Hello community, here is the log from the commit of package redis for openSUSE:Factory checked in at 2018-06-19 12:02:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/redis (Old) and /work/SRC/openSUSE:Factory/.redis.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "redis" Tue Jun 19 12:02:56 2018 rev:42 rq:617053 version:4.0.10 Changes: -------- --- /work/SRC/openSUSE:Factory/redis/redis.changes 2018-04-19 15:31:31.350048365 +0200 +++ /work/SRC/openSUSE:Factory/.redis.new/redis.changes 2018-06-19 12:03:01.567451871 +0200 @@ -1,0 +2,25 @@ +Fri Jun 15 10:17:06 UTC 2018 - [email protected] + +- update to 4.0.10 (boo#1097430) CVE-2018-11218 CVE-2018-11219 + https://raw.githubusercontent.com/antirez/redis/4.0.10/00-RELEASENOTES + - Important security issues related to the Lua scripting engine. + Please check https://github.com/antirez/redis/issues/5017 for + more information. + - A bug with SCAN, SSCAN, HSCAN and ZSCAN, that may not return + all the elements. We also add a regression test that can + trigger the issue often when present, and may in theory be able + to find unrelated regressions. + - A PSYNC2 bug is fixed: Redis should not expire keys when saving + RDB files because otherwise it is no longer possible to use + such RDB file as a base for partial resynchronization. It no + longer represents the right state. + - Compatibility of AOF with RDB preamble when the RDB checksum is + disabled. + - Sentinel bug that in some cases prevented Sentinel to detect + that the master was down immediately. A delay was added to the + detection. +- refreshed patches to apply cleanly again + redis-conf.patch + redis-initscript.patch + +------------------------------------------------------------------- @@ -13 +38 @@ - * https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES + * https://raw.githubusercontent.com/antirez/redis/4.0.9/00-RELEASENOTES @@ -30 +55 @@ - * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES + * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0.8/00-RELEASENOTES @@ -37 +62 @@ - * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES + * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0.7/00-RELEASENOTES @@ -66 +91 @@ - * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES + * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0.6/00-RELEASENOTES @@ -88 +113 @@ - * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES + * Release notes: https://raw.githubusercontent.com/antirez/redis/4.0.2/00-RELEASENOTES Old: ---- redis-4.0.9.tar.gz New: ---- redis-4.0.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ redis.spec ++++++ --- /var/tmp/diff_new_pack.9fOWdi/_old 2018-06-19 12:03:02.543415634 +0200 +++ /var/tmp/diff_new_pack.9fOWdi/_new 2018-06-19 12:03:02.547415486 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -20,7 +20,7 @@ %define _log_dir %{_localstatedir}/log/%{name} %define _conf_dir %{_sysconfdir}/%{name} Name: redis -Version: 4.0.9 +Version: 4.0.10 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause ++++++ redis-4.0.9.tar.gz -> redis-4.0.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/00-RELEASENOTES new/redis-4.0.10/00-RELEASENOTES --- old/redis-4.0.9/00-RELEASENOTES 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/00-RELEASENOTES 2018-06-13 13:02:07.000000000 +0200 @@ -11,6 +11,129 @@ -------------------------------------------------------------------------------- ================================================================================ +Redis 4.0.10 Released Wed Jun 13 12:49:13 CEST 2018 +================================================================================ + +Upgrade urgency CRITICAL: This release fixes important security issues. + HIGH: This release fixes a SCAN commands family bug. + MODERATE: This release fixes a PSYNC2 edge case with expires. + MODERATE: Sentinel related fixes. + LOW: All the other issues + +Redis 4.0.10 fixes a number of important issues: + +* Important security issues related to the Lua scripting engine. + Please check https://github.com/antirez/redis/issues/5017 + for more information. + +* A bug with SCAN, SSCAN, HSCAN and