Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package redis for openSUSE:Factory checked in at 2021-05-07 16:45:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/redis (Old) and /work/SRC/openSUSE:Factory/.redis.new.2988 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "redis" Fri May 7 16:45:21 2021 rev:69 rq:891214 version:6.2.3 Changes: -------- --- /work/SRC/openSUSE:Factory/redis/redis.changes 2021-04-23 17:50:13.462752780 +0200 +++ /work/SRC/openSUSE:Factory/.redis.new.2988/redis.changes 2021-05-07 16:45:33.964322082 +0200 @@ -1,0 +2,13 @@ +Tue May 4 06:23:15 UTC 2021 - Michael Str??der <mich...@stroeder.com> + +- redis 6.2.3 + * CVE-2021-29477: Integer overflow in STRALGO LCS command (boo#1185729) + * CVE-2021-29478: Integer overflow in COPY command for large intsets (boo#1185730) + * Fix memory leak in moduleDefragGlobals + * Fix memory leak when doing lazy freeing client tracking table + * Block abusive replicas from sending command that could assert and crash redis + * Use a monotonic clock to check for Lua script timeout + * redis-cli: Do not use unix socket when we got redirected in cluster mode + * Fix RM_GetClusterNodeInfo() to correctly populate master id + +------------------------------------------------------------------- Old: ---- redis-6.2.2.tar.gz New: ---- redis-6.2.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ redis.spec ++++++ --- /var/tmp/diff_new_pack.TxdDbZ/_old 2021-05-07 16:45:34.552320233 +0200 +++ /var/tmp/diff_new_pack.TxdDbZ/_new 2021-05-07 16:45:34.552320233 +0200 @@ -20,7 +20,7 @@ %define _log_dir %{_localstatedir}/log/%{name} %define _conf_dir %{_sysconfdir}/%{name} Name: redis -Version: 6.2.2 +Version: 6.2.3 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause ++++++ ppc-atomic.patch ++++++ --- /var/tmp/diff_new_pack.TxdDbZ/_old 2021-05-07 16:45:34.600320082 +0200 +++ /var/tmp/diff_new_pack.TxdDbZ/_new 2021-05-07 16:45:34.600320082 +0200 @@ -1,9 +1,8 @@ -Index: redis-5.0.9/src/Makefile -=================================================================== ---- redis-5.0.9.orig/src/Makefile -+++ redis-5.0.9/src/Makefile -@@ -83,6 +83,10 @@ ifneq (,$(filter aarch64 armv,$(uname_M) - else +diff -ur redis-6.2.3.orig/src/Makefile redis-6.2.3/src/Makefile +--- redis-6.2.3.orig/src/Makefile 2021-05-03 21:57:00.000000000 +0200 ++++ redis-6.2.3/src/Makefile 2021-05-04 08:48:20.064568420 +0200 +@@ -96,6 +96,10 @@ + # Linux ARM32 needs -latomic at linking time ifneq (,$(findstring armv,$(uname_M))) FINAL_LIBS+=-latomic +else @@ -11,5 +10,5 @@ + FINAL_LIBS+=-latomic +endif endif - endif + ifeq ($(uname_S),SunOS) ++++++ redis-6.2.2.tar.gz -> redis-6.2.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/.github/workflows/daily.yml new/redis-6.2.3/.github/workflows/daily.yml --- old/redis-6.2.2/.github/workflows/daily.yml 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/.github/workflows/daily.yml 2021-05-03 21:57:00.000000000 +0200 @@ -253,7 +253,7 @@ steps: - uses: actions/checkout@v2 - name: test - uses: vmactions/freebsd-vm@v0.1.2 + uses: vmactions/freebsd-vm@v0.1.4 with: usesh: true sync: rsync diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/00-RELEASENOTES new/redis-6.2.3/00-RELEASENOTES --- old/redis-6.2.2/00-RELEASENOTES 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/00-RELEASENOTES 2021-05-03 21:57:00.000000000 +0200 @@ -12,6 +12,40 @@ -------------------------------------------------------------------------------- ================================================================================ +Redis 6.2.3 Released Mon May 3 19:00:00 IST 2021 +================================================================================ + +Upgrade urgency: SECURITY, Contains fixes to security issues that affect +authenticated client connections. LOW otherwise. + +Integer overflow in STRALGO LCS command (CVE-2021-29477): +An integer overflow bug in Redis version 6.0 or newer could be exploited using +the STRALGO LCS command to corrupt the heap and potentially result in remote +code execution. The integer overflow bug exists in all versions of Redis +starting with 6.0. + +Integer overflow in COPY command for large intsets (CVE-2021-29478): +An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and +potentially result with remote code execution. The vulnerability involves +changing the default set-max-intset-entries configuration value, creating a +large set key that consists of integer values and using the COPY command to +duplicate it. The integer overflow bug exists in all versions of Redis starting +with 2.6, where it could result with a corrupted RDB or DUMP payload, but not +exploited through COPY (which