openembedded-devel@lists.openembedded.org | [kirkstone][meta-oe][PATCH] redis: upgrade 7.0.9 -> 7.0.10

Home Messages Hashtags Subgroups

Date Date 1 - 6 of 6

[kirkstone][meta-oe][PATCH] redis: upgrade 7.0.9 -> 7.0.10

Changqing Li

From: Changqing Li <changqing.li@...>

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service

Bug Fixes
Large blocks of replica client output buffer may lead to PSYNC loops and unnecessary memory usage (#11666)
Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)

Signed-off-by: Changqing Li <changqing.li@...>
---
 .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb} (96%)

diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
similarity index 96%
rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
index e4b2d45a4..5f972033f 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
@@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://GNU_SOURCE.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
            "
-SRC_URI[sha256sum] = "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
+SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
 
 inherit autotools-brokensep update-rc.d systemd useradd
 
-- 
2.25.1

Armin Kuster

#101635

On 3/22/23 4:29 AM, Changqing Li wrote:
From: Changqing Li <changqing.li@...>

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-serviceI am applying this to langdale then kirkstone

-armin

Bug Fixes
Large blocks of replica client output buffer may lead to PSYNC loops and unnecessary memory usage (#11666)
Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)

Signed-off-by: Changqing Li <changqing.li@...>
---
  .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
  rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb} (96%)

diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
similarity index 96%
rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
index e4b2d45a4..5f972033f 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
@@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
             file://GNU_SOURCE.patch \
             file://0006-Define-correct-gregs-for-RISCV32.patch \
             "
-SRC_URI[sha256sum] = "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
+SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
  inherit autotools-brokensep update-rc.d systemd useradd
  

Armin Kuster

#101636

On 3/22/23 4:29 AM, Changqing Li wrote:
From: Changqing Li <changqing.li@...>

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-serviceWas this sent to master?

Bug Fixes
Large blocks of replica client output buffer may lead to PSYNC loops and unnecessary memory usage (#11666)
Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)

Signed-off-by: Changqing Li <changqing.li@...>
---
  .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
  rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb} (96%)

diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
similarity index 96%
rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
index e4b2d45a4..5f972033f 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
@@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
             file://GNU_SOURCE.patch \
             file://0006-Define-correct-gregs-for-RISCV32.patch \
             "
-SRC_URI[sha256sum] = "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
+SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
  inherit autotools-brokensep update-rc.d systemd useradd
  

Changqing Li

#101640

On 3/22/23 19:23, akuster808 wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On 3/22/23 4:29 AM, Changqing Li wrote:
From: Changqing Li <changqing.li@...>

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-serviceWas this sent to master?Yes,  It is another patch, because  the context of the changed line is a little different.

Regards

Changqing


Bug Fixes
Large blocks of replica client output buffer may lead to PSYNC loops and unnecessary memory usage (#11666)
Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)

Signed-off-by: Changqing Li <changqing.li@...>
---
  .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb}  | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
  rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb} (96%)

diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
similarity index 96%
rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
index e4b2d45a4..5f972033f 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
@@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
             file://GNU_SOURCE.patch \
             file://0006-Define-correct-gregs-for-RISCV32.patch \
             "
-SRC_URI[sha256sum] = "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
+SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"

  inherit autotools-brokensep update-rc.d systemd useradd

Martin Jansa

#102143

What's the status of these changes? I don't see them in kirkstone-next/langdale-next nor contrib/stable/kirkstone-nut contrib/stable/langdale-nut

The current meta-oe/kirkstone redis fails since 7.0.9 upgrade with:

ERROR: redis-7.0.9-r0 do_patch: Fuzz detected:
Applying patch GNU_SOURCE.patch
patching file src/zmalloc.c
Hunk #1 succeeded at 32 with fuzz 2 (offset 4 lines).
ERROR: redis-7.0.9-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz]

And I don't see this issue fixed here.

I'll send separate patch to fix just patch-fuzz.

Show quoted text

On Thu, Mar 23, 2023 at 2:33 AM Changqing Li <changqing.li@...> wrote:

On 3/22/23 19:23, akuster808 wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender
> and know the content is safe.
>
> On 3/22/23 4:29 AM, Changqing Li wrote:
>> From: Changqing Li <changqing.li@...>
>>
>> Upgrade urgency: SECURITY, contains fixes to security issues.
>>
>> Security Fixes:
>>
>> (CVE-2023-28425) Specially crafted MSETNX command can lead to
>> assertion and denial-of-service
>
> Was this sent to master?

Yes, It is another patch, because the context of the changed line is a
little different.