ZSCAN, that may not return all the elements. + We also add a regression test that can trigger the issue often when present, and + may in theory be able to find unrelated regressions. + +* A PSYNC2 bug is fixed: Redis should not expire keys when saving RDB files + because otherwise it is no longer possible to use such RDB file as a base + for partial resynchronization. It no longer represents the right state. + +* Compatibility of AOF with RDB preamble when the RDB checksum is disabled. + +* Sentinel bug that in some cases prevented Sentinel to detect that the master + was down immediately. A delay was added to the detection. + +* Other minor issues. + +The following is the list of commits composing the release, please check +the commit messages and authors for credits. + +antirez in commit 9fdcc159: + Security: fix redis-cli buffer overflow. + 1 file changed, 16 insertions(+), 11 deletions(-) + +antirez in commit cf760071: + Security: fix Lua struct package offset handling. + 1 file changed, 6 insertions(+), 2 deletions(-) + +antirez in commit a57595ca: + Security: more cmsgpack fixes by @soloestoy. + 1 file changed, 7 insertions(+) + +antirez in commit 8783fb94: + Security: update Lua struct package for security. + 1 file changed, 23 insertions(+), 23 deletions(-) + +antirez in commit 8cb9344b: + Security: fix Lua cmsgpack library stack overflow. + 1 file changed, 3 insertions(+) + +赵磊 in commit 59080f60: + Fix dictScan(): It can't scan all buckets when dict is shrinking. + 1 file changed, 14 insertions(+), 11 deletions(-) + +dejun.xdj in commit ac2a824a: + Fix redis-cli memory leak when sending set preference command. + 1 file changed, 2 insertions(+) + +dejun.xdj in commit c7197ff5: + Check if the repeat value is positive in while loop of cliSendCommand(). + 1 file changed, 1 insertion(+), 1 deletion(-) + +dejun.xdj in commit 3f77777f: + Change the type of repeat argument to long for function cliSendCommand. + 1 file changed, 1 insertion(+), 1 deletion(-) + +dejun.xdj in commit 7a565d72: + Fix negtive repeat command value issue. + 1 file changed, 11 insertions(+), 3 deletions(-) + +dejun.xdj in commit 64bf60fb: + Detect and stop saving history for auth command with repeat option. + 1 file changed, 17 insertions(+), 10 deletions(-) + +dejun.xdj in commit 5bed12aa: + Change the warning message a little bit to avoid trademark issuses. + 1 file changed, 1 insertion(+), 1 deletion(-) + +dejun.xdj in commit d71c4961: + Stop saving auth command in redis-cli history. + 1 file changed, 4 insertions(+), 2 deletions(-) + +dejun.xdj in commit fca99e41: + Add warning message when using password on command line + 1 file changed, 1 insertion(+) + +antirez in commit 01407a3a: + Don't expire keys while loading RDB from AOF preamble. + 3 files changed, 5 insertions(+), 5 deletions(-) + +WuYunlong in commit fb5408cf: + Fix rdb save by allowing dumping of expire keys, so that when we add a new slave, and do a failover, eighter by manual or not, other local slaves will delete the expired keys properly. + 2 files changed, 3 insertions(+), 7 deletions(-) + +antirez in commit 0b8b6df4: + Backport hiredis issue 525 fix to compile on FreeBSD. + 1 file changed, 1 insertion(+), 1 deletion(-) + +antirez in commit e98627c5: + Add INIT INFO to the provided init script. + 1 file changed, 8 insertions(+) + +antirez in commit 17f5de89: + Fix ae.c when a timer finalizerProc adds an event. + 2 files changed, 10 insertions(+), 6 deletions(-) + +antirez in commit 266e6423: + Sentinel: fix delay in detecting ODOWN. + 1 file changed, 9 insertions(+), 5 deletions(-) + +zhaozhao.zz in commit eafaf172: + AOF & RDB: be compatible with rdbchecksum no + 1 file changed, 9 insertions(+), 7 deletions(-) + +huijing.whj in commit 4630da37: + fix int overflow problem in freeMemoryIfNeeded + 1 file changed, 1 insertion(+), 1 deletion(-) + + +================================================================================ Redis 4.0.9 Released Mon Mar 26 17:52:32 CEST 2018 ================================================================================ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/deps/hiredis/fmacros.h new/redis-4.0.10/deps/hiredis/fmacros.h --- old/redis-4.0.9/deps/hiredis/fmacros.h 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/deps/hiredis/fmacros.h 2018-06-13 13:02:07.000000000 +0200 @@ -13,7 +13,7 @@ #if defined(__sun__) #define _POSIX_C_SOURCE 200112L #else -#if !