7abQstLGEU5O2WkO9BXzHWVu0PmHgkCg7KE22rNb1drlKGAo6YOzRRXfH5DDqB eU4ktMFCTsZG9sKfIgvlzavJimnQ0zvOZ5bNnnSl+q8CRsAZSxx8lR1p9WA2z+xIUoUEWYaoELa xTKtGRoBk0mUqa9A9kqECRawYSpkvVilOe7PvjNLoBB5Gx3J5kx3q9RC00DBiagahfuQmsIu+GM ZVsGXP8Ae1GfzzDsFsyowSlItNiyEJI4GiUy+oXxHgRJB5c3ZYpmdxnBNa5NzwwB8xIytAkiOJ8 DCNJ0ubRrLHdL6O95UX1I= X-Google-Smtp-Source: AGHT+IHsLYI3grnjUTzNRts8iIgiURaLPnSSEJ3sHi0gZ7q7JECYa6ntydG3WXR+tiLfQ/PwRslYhQ== X-Received: by 2002:a05:6000:1448:b0:42b:3746:3b82 with SMTP id ffacd0b85a97d-42cc1d230a8mr9044343f8f.54.1763914653452; Sun, 23 Nov 2025 08:17:33 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42cb7fa3592sm22279416f8f.21.2025.11.23.08.17.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 08:17:33 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 1/4] redis: ignore CVE-2022-3734 and CVE-2022-0543 Date: Sun, 23 Nov 2025 17:17:29 +0100 Message-ID: <20251123161732.1875494-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 23 Nov 2025 16:17:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121993 CVE-2022-3734 only affects Windows. CVE-2022-0543 affects only packages that were packaged for Debian and Debian-derivative distros. Neither of these issues is present in upstream Redis. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 8f1269507ad95d56aeab3cdd0c0178e194506ca8) Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE) Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-extended/redis/redis_6.2.12.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta-oe/recipes-extended/redis/redis_6.2.12.bb b/meta-oe/recipes-extended/redis/redis_6.2.12.bb index 0fdd3da327..5de97c5e77 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.12.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.12.bb @@ -25,6 +25,11 @@ SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff7033 inherit autotools-brokensep update-rc.d systemd useradd +# not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged version +CVE_CHECK_IGNORE += "CVE-2022-0543" +# not-applicable-config: only affects Windows +CVE_CHECK_IGNORE += "CVE-2022-3734" + FINAL_LIBS:x86:toolchain-clang = "-latomic" FINAL_LIBS:riscv32:toolchain-clang = "-latomic" FINAL_LIBS:mips = "-latomic" From patchwork Sun Nov 23 16:17:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75251 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 620C4CFA46B for ; Sun, 23 Nov 2025 16:17:39 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.16390.1763914656025744262 for ; Sun, 23 Nov 2025 08:17:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CgcErVaw; spf=pass (domain: gmail.com, ip: 209.85.221.44, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-42b3108f41fso2056982f8f.3 for ; Sun, 23 Nov 2025 08:17:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763914654; x=1764519454; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=q2ACN2c0h49+R6xlW8XM7LrZBEhBoVeQJcTBuzKqDBo=; b=CgcErVaw2ESeuqaBz3Dmq8geC6HTHEjsFVQhp2iyuy9HJP7joEuRAdEKvI5nn6GQVX qcOeruTV4rfasDRKrYSHT1/6K7d0rRRR6Q+Uz3j46EXCWMFBv2W3uxt8yccTLDRCusHf +JlTzwwRCjxBlpOPsLFfAiagKeF817LuKFg88Tj90jrL3Oxv+a6PKH8hwxaHGFZ2L4h3 alylgFY3xz6/shPsixg+BtIoMAeafb3aeQF7p/Ciu1HnslGyHFgrGHfYUz4m+rmCnyvU 6qzxNVDcV2W2+/hcPC+ho2kCd4W9uykZj5TCDCDH+CtXnX4OyPQsUEdAJ/Zj2RgRdOg3 aWuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763914654; x=1764519454; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=q2ACN2c0h49+R6xlW8XM7LrZBEhBoVeQJcTBuzKqDBo=; b=QpwbVcvtEsZILIZZxiRzZITuiZBYupUBMQAsOZRS2nx/rXK1nTyOZMqooM/482MNNM MyQnXYs1n7yD2TSECaUm4ooJ/7gPt97g/dqliRsHWEobUX4PZqYU2X5KQ2FNUNXx7cds i6IDY9o3W8zNmVc9rz3ZGM87XAJ9H/j90Aq4WDlInvHT596VAXnJbN6aktlvnL9YkuU/ 7n7GQwYEa+ctlYcPfdF3bafkOY4J4KqBrD50UcD/ys1IwAHZIR2wCgqnuiBfVq7UJgBV RZrtj4/25TNYQdWQL2Pe3r8rDm5LqT42ftXrMYktfP8Arg/DCIO+kkRMxe0x/wzbtAKe kIaA== X-Gm-Message-State: AOJu0YzFmnDkbqxiWKeKEB/8s0FnxNLftlAbK2sFzvWNApI60REwOBnF 8WSgr2F/JLwn8y0wxIkzn7Ta5b0GyRFOIKG7uyI8No/JKvlQscBMhrHLQHLECv9T X-Gm-Gg: ASbGnctXkEz/kysIv6DocodY8/CcdhzQqk2cUzH9uWjW6J82CsBme7HS99yg58RWeGx jtCj5N/Ks/AKfCpnJ7T28+lig2X2OstTC0ck/NXqHnat1WhMskEVfealOd0+aIHmtTCkoKaoqGQ VEtfMJEIfdIIJ+AOgxIX1lvuhZ4CgTVovJs9G9Npz5ReJDLDdnkjcxJmcyHmHOGGVmLBrMeSRq8 XnbbrQwpJuBDq6nbLcM0Ir+2X/jT0l8viIBbU4ldKpGNK4gtRKaD4XGjnwuyz9byrdmSqaxfTTZ jgYMTnBwW2WCigyvaWCyUYTGq58dIa5dygccJ+0I1gMjt4H1BXtjLcznY+7idoABC1GIg20ZA4r TUfh1Wq/zRRbAYRYBhaIXqcforyLs9epnVmHpt/hktyC3AXskfS8+sE7tzWRipGtAbEnJ9TpbPq /5Jf58FD2V X-Google-Smtp-Source: AGHT+IEtGRNzbSMImyu+xnvsqydAxs9D1FEhtnjW+qFR+vdM2+Cc47+cTOs8cSivW8r95g4vTcUmDA== X-Received: by 2002:a5d:64c7:0:b0:42b:4061:2416 with SMTP id ffacd0b85a97d-42cc1d19643mr9007432f8f.52.1763914654253; Sun, 23 Nov 2025 08:17:34 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42cb7fa3592sm22279416f8f.21.2025.11.23.08.17.