CVS commit: pkgsrc/databases/redis

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Tue May  4 06:19:44 UTC 2021

Modified Files:
        pkgsrc/databases/redis: Makefile distinfo

Log Message:
redis: updated to 6.2.3

================================================================================
Redis 6.2.3 Released Mon May 3 19:00:00 IST 2021
================================================================================

Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. LOW otherwise.

Integer overflow in STRALGO LCS command (CVE-2021-29477):
An integer overflow bug in Redis version 6.0 or newer could be exploited using
the STRALGO LCS command to corrupt the heap and potentially result in remote
code execution. The integer overflow bug exists in all versions of Redis
starting with 6.0.

Integer overflow in COPY command for large intsets (CVE-2021-29478):
An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
potentially result with remote code execution. The vulnerability involves
changing the default set-max-intset-entries configuration value, creating a
large set key that consists of integer values and using the COPY command to
duplicate it. The integer overflow bug exists in all versions of Redis starting
with 2.6, where it could result with a corrupted RDB or DUMP payload, but not
exploited through COPY (which did not exist before 6.2).

Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fix memory leak in moduleDefragGlobals
* Fix memory leak when doing lazy freeing client tracking table
* Block abusive replicas from sending command that could assert and crash redis

Other bug fixes:
* Use a monotonic clock to check for Lua script timeout
* redis-cli: Do not use unix socket when we got redirected in cluster mode

Modules:
* Fix RM_GetClusterNodeInfo() to correctly populate master id


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 pkgsrc/databases/redis/Makefile
cvs rdiff -u -r1.59 -r1.60 pkgsrc/databases/redis/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/databases/redis/Makefile
diff -u pkgsrc/databases/redis/Makefile:1.68 pkgsrc/databases/redis/Makefile:1.69
--- pkgsrc/databases/redis/Makefile:1.68        Thu Apr 22 15:46:53 2021
+++ pkgsrc/databases/redis/Makefile     Tue May  4 06:19:44 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.68 2021/04/22 15:46:53 adam Exp $
+# $NetBSD: Makefile,v 1.69 2021/05/04 06:19:44 adam Exp $
 
-DISTNAME=      redis-6.2.2
+DISTNAME=      redis-6.2.3
 CATEGORIES=    databases
 MASTER_SITES=  http://download.redis.io/releases/
 

Index: pkgsrc/databases/redis/distinfo
diff -u pkgsrc/databases/redis/distinfo:1.59 pkgsrc/databases/redis/distinfo:1.60
--- pkgsrc/databases/redis/distinfo:1.59        Thu Apr 22 15:46:53 2021
+++ pkgsrc/databases/redis/distinfo     Tue May  4 06:19:44 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.59 2021/04/22 15:46:53 adam Exp $
+$NetBSD: distinfo,v 1.60 2021/05/04 06:19:44 adam Exp $
 
-SHA1 (redis-6.2.2.tar.gz) = ff0be34a99090bad99e8ad1efb5e20ebbd416c81
-RMD160 (redis-6.2.2.tar.gz) = 668546f0e075730d4fc3748aa7289195e7a422a6
-SHA512 (redis-6.2.2.tar.gz) = d1286b08913da91f279507a385d13ea714f2c914dbb73c1811e022635a1ae4efbc430d2334a2d09422beb28a4c4767a3c7b23c51622b0b0abc8ccd86f6ea324c
-Size (redis-6.2.2.tar.gz) = 2454893 bytes
+SHA1 (redis-6.2.3.tar.gz) = 63948f6bd033502654bf4a934fa7c7ae9914fde5
+RMD160 (redis-6.2.3.tar.gz) = 0b3aca2a155f9c5b51f80638256296b8b770df20
+SHA512 (redis-6.2.3.tar.gz) = 0a020aaa5664ed419a30e85d3b5c79fe69353067b755421c702f89ca923f1ba7794b4792f4a44049e38936f221363153c9ffcfb6fa232731b224d20c2982ac68
+Size (redis-6.2.3.tar.gz) = 2456050 bytes
 SHA1 (patch-redis.conf) = ee657a9d82711263ceb0fb8f7d8059ed23528fe9
 SHA1 (patch-src_Makefile) = b74e1575d423b9a4d09b6b5e3eeb355d79c27855
 SHA1 (patch-src_hyperloglog.c) = e9bdd3c630024a6fbe02c2c1d85e26131ad938cf