(defined(__APPLE__) && defined(__MACH__)) +#if !(defined(__APPLE__) && defined(__MACH__)) && !(defined(__FreeBSD__)) #define _XOPEN_SOURCE 600 #endif #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/deps/lua/src/lua_cmsgpack.c new/redis-4.0.10/deps/lua/src/lua_cmsgpack.c --- old/redis-4.0.9/deps/lua/src/lua_cmsgpack.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/deps/lua/src/lua_cmsgpack.c 2018-06-13 13:02:07.000000000 +0200 @@ -385,6 +385,7 @@ #endif mp_encode_array(L,buf,len); + luaL_checkstack(L, 1, "in function mp_encode_lua_table_as_array"); for (j = 1; j <= len; j++) { lua_pushnumber(L,j); lua_gettable(L,-2); @@ -400,6 +401,7 @@ * Lua API, we need to iterate a first time. Note that an alternative * would be to do a single run, and then hack the buffer to insert the * map opcodes for message pack. Too hackish for this lib. */ + luaL_checkstack(L, 3, "in function mp_encode_lua_table_as_map"); lua_pushnil(L); while(lua_next(L,-2)) { lua_pop(L,1); /* remove value, keep key for next iteration. */ @@ -515,10 +517,14 @@ if (nargs == 0) return luaL_argerror(L, 0, "MessagePack pack needs input."); + if (!lua_checkstack(L, nargs)) + return luaL_argerror(L, 0, "Too many arguments for MessagePack pack."); + buf = mp_buf_new(L); for(i = 1; i <= nargs; i++) { /* Copy argument i to top of stack for _encode processing; * the encode function pops it from the stack when complete. */ + luaL_checkstack(L, 1, "in function mp_check"); lua_pushvalue(L, i); mp_encode_lua_type(L,buf,0); @@ -547,6 +553,7 @@ int index = 1; lua_newtable(L); + luaL_checkstack(L, 1, "in function mp_decode_to_lua_array"); while(len--) { lua_pushnumber(L,index++); mp_decode_to_lua_type(L,c); @@ -821,6 +828,9 @@ * subtract the entire buffer size from the unprocessed size * to get our next start offset */ int offset = len - c.left; + + luaL_checkstack(L, 1, "in function mp_unpack_full"); + /* Return offset -1 when we have have processed the entire buffer. */ lua_pushinteger(L, c.left == 0 ? -1 : offset); /* Results are returned with the arg elements still diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/deps/lua/src/lua_struct.c new/redis-4.0.10/deps/lua/src/lua_struct.c --- old/redis-4.0.9/deps/lua/src/lua_struct.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/deps/lua/src/lua_struct.c 2018-06-13 13:02:07.000000000 +0200 @@ -1,7 +1,7 @@ /* ** {====================================================== ** Library for packing/unpacking structures. -** $Id: struct.c,v 1.4 2012/07/04 18:54:29 roberto Exp $ +** $Id: struct.c,v 1.7 2018/05/11 22:04:31 roberto Exp $ ** See Copyright Notice at the end of this file ** ======================================================= */ @@ -15,8 +15,8 @@ ** h/H - signed/unsigned short ** l/L - signed/unsigned long ** T - size_t -** i/In - signed/unsigned integer with size `n' (default is size of int) -** cn - sequence of `n' chars (from/to a string); when packing, n==0 means +** i/In - signed/unsigned integer with size 'n' (default is size of int) +** cn - sequence of 'n' chars (from/to a string); when packing, n==0 means the whole string; when unpacking, n==0 means use the previous read number as the string length ** s - zero-terminated string @@ -89,14 +89,12 @@ } Header; -static int getnum (lua_State *L, const char **fmt, int df) { +static int getnum (const char **fmt, int df) { if (!isdigit(**fmt)) /* no number? */ return df; /* return default value */ else { int a = 0; do { - if (a > (INT_MAX / 10) || a * 10 > (INT_MAX - (**fmt - '0'))) - luaL_error(L, "integral size overflow"); a = a*10 + *((*fmt)++) - '0'; } while (isdigit(**fmt)); return a; @@ -117,9 +115,9 @@ case 'f': return sizeof(float); case 'd': return sizeof(double); case 'x': return 1; - case 'c': return getnum(L, fmt, 1); + case 'c': return getnum(fmt, 1); case 