Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package redis for openSUSE:Factory checked in at 2021-10-08 22:04:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/redis (Old) and /work/SRC/openSUSE:Factory/.redis.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "redis" Fri Oct 8 22:04:47 2021 rev:74 rq:923194 version:6.2.6 Changes: -------- --- /work/SRC/openSUSE:Factory/redis/redis.changes 2021-07-25 20:09:18.607440558 +0200 +++ /work/SRC/openSUSE:Factory/.redis.new.2443/redis.changes 2021-10-08 22:05:06.572566174 +0200 @@ -1,0 +2,46 @@ +Mon Oct 4 20:23:56 UTC 2021 - Michael Str??der <[email protected]> + +- redis 6.2.6 with security fixes for + * Security fixes: + - CVE-2021-41099: Integer to heap buffer overflow handling certain string + commands and network payloads, when proto-max-bulk-len is manually configured + to a non-default, very large value (boo#1191299) + - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and + redis-sentinel parsing large multi-bulk replies on some older and less common + platforms (boo#1191300) + - CVE-2021-32687: Integer to heap buffer overflow with intsets, when + set-max-intset-entries is manually configured to a non-default, very large + value (boo#1191302) + - CVE-2021-32675: Denial Of Service when processing RESP request payloads with + a large number of elements on many connections (boo#1191303) + - CVE-2021-32672: Random heap reading issue with Lua Debugger (boo#1191304) + - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded + data types, when configuring a large, non-default value for + hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries + or zset-max-ziplist-value (boo#1191305) + - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when + configuring a non-default, large value for proto-max-bulk-len and + client-query-buffer-limit (boo#1191305) + - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer + overflow (boo#1191306) + * Bug fixes that involve behavior changes: + - GEO* STORE with empty source key deletes the destination key and return 0 + Previously it would have returned an empty array like the non-STORE variant. + - PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions + This actually changed in 6.2.0 but was overlooked and omitted from the release notes. + * Bug fixes that are only applicable to previous releases of Redis 6.2: + - Fix CLIENT PAUSE, used an old timeout from previous PAUSE + - Fix CLIENT PAUSE in a replica would mess the replication offset + - Add some missing error statistics in INFO errorstats + * Other bug fixes: + - Fix incorrect reply of COMMAND command key positions for MIGRATE command + - Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) + - Fix the wrong misdetection of sync_file_range system call, affecting performance + * CLI tools: + - When redis-cli received ASK response, it didn't handle it + * Improvements: + - Add latency monitor sample when key is deleted via lazy expire + - Sanitize corrupt payload improvements + - Delete empty keys when loading RDB file or handling a RESTORE command + +------------------------------------------------------------------- Old: ---- redis-6.2.5.tar.gz New: ---- redis-6.2.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ redis.spec ++++++ --- /var/tmp/diff_new_pack.BdgCGy/_old 2021-10-08 22:05:07.472567654 +0200 +++ /var/tmp/diff_new_pack.BdgCGy/_new 2021-10-08 22:05:07.476567661 +0200 @@ -20,7 +20,7 @@ %define _log_dir %{_localstatedir}/log/%{name} %define _conf_dir %{_sysconfdir}/%{name} Name: redis -Version: 6.2.5 +Version: 6.2.6 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause ++++++ redis-6.2.5.tar.gz -> redis-6.2.6.tar.gz ++++++ ++++ 3277 lines of diff (skipped) ++++++ redis.hashes ++++++ --- /var/tmp/diff_new_pack.BdgCGy/_old 2021-10-08 22:05:07.888568338 +0200 +++ /var/tmp/diff_new_pack.BdgCGy/_new 2021-10-08 22:05:07.888568338 +0200 @@ -130,3 +130,6 @@ hash redis-5.0.13.tar.gz sha256 2b617aa2d6ad66c6a5d99fc8590c6b83b40d391fd1184c6eeab30df31f6a7208 http://download.redis.io/releases/redis-5.0.13.tar.gz hash redis-6.0.15.tar.gz sha256 4bc295264a95bc94423c162a9eee66135a24a51eefe5f53f18fc9bde5c3a9f74 http://download.redis.io/releases/redis-6.0.15.tar.gz hash redis-6.2.5.tar.gz sha256 4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae http://download.redis.io/releases/redis-6.2.5.tar.gz +hash redis-5.0.14.tar.gz sha256 3ea5024766d983249e80d4aa9457c897a9f079957d0fb1f35682df233f997f32 http://download.redis.io/releases/redis-5.0.14.tar.gz +hash redis-6.0.16.tar.gz sha256 3639bbf29aca1a1670de1ab2ce224d6511c63969e7e590d3cdf8f7888184fa19 http://download.redis.io/releases/redis-6.0.16.tar.gz +hash redis-6.2.6.tar.gz sha256 5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab http://download.redis.io/releases/redis-6.2.6.tar.gz