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 08:17:33 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 2/4] redis: upgrade 6.2.12 -> 6.2.21 Date: Sun, 23 Nov 2025 17:17:30 +0100 Message-ID: <20251123161732.1875494-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251123161732.1875494-1-skandigraun@gmail.com> References: <20251123161732.1875494-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 23 Nov 2025 16:17:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121994 This upgrade contains a list of vunerability fixes: CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-32023, CVE-2025-48367, CVE-2025-21605, CVE-2024-46981, CVE-2024-31449, CVE-2024-31228, CVE-2023-45145, CVE-2022-24834 Dropped the CVE patches that are included above. Release notes: https://github.com/redis/redis/blob/6.2.21/00-RELEASENOTES Signed-off-by: Gyorgy Sarvari --- .../redis/redis/CVE-2023-45145.patch | 72 ------------------- .../redis/redis/CVE-2024-31228.patch | 68 ------------------ .../redis/redis/CVE-2024-31449.patch | 49 ------------- .../redis/redis/CVE-2024-46981.patch | 39 ---------- .../{redis_6.2.12.bb => redis_6.2.21.bb} | 6 +- 5 files changed, 1 insertion(+), 233 deletions(-) delete mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2023-45145.patch delete mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch delete mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2024-31449.patch delete mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2024-46981.patch rename meta-oe/recipes-extended/redis/{redis_6.2.12.bb => redis_6.2.21.bb} (90%) diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2023-45145.patch b/meta-oe/recipes-extended/redis/redis/CVE-2023-45145.patch deleted file mode 100644 index f132deb83a..0000000000 --- a/meta-oe/recipes-extended/redis/redis/CVE-2023-45145.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 7f486ea6eebf0afce74f2e59763b9b82b78629dc Mon Sep 17 00:00:00 2001 -From: Yossi Gottlieb -Date: Wed, 11 Oct 2023 22:45:34 +0300 -Subject: [PATCH] Fix issue of listen before chmod on Unix sockets - (CVE-2023-45145) - -Before this commit, Unix socket setup performed chmod(2) on the socket -file after calling listen(2). Depending on what umask is used, this -could leave the file with the wrong permissions for a short period of -time. As a result, another process could exploit this race condition and -establish a connection that would otherwise not be possible. - -We now make sure the socket permissions are set up prior to calling -listen(2). - -(cherry picked from commit a11b3bc34a054818f2ac70e50adfc542ca1cba42) - -CVE: CVE-2023-45145 - -Upstream-Status: Backport [https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc] - -Signed-off-by: Divya Chellam ---- - src/anet.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/anet.c b/src/anet.c -index a121c27..91f6171 100644 ---- a/src/anet.c -+++ b/src/anet.c -@@ -397,13 +397,16 @@ int anetUnixGenericConnect(char *err, const char *path, int flags) - return s; - } - --static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) { -+static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) { - if (bind(s,sa,len) == -1) { - anetSetError(err, "bind: %s", strerror(errno)); - close(s); - return ANET_ERR; - } - -+ if (sa->sa_family == AF_LOCAL && perm) -+ chmod(((struct sockaddr_un *) sa)->sun_path, perm); -+ - if (listen(s, backlog) == -1) { - anetSetError(err, "listen: %s", strerror(errno)); - close(s); -@@ -447,7 +450,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl - - if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error; - if (anetSetReuseAddr(err,s) == ANET_ERR) goto error; -- if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR; -+ if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog,0) == ANET_ERR) s = ANET_ERR; - goto end; - } - if (p == NULL) { -@@ -484,10 +487,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog) - memset(&sa,0,sizeof(sa)); - sa.sun_family = AF_LOCAL; - strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1); -- if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR) -+ if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR) - return ANET_ERR; -- if (perm) -- chmod(sa.sun_path, perm); - return s; - } - --- -2.40.0 - diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch b/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch deleted file mode 100644 index d86e6c9e72..0000000000 --- a/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 9317bf64659b33166a943ec03d5d9b954e86afb0 Mon Sep 17 00:00:00 2001 -From: Oran Agra -Date: Wed, 2 Oct 2024 20:11:01 +0300 -Subject: [PATCH] Prevent pattern matching abuse (CVE-2024-31228) - -CVE: CVE-2024-31228 - -Upstream-Status: Backport[https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0] - -Signed-off-by: Divya Chellam ---- - src/util.c | 9 ++++++--- - tests/unit/keyspace.tcl | 6 ++++++ - 2 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/util.c b/src/util.c -index e122a26..5763a2b 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -46,8 +46,11 @@ - - /* Glob-style pattern matching. */ - static int stringmatchlen_impl(const char *pattern, int patternLen, -- const char *string, int stringLen, int nocase, int *skipLongerMatches) -+ const char *string, int stringLen, int nocase, int *skipLongerMatches, int nesting) - { -+ /* Protection against abusive patterns. */ -+ if (nesting > 1000) return 0; -+ - while(patternLen && stringLen) { - switch(pattern[0]) { - case '*': -@@ -59,7 +62,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen, - return 1; /* match */ - while(stringLen) { - if (stringmatchlen_impl(pattern+1, patternLen-1, -- string, stringLen, nocase, skipLongerMatches)) -+ string, stringLen, nocase, skipLongerMatches, nesting+1)) - return 1; /* match */ - if (*skipLongerMatches) - return 0; /* no match */ -@@ -181,7 +184,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen, - int stringmatchlen(const char *pattern, int patternLen, - const char *string, int stringLen, int nocase) { - int skipLongerMatches = 0; -- return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches); -+ return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches,0); - } - - int stringmatch(const char *pattern, const char *string, int nocase) { -diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl -index 92029a7..70bc252 100644 ---- a/tests/unit/keyspace.tcl -+++ b/tests/unit/keyspace.tcl -@@ -485,4 +485,10 @@ start_server {tags {"keyspace"}} { - r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1 - r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b" - } {} -+ -+ test {Regression for pattern matching very long nested loops} { -+ r flushdb -+ r SET [string repeat "a" 50000] 1 -+ r KEYS [string repeat "*?" 50000] -+ } {} - } --- -2.40.0 - diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2024-31449.patch b/meta-oe/recipes-extended/redis/redis/CVE-2024-31449.patch deleted file mode 100644 index 5004cd5ab6..0000000000 --- a/meta-oe/recipes-extended/redis/redis/CVE-2024-31449.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 Mon Sep 17 00:00:00 2001 -From: Oran Agra -Date: Wed, 2 Oct 2024 19:54:06 +0300 -Subject: [PATCH] Fix lua bit.tohex (CVE-2024-31449) - -INT_MIN value must be explicitly checked, and cannot be negated. - -CVE: CVE-2024-31449 - -Upstream-Status: Backport [https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9] - -Signed-off-by: Divya Chellam ---- - deps/lua/src/lua_bit.c | 1 + - tests/unit/scripting.tcl | 6 ++++++ - 2 files changed, 7 insertions(+) - -diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c -index 690df7d..a459ca9 100644 ---- a/deps/lua/src/lua_bit.c -+++ b/deps/lua/src/lua_bit.c -@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L) - const char *hexdigits = "0123456789abcdef"; - char buf[8]; - int i; -+ if (n == INT32_MIN) n = INT32_MIN+1; - if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; } - if (n > 8) n = 8; - for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; } -diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl -index 9f5ee77..5e2a7f8 100644 ---- a/tests/unit/scripting.tcl -+++ b/tests/unit/scripting.tcl -@@ -406,6 +406,12 @@ start_server {tags {"scripting"}} { - set e - } {ERR*Attempt to modify a readonly table*} - -+ test {lua bit.tohex bug} { -+ set res [r eval {return bit.tohex(65535, -2147483648)} 0] -+ r ping -+ set res -+ } {0000FFFF} -+ - test {Test an example script DECR_IF_GT} { - set decr_if_gt { - local current --- -2.40.0 - diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2024-46981.patch b/meta-oe/recipes-extended/redis/redis/CVE-2024-46981.patch deleted file mode 100644 index c02dd21271..0000000000 --- a/meta-oe/recipes-extended/redis/redis/CVE-2024-46981.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e344b2b5879aa52870e6838212dfb78b7968fcbf Mon Sep 17 00:00:00 2001 -From: YaacovHazan -Date: Sun, 15 Dec 2024 21:33:11 +0200 -Subject: [PATCH] Fix LUA garbage collector (CVE-2024-46981) - -Reset GC state before closing the lua VM to prevent user data -to be wrongly freed while still might be used on destructor callbacks. - -Conflicts: -Since luaCtx lctx structure introduced in later versions [1] -used already existed redisServer server structure. - -Reference: -[1] https://github.com/redis/redis/commit/e0cd580aefe13e49df802fec5135e4f22d46e758 - -CVE: CVE-2024-46981 - -Upstream-Status: Backport [https://github.com/redis/redis/commit/e344b2b5879aa52870e6838212dfb78b7968fcbf] - -Signed-off-by: Divya Chellam ---- - src/scripting.