'i': case 'I': { - int sz = getnum(L, fmt, sizeof(int)); + int sz = getnum(fmt, sizeof(int)); if (sz > MAXINTSIZE) luaL_error(L, "integral size %d is larger than limit of %d", sz, MAXINTSIZE); @@ -152,7 +150,7 @@ case '>': h->endian = BIG; return; case '<': h->endian = LITTLE; return; case '!': { - int a = getnum(L, fmt, MAXALIGN); + int a = getnum(fmt, MAXALIGN); if (!isp2(a)) luaL_error(L, "alignment %d is not a power of 2", a); h->align = a; @@ -295,21 +293,26 @@ const char *fmt = luaL_checkstring(L, 1); size_t ld; const char *data = luaL_checklstring(L, 2, &ld); - size_t pos = luaL_optinteger(L, 3, 1) - 1; + size_t pos = luaL_optinteger(L, 3, 1); + luaL_argcheck(L, pos > 0, 3, "offset must be 1 or greater"); + pos--; /* Lua indexes are 1-based, but here we want 0-based for C + * pointer math. */ + int n = 0; /* number of results */ defaultoptions(&h); - lua_settop(L, 2); while (*fmt) { int opt = *fmt++; size_t size = optsize(L, opt, &fmt); pos += gettoalign(pos, &h, opt, size); - luaL_argcheck(L, pos+size <= ld, 2, "data string too short"); - luaL_checkstack(L, 1, "too many results"); + luaL_argcheck(L, size <= ld && pos <= ld - size, + 2, "data string too short"); + /* stack space for item + next position */ + luaL_checkstack(L, 2, "too many results"); switch (opt) { case 'b': case 'B': case 'h': case 'H': case 'l': case 'L': case 'T': case 'i': case 'I': { /* integer types */ int issigned = islower(opt); lua_Number res = getinteger(data+pos, h.endian, issigned, size); - lua_pushnumber(L, res); + lua_pushnumber(L, res); n++; break; } case 'x': { @@ -319,25 +322,26 @@ float f; memcpy(&f, data+pos, size); correctbytes((char *)&f, sizeof(f), h.endian); - lua_pushnumber(L, f); + lua_pushnumber(L, f); n++; break; } case 'd': { double d; memcpy(&d, data+pos, size); correctbytes((char *)&d, sizeof(d), h.endian); - lua_pushnumber(L, d); + lua_pushnumber(L, d); n++; break; } case 'c': { if (size == 0) { - if (!lua_isnumber(L, -1)) - luaL_error(L, "format `c0' needs a previous size"); + if (n == 0 || !lua_isnumber(L, -1)) + luaL_error(L, "format 'c0' needs a previous size"); size = lua_tonumber(L, -1); - lua_pop(L, 1); - luaL_argcheck(L, pos+size <= ld, 2, "data string too short"); + lua_pop(L, 1); n--; + luaL_argcheck(L, size <= ld && pos <= ld - size, + 2, "data string too short"); } - lua_pushlstring(L, data+pos, size); + lua_pushlstring(L, data+pos, size); n++; break; } case 's': { @@ -345,15 +349,15 @@ if (e == NULL) luaL_error(L, "unfinished string in data"); size = (e - (data+pos)) + 1; - lua_pushlstring(L, data+pos, size - 1); + lua_pushlstring(L, data+pos, size - 1); n++; break; } default: controloptions(L, opt, &fmt, &h); } pos += size; } - lua_pushinteger(L, pos + 1); - return lua_gettop(L) - 2; + lua_pushinteger(L, pos + 1); /* next position */ + return n + 1; } @@ -399,7 +403,7 @@ /****************************************************************************** -* Copyright (C) 2010-2012 Lua.org, PUC-Rio. All rights reserved. +* Copyright (C) 2010-2018 Lua.org, PUC-Rio. All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/ae.c new/redis-4.0.10/src/ae.c --- old/redis-4.0.9/src/ae.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/ae.c 2018-06-13 13:02:07.000000000 +0200 @@ -219,7 +219,10 @@ te->timeProc = proc; te->finalizerProc = finalizerProc; te->clientData = clientData; + te->prev = NULL; te->next = eventLoop->timeEventHead; + if (te->next) + te->next->prev = te; eventLoop->timeEventHead = te; return id; } @@ -266,7 +269,7 @@ /* Process time events */ static int processTimeEvents(aeEventLoop *eventLoop) { int processed = 0; - aeTimeEvent *te, *prev; + aeTimeEvent *te; long long maxId; time_t now = time(NULL); @@ -287,7 +290,6 @@ } eventLoop->lastTime = now; - prev = NULL; te = eventLoop->timeEventHead; maxId = eventLoop->timeEventNextId-1; while(te) { @@ -297,10 +299,12 @@ /* Remove events scheduled for deletion. */ if (te->id == AE_DELETED_EVENT_ID) { aeTimeEvent *next = te->next; - if (prev == NULL) - eventLoop->timeEventHead = te->next; + if (te->prev) + te->prev->next = te->next; else - prev->next = te->next; + eventLoop->timeEventHead = te->next; + if (te->next) + te->next->prev = te->prev; if (te->finalizerProc) te->finalizerProc(eventLoop, te->clientData); zfree(te); @@ -332,7 +336,6 @@ te->id = AE_DELETED_EVENT_ID; } } - prev = te; te = te->next; } return processed; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/ae.h new/redis-4.0.10/src/ae.h --- old/redis-4.0.9/src/ae.h 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/ae.h 2018-06-13 13:02:07.000000000 +0200 @@ -83,6 +83,7 @@ aeTimeProc *timeProc; aeEventFinalizerProc *finalizerProc; void *clientData; + struct aeTimeEvent *prev; struct aeTimeEvent *next; } aeTimeEvent; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/aof.c new/redis-4.0.10/src/aof.c --- old/redis-4.0.9/src/aof.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/aof.c 2018-06-13 13:02:07.000000000 +0200 @@ -713,7 +713,7 @@ serverLog(LL_NOTICE,"Reading RDB preamble from AOF file..."); if (fseek(fp,0,SEEK_SET) == -1) goto readerr; rioInitWithFile(&rdb,fp); - if (rdbLoadRio(&rdb,NULL) != C_OK) { + if (rdbLoadRio(&rdb,NULL,1) != C_OK) { serverLog(LL_WARNING,"Error reading the RDB preamble of the AOF file, AOF loading aborted"); goto readerr; } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/dict.c new/redis-4.0.10/src/dict.c --- old/redis-4.0.9/src/dict.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/dict.c 2018-06-13 13:02:07.000000000 +0200 @@ -858,6 +858,15 @@ de = next; } + /* Set unmasked bits so incrementing the reversed cursor + * operates on the masked bits */ + v |= ~m0; + + /* Increment the reverse cursor */ + v = rev(v); + v++; + v = rev(v); + } else { t0 = &d->ht[0]; t1 = &d->ht[1]; @@ -892,22 +901,16 @@ de = next; } - /* Increment bits not covered by the smaller mask */ - v = (((v | m0) + 1) & ~m0) | (v & m0); + /* Increment the reverse cursor not covered by the smaller mask.*/ + v |= ~m1; + v = rev(v); + v++; + v = rev(v); /* Continue while bits covered by mask difference is non-zero */ } while (v & (m0 ^ m1)); } - /* Set unmasked bits so incrementing the reversed cursor - * operates on the masked bits of the smaller table */ - v |= ~m0; - - /* Increment the reverse cursor */ - v = rev(v); - v++; - v = rev(v); - return v; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/evict.c new/redis-4.0.10/src/evict.c --- old/redis-4.0.9/src/evict.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/evict.c 2018-06-13 13:02:07.000000000 +0200 @@ -404,7 +404,7 @@ latencyStartMonitor(latency); while (mem_freed < mem_tofree) { int j, k, i, keys_freed = 0; - static int next_db = 0; + static unsigned int next_db = 0; sds bestkey = NULL; int bestdbid; redisDb *db; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/rdb.c new/redis-4.0.10/src/rdb.c --- old/redis-4.0.9/src/rdb.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/rdb.c 2018-06-13 13:02:07.000000000 +0200 @@ -807,13 +807,10 @@ * On error -1 is returned. * On success if the key was actually saved 1 is returned, otherwise 0 * is returned (the key was already expired). */ -int rdbSaveKeyValuePair(rio *rdb, robj *key, robj *val, - long long expiretime, long long now) +int rdbSaveKeyValuePair(rio *rdb, robj *key, robj *val, long long expiretime) { /* Save the expire time */ if (expiretime != -1) { - /* If this key is already expired skip it */ - if (expiretime < now) return 0; if (rdbSaveType(rdb,RDB_OPCODE_EXPIRETIME_MS) == -1) return -1; if (rdbSaveMillisecondTime(rdb,expiretime) == -1) return -1; } @@ -887,7 +884,6 @@ dictEntry *de; char magic[10]; int j; - long long now = mstime(); uint64_t cksum; size_t processed = 0; @@ -931,7 +927,7 @@ initStaticStringObject(key,keystr); expire = getExpire(db,&key); - if (rdbSaveKeyValuePair(rdb,&key,o,expire,now) == -1) goto werr; + if (rdbSaveKeyValuePair(rdb,&key,o,expire) == -1) goto werr; /* When this RDB is produced as part of an AOF rewrite, move * accumulated diff from parent to child while rewriting in @@ -1507,7 +1503,7 @@ /* Load an RDB file from the rio stream 'rdb'. On success C_OK is returned, * otherwise C_ERR is returned and 'errno' is set accordingly. */ -int rdbLoadRio(rio *rdb, rdbSaveInfo *rsi) { +int