diff options
| author | fhajny <fhajny> | 2016-09-26 13:35:42 +0000 |
|---|---|---|
| committer | fhajny <fhajny> | 2016-09-26 13:35:42 +0000 |
| commit | 785ff9abea8c045ae539a17d9e0cce322970764a (patch) | |
| tree | 977993358d1a54af79b8a373781fcde302c6ddef /databases/redis | |
| parent | 7fb7435827ff337a7d32bb6a31635ea75502e886 (diff) | |
| download | pkgsrc-785ff9abea8c045ae539a17d9e0cce322970764a.tar.gz | |
Update databases/redis to 3.2.4.
This is a Redis critical release in order to fix a security issue
which is documented clearly here:
https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
Thanks to Cory Duplantis of Cisco Talos for reporting the issue.
IMPACT:
The gist is that using CONFIG SET calls (or by manipulating
redis.conf) an attacker is able to compromise certain fields of
the "server" global structure, including the aof filename pointer,
that could be made pointing to something else. In turn the AOF
name is used in different contexts such as logging, rename(2) and
open(2) syscalls, leading to potential problems.
Please note that since having access to CONFIG SET also means to
be able to change the AOF filename (and many other things)
directly, this issue actual real world impact is quite small, so I
would not panik: if you have CONFIG SET level of access, you can
do more and more easily.
AFFECTED VERSIONS:
- All Redis 3.2.x versions are affected.
OTHER CHANGES IN THIS RELEASE:
- TCP binding bug fixed when only certain addresses were available
for a given port.
- A much better crash report that includes part of the Redis binary:
this will allow to fix bugs even when we just have a crash log and
no other help from the original poster oft the issue.
- A fix for Redis Cluster redis-trib displaying of info after
creating a new cluster.
Diffstat (limited to 'databases/redis')
| -rw-r--r-- | databases/redis/Makefile | 4 | ||||
| -rw-r--r-- | databases/redis/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/databases/redis/Makefile b/databases/redis/Makefile index f0ef61ad9ce..86cca98befe 100644 --- a/databases/redis/Makefile +++ b/databases/redis/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.22 2016/08/09 09:11:53 fhajny Exp $ +# $NetBSD: Makefile,v 1.23 2016/09/26 13:35:42 fhajny Exp $ -DISTNAME= redis-3.2.3 +DISTNAME= redis-3.2.4 CATEGORIES= databases MASTER_SITES= http://download.redis.io/releases/ diff --git a/databases/redis/distinfo b/databases/redis/distinfo index 4fde5fa5c42..a155fedabea 100644 --- a/databases/redis/distinfo +++ b/databases/redis/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.24 2016/08/09 09:11:53 fhajny Exp $ +$NetBSD: distinfo,v 1.25 2016/09/26 13:35:42 fhajny Exp $ -SHA1 (redis-3.2.3.tar.gz) = 92d6d93ef2efc91e595c8bf578bf72baff397507 -RMD160 (redis-3.2.3.tar.gz) = ad82033f72e24458c9cf1cbb28996b2b7e173365 -SHA512 (redis-3.2.3.tar.gz) = 373643d384a3b68ca5d0486101a342e3843ffa81b0ead49a66c1aa1d92d9a51924bc1f5a1b1068718902a05c242183fbd62c9179d3fe36e9b77f37f3ddf81975 -Size (redis-3.2.3.tar.gz) = 1541401 bytes +SHA1 (redis-3.2.4.tar.gz) = f0fe685cbfdb8c2d8c74613ad8a5a5f33fba40c9 +RMD160 (redis-3.2.4.tar.gz) = 4f150ab4c41a113ce0c32ca695e654d82ba45348 +SHA512 (redis-3.2.4.tar.gz) = de32ad9283102ee7d877cae8ea736d5876e4304b8ed46362f131e8b6dfb7aafa4ba3f9481c5f432f47633c9b3b0209797aa1b0976041f081db1924b93ed8ac96 +Size (redis-3.2.4.tar.gz) = 1543743 bytes SHA1 (patch-ab) = 21754f59e9f1013095fe47ccf7411b438385d558 SHA1 (patch-ac) = 1d848860a39af7a93a06eb8f3001fe89cb1bb3ad SHA1 (patch-deps_hiredis_fmacros.h) = b9d7d0a82e6794078d997769db6e5572f981b445 |