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/scripting.c b/src/scripting.c -index 9b926e8..656d4dd 100644 ---- a/src/scripting.c -+++ b/src/scripting.c -@@ -1467,6 +1467,7 @@ void scriptingRelease(int async) { - else - dictRelease(server.lua_scripts); - server.lua_scripts_mem = 0; -+ lua_gc(server.lua, LUA_GCCOLLECT, 0); - lua_close(server.lua); - } - --- -2.40.0 - diff --git a/meta-oe/recipes-extended/redis/redis_6.2.12.bb b/meta-oe/recipes-extended/redis/redis_6.2.21.bb similarity index 90% rename from meta-oe/recipes-extended/redis/redis_6.2.12.bb rename to meta-oe/recipes-extended/redis/redis_6.2.21.bb index 5de97c5e77..e81984c081 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.12.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb @@ -16,12 +16,8 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://0001-src-Do-not-reset-FINAL_LIBS.patch \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ - file://CVE-2023-45145.patch \ - file://CVE-2024-31228.patch \ - file://CVE-2024-31449.patch \ - file://CVE-2024-46981.patch \ " -SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b" +SRC_URI[sha256sum] = "6383b32ba8d246f41bbbb83663381f5a5f4c4713235433cec22fc4a47e9b6d5f" inherit autotools-brokensep update-rc.d systemd useradd From patchwork Sun Nov 23 16:17:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75252 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6749ACFC518 for ; Sun, 23 Nov 2025 16:17:39 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.16392.1763914657935808532 for ; Sun, 23 Nov 2025 08:17:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=U56wcRJR; spf=pass (domain: gmail.com, ip: 209.85.221.49, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-42b3669ca3dso1423080f8f.0 for ; Sun, 23 Nov 2025 08:17:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763914656; x=1764519456; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=N0Nulbj7A6RnQntK6pTXJ+pmrfbDhgFs+iq4SOnHlPU=; b=U56wcRJR/R0hHaowDWo2h4a8Rgia8veqe2hFbVjLrSoGwOa4uVyT7WJtd/w0F1qtXY +ySKvGtNplRPWbLe87tT7nedI6tXAJzlanKVOf8pcbfWp7g8ZXwNEfplGVsXs1lyr5j1 dAuKDN9AZS44l+IBAGnXDkJD4oGgFFPv37/+Epdatym4TmlN8IFxV5XcIMRrnPxuIa7p HogMs8H0MVJSqZFTX71kwpvOiRnbTmrgOulpdfnA2HmuhtLzjNJPIWFBHJhZZGhI6xJ5 C44olTJK99iKcRhNKmCQZNvqH9shOcYWxuPjW8bfYXhOY/QwjrugFUrjphHrlu6/efJZ AAyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763914656; x=1764519456; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=N0Nulbj7A6RnQntK6pTXJ+pmrfbDhgFs+iq4SOnHlPU=; b=O/dqljiiIxDSv7pt5XB9sxjn5abVTS3EMwQsXEEChJ1l0XEQxXf722gF5uEqCpMf1C m2qUHHgn8VRiQly1EMxMfnemUoRxSq91DAPiTJHcJc6zptGV3h7MtJ0xeHsy/BbXjEFy Yl3IHT8oLH35RB81b6VuP9cttyuFeY2ROe3fFe71b0IkAPSoNU/zKJkVWyX1kvwBcde/ ryNoJ6R2eJgL/tTY8joItE4uspRqkMn00q5PW/6nrzZHBu5f9wr8n5xYN1R+tlUnogSg 8D79qqjG/VDdSVD/qUP9w0QBYTjRByfgl/VYbLAQ2ypDtg6+hl2HQ8bkKQE92tOY7XlR Y/Lg== X-Gm-Message-State: AOJu0Yz8pzGnVX4j/E6ZME5ZCrljW4pfdOlsyzYcAhcia5YARBjXHZlg 9IH6jIL5vgB4uZmlbM+bGAb1ENhBRxeGKdklciDpb60SxM/gI+DTpGOsdL1q7awB X-Gm-Gg: ASbGncuBuR6+fUhVNxJJfxXh8NT58X44T1/OLd4E0dy3sY61qGSz5xgED8Nvc52tNCc 0Mo8aMqRQ1x20XRgqoS6R6kHSrbKNnBoMXbyJt+r2mBUKadClTcTWSa6ICzeZo8tgVyeDFry2Q1 hqRFQBlsD60org7eXQZFAKhCTI2p+EIXSk1EySzp21ooftK7SpCQo5pDziHpF4zYtGDDI/wJx0+ LysK3VwNwt6F2G+H2d846ZcAwwyQVPedSYlghsTx+b9z6wAfUmINwPaYJdMufO7Ug8Ku2yeiWJb J/xT5dwTaz0/NY3KPsEPypoUpySCUNOe9yhgbmy7qLxOwJfgWNafe7I5z5AxMuXBWJHXIpOjZrH fEwq0FbbVXKcoDwjZCS21b94/qf5eec0LKg2rrYWEIcwHiRa7KEknB0BwTSXCl2/P3Qr0OBCSnr 7TH8swZqiJ X-Google-Smtp-Source: AGHT+IGjPe1Ts8Es2BMllhxH3MyFRZwnqH9cvx5gZkltjPmgyRQL3w+lfZC64OQs3rO2tYFOj9cdTw== X-Received: by 2002:a05:6000:230c:b0:42b:3272:c4a7 with SMTP id ffacd0b85a97d-42cc1d0cfc3mr8437365f8f.29.1763914656037; Sun, 23 Nov 2025 08:17:36 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42cb7fa3592sm22279416f8f.21.2025.11.23.08.17.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 08:17:34 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 3/4] redis: upgrade 7.0.13 -> 7.0.15 Date: Sun, 23 Nov 2025 17:17:31 +0100 Message-ID: <20251123161732.1875494-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251123161732.1875494-1-skandigraun@gmail.com> References: <20251123161732.1875494-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 23 Nov 2025 16:17:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121995 Contains fixes for CVE-2023-41056 and CVE-2023-45145. Dropped the backported patches that are included. Release notes: https://github.com/redis/redis/blob/7.0.15/00-RELEASENOTES Signed-off-by: Gyorgy Sarvari --- .../redis/redis-7.0.13/CVE-2023-41056.patch | 63 ---------------- .../redis/redis-7.0.13/CVE-2023-45145.patch | 72 ------------------- .../0001-src-Do-not-reset-FINAL_LIBS.patch | 0 ...006-Define-correct-gregs-for-RISCV32.patch | 0 .../CVE-2024-31227.patch | 0 .../CVE-2024-31228.patch | 0 .../CVE-2024-31449.patch | 0 .../CVE-2024-46981.patch | 0 .../CVE-2024-51741.patch | 0 .../CVE-2025-21605.patch | 0 .../CVE-2025-27151.patch | 0 .../CVE-2025-32023.patch | 0 .../CVE-2025-46817.patch | 0 .../CVE-2025-46818.patch | 0 .../CVE-2025-46819.patch | 0 .../CVE-2025-48367.patch | 0 .../CVE-2025-49844.patch | 0 .../GNU_SOURCE-7.patch | 0 .../hiredis-use-default-CC-if-it-is-set.patch | 0 .../init-redis-server | 0 ...ile-to-use-environment-build-setting.patch | 0 .../oe-use-libc-malloc.patch | 0 .../{redis-7.0.13 => redis-7.0.15}/redis.conf | 0 .../redis.service | 0 .../{redis_7.0.13.bb => redis_7.0.15.bb} | 4 +- 25 files changed, 1 insertion(+), 138 deletions(-) delete mode 100644 meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2023-41056.patch delete mode 100644 meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2023-45145.patch rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/0001-src-Do-not-reset-FINAL_LIBS.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/0006-Define-correct-gregs-for-RISCV32.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2024-31227.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2024-31228.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2024-31449.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2024-46981.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2024-51741.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2025-21605.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2025-27151.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2025-32023.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2025-46817.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2025-46818.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2025-46819.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2025-48367.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/CVE-2025-49844.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/GNU_SOURCE-7.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/hiredis-use-default-CC-if-it-is-set.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/init-redis-server (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/lua-update-Makefile-to-use-environment-build-setting.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/oe-use-libc-malloc.patch (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/redis.conf (100%) rename meta-oe/recipes-extended/redis/{redis-7.0.13 => redis-7.0.15}/redis.service (100%) rename meta-oe/recipes-extended/redis/{redis_7.0.13.bb => redis_7.0.15.bb} (94%) diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2023-41056.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2023-41056.patch deleted file mode 100644 index 036e62c8f0..0000000000 --- a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2023-41056.patch +++ /dev/null @@ -1,63 +0,0 @@ -From e351099e1119fb89496be578f5232c61ce300224 Mon Sep 17 00:00:00 2001 -From: Oran Agra -Date: Sun, 7 Jan 2024 12:32:44 +0200 -Subject: [PATCH] Fix possible corruption in sdsResize (CVE-2023-41056) - -#11766 introduced a bug in sdsResize where it could forget to update -the sds type in the sds header and then cause an overflow in sdsalloc. -it looks like the only implication of that is a possible assertion in HLL, -but it's hard to rule out possible heap corruption issues with clientsCronResizeQueryBuffer - -CVE: CVE-2023-41056 - -Upstream-Status: Backport [https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224] - -Signed-off-by: Divya Chellam ---- - src/sds.c | 30 ++++++++++++++++-------------- - 1 file changed, 16 insertions(+), 14 deletions(-) - -diff --git a/src/sds.c b/src/sds.c -index 8e5863a..71490d5 100644 ---- a/src/sds.c -+++ b/src/sds.c -@@ -348,20 +348,22 @@ sds sdsResize(sds s, size_t size, int would_regrow) { - * type. */ - int use_realloc = (oldtype==type || (type < oldtype && type > SDS_TYPE_8)); - size_t newlen = use_realloc ? oldhdrlen+size+1 : hdrlen+size+1; -- int alloc_already_optimal = 0; -- #if defined(USE_JEMALLOC) -- /* je_nallocx returns the expected allocation size for the newlen. -- * We aim to avoid calling realloc() when using Jemalloc if there is no -- * change in the allocation size, as it incurs a cost even if the -- * allocation size stays the same. */ -- alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh)); -- #endif -- -- if (use_realloc && !alloc_already_optimal) { -- newsh = s_realloc(sh, newlen); -- if (newsh == NULL) return NULL; -- s = (char*)newsh+oldhdrlen; -- } else if (!alloc_already_optimal) { -+ -+ if (use_realloc) { -+ int alloc_already_optimal = 0; -+ #if defined(USE_JEMALLOC) -+ /* je_nallocx returns the expected allocation size for the newlen. -+ * We aim to avoid calling realloc() when using Jemalloc if there is no -+ * change in the allocation size, as it incurs a cost even if the -+ * allocation size stays the same. */ -+ alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh)); -+ #endif -+ if (!alloc_already_optimal) { -+ newsh = s_realloc(sh, newlen); -+ if (newsh == NULL) return NULL; -+ s = (char*)newsh+oldhdrlen; -+ } -+ } else { - newsh = s_malloc(newlen); - if (newsh == NULL) return NULL; - memcpy((char*)newsh+hdrlen, s, len); --- -2.40.0 - diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2023-45145.