CVS commit: pkgsrc/databases/redis

["Filip Hajny" <fhajny%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   fhajny
Date:           Mon Sep 26 13:35:43 UTC 2016

Modified Files:
        pkgsrc/databases/redis: Makefile distinfo

Log Message:
Update databases/redis to 3.2.4.

This is a Redis critical release in order to fix a security issue
which is documented clearly here:

https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977

Thanks to Cory Duplantis of Cisco Talos for reporting the issue.

IMPACT:
The gist is that using CONFIG SET calls (or by manipulating
redis.conf) an attacker is able to compromise certain fields of
the "server" global structure, including the aof filename pointer,
that could be made pointing to something else. In turn the AOF
name is used in different contexts such as logging, rename(2) and
open(2) syscalls, leading to potential problems.

Please note that since having access to CONFIG SET also means to
be able to change the AOF filename (and many other things)
directly, this issue actual real world impact is quite small, so I
would not panik: if you have CONFIG SET level of access, you can
do more and more easily.

AFFECTED VERSIONS:
- All Redis 3.2.x versions are affected.

OTHER CHANGES IN THIS RELEASE:
- TCP binding bug fixed when only certain addresses were available
  for a given port.
- A much better crash report that includes part of the Redis binary:
  this will allow to fix bugs even when we just have a crash log and
  no other help from the original poster oft the issue.
- A fix for Redis Cluster redis-trib displaying of info after
  creating a new cluster.


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/redis/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/redis/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/databases/redis/Makefile
diff -u pkgsrc/databases/redis/Makefile:1.22 pkgsrc/databases/redis/Makefile:1.23
--- pkgsrc/databases/redis/Makefile:1.22        Tue Aug  9 09:11:53 2016
+++ pkgsrc/databases/redis/Makefile     Mon Sep 26 13:35:42 2016
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.22 2016/08/09 09:11:53 fhajny Exp $
+# $NetBSD: Makefile,v 1.23 2016/09/26 13:35:42 fhajny Exp $
 
-DISTNAME=      redis-3.2.3
+DISTNAME=      redis-3.2.4
 CATEGORIES=    databases
 MASTER_SITES=  http://download.redis.io/releases/
 

Index: pkgsrc/databases/redis/distinfo
diff -u pkgsrc/databases/redis/distinfo:1.24 pkgsrc/databases/redis/distinfo:1.25
--- pkgsrc/databases/redis/distinfo:1.24        Tue Aug  9 09:11:53 2016
+++ pkgsrc/databases/redis/distinfo     Mon Sep 26 13:35:42 2016
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.24 2016/08/09 09:11:53 fhajny Exp $
+$NetBSD: distinfo,v 1.25 2016/09/26 13:35:42 fhajny Exp $
 
-SHA1 (redis-3.2.3.tar.gz) = 92d6d93ef2efc91e595c8bf578bf72baff397507
-RMD160 (redis-3.2.3.tar.gz) = ad82033f72e24458c9cf1cbb28996b2b7e173365
-SHA512 (redis-3.2.3.tar.gz) = 373643d384a3b68ca5d0486101a342e3843ffa81b0ead49a66c1aa1d92d9a51924bc1f5a1b1068718902a05c242183fbd62c9179d3fe36e9b77f37f3ddf81975
-Size (redis-3.2.3.tar.gz) = 1541401 bytes
+SHA1 (redis-3.2.4.tar.gz) = f0fe685cbfdb8c2d8c74613ad8a5a5f33fba40c9
+RMD160 (redis-3.2.4.tar.gz) = 4f150ab4c41a113ce0c32ca695e654d82ba45348
+SHA512 (redis-3.2.4.tar.gz) = de32ad9283102ee7d877cae8ea736d5876e4304b8ed46362f131e8b6dfb7aafa4ba3f9481c5f432f47633c9b3b0209797aa1b0976041f081db1924b93ed8ac96
+Size (redis-3.2.4.tar.gz) = 1543743 bytes
 SHA1 (patch-ab) = 21754f59e9f1013095fe47ccf7411b438385d558
 SHA1 (patch-ac) = 1d848860a39af7a93a06eb8f3001fe89cb1bb3ad
 SHA1 (patch-deps_hiredis_fmacros.h) = b9d7d0a82e6794078d997769db6e5572f981b445