Regards

Changqing

>>
>> Bug Fixes
>> Large blocks of replica client output buffer may lead to PSYNC loops
>> and unnecessary memory usage (#11666)
>> Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
>> Trim excessive memory usage in stream nodes when exceeding
>> stream-node-max-bytes (#11885)
>> Fix module RM_Call commands failing with OOM when maxmemory is
>> changed to zero (#11319)
>>
>> Signed-off-by: Changqing Li <changqing.li@...>
>> ---
>> .../recipes-extended/redis/{redis_7.0.9.bb => redis_7.0.10.bb} | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb =>
>> redis_7.0.10.bb} (96%)
>>
>> diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
>> b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
>> similarity index 96%
>> rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
>> rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
>> index e4b2d45a4..5f972033f 100644
>> --- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
>> +++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
>> @@ -19,7 +19,7 @@ SRC_URI =
>> "http://download.redis.io/releases/${BP}.tar.gz \
>>              file://GNU_SOURCE.patch \
>>              file://0006-Define-correct-gregs-for-RISCV32.patch \
>>              "
>> -SRC_URI[sha256sum] =
>> "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
>> +SRC_URI[sha256sum] =
>> "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
>>
>> inherit autotools-brokensep update-rc.d systemd useradd
>>
>>
>>
>>
>

Armin Kuster

#102147

On 4/21/23 7:04 AM, Martin Jansa wrote:
What's the status of these changes? I don't see them in kirkstone-next/langdale-next nor contrib/stable/kirkstone-nut contrib/stable/langdale-nutMy apologies. I had a question if Master was affected and it was so I forgot to keep an eye on the changes in Master for this package.

Thanks for the reminder.

- armin

The current meta-oe/kirkstone redis fails since 7.0.9 upgrade with:

ERROR: redis-7.0.9-r0 do_patch: Fuzz detected:
Applying patch GNU_SOURCE.patch
patching file src/zmalloc.c
Hunk #1 succeeded at 32 with fuzz 2 (offset 4 lines).
ERROR: redis-7.0.9-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz]

And I don't see this issue fixed here.

I'll send separate patch to fix just patch-fuzz.

On Thu, Mar 23, 2023 at 2:33 AM Changqing Li <changqing.li@...> wrote:


    On 3/22/23 19:23, akuster808 wrote:
    > CAUTION: This email comes from a non Wind River email account!
    > Do not click links or open attachments unless you recognize the
    sender
    > and know the content is safe.
    >
    > On 3/22/23 4:29 AM, Changqing Li wrote:
    >> From: Changqing Li <changqing.li@...>
    >>
    >> Upgrade urgency: SECURITY, contains fixes to security issues.
    >>
    >> Security Fixes:
    >>
    >> (CVE-2023-28425) Specially crafted MSETNX command can lead to
    >> assertion and denial-of-service
    >
    > Was this sent to master?

    Yes,  It is another patch, because  the context of the changed
    line is a
    little different.

    Regards

    Changqing

    >>
    >> Bug Fixes
    >> Large blocks of replica client output buffer may lead to PSYNC
    loops
    >> and unnecessary memory usage (#11666)
    >> Fix CLIENT REPLY OFF|SKIP to not silence push notifications
    (#11875)
    >> Trim excessive memory usage in stream nodes when exceeding
    >> stream-node-max-bytes (#11885)
    >> Fix module RM_Call commands failing with OOM when maxmemory is
    >> changed to zero (#11319)
    >>
    >> Signed-off-by: Changqing Li <changqing.li@...>
    >> ---
    >>   .../recipes-extended/redis/{redis_7.0.9.bb
    <http://redis_7.0.9.bb> => redis_7.0.10.bb
    <http://redis_7.0.10.bb>} | 2 +-
    >>   1 file changed, 1 insertion(+), 1 deletion(-)
    >>   rename meta-oe/recipes-extended/redis/{redis_7.0.9.bb
    <http://redis_7.0.9.bb> =>
    >> redis_7.0.10.bb <http://redis_7.0.10.bb>} (96%)
    >>
    >> diff --git a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
    <http://redis_7.0.9.bb>
    >> b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
    <http://redis_7.0.10.bb>
    >> similarity index 96%
    >> rename from meta-oe/recipes-extended/redis/redis_7.0.9.bb
    <http://redis_7.0.9.bb>
    >> rename to meta-oe/recipes-extended/redis/redis_7.0.10.bb
    <http://redis_7.0.10.bb>
    >> index e4b2d45a4..5f972033f 100644
    >> --- a/meta-oe/recipes-extended/redis/redis_7.0.9.bb
    <http://redis_7.0.9.bb>
    >> +++ b/meta-oe/recipes-extended/redis/redis_7.0.10.bb
    <http://redis_7.0.10.bb>
    >> @@ -19,7 +19,7 @@ SRC_URI =
    >> "http://download.redis.io/releases/${BP}.tar.gz
    <http://download.redis.io/releases/$%7BBP%7D.tar.gz> \
    >>              file://GNU_SOURCE.patch \
    >> file://0006-Define-correct-gregs-for-RISCV32.patch \
    >>              "
    >> -SRC_URI[sha256sum] =
    >> "f77135c2a47c9151d4028bfea3b34470ab4d324d1484f79a84c6f32a3cfb9f65"
    >> +SRC_URI[sha256sum] =
    >> "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
    >>
    >>   inherit autotools-brokensep update-rc.d systemd useradd
    >>
    >>
    >>
    >>
    >

1 - 6 of 6

Previous Topic Next Topic

Home Hashtags Subgroups Terms