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2023-45145.patch deleted file mode 100644 index aab1bbfeb0..0000000000 --- a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2023-45145.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 7f486ea6eebf0afce74f2e59763b9b82b78629dc Mon Sep 17 00:00:00 2001 -From: Yossi Gottlieb -Date: Wed, 11 Oct 2023 22:45:34 +0300 -Subject: [PATCH] Fix issue of listen before chmod on Unix sockets - (CVE-2023-45145) - -Before this commit, Unix socket setup performed chmod(2) on the socket -file after calling listen(2). Depending on what umask is used, this -could leave the file with the wrong permissions for a short period of -time. As a result, another process could exploit this race condition and -establish a connection that would otherwise not be possible. - -We now make sure the socket permissions are set up prior to calling -listen(2). - -(cherry picked from commit a11b3bc34a054818f2ac70e50adfc542ca1cba42) - -CVE: CVE-2023-45145 - -Upstream-Status: Backport [https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc] - -Signed-off-by: Divya Chellam ---- - src/anet.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/anet.c b/src/anet.c -index 4ea201d..10840fc 100644 ---- a/src/anet.c -+++ b/src/anet.c -@@ -407,13 +407,16 @@ int anetUnixGenericConnect(char *err, const char *path, int flags) - return s; - } - --static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) { -+static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) { - if (bind(s,sa,len) == -1) { - anetSetError(err, "bind: %s", strerror(errno)); - close(s); - return ANET_ERR; - } - -+ if (sa->sa_family == AF_LOCAL && perm) -+ chmod(((struct sockaddr_un *) sa)->sun_path, perm); -+ - if (listen(s, backlog) == -1) { - anetSetError(err, "listen: %s", strerror(errno)); - close(s); -@@ -457,7 +460,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl - - if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error; - if (anetSetReuseAddr(err,s) == ANET_ERR) goto error; -- if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR; -+ if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog,0) == ANET_ERR) s = ANET_ERR; - goto end; - } - if (p == NULL) { -@@ -498,10 +501,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog) - memset(&sa,0,sizeof(sa)); - sa.sun_family = AF_LOCAL; - strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1); -- if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR) -+ if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR) - return ANET_ERR; -- if (perm) -- chmod(sa.sun_path, perm); - return s; - } - --- -2.40.0 - diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/0001-src-Do-not-reset-FINAL_LIBS.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/0001-src-Do-not-reset-FINAL_LIBS.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/0001-src-Do-not-reset-FINAL_LIBS.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/0001-src-Do-not-reset-FINAL_LIBS.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/0006-Define-correct-gregs-for-RISCV32.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/0006-Define-correct-gregs-for-RISCV32.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/0006-Define-correct-gregs-for-RISCV32.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31227.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-31227.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31227.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-31227.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31228.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-31228.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31228.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-31228.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31449.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-31449.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31449.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-31449.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-46981.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-46981.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-46981.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-46981.