rdbLoadRio(rio *rdb, rdbSaveInfo *rsi, int loading_aof) { uint64_t dbid; int type, rdbver; redisDb *db = server.db+0; @@ -1635,7 +1631,7 @@ * received from the master. In the latter case, the master is * responsible for key expiry. If we would expire keys here, the * snapshot taken by the master may not be reflected on the slave. */ - if (server.masterhost == NULL && expiretime != -1 && expiretime < now) { + if (server.masterhost == NULL && !loading_aof && expiretime != -1 && expiretime < now) { decrRefCount(key); decrRefCount(val); continue; @@ -1649,16 +1645,18 @@ decrRefCount(key); } /* Verify the checksum if RDB version is >= 5 */ - if (rdbver >= 5 && server.rdb_checksum) { + if (rdbver >= 5) { uint64_t cksum, expected = rdb->cksum; if (rioRead(rdb,&cksum,8) == 0) goto eoferr; - memrev64ifbe(&cksum); - if (cksum == 0) { - serverLog(LL_WARNING,"RDB file was saved with checksum disabled: no check performed."); - } else if (cksum != expected) { - serverLog(LL_WARNING,"Wrong RDB checksum. Aborting now."); - rdbExitReportCorruptRDB("RDB CRC error"); + if (server.rdb_checksum) { + memrev64ifbe(&cksum); + if (cksum == 0) { + serverLog(LL_WARNING,"RDB file was saved with checksum disabled: no check performed."); + } else if (cksum != expected) { + serverLog(LL_WARNING,"Wrong RDB checksum. Aborting now."); + rdbExitReportCorruptRDB("RDB CRC error"); + } } } return C_OK; @@ -1684,7 +1682,7 @@ if ((fp = fopen(filename,"r")) == NULL) return C_ERR; startLoading(fp); rioInitWithFile(&rdb,fp); - retval = rdbLoadRio(&rdb,rsi); + retval = rdbLoadRio(&rdb,rsi,0); fclose(fp); stopLoading(); return retval; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/rdb.h new/redis-4.0.10/src/rdb.h --- old/redis-4.0.9/src/rdb.h 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/rdb.h 2018-06-13 13:02:07.000000000 +0200 @@ -137,7 +137,7 @@ size_t rdbSavedObjectLen(robj *o); robj *rdbLoadObject(int type, rio *rdb); void backgroundSaveDoneHandler(int exitcode, int bysignal); -int rdbSaveKeyValuePair(rio *rdb, robj *key, robj *val, long long expiretime, long long now); +int rdbSaveKeyValuePair(rio *rdb, robj *key, robj *val, long long expiretime); robj *rdbLoadStringObject(rio *rdb); ssize_t rdbSaveStringObject(rio *rdb, robj *obj); ssize_t rdbSaveRawString(rio *rdb, unsigned char *s, size_t len); @@ -146,7 +146,7 @@ int rdbLoadBinaryDoubleValue(rio *rdb, double *val); int rdbSaveBinaryFloatValue(rio *rdb, float val); int rdbLoadBinaryFloatValue(rio *rdb, float *val); -int rdbLoadRio(rio *rdb, rdbSaveInfo *rsi); +int rdbLoadRio(rio *rdb, rdbSaveInfo *rsi, int loading_aof); rdbSaveInfo *rdbPopulateSaveInfo(rdbSaveInfo *rsi); #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/redis-cli.c new/redis-4.0.10/src/redis-cli.c --- old/redis-4.0.9/src/redis-cli.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/redis-cli.c 2018-06-13 13:02:07.000000000 +0200 @@ -152,20 +152,25 @@ } static void cliRefreshPrompt(void) { - int len; - if (config.eval_ldb) return; - if (config.hostsocket != NULL) - len = snprintf(config.prompt,sizeof(config.prompt),"redis %s", - config.hostsocket); - else - len = anetFormatAddr(config.prompt, sizeof(config.prompt), - config.hostip, config.hostport); + + sds prompt = sdsempty(); + if (config.hostsocket != NULL) { + prompt = sdscatfmt(prompt,"redis %s",config.hostsocket); + } else { + char addr[256]; + anetFormatAddr(addr, sizeof(addr), config.hostip, config.hostport); + prompt = sdscatlen(prompt,addr,strlen(addr)); + } + /* Add [dbnum] if needed */ if (config.dbnum != 0) - len += snprintf(config.prompt+len,sizeof(config.prompt)-len,"[%d]", - config.dbnum); - snprintf(config.prompt+len,sizeof(config.prompt)-len,"> "); + prompt = sdscatfmt(prompt,"[%i]",config.dbnum); + + /* Copy the prompt in the static buffer. */ + prompt = sdscatlen(prompt,"> ",2); + snprintf(config.prompt,sizeof(config.prompt),"%s",prompt); + sdsfree(prompt); } /* Return the name of the dotfile for the specified 'dotfilename'. @@ -917,7 +922,7 @@ return REDIS_OK; } -static int cliSendCommand(int argc, char **argv, int repeat) { +static int cliSendCommand(int argc, char **argv, long repeat) { char *command = argv[0]; size_t *argvlen; int j, output_raw; @@ -980,7 +985,7 @@ for (j = 0; j < argc; j++) argvlen[j] = sdslen(argv[j]); - while(repeat--) { + while(repeat-- > 0) { redisAppendCommandArgv(context,argc,(const char**)argv,argvlen); while (config.monitor_mode) { if (cliReadReply(output_raw) != REDIS_OK) exit(1); @@ -1088,6 +1093,7 @@ } else if (!strcmp(argv[i],"-n") && !lastarg) { config.dbnum = atoi(argv[++i]); } else if (!strcmp(argv[i],"-a") && !lastarg) { + fputs("Warning: Using a password with '-a' option on the command line interface may not be safe.