CVS commit: pkgsrc/databases/redis

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/databases/redis
From: "Filip Hajny" <fhajny%netbsd.org@localhost>
Date: Tue, 14 Feb 2017 10:30:03 +0000

Module Name:    pkgsrc
Committed By:   fhajny
Date:           Tue Feb 14 10:30:03 UTC 2017

Modified Files:
        pkgsrc/databases/redis: Makefile distinfo

Log Message:
Update databases/redis to 3.2.8.

================================================================================
Redis 3.2.8     Released Sun Feb 12 16:11:18 CET 2017
================================================================================

Two important bug fixes, the first of one is critical:

1. Apparently Jemalloc 4.4.0 may contain a deadlock under particular
   conditions. See https://github.com/antirez/redis/issues/3799.
   We reverted back to the previously used Jemalloc versions and plan
   to upgrade Jemalloc again after having more info about the
   cause of the bug.

2. MIGRATE could crash the server after a socket error. See for reference:
   https://github.com/antirez/redis/issues/3796.

================================================================================
Redis 3.2.7     Released Tue Jan 31 16:21:41 CET 2017
================================================================================

Main bugs fixes and improvements in this release:

1. MIGRATE could incorrectly move keys between Redis Cluster nodes by turning
   keys with an expire set into persisting keys. This bug was introduced with
   the multiple-keys migration recently. It is now fixed. Only applies to
   Redis Cluster users that use the resharding features of Redis Cluster.

2. As Redis 4.0 beta and the unstable branch already did (for some months at
   this point), Redis 3.2.7 also aliases the Host: and POST commands to QUIT
   avoiding to process the remaining pipeline if there are pending commands.
   This is a security protection against a "Cross Scripting" attack, that
   usually involves trying to feed Redis with HTTP in order to execute commands.
   Example: a developer is running a local copy of Redis for development
   purposes. She also runs a web browser in the same computer. The web browser
   could send an HTTP request to http://127.0.0.1:6379 in order to access the
   Redis instance, since a specially crafted HTTP requesta may also be partially
   valid Redis protocol. However if POST and Host: break the connection, this
   problem should be avoided. IMPORTANT: It is important to realize that it
   is not impossible that another way will be found to talk with a localhost
   Redis using a Cross Protocol attack not involving sending POST or Host: so
   this is only a layer of protection but not a definitive fix for this class
   of issues.

3. A ziplist bug that could cause data corruption, could crash the server and
   MAY ALSO HAVE SECURITY IMPLICATIONS was fixed. The bug looks complex to
   exploit, but attacks always get worse, never better (cit). The bug is very
   very hard to catch in practice, it required manual analysis of the ziplist
   code in order to be found. However it is also possible that rarely it
   happened in the wild. Upgrading is required if you use LINSERT and other
   in-the-middle list manipulation commands.

4. We upgraded to Jemalloc 4.4.0 since the version we used to ship with Redis
   was an early 4.0 release of Jemalloc. This version may have several
   improvements including the ability to better reclaim/use the memory of
   system.


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/databases/redis/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/databases/redis/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/databases/redis/Makefile
diff -u pkgsrc/databases/redis/Makefile:1.25 pkgsrc/databases/redis/Makefile:1.26
--- pkgsrc/databases/redis/Makefile:1.25        Tue Jan  3 07:18:44 2017
+++ pkgsrc/databases/redis/Makefile     Tue Feb 14 10:30:03 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.25 2017/01/03 07:18:44 fhajny Exp $
+# $NetBSD: Makefile,v 1.26 2017/02/14 10:30:03 fhajny Exp $
 
-DISTNAME=      redis-3.2.6
+DISTNAME=      redis-3.2.8
 CATEGORIES=    databases
 MASTER_SITES=  http://download.redis.io/releases/
 

Index: pkgsrc/databases/redis/distinfo
diff -u pkgsrc/databases/redis/distinfo:1.28 pkgsrc/databases/redis/distinfo:1.29
--- pkgsrc/databases/redis/distinfo:1.28        Tue Jan  3 07:18:44 2017
+++ pkgsrc/databases/redis/distinfo     Tue Feb 14 10:30:03 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.28 2017/01/03 07:18:44 fhajny Exp $
+$NetBSD: distinfo,v 1.29 2017/02/14 10:30:03 fhajny Exp $
 
-SHA1 (redis-3.2.6.tar.gz) = 0c7bc5c751bdbc6fabed178db9cdbdd948915d1b
-RMD160 (redis-3.2.6.tar.gz) = 742ed3ac4273c01ce70cd44c4d8d73825bfb7b2c
-SHA512 (redis-3.2.6.tar.gz) = 15f2e55a7cc56e7e652a3a8d344fceb6d0d33cf53caa81854e6b1977ec68f7e92ac06d0d66999bfc577f185eba19e0927a81014bdb5cd484eecb080b6a6e16bc
-Size (redis-3.2.6.tar.gz) = 1544806 bytes
+SHA1 (redis-3.2.8.tar.gz) = 6780d1abb66f33a97aad0edbe020403d0a15b67f
+RMD160 (redis-3.2.8.tar.gz) = cbcc361705fcf7c3468b3d133d0f1ec22b60868c
+SHA512 (redis-3.2.8.tar.gz) = 7334faf73af3644f7f9dcaddd322955d5df1e88a1640b509ae623f322615a20f6dc143eb57dd89ff3a278557df309ac4215c3fb458235682ce28e16c817068ba
+Size (redis-3.2.8.tar.gz) = 1547237 bytes
 SHA1 (patch-ab) = 91678cf71a05cf3d9227bdb5feb8fab57b5e4259
 SHA1 (patch-ac) = 1d848860a39af7a93a06eb8f3001fe89cb1bb3ad
 SHA1 (patch-deps_hiredis_fmacros.h) = b9d7d0a82e6794078d997769db6e5572f981b445

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index