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-51741.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-51741.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-51741.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2024-51741.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-21605.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-21605.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-21605.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-21605.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-27151.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-27151.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-27151.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-27151.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-32023.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-32023.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-32023.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-32023.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-46817.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-46817.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-46817.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-46817.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-46818.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-46818.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-46818.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-46818.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-46819.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-46819.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-46819.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-46819.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-48367.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-48367.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-48367.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-48367.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-49844.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-49844.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-49844.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/CVE-2025-49844.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/GNU_SOURCE-7.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/GNU_SOURCE-7.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/GNU_SOURCE-7.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/GNU_SOURCE-7.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/hiredis-use-default-CC-if-it-is-set.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/hiredis-use-default-CC-if-it-is-set.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/hiredis-use-default-CC-if-it-is-set.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/hiredis-use-default-CC-if-it-is-set.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/init-redis-server b/meta-oe/recipes-extended/redis/redis-7.0.15/init-redis-server similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/init-redis-server rename to meta-oe/recipes-extended/redis/redis-7.0.15/init-redis-server diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/lua-update-Makefile-to-use-environment-build-setting.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/lua-update-Makefile-to-use-environment-build-setting.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/lua-update-Makefile-to-use-environment-build-setting.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/lua-update-Makefile-to-use-environment-build-setting.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/oe-use-libc-malloc.patch b/meta-oe/recipes-extended/redis/redis-7.0.15/oe-use-libc-malloc.patch similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/oe-use-libc-malloc.patch rename to meta-oe/recipes-extended/redis/redis-7.0.15/oe-use-libc-malloc.patch diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/redis.conf b/meta-oe/recipes-extended/redis/redis-7.0.15/redis.conf similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/redis.conf rename to meta-oe/recipes-extended/redis/redis-7.0.15/redis.conf diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/redis.service b/meta-oe/recipes-extended/redis/redis-7.0.15/redis.service similarity index 100% rename from meta-oe/recipes-extended/redis/redis-7.0.13/redis.service rename to meta-oe/recipes-extended/redis/redis-7.0.15/redis.service diff --git a/meta-oe/recipes-extended/redis/redis_7.0.13.bb b/meta-oe/recipes-extended/redis/redis_7.0.15.bb similarity index 94% rename from meta-oe/recipes-extended/redis/redis_7.0.13.bb rename to meta-oe/recipes-extended/redis/redis_7.0.15.bb index c3d98694d5..7b5d55467d 100644 --- a/meta-oe/recipes-extended/redis/redis_7.0.13.bb +++ b/meta-oe/recipes-extended/redis/redis_7.0.15.bb @@ -16,8 +16,6 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://0001-src-Do-not-reset-FINAL_LIBS.patch \ file://GNU_SOURCE-7.