\n", stderr); config.auth = argv[++i]; } else if (!strcmp(argv[i],"-u") && !lastarg) { parseRedisUri(argv[++i]); @@ -1397,9 +1403,35 @@ cliRefreshPrompt(); while((line = linenoise(context ? config.prompt : "not connected> ")) != NULL) { if (line[0] != '\0') { + long repeat = 1; + int skipargs = 0; + char *endptr = NULL; + argv = cliSplitArgs(line,&argc); - if (history) linenoiseHistoryAdd(line); - if (historyfile) linenoiseHistorySave(historyfile); + + /* check if we have a repeat command option and + * need to skip the first arg */ + if (argv && argc > 0) { + errno = 0; + repeat = strtol(argv[0], &endptr, 10); + if (argc > 1 && *endptr == '\0') { + if (errno == ERANGE || errno == EINVAL || repeat <= 0) { + fputs("Invalid redis-cli repeat command option value.\n", stdout); + sdsfreesplitres(argv, argc); + linenoiseFree(line); + continue; + } + skipargs = 1; + } else { + repeat = 1; + } + } + + /* Won't save auth command in history file */ + if (!(argv && argc > 0 && !strcasecmp(argv[0+skipargs], "auth"))) { + if (history) linenoiseHistoryAdd(line); + if (historyfile) linenoiseHistorySave(historyfile); + } if (argv == NULL) { printf("Invalid argument(s)\n"); @@ -1412,6 +1444,8 @@ exit(0); } else if (argv[0][0] == ':') { cliSetPreferences(argv,argc,1); + sdsfreesplitres(argv,argc); + linenoiseFree(line); continue; } else if (strcasecmp(argv[0],"restart") == 0) { if (config.eval) { @@ -1431,15 +1465,6 @@ linenoiseClearScreen(); } else { long long start_time = mstime(), elapsed; - int repeat, skipargs = 0; - char *endptr; - - repeat = strtol(argv[0], &endptr, 10); - if (argc > 1 && *endptr == '\0' && repeat) { - skipargs = 1; - } else { - repeat = 1; - } issueCommandRepeat(argc-skipargs, argv+skipargs, repeat); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/sentinel.c new/redis-4.0.10/src/sentinel.c --- old/redis-4.0.9/src/sentinel.c 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/sentinel.c 2018-06-13 13:02:07.000000000 +0200 @@ -2599,20 +2599,24 @@ ping_period = ri->down_after_period; if (ping_period > SENTINEL_PING_PERIOD) ping_period = SENTINEL_PING_PERIOD; + /* Send INFO to masters and slaves, not sentinels. */ if ((ri->flags & SRI_SENTINEL) == 0 && (ri->info_refresh == 0 || (now - ri->info_refresh) > info_period)) { - /* Send INFO to masters and slaves, not sentinels. */ retval = redisAsyncCommand(ri->link->cc, sentinelInfoReplyCallback, ri, "INFO"); if (retval == C_OK) ri->link->pending_commands++; - } else if ((now - ri->link->last_pong_time) > ping_period && + } + + /* Send PING to all the three kinds of instances. */ + if ((now - ri->link->last_pong_time) > ping_period && (now - ri->link->last_ping_time) > ping_period/2) { - /* Send PING to all the three kinds of instances. */ sentinelSendPing(ri); - } else if ((now - ri->last_pub_time) > SENTINEL_PUBLISH_PERIOD) { - /* PUBLISH hello messages to all the three kinds of instances. */ + } + + /* PUBLISH hello messages to all the three kinds of instances. */ + if ((now - ri->last_pub_time) > SENTINEL_PUBLISH_PERIOD) { sentinelSendHello(ri); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/src/version.h new/redis-4.0.10/src/version.h --- old/redis-4.0.9/src/version.h 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/src/version.h 2018-06-13 13:02:07.000000000 +0200 @@ -1 +1 @@ -#define REDIS_VERSION "4.0.9" +#define REDIS_VERSION "4.0.10" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-4.0.9/utils/redis_init_script new/redis-4.0.10/utils/redis_init_script --- old/redis-4.0.9/utils/redis_init_script 2018-03-26 18:04:15.000000000 +0200 +++ new/redis-4.0.10/utils/redis_init_script 2018-06-13 13:02:07.000000000 +0200 @@ -3,6 +3,14 @@ # Simple Redis init.d script conceived to work on Linux systems # as it does use of the /proc filesystem. +### BEGIN INIT INFO +# Provides: redis_6379 +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Redis data structure server +# Description: Redis data structure server. See https://redis.io +### END INIT INFO + REDISPORT=6379 EXEC=/usr/local/bin/redis-server CLIEXEC=/usr/local/bin/redis-cli ++++++ redis-conf.patch ++++++ --- /var/tmp/diff_new_pack.9fOWdi/_old 2018-06-19 12:03:02.879403160 +0200 +++ /var/tmp/diff_new_pack.9fOWdi/_new 2018-06-19 12:03:02.883403011 +0200 @@ -2,7 +2,7 @@ =================================================================== --- redis.conf.orig +++ redis.conf -@@ -125,7 +125,7 @@ tcp-keepalive 300 +@@ -133,7 +133,7 @@ tcp-keepalive 300 # By default Redis does not run as a daemon. Use 'yes' if you need it. # Note that Redis will write a pid file in /var/run/redis.pid when daemonized. @@ -11,7 +11,7 @@ # If you run Redis from upstart or systemd, Redis can interact with your # supervision tree. Options: -@@ -136,7 +136,7 @@ daemonize no +@@ -144,7 +144,7 @@ daemonize no # UPSTART_JOB or NOTIFY_SOCKET environment variables # Note: these supervision methods only signal "process is ready." # They do not enable continuous liveness pings back to your supervisor. @@ -20,7 +20,7 @@ # If a pid file is specified, Redis writes it where specified at startup # and removes it at exit. -@@ -147,7 +147,7 @@ supervised no +@@ -155,7 +155,7 @@ supervised no # # Creating a pid file is best effort: if Redis is not able to create it # nothing bad happens, the server will start and run normally. @@ -29,7 +29,7 @@ # Specify the server verbosity level. # This can be one of: -@@ -160,7 +160,8 @@ loglevel notice +@@ -168,7 +168,8 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # Redis to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null @@ -39,7 +39,7 @@ # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. -@@ -244,7 +245,7 @@ dbfilename dump.rdb +@@ -260,7 +261,7 @@ dbfilename dump.rdb # The Append Only File will also be created inside this directory. # # Note that you must specify a directory here, not a file name. ++++++ redis-initscript.patch ++++++ --- /var/tmp/diff_new_pack.9fOWdi/_old 2018-06-19 12:03:02.903402268 +0200 +++ /var/tmp/diff_new_pack.9fOWdi/_new 2018-06-19 12:03:02.907402120 +0200 @@ -2,9 +2,12 @@ =================================================================== --- utils/redis_init_script.orig +++ utils/redis_init_script -@@ -1,42 +1,133 @@ +@@ -1,50 +1,133 @@ #!/bin/sh -+ +-# +-# Simple Redis init.d script conceived to work on Linux systems +-# as it does use of the /proc filesystem. + +# System startup script for Redis for OpenSUSE >= 11.4 +# +# Author: Marcello Barnaba <[email protected]> @@ -15,10 +18,13 @@ +# Define configurations in /etc/init.d/redis/NAME.conf +# +# Source: https://gist.github.com/804026 - # --# Simple Redis init.d script conceived to work on Linux systems --# as it does use of the /proc filesystem. -+### BEGIN INIT INFO ++# + ### BEGIN INIT INFO +-# Provides: redis_6379 +-# Default-Start: 2 3 4 5 +-# Default-Stop: 0 1 6 +-# Short-Description: Redis data structure server +-# Description: Redis data structure server. See https://redis.io +# Provides: redis +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs @@ -26,8 +32,11 @@ +# Default-Stop: 0 1 2 6 +# Short-Description: Redis server +# Description: Starts and stops the configured Redis instances -+### END INIT INFO -+ + ### END INIT INFO + +-REDISPORT=6379 +-EXEC=/usr/local/bin/redis-server +-CLIEXEC=/usr/local/bin/redis-cli +EXEC=/usr/sbin/redis-server +USER=redis +STATE=/var/run/redis @@ -65,10 +74,7 @@ + if [ ! -f ${CONFIG} ]; then + echo "$CONFIG not found" + rc_failed - --REDISPORT=6379 --EXEC=/usr/local/bin/redis-server --CLIEXEC=/usr/local/bin/redis-cli ++ + elif [ -f ${PIDFILE} ] && [ -x /proc/`cat ${PIDFILE}` ]; then + echo -n "already running (PID `cat ${PIDFILE}`)" +
