Bug#1012658: redis: cjson not usable in current sid release

2022-06-16 Thread Chris Lamb 
Hey Fabian,

> 7.0.1-2 unfortunately doesn't work at all for me.

Ah, this is actually due to the new hardening features. I've fixed this here:

  
https://salsa.debian.org/lamby/pkg-redis/commit/80470e3dc0ae56db9c9512c38a175783bcfc

... and have uploaded 5:7.0.1-3 to Debian experimental. Can you
test it?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1012658: redis: cjson not usable in current sid release

2022-06-15 Thread Chris Lamb 


> thanks for your support.

No problem. Can you try 7.0.1-2 in experimental? :)  I'm planning on
putting this version in Debian sid/unstable soon anyway.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1012658: redis: cjson not usable in current sid release

2022-06-14 Thread Chris Lamb 
Chris Lamb wrote:

> I'm almost certain that this is related to the fix for #1005787 which
> is not present in that "old" version.

Ah, my mistake: I think it's due to the Debian packaging reverting to
using the bundled version of Lua over the Debian-provided one. (This
is needed due to it having additional security features needed to
address CVE-2022-24735 and CVE-2022-24736.)

This means it is not finding the Debian version of
liblua5.1-cjson.so.0 or liblua5.1-bitop.so.0 under /lib. It works with
the Lua modules that we don't try and use the Debian version of, for
example:

  $ redis-cli EVAL "cmsgpack.pack({})" 0
  (nil)

I suspect there is some kind of require/import path that needs to be
adjusted for the bundled Lua (which is preconfigured to point under
/lib for Debian's shipped Lua). Or, we might have to revert entirely to
using the bundled cjson and bitop modules. :(


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1012658: redis: cjson not usable in current sid release

2022-06-13 Thread Chris Lamb 
Hi Fabian,

> Just to let you know: I just compiled 6.2.6-1 from source and currently
> it works for me too.

I'm almost certain that this is related to the fix for #1005787 which
is not present in that "old" version. I'm CCing in Reginaldo Silva
(the original discoverer of that issue), and hope he can provide some
easy insight here.

Reginaldo, feel free to see the entire bug history at:

  https://bugs.debian.org/1012658


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1012658: redis: cjson not usable in current sid release

2022-06-13 Thread Chris Lamb 
notfound 1012658 6.2.5-3
found 1012658 5:7.0.0-1
thanks

Hi Fabian,

>   (error) ERR Error running script (call to
> f_358b937508335722d5ffc098351582c0fe28e64e): @enable_strict_lua:15:
> user_script:1: Script attempted to access nonexistent global variable
> 'cjson'

Interestingly, I couldn't reproduce this with 6.2.5-3 so I thought I'd
be a little stuck, but I can reproduce this with 7.0.0-1 which is now
in experimental.

(This is the version I plan to upload to unstable soon).


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-