[pkgsrc/trunk]: pkgsrc/databases/redis Update databases/redis to 3.2.4.

[fhajny <fhajny%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/1d048bebafeb
branches:  trunk
changeset: 353073:1d048bebafeb
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Mon Sep 26 13:35:42 2016 +0000

description:
Update databases/redis to 3.2.4.

This is a Redis critical release in order to fix a security issue
which is documented clearly here:

https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977

Thanks to Cory Duplantis of Cisco Talos for reporting the issue.

IMPACT:
The gist is that using CONFIG SET calls (or by manipulating
redis.conf) an attacker is able to compromise certain fields of
the "server" global structure, including the aof filename pointer,
that could be made pointing to something else. In turn the AOF
name is used in different contexts such as logging, rename(2) and
open(2) syscalls, leading to potential problems.

Please note that since having access to CONFIG SET also means to
be able to change the AOF filename (and many other things)
directly, this issue actual real world impact is quite small, so I
would not panik: if you have CONFIG SET level of access, you can
do more and more easily.

AFFECTED VERSIONS:
- All Redis 3.2.x versions are affected.

OTHER CHANGES IN THIS RELEASE:
- TCP binding bug fixed when only certain addresses were available
  for a given port.
- A much better crash report that includes part of the Redis binary:
  this will allow to fix bugs even when we just have a crash log and
  no other help from the original poster oft the issue.
- A fix for Redis Cluster redis-trib displaying of info after
  creating a new cluster.

diffstat:

 databases/redis/Makefile |   4 ++--
 databases/redis/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r fd1aa92ad803 -r 1d048bebafeb databases/redis/Makefile
--- a/databases/redis/Makefile  Mon Sep 26 13:28:38 2016 +0000
+++ b/databases/redis/Makefile  Mon Sep 26 13:35:42 2016 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.22 2016/08/09 09:11:53 fhajny Exp $
+# $NetBSD: Makefile,v 1.23 2016/09/26 13:35:42 fhajny Exp $
 
-DISTNAME=      redis-3.2.3
+DISTNAME=      redis-3.2.4
 CATEGORIES=    databases
 MASTER_SITES=  http://download.redis.io/releases/
 
diff -r fd1aa92ad803 -r 1d048bebafeb databases/redis/distinfo
--- a/databases/redis/distinfo  Mon Sep 26 13:28:38 2016 +0000
+++ b/databases/redis/distinfo  Mon Sep 26 13:35:42 2016 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.24 2016/08/09 09:11:53 fhajny Exp $
+$NetBSD: distinfo,v 1.25 2016/09/26 13:35:42 fhajny Exp $
 
-SHA1 (redis-3.2.3.tar.gz) = 92d6d93ef2efc91e595c8bf578bf72baff397507
-RMD160 (redis-3.2.3.tar.gz) = ad82033f72e24458c9cf1cbb28996b2b7e173365
-SHA512 (redis-3.2.3.tar.gz) = 373643d384a3b68ca5d0486101a342e3843ffa81b0ead49a66c1aa1d92d9a51924bc1f5a1b1068718902a05c242183fbd62c9179d3fe36e9b77f37f3ddf81975
-Size (redis-3.2.3.tar.gz) = 1541401 bytes
+SHA1 (redis-3.2.4.tar.gz) = f0fe685cbfdb8c2d8c74613ad8a5a5f33fba40c9
+RMD160 (redis-3.2.4.tar.gz) = 4f150ab4c41a113ce0c32ca695e654d82ba45348
+SHA512 (redis-3.2.4.tar.gz) = de32ad9283102ee7d877cae8ea736d5876e4304b8ed46362f131e8b6dfb7aafa4ba3f9481c5f432f47633c9b3b0209797aa1b0976041f081db1924b93ed8ac96
+Size (redis-3.2.4.tar.gz) = 1543743 bytes
 SHA1 (patch-ab) = 21754f59e9f1013095fe47ccf7411b438385d558
 SHA1 (patch-ac) = 1d848860a39af7a93a06eb8f3001fe89cb1bb3ad
 SHA1 (patch-deps_hiredis_fmacros.h) = b9d7d0a82e6794078d997769db6e5572f981b445