From 785ff9abea8c045ae539a17d9e0cce322970764a Mon Sep 17 00:00:00 2001 From: fhajny Date: Mon, 26 Sep 2016 13:35:42 +0000 Subject: Update databases/redis to 3.2.4. This is a Redis critical release in order to fix a security issue which is documented clearly here: https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977 Thanks to Cory Duplantis of Cisco Talos for reporting the issue. IMPACT: The gist is that using CONFIG SET calls (or by manipulating redis.conf) an attacker is able to compromise certain fields of the "server" global structure, including the aof filename pointer, that could be made pointing to something else. In turn the AOF name is used in different contexts such as logging, rename(2) and open(2) syscalls, leading to potential problems. Please note that since having access to CONFIG SET also means to be able to change the AOF filename (and many other things) directly, this issue actual real world impact is quite small, so I would not panik: if you have CONFIG SET level of access, you can do more and more easily. AFFECTED VERSIONS: - All Redis 3.2.x versions are affected. OTHER CHANGES IN THIS RELEASE: - TCP binding bug fixed when only certain addresses were available for a given port. - A much better crash report that includes part of the Redis binary: this will allow to fix bugs even when we just have a crash log and no other help from the original poster oft the issue. - A fix for Redis Cluster redis-trib displaying of info after creating a new cluster. --- databases/redis/Makefile | 4 ++-- databases/redis/distinfo | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'databases/redis') diff --git a/databases/redis/Makefile b/databases/redis/Makefile index f0ef61ad9ce..86cca98befe 100644 --- a/databases/redis/Makefile +++ b/databases/redis/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.22 2016/08/09 09:11:53 fhajny Exp $ +# $NetBSD: Makefile,v 1.23 2016/09/26 13:35:42 fhajny Exp $ -DISTNAME= redis-3.2.3 +DISTNAME= redis-3.2.4 CATEGORIES= databases MASTER_SITES= http://download.redis.io/releases/ diff --git a/databases/redis/distinfo b/databases/redis/distinfo index 4fde5fa5c42..a155fedabea 100644 --- a/databases/redis/distinfo +++ b/databases/redis/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.24 2016/08/09 09:11:53 fhajny Exp $ +$NetBSD: distinfo,v 1.25 2016/09/26 13:35:42 fhajny Exp $ -SHA1 (redis-3.2.3.tar.gz) = 92d6d93ef2efc91e595c8bf578bf72baff397507 -RMD160 (redis-3.2.3.tar.gz) = ad82033f72e24458c9cf1cbb28996b2b7e173365 -SHA512 (redis-3.2.3.tar.gz) = 373643d384a3b68ca5d0486101a342e3843ffa81b0ead49a66c1aa1d92d9a51924bc1f5a1b1068718902a05c242183fbd62c9179d3fe36e9b77f37f3ddf81975 -Size (redis-3.2.3.tar.gz) = 1541401 bytes +SHA1 (redis-3.2.4.tar.gz) = f0fe685cbfdb8c2d8c74613ad8a5a5f33fba40c9 +RMD160 (redis-3.2.4.tar.gz) = 4f150ab4c41a113ce0c32ca695e654d82ba45348 +SHA512 (redis-3.2.4.tar.gz) = de32ad9283102ee7d877cae8ea736d5876e4304b8ed46362f131e8b6dfb7aafa4ba3f9481c5f432f47633c9b3b0209797aa1b0976041f081db1924b93ed8ac96 +Size (redis-3.2.4.tar.gz) = 1543743 bytes SHA1 (patch-ab) = 21754f59e9f1013095fe47ccf7411b438385d558 SHA1 (patch-ac) = 1d848860a39af7a93a06eb8f3001fe89cb1bb3ad SHA1 (patch-deps_hiredis_fmacros.h) = b9d7d0a82e6794078d997769db6e5572f981b445 -- cgit v1.2.3