Hello community, here is the log from the commit of package redis for openSUSE:Factory checked in at 2016-08-09 22:15:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/redis (Old) and /work/SRC/openSUSE:Factory/.redis.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "redis" Changes: -------- --- /work/SRC/openSUSE:Factory/redis/redis.changes 2016-08-05 18:16:19.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.redis.new/redis.changes 2016-08-09 22:15:02.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Aug 5 18:17:24 UTC 2016 - astie...@suse.com + +- redis 3.2.3: + * fix replication delay issue + * drop CVE-2013-7458.patch, upstream + +------------------------------------------------------------------- Old: ---- CVE-2013-7458.patch redis-3.2.2.tar.gz New: ---- redis-3.2.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ redis.spec ++++++ --- /var/tmp/diff_new_pack.uSDWBd/_old 2016-08-09 22:15:03.000000000 +0200 +++ /var/tmp/diff_new_pack.uSDWBd/_new 2016-08-09 22:15:03.000000000 +0200 @@ -25,7 +25,7 @@ %bcond_with systemd %endif Name: redis -Version: 3.2.2 +Version: 3.2.3 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause @@ -42,7 +42,6 @@ # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch1: %{name}-conf.patch Patch2: redis-enable-bactrace-on-x86-and-ia64-only.patch -Patch3: CVE-2013-7458.patch BuildRequires: pkgconfig BuildRequires: procps BuildRequires: tcl @@ -71,7 +70,6 @@ %patch0 %patch1 %patch2 -%patch3 -p1 %build make %{?_smp_mflags} CFLAGS="%{optflags}" V=1 ++++++ redis-3.2.2.tar.gz -> redis-3.2.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-3.2.2/00-RELEASENOTES new/redis-3.2.3/00-RELEASENOTES --- old/redis-3.2.2/00-RELEASENOTES 2016-07-28 14:53:24.000000000 +0200 +++ new/redis-3.2.3/00-RELEASENOTES 2016-08-02 11:00:29.000000000 +0200 @@ -11,6 +11,34 @@ -------------------------------------------------------------------------------- ================================================================================ +Redis 3.2.3 Released Tue Aug 02 10:55:24 CEST 2016 +================================================================================ + +Upgrade urgency MODERATE: Fix replication delay and redis-cli security issue. + +Hello, + +this is a minor release of Redis addressing two bugs: + +1. There was an inverted if statement logic problem in replication.c causing + a replication delay. This is not an actual problem since things work + as expected, but worth to fix ASAP anyway. + +2. Redis-cli created the history file with insecure permissions, allowing + reding from the file. This was actually a bug in linenoise which is + now fixed. The applied fix is from Chris Lamb. + +List of commits: + +Qu Chen in commit e67ad1d: + Fix a bug to delay bgsave while AOF rewrite in progress for replication + 1 file changed, 1 insertion(+), 1 deletion(-) + +antirez in commit 7153668: + Update linenoise to fix insecure redis-cli history file creation. + 1 file changed, 6 insertions(+), 1 deletion(-) + +================================================================================ Redis 3.2.2 Released Thu Jul 28 14:14:54 CEST 2016 ================================================================================ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-3.2.2/deps/linenoise/linenoise.c new/redis-3.2.3/deps/linenoise/linenoise.c --- old/redis-3.2.2/deps/linenoise/linenoise.c 2016-07-28 14:53:24.000000000 +0200 +++ new/redis-3.2.3/deps/linenoise/linenoise.c 2016-08-02 11:00:29.000000000 +0200 @@ -111,6 +111,7 @@ #include <string.h> #include <stdlib.h> #include <ctype.h> +#include <sys/stat.h> #include <sys/types.h> #include <sys/ioctl.h> #include <unistd.h> @@ -1160,10 +1161,14 @@ /* Save the history in the specified file. On success 0 is returned * otherwise -1 is returned. */ int linenoiseHistorySave(const char *filename) { - FILE *fp = fopen(filename,"w"); + mode_t old_umask = umask(S_IXUSR|S_IRWXG|S_IRWXO); + FILE *fp; int j; + fp = fopen(filename,"w"); + umask(old_umask); if (fp == NULL) return -1; + chmod(filename,S_IRUSR|S_IWUSR); for (j = 0; j < history_len; j++) fprintf(fp,"%s\n",history[j]); fclose(fp); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-3.2.2/src/replication.c new/redis-3.2.3/src/replication.c --- old/redis-3.2.2/src/replication.c 2016-07-28 14:53:24.000000000 +0200 +++ new/redis-3.2.3/src/replication.c 2016-08-02 11:00:29.000000000 +0200 @@ -676,7 +676,7 @@ /* Target is disk (or the slave is not capable of supporting * diskless replication) and we don't have a BGSAVE in progress, * let's start one. */ - if (server.aof_child_pid != -1) { + if (server.aof_child_pid == -1) { startBgsaveForReplication(c->slave_capa); } else { serverLog(LL_NOTICE, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-3.2.2/src/version.h new/redis-3.2.3/src/version.h --- old/redis-3.2.2/src/version.h 2016-07-28 14:53:24.000000000 +0200 +++ new/redis-3.2.3/src/version.h 2016-08-02 11:00:29.000000000 +0200 @@ -1 +1 @@ -#define REDIS_VERSION "3.2.2" +#define REDIS_VERSION "3.2.3"