did not exist before 6.2). + +Bug fixes that are only applicable to previous releases of Redis 6.2: +* Fix memory leak in moduleDefragGlobals (#8853) +* Fix memory leak when doing lazy freeing client tracking table (#8822) +* Block abusive replicas from sending command that could assert and crash redis (#8868) + +Other bug fixes: +* Use a monotonic clock to check for Lua script timeout (#8812) +* redis-cli: Do not use unix socket when we got redirected in cluster mode (#8870) + +Modules: +* Fix RM_GetClusterNodeInfo() to correctly populate master id (#8846) + +================================================================================ Redis 6.2.2 Released Mon April 19 19:00:00 IST 2021 ================================================================================ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/deps/jemalloc/include/jemalloc/internal/jemalloc_internal_inlines_c.h new/redis-6.2.3/deps/jemalloc/include/jemalloc/internal/jemalloc_internal_inlines_c.h --- old/redis-6.2.2/deps/jemalloc/include/jemalloc/internal/jemalloc_internal_inlines_c.h 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/deps/jemalloc/include/jemalloc/internal/jemalloc_internal_inlines_c.h 2021-05-03 21:57:00.000000000 +0200 @@ -235,7 +235,7 @@ int free_in_slab = extent_nfree_get(slab); if (free_in_slab) { const bin_info_t *bin_info = &bin_infos[binind]; - int curslabs = bin->stats.curslabs; + unsigned long curslabs = bin->stats.curslabs; size_t curregs = bin->stats.curregs; if (bin->slabcur) { /* remove slabcur from the overall utilization */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/Makefile new/redis-6.2.3/src/Makefile --- old/redis-6.2.2/src/Makefile 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/Makefile 2021-05-03 21:57:00.000000000 +0200 @@ -93,14 +93,10 @@ FINAL_LIBS=-lm DEBUG=-g -ggdb -# Linux ARM needs -latomic at linking time -ifneq (,$(filter aarch64 armv,$(uname_M))) - FINAL_LIBS+=-latomic -else +# Linux ARM32 needs -latomic at linking time ifneq (,$(findstring armv,$(uname_M))) FINAL_LIBS+=-latomic endif -endif ifeq ($(uname_S),SunOS) # SunOS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/cluster.c new/redis-6.2.3/src/cluster.c --- old/redis-6.2.2/src/cluster.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/cluster.c 2021-05-03 21:57:00.000000000 +0200 @@ -5465,9 +5465,10 @@ if (ttl < 1) ttl = 1; } - /* Relocate valid (non expired) keys into the array in successive + /* Relocate valid (non expired) keys and values into the array in successive * positions to remove holes created by the keys that were present * in the first lookup but are now expired after the second lookup. */ + ov[non_expired] = ov[j]; kv[non_expired++] = kv[j]; serverAssertWithInfo(c,NULL, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/db.c new/redis-6.2.3/src/db.c --- old/redis-6.2.2/src/db.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/db.c 2021-05-03 21:57:00.000000000 +0200 @@ -1480,7 +1480,7 @@ * script execution, making propagation to slaves / AOF consistent. * See issue #1525 on Github for more information. */ if (server.lua_caller) { - now = server.lua_time_start; + now = server.lua_time_snapshot; } /* If we are in the middle of a command execution, we still want to use * a reference time that does not change: in that case we just use the @@ -1541,14 +1541,17 @@ if (checkClientPauseTimeoutAndReturnIfPaused()) return 1; /* Delete the key */ + if (server.lazyfree_lazy_expire) { + dbAsyncDelete(db,key); + } else { + dbSyncDelete(db,key); + } server.stat_expiredkeys++; propagateExpire(db,key,server.lazyfree_lazy_expire); notifyKeyspaceEvent(NOTIFY_EXPIRED, "expired",key,db->id); - int retval = server.lazyfree_lazy_expire ? dbAsyncDelete(db,key) : - dbSyncDelete(db,key); - if (retval) signalModifiedKey(NULL,db,key); - return retval; + signalModifiedKey(NULL,db,key); + return 1; } /* ----------------------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/intset.c new/redis-6.2.3/src/intset.c --- old/redis-6.2.2/src/intset.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/intset.c 2021-05-03 21:57:00.000000000 +0200 @@ -281,7 +281,7 @@ /* Return intset blob size in bytes. */ size_t intsetBlobLen(intset *is) { - return sizeof(intset)+intrev32ifbe(is->length)*intrev32ifbe(is->encoding); + return sizeof(intset)+(size_t)intrev32ifbe(is->length)*intrev32ifbe(is->encoding); } /* Validate the integrity of the data structure. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/lazyfree.c new/redis-6.2.3/src/lazyfree.c --- old/redis-6.2.2/src/lazyfree.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/lazyfree.c 2021-05-03 21:57:00.000000000 +0200 