redis: upgrade 7.0.13 -> 7.0.15

Contains fixes for CVE-2023-41056 and CVE-2023-45145. Dropped the backported patches that are included. Release notes: https://github.com/redis/redis/blob/7.0.15/00-RELEASENOTES Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-13 17:39:57 +00:00 · 2025-11-23 17:17:31 +01:00
parent d86503aa21
commit a5217f562a
25 changed files with 1 additions and 138 deletions
@@ -1,63 +0,0 @@
-From e351099e1119fb89496be578f5232c61ce300224 Mon Sep 17 00:00:00 2001
-From: Oran Agra <oran@redislabs.com>
-Date: Sun, 7 Jan 2024 12:32:44 +0200
-Subject: [PATCH] Fix possible corruption in sdsResize (CVE-2023-41056)
-
-#11766 introduced a bug in sdsResize where it could forget to update
-the sds type in the sds header and then cause an overflow in sdsalloc.
-it looks like the only implication of that is a possible assertion in HLL,
-but it's hard to rule out possible heap corruption issues with clientsCronResizeQueryBuffer
-
-CVE: CVE-2023-41056
-
-Upstream-Status: Backport [https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224]
-
-Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
- src/sds.c | 30 ++++++++++++++++--------------
- 1 file changed, 16 insertions(+), 14 deletions(-)
-
-diff --git a/src/sds.c b/src/sds.c
-index 8e5863a..71490d5 100644
--- a/src/sds.c
-+++ b/src/sds.c
-@@ -348,20 +348,22 @@ sds sdsResize(sds s, size_t size, int would_regrow) {
-      * type. */
-     int use_realloc = (oldtype==type || (type < oldtype && type > SDS_TYPE_8));
-     size_t newlen = use_realloc ? oldhdrlen+size+1 : hdrlen+size+1;
-    int alloc_already_optimal = 0;
-    #if defined(USE_JEMALLOC)
-        /* je_nallocx returns the expected allocation size for the newlen.
-         * We aim to avoid calling realloc() when using Jemalloc if there is no
-         * change in the allocation size, as it incurs a cost even if the
-         * allocation size stays the same. */
-        alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh));
-    #endif
-
-    if (use_realloc && !alloc_already_optimal) {
-        newsh = s_realloc(sh, newlen);
-        if (newsh == NULL) return NULL;
-        s = (char*)newsh+oldhdrlen;
-    } else if (!alloc_already_optimal) {
-+
-+    if (use_realloc) {
-+        int alloc_already_optimal = 0;
-+        #if defined(USE_JEMALLOC)
-+            /* je_nallocx returns the expected allocation size for the newlen.
-+             * We aim to avoid calling realloc() when using Jemalloc if there is no
-+             * change in the allocation size, as it incurs a cost even if the
-+             * allocation size stays the same. */
-+            alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh));
-+        #endif
-+        if (!alloc_already_optimal) {
-+            newsh = s_realloc(sh, newlen);
-+            if (newsh == NULL) return NULL;
-+            s = (char*)newsh+oldhdrlen;
-+        }
-+    } else {
-         newsh = s_malloc(newlen);
-         if (newsh == NULL) return NULL;
-         memcpy((char*)newsh+hdrlen, s, len);
-- 
-2.40.0
-
@@ -1,72 +0,0 @@
-From 7f486ea6eebf0afce74f2e59763b9b82b78629dc Mon Sep 17 00:00:00 2001
-From: Yossi Gottlieb <yossigo@gmail.com>
-Date: Wed, 11 Oct 2023 22:45:34 +0300
-Subject: [PATCH] Fix issue of listen before chmod on Unix sockets 
- (CVE-2023-45145)
-
-Before this commit, Unix socket setup performed chmod(2) on the socket
-file after calling listen(2). Depending on what umask is used, this
-could leave the file with the wrong permissions for a short period of
-time. As a result, another process could exploit this race condition and
-establish a connection that would otherwise not be possible.
-
-We now make sure the socket permissions are set up prior to calling
-listen(2).
-
-(cherry picked from commit a11b3bc34a054818f2ac70e50adfc542ca1cba42)
-
-CVE: CVE-2023-45145
-
-Upstream-Status: Backport [https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc]
-
-Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
- src/anet.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/src/anet.c b/src/anet.c
-index 4ea201d..10840fc 100644
--- a/src/anet.c
-+++ b/src/anet.c
-@@ -407,13 +407,16 @@ int anetUnixGenericConnect(char *err, const char *path, int flags)
-     return s;
- }
- 
-static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) {
-+static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) {
-     if (bind(s,sa,len) == -1) {
-         anetSetError(err, "bind: %s", strerror(errno));
-         close(s);
-         return ANET_ERR;
-     }
- 
-+    if (sa->sa_family == AF_LOCAL && perm)
-+        chmod(((struct sockaddr_un *) sa)->sun_path, perm);
-+
-     if (listen(s, backlog) == -1) {
-         anetSetError(err, "listen: %s", strerror(errno));
-         close(s);
-@@ -457,7 +460,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl
- 
-         if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error;
-         if (anetSetReuseAddr(err,s) == ANET_ERR) goto error;
-        if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR;
-+        if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog,0) == ANET_ERR) s = ANET_ERR;
-         goto end;
-     }
-     if (p == NULL) {
-@@ -498,10 +501,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog)
-     memset(&sa,0,sizeof(sa));
-     sa.sun_family = AF_LOCAL;
-     strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1);
-    if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR)
-+    if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR)
-         return ANET_ERR;
-    if (perm)
-        chmod(sa.sun_path, perm);
-     return s;
- }
- 
-- 
-2.40.0
-
@@ -16,8 +16,6 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
           file://0001-src-Do-not-reset-FINAL_LIBS.patch \
           file://GNU_SOURCE-7.patch \
           file://0006-Define-correct-gregs-for-RISCV32.patch \
-           file://CVE-2023-41056.patch \
-           file://CVE-2023-45145.patch \
           file://CVE-2024-31227.patch \
           file://CVE-2024-31228.patch \
           file://CVE-2024-31449.patch \
@@ -32,7 +30,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
           file://CVE-2025-46819.patch \
           file://CVE-2025-49844.patch \
           "
-SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"
+SRC_URI[sha256sum] = "98066f5363504b26c34dd20fbcc3c957990d764cdf42576c836fc021073f4341"

 inherit autotools-brokensep update-rc.d systemd useradd