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ - file://CVE-2023-41056.patch \ - file://CVE-2023-45145.patch \ file://CVE-2024-31227.patch \ file://CVE-2024-31228.patch \ file://CVE-2024-31449.patch \ @@ -32,7 +30,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://CVE-2025-46819.patch \ file://CVE-2025-49844.patch \ " -SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673" +SRC_URI[sha256sum] = "98066f5363504b26c34dd20fbcc3c957990d764cdf42576c836fc021073f4341" inherit autotools-brokensep update-rc.d systemd useradd From patchwork Sun Nov 23 16:17:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75254 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D31DCFA46B for ; Sun, 23 Nov 2025 16:17:49 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.17519.1763914659326380411 for ; Sun, 23 Nov 2025 08:17:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Zx7QOiJY; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-47775fb6cb4so22944815e9.0 for ; Sun, 23 Nov 2025 08:17:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763914658; x=1764519458; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YnJT4/ASWFt7lIM0w6YZemNxRuVlAy8WRdqWMqOBLyc=; b=Zx7QOiJYdUpsEMDC1scV/NaihOjY7NZrUqachjIS9+RkwwBYQxJZbATBJzbUKCjlyU +v33I/3BctJl9FLMWEqdDFrPiEtq5z25HgTKAx4mKlOIJCkPZm9dMzwDFFtKcf3z9njE MQ2TOottB13ZfXN4rTU0M8kJcNvvPulX9YLiKOGzQre508u3qsrem4fTuV2lkfjGCdwd u61piClEZlmFOnD3Qf9WOI2HcEqVhFqn8sXzQz4WjiIarzalpeWqQUNTP3MSyXHwpfN3 3c30XVtqv0G6HkerfFX7Q7uwLU0zLjnAf1tGZmpjKFS2xUlDWpacRnmKJQTdmMx7ISsY 1/2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763914658; x=1764519458; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=YnJT4/ASWFt7lIM0w6YZemNxRuVlAy8WRdqWMqOBLyc=; b=cyyveh7NwvP4ehjAXep96QjaG0N95vXQ+/KRggXm7gN3Bn07gVKpAtqYOnwXC5M244 UFf74a5sNZK1b+0iKBxh8GEItDLhneboeu/zFs8S2f0boaWnJOIufUul/5HLcWg7Jzp5 6iAOSipZe5TshzM1hnCVQ02nQVjNvhNa+OiNwTKjyjiXcPR0/gniTQVDV5ibfwsnf1Mq xwdqQMhwl5AWlEcRJf2eriXkbpv0vdRrQDB6obnTmVc5lpg5cZF+nWw9zesi0ob4mivW Dr/ESFvk/FnZ5HmSYO0YXA311R5WBCyuoZ+gGsKpyWDCJcGdhzoaRzDFMdgPAZ9yrTLa dcig== X-Gm-Message-State: AOJu0YzrQDh1Nf1ZXGDohhWSwvzgzao2AMo1z83YrgsgF+e6dOwda95e k3GmrLQS8NNxajKW82qEt9bJ2NKmtExhXORhdELaUM5louiiU1gRAt17krmDvcBX X-Gm-Gg: ASbGncub2k+KZR/IAE1gO3Hb3byQeRyJlQqoLR0xZxJ4+dC9/WW/eQTHv4BI3wLHiYC hKLb0FpSjXDit9QNA+f5dCMhtIjsoQTgY3hknijW8PgDxS2JgA0Q7aorM3NO/T3rBcVZ82XRbIr DV7SOGBpWpzOg62yFoZyw5QSv8/UCTxCmvJWV71PNwsnvalLVxSFRRMQ0OZFafnCpkhmJkekX90 zO0P2IZq2DF8QJftnDYTzLExhUp5aKfO6099yuZYMU9xSg/ICK1RB0U/lnmN+VmsHhDykRePzLX g4M0/lbWMVviIxW/YLsikLQXdrdPNvti/yYj6H5i+G78JM+m6qgyOSN651wlbUfKcJkWYal9Lkj cHpXl+qPjD0o3depD58BB6D9w76ag600C8JODBst+xJuF3Rq/uCAW/9yxUmD/xz62PnC64jMALc 3LgmYUa6aablajyg/g6Rg= X-Google-Smtp-Source: AGHT+IGbAePXTPWkmXzpz5v+/eGAYv74ijt5CEP7+yEXnyoonbOuQ4DmaDa1gTJ34HaPWfS5D7eAFQ== X-Received: by 2002:a05:600c:529a:b0:477:8a2a:123e with SMTP id 5b1f17b1804b1-477c1133932mr82355575e9.33.1763914657670; Sun, 23 Nov 2025 08:17:37 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42cb7fa3592sm22279416f8f.21.2025.11.23.08.17.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 08:17:37 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 4/4] redis-7: ignore CVE-2022-3734 and CVE-2022-0543 Date: Sun, 23 Nov 2025 17:17:32 +0100 Message-ID: <20251123161732.1875494-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251123161732.1875494-1-skandigraun@gmail.com> References: <20251123161732.1875494-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 23 Nov 2025 16:17:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121996 CVE-2022-3734 only affects Windows. CVE-2022-0543 affects only packages that were packaged for Debian and Debian-derivative distros. Neither of these issues is present in upstream Redis. Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-extended/redis/redis_7.0.15.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta-oe/recipes-extended/redis/redis_7.0.15.bb b/meta-oe/recipes-extended/redis/redis_7.0.15.bb index 7b5d55467d..61a088775b 100644 --- a/meta-oe/recipes-extended/redis/redis_7.0.15.bb +++ b/meta-oe/recipes-extended/redis/redis_7.0.15.bb @@ -34,6 +34,11 @@ SRC_URI[sha256sum] = "98066f5363504b26c34dd20fbcc3c957990d764cdf42576c836fc02107 inherit autotools-brokensep update-rc.d systemd useradd +# not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged version +CVE_CHECK_IGNORE += "CVE-2022-0543" +# not-applicable-config: only affects Windows +CVE_CHECK_IGNORE += "CVE-2022-3734" + FINAL_LIBS:x86:toolchain-clang = "-latomic" FINAL_LIBS:riscv32:toolchain-clang = "-latomic" FINAL_LIBS:mips = "-latomic"