diff options
author | Armin Kuster <akuster808@gmail.com> | 2021-10-29 07:34:58 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2021-10-29 07:34:58 -0700 |
commit | 6be10fe608c09653416ae8c85377056ccaa9f1b9 (patch) | |
tree | 1c84508f718aa8b59c9c2f01a359ba20bc14eeb1 /meta-oe/recipes-extended/redis/redis_5.0.14.bb | |
parent | 98ccbca491657e2e270c27cd4bbfdeb07a528dd4 (diff) | |
download | meta-openembedded-6be10fe608c09653416ae8c85377056ccaa9f1b9.tar.gz |
redis: update to 5.0.14
Bug fix only updates. see: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Including these cves:
5.0.14
Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
overflow [reported by Meir Shpilraien].
5.0.11
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
5.0.10
This release fixes a potential heap overflow when using a heap allocator other
than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-extended/redis/redis_5.0.14.bb')
-rw-r--r-- | meta-oe/recipes-extended/redis/redis_5.0.14.bb | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/redis/redis_5.0.14.bb b/meta-oe/recipes-extended/redis/redis_5.0.14.bb new file mode 100644 index 0000000000..3d849ec8c3 --- /dev/null +++ b/meta-oe/recipes-extended/redis/redis_5.0.14.bb @@ -0,0 +1,65 @@ +SUMMARY = "Redis key-value store" +DESCRIPTION = "Redis is an open source, advanced key-value store." +HOMEPAGE = "http://redis.io" +SECTION = "libs" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=3c01b49fed4df1a79843688fa3f7b9d6" +DEPENDS = "readline lua ncurses" + +SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ + file://redis.conf \ + file://init-redis-server \ + file://redis.service \ + file://hiredis-use-default-CC-if-it-is-set.patch \ + file://lua-update-Makefile-to-use-environment-build-setting.patch \ + file://oe-use-libc-malloc.patch \ + file://0001-src-Do-not-reset-FINAL_LIBS.patch \ + file://GNU_SOURCE.patch \ + " + +SRC_URI[sha256sum] = "3ea5024766d983249e80d4aa9457c897a9f079957d0fb1f35682df233f997f32" + +inherit autotools-brokensep update-rc.d systemd useradd + +FINAL_LIBS_x86_toolchain-clang = "-latomic" +FINAL_LIBS_mips = "-latomic" +FINAL_LIBS_arm = "-latomic" +FINAL_LIBS_powerpc = "-latomic" + +export FINAL_LIBS + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home-dir /var/lib/redis -g redis --shell /bin/false redis" +GROUPADD_PARAM_${PN} = "--system redis" + +REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}" + +do_compile_prepend() { + (cd deps && oe_runmake hiredis lua linenoise) +} + +do_install() { + export PREFIX=${D}/${prefix} + oe_runmake install + install -d ${D}/${sysconfdir}/redis + install -m 0644 ${WORKDIR}/redis.conf ${D}/${sysconfdir}/redis/redis.conf + install -d ${D}/${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init-redis-server ${D}/${sysconfdir}/init.d/redis-server + install -d ${D}/var/lib/redis/ + chown redis.redis ${D}/var/lib/redis/ + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/redis.service ${D}${systemd_system_unitdir} + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_system_unitdir}/redis.service + + if [ "${REDIS_ON_SYSTEMD}" = true ]; then + sed -i 's!daemonize yes!# daemonize yes!' ${D}/${sysconfdir}/redis/redis.conf + fi +} + +CONFFILES_${PN} = "${sysconfdir}/redis/redis.conf" + +INITSCRIPT_NAME = "redis-server" +INITSCRIPT_PARAMS = "defaults 87" + +SYSTEMD_SERVICE_${PN} = "redis.service" |