mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 16:27:27 +00:00
redis: upgrade 6.2.12 -> 6.2.21
This upgrade contains a list of vunerability fixes: CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-32023, CVE-2025-48367, CVE-2025-21605, CVE-2024-46981, CVE-2024-31449, CVE-2024-31228, CVE-2023-45145, CVE-2022-24834 Dropped the CVE patches that are included above. Release notes: https://github.com/redis/redis/blob/6.2.21/00-RELEASENOTES Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -1,72 +0,0 @@
|
|||||||
From 7f486ea6eebf0afce74f2e59763b9b82b78629dc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Yossi Gottlieb <yossigo@gmail.com>
|
|
||||||
Date: Wed, 11 Oct 2023 22:45:34 +0300
|
|
||||||
Subject: [PATCH] Fix issue of listen before chmod on Unix sockets
|
|
||||||
(CVE-2023-45145)
|
|
||||||
|
|
||||||
Before this commit, Unix socket setup performed chmod(2) on the socket
|
|
||||||
file after calling listen(2). Depending on what umask is used, this
|
|
||||||
could leave the file with the wrong permissions for a short period of
|
|
||||||
time. As a result, another process could exploit this race condition and
|
|
||||||
establish a connection that would otherwise not be possible.
|
|
||||||
|
|
||||||
We now make sure the socket permissions are set up prior to calling
|
|
||||||
listen(2).
|
|
||||||
|
|
||||||
(cherry picked from commit a11b3bc34a054818f2ac70e50adfc542ca1cba42)
|
|
||||||
|
|
||||||
CVE: CVE-2023-45145
|
|
||||||
|
|
||||||
Upstream-Status: Backport [https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc]
|
|
||||||
|
|
||||||
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
||||||
---
|
|
||||||
src/anet.c | 11 ++++++-----
|
|
||||||
1 file changed, 6 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/anet.c b/src/anet.c
|
|
||||||
index a121c27..91f6171 100644
|
|
||||||
--- a/src/anet.c
|
|
||||||
+++ b/src/anet.c
|
|
||||||
@@ -397,13 +397,16 @@ int anetUnixGenericConnect(char *err, const char *path, int flags)
|
|
||||||
return s;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) {
|
|
||||||
+static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) {
|
|
||||||
if (bind(s,sa,len) == -1) {
|
|
||||||
anetSetError(err, "bind: %s", strerror(errno));
|
|
||||||
close(s);
|
|
||||||
return ANET_ERR;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (sa->sa_family == AF_LOCAL && perm)
|
|
||||||
+ chmod(((struct sockaddr_un *) sa)->sun_path, perm);
|
|
||||||
+
|
|
||||||
if (listen(s, backlog) == -1) {
|
|
||||||
anetSetError(err, "listen: %s", strerror(errno));
|
|
||||||
close(s);
|
|
||||||
@@ -447,7 +450,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl
|
|
||||||
|
|
||||||
if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error;
|
|
||||||
if (anetSetReuseAddr(err,s) == ANET_ERR) goto error;
|
|
||||||
- if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR;
|
|
||||||
+ if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog,0) == ANET_ERR) s = ANET_ERR;
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
if (p == NULL) {
|
|
||||||
@@ -484,10 +487,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog)
|
|
||||||
memset(&sa,0,sizeof(sa));
|
|
||||||
sa.sun_family = AF_LOCAL;
|
|
||||||
strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1);
|
|
||||||
- if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR)
|
|
||||||
+ if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR)
|
|
||||||
return ANET_ERR;
|
|
||||||
- if (perm)
|
|
||||||
- chmod(sa.sun_path, perm);
|
|
||||||
return s;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.40.0
|
|
||||||
|
|
||||||
@@ -1,68 +0,0 @@
|
|||||||
From 9317bf64659b33166a943ec03d5d9b954e86afb0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Oran Agra <oran@redislabs.com>
|
|
||||||
Date: Wed, 2 Oct 2024 20:11:01 +0300
|
|
||||||
Subject: [PATCH] Prevent pattern matching abuse (CVE-2024-31228)
|
|
||||||
|
|
||||||
CVE: CVE-2024-31228
|
|
||||||
|
|
||||||
Upstream-Status: Backport[https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0]
|
|
||||||
|
|
||||||
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
||||||
---
|
|
||||||
src/util.c | 9 ++++++---
|
|
||||||
tests/unit/keyspace.tcl | 6 ++++++
|
|
||||||
2 files changed, 12 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/util.c b/src/util.c
|
|
||||||
index e122a26..5763a2b 100644
|
|
||||||
--- a/src/util.c
|
|
||||||
+++ b/src/util.c
|
|
||||||
@@ -46,8 +46,11 @@
|
|
||||||
|
|
||||||
/* Glob-style pattern matching. */
|
|
||||||
static int stringmatchlen_impl(const char *pattern, int patternLen,
|
|
||||||
- const char *string, int stringLen, int nocase, int *skipLongerMatches)
|
|
||||||
+ const char *string, int stringLen, int nocase, int *skipLongerMatches, int nesting)
|
|
||||||
{
|
|
||||||
+ /* Protection against abusive patterns. */
|
|
||||||
+ if (nesting > 1000) return 0;
|
|
||||||
+
|
|
||||||
while(patternLen && stringLen) {
|
|
||||||
switch(pattern[0]) {
|
|
||||||
case '*':
|
|
||||||
@@ -59,7 +62,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
|
|
||||||
return 1; /* match */
|
|
||||||
while(stringLen) {
|
|
||||||
if (stringmatchlen_impl(pattern+1, patternLen-1,
|
|
||||||
- string, stringLen, nocase, skipLongerMatches))
|
|
||||||
+ string, stringLen, nocase, skipLongerMatches, nesting+1))
|
|
||||||
return 1; /* match */
|
|
||||||
if (*skipLongerMatches)
|
|
||||||
return 0; /* no match */
|
|
||||||
@@ -181,7 +184,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
|
|
||||||
int stringmatchlen(const char *pattern, int patternLen,
|
|
||||||
const char *string, int stringLen, int nocase) {
|
|
||||||
int skipLongerMatches = 0;
|
|
||||||
- return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
|
|
||||||
+ return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches,0);
|
|
||||||
}
|
|
||||||
|
|
||||||
int stringmatch(const char *pattern, const char *string, int nocase) {
|
|
||||||
diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
|
|
||||||
index 92029a7..70bc252 100644
|
|
||||||
--- a/tests/unit/keyspace.tcl
|
|
||||||
+++ b/tests/unit/keyspace.tcl
|
|
||||||
@@ -485,4 +485,10 @@ start_server {tags {"keyspace"}} {
|
|
||||||
r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
|
|
||||||
r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b"
|
|
||||||
} {}
|
|
||||||
+
|
|
||||||
+ test {Regression for pattern matching very long nested loops} {
|
|
||||||
+ r flushdb
|
|
||||||
+ r SET [string repeat "a" 50000] 1
|
|
||||||
+ r KEYS [string repeat "*?" 50000]
|
|
||||||
+ } {}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.40.0
|
|
||||||
|
|
||||||
@@ -1,49 +0,0 @@
|
|||||||
From 1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Oran Agra <oran@redislabs.com>
|
|
||||||
Date: Wed, 2 Oct 2024 19:54:06 +0300
|
|
||||||
Subject: [PATCH] Fix lua bit.tohex (CVE-2024-31449)
|
|
||||||
|
|
||||||
INT_MIN value must be explicitly checked, and cannot be negated.
|
|
||||||
|
|
||||||
CVE: CVE-2024-31449
|
|
||||||
|
|
||||||
Upstream-Status: Backport [https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9]
|
|
||||||
|
|
||||||
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
||||||
---
|
|
||||||
deps/lua/src/lua_bit.c | 1 +
|
|
||||||
tests/unit/scripting.tcl | 6 ++++++
|
|
||||||
2 files changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c
|
|
||||||
index 690df7d..a459ca9 100644
|
|
||||||
--- a/deps/lua/src/lua_bit.c
|
|
||||||
+++ b/deps/lua/src/lua_bit.c
|
|
||||||
@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L)
|
|
||||||
const char *hexdigits = "0123456789abcdef";
|
|
||||||
char buf[8];
|
|
||||||
int i;
|
|
||||||
+ if (n == INT32_MIN) n = INT32_MIN+1;
|
|
||||||
if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; }
|
|
||||||
if (n > 8) n = 8;
|
|
||||||
for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; }
|
|
||||||
diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
|
|
||||||
index 9f5ee77..5e2a7f8 100644
|
|
||||||
--- a/tests/unit/scripting.tcl
|
|
||||||
+++ b/tests/unit/scripting.tcl
|
|
||||||
@@ -406,6 +406,12 @@ start_server {tags {"scripting"}} {
|
|
||||||
set e
|
|
||||||
} {ERR*Attempt to modify a readonly table*}
|
|
||||||
|
|
||||||
+ test {lua bit.tohex bug} {
|
|
||||||
+ set res [r eval {return bit.tohex(65535, -2147483648)} 0]
|
|
||||||
+ r ping
|
|
||||||
+ set res
|
|
||||||
+ } {0000FFFF}
|
|
||||||
+
|
|
||||||
test {Test an example script DECR_IF_GT} {
|
|
||||||
set decr_if_gt {
|
|
||||||
local current
|
|
||||||
--
|
|
||||||
2.40.0
|
|
||||||
|
|
||||||
@@ -1,39 +0,0 @@
|
|||||||
From e344b2b5879aa52870e6838212dfb78b7968fcbf Mon Sep 17 00:00:00 2001
|
|
||||||
From: YaacovHazan <yaacov.hazan@redis.com>
|
|
||||||
Date: Sun, 15 Dec 2024 21:33:11 +0200
|
|
||||||
Subject: [PATCH] Fix LUA garbage collector (CVE-2024-46981)
|
|
||||||
|
|
||||||
Reset GC state before closing the lua VM to prevent user data
|
|
||||||
to be wrongly freed while still might be used on destructor callbacks.
|
|
||||||
|
|
||||||
Conflicts:
|
|
||||||
Since luaCtx lctx structure introduced in later versions [1]
|
|
||||||
used already existed redisServer server structure.
|
|
||||||
|
|
||||||
Reference:
|
|
||||||
[1] https://github.com/redis/redis/commit/e0cd580aefe13e49df802fec5135e4f22d46e758
|
|
||||||
|
|
||||||
CVE: CVE-2024-46981
|
|
||||||
|
|
||||||
Upstream-Status: Backport [https://github.com/redis/redis/commit/e344b2b5879aa52870e6838212dfb78b7968fcbf]
|
|
||||||
|
|
||||||
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
|
||||||
---
|
|
||||||
src/scripting.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/src/scripting.c b/src/scripting.c
|
|
||||||
index 9b926e8..656d4dd 100644
|
|
||||||
--- a/src/scripting.c
|
|
||||||
+++ b/src/scripting.c
|
|
||||||
@@ -1467,6 +1467,7 @@ void scriptingRelease(int async) {
|
|
||||||
else
|
|
||||||
dictRelease(server.lua_scripts);
|
|
||||||
server.lua_scripts_mem = 0;
|
|
||||||
+ lua_gc(server.lua, LUA_GCCOLLECT, 0);
|
|
||||||
lua_close(server.lua);
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.40.0
|
|
||||||
|
|
||||||
+1
-5
@@ -16,12 +16,8 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
|
|||||||
file://0001-src-Do-not-reset-FINAL_LIBS.patch \
|
file://0001-src-Do-not-reset-FINAL_LIBS.patch \
|
||||||
file://GNU_SOURCE.patch \
|
file://GNU_SOURCE.patch \
|
||||||
file://0006-Define-correct-gregs-for-RISCV32.patch \
|
file://0006-Define-correct-gregs-for-RISCV32.patch \
|
||||||
file://CVE-2023-45145.patch \
|
|
||||||
file://CVE-2024-31228.patch \
|
|
||||||
file://CVE-2024-31449.patch \
|
|
||||||
file://CVE-2024-46981.patch \
|
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b"
|
SRC_URI[sha256sum] = "6383b32ba8d246f41bbbb83663381f5a5f4c4713235433cec22fc4a47e9b6d5f"
|
||||||
|
|
||||||
inherit autotools-brokensep update-rc.d systemd useradd
|
inherit autotools-brokensep update-rc.d systemd useradd
|
||||||
|
|
||||||
Reference in New Issue
Block a user