From patchwork Tue Mar 2 08:12:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Titouan Christophe X-Patchwork-Id: 1445900 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=smtp2.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=G2SB6q+M; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DqVHg51nwz9sWF for ; Tue, 2 Mar 2021 19:13:03 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 1048943030; Tue, 2 Mar 2021 08:13:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bo0Af_dCpLgT; Tue, 2 Mar 2021 08:13:00 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp2.osuosl.org (Postfix) with ESMTP id 40A834302E; Tue, 2 Mar 2021 08:12:59 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 330501BF281 for ; Tue, 2 Mar 2021 08:12:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 2EFA483EDD for ; Tue, 2 Mar 2021 08:12:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qtKWjkDYXdqW for ; Tue, 2 Mar 2021 08:12:56 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) by smtp1.osuosl.org (Postfix) with ESMTPS id 2895083ED7 for ; Tue, 2 Mar 2021 08:12:56 +0000 (UTC) Received: by mail-ed1-f51.google.com with SMTP id p1so19562350edy.2 for ; Tue, 02 Mar 2021 00:12:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mtzo4PcRvDarimhW81lQTB1UeMXIy2zPm3KaoUKdQrg=; b=G2SB6q+M5I1ZqQ4MPUmU0T9x+cgXtdiQBIs0YE+mfz36GkAEwAWf1MZ95ucDjrvGXz xNb+KUVjl8DqOWWbIpLJ3xA86hlE4m6IVyG/Pqdn68KSXVYMY+XtM5+Q2+V8KNFTdcQa G1zyPdLI65bMzE5pOv+i37lSxzveKF3lmH3uKiPzfnS6wE1PBRrS8t/2F5eOL4MNQCJJ qLs5z2lxEDQww0xco/8I/U1Ud6uSpdgKjka77nBaMm4FfxGEkvSr4Z+JjNCVCnCnv1BU s+fAtrl00zv2VYFamPBLAE6Nbz/P3Cbjxmk5eQ0winytnBfXH4msl3KTXTaeWYiWuJcV UhRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mtzo4PcRvDarimhW81lQTB1UeMXIy2zPm3KaoUKdQrg=; b=PYS+1wqpJ0wJwzIXC63RDKNIX6aJkbvc5ahR28QOIDLGsgdn+nawLgpnAbvdsnNi11 su9ezmEJgJNbAcwEP5dgioxSLD6c0pTgpVf6jOjAVCnfxAgS1lhBFT2iGDNT2mR0Sn4e y+CsNGf0WE9GFuQAkqhmwBjQXyIZWySpTmHAme7Y8HG46wJkwkjHkVSnb2Tm3rS2PmhU too3Nnpd0nhQxyOoAnRQYP8AGiTnqXVVWKrbV+9rUaSqgcshXA95j5o6T2W1O95p3xxb A94AGMgmFEAgFhCgLPa+UJEzWiWuXAEF1V4K54Q5RTP3UBezO+yYQRazvK8ceTp07ldQ vYcw== X-Gm-Message-State: AOAM531dZxck4MVgUctVM5GsDJtK+PqMJE8y+Ncsjz24c+B8cgUS8c5f ICIVkQOVOo5HTzUyWFgkNR6T22GYuRTimQ== X-Google-Smtp-Source: ABdhPJy767gUttSxLrQPkrUrId1R3kWDJZqOkvsBpHDSWHBQgls3zSMdp+dPl2piGKH0YYF9bi9i8A== X-Received: by 2002:a50:e882:: with SMTP id f2mr8060263edn.184.1614672774435; Tue, 02 Mar 2021 00:12:54 -0800 (PST) Received: from smartron.home ([2a02:a03f:63d3:7700:5fb9:2a66:a7a8:378f]) by smtp.gmail.com with ESMTPSA id f21sm3172546ejw.124.2021.03.02.00.12.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Mar 2021 00:12:54 -0800 (PST) From: Titouan Christophe To: buildroot@buildroot.org Date: Tue, 2 Mar 2021 09:12:41 +0100 Message-Id: <20210302081241.173569-1-titouanchristophe@gmail.com> X-Mailer: git-send-email 2.25.3 MIME-Version: 1.0 Subject: [Buildroot] [PATCH v2 1/1] package/redis: security bump to v6.0.12 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Titouan Christophe , Daniel Price Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From the release notes: (https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES) ================================================================================ Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021 ================================================================================ Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW otherwise. Integer overflow on 32-bit systems (CVE-2021-21309): Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. ================================================================================ Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021 ================================================================================ Upgrade urgency: LOW, fixes a compilation issue. Bug fixes: * Fix compilation error on non-glibc systems if jemalloc is not used (#8533) Signed-off-by: Titouan Christophe --- Changes v1->v2: * Version bump within the 6.0 series (6.0.11 and 6.0.12) instead of 6.2.0 * Remove patch that has been applied in 6.0.12 --- package/redis/redis.hash | 2 +- package/redis/redis.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/redis/redis.hash b/package/redis/redis.hash index b72605013e..9b87b49fb1 100644 --- a/package/redis/redis.hash +++ b/package/redis/redis.hash @@ -1,5 +1,5 @@ # From https://github.com/redis/redis-hashes/blob/master/README -sha256 79bbb894f9dceb33ca699ee3ca4a4e1228be7fb5547aeb2f99d921e86c1285bd redis-6.0.10.tar.gz +sha256 f16ad973d19f80f121e53794d5eb48a997e2c6a85b5be41bb3b66750cc17bf6b redis-6.0.12.tar.gz # Locally calculated sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING diff --git a/package/redis/redis.mk b/package/redis/redis.mk index 96132ae962..c851e589c4 100644 --- a/package/redis/redis.mk +++ b/package/redis/redis.mk @@ -4,7 +4,7 @@ # ################################################################################ -REDIS_VERSION = 6.0.10 +REDIS_VERSION = 6.0.12 REDIS_SITE = http://download.redis.io/releases REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components) REDIS_LICENSE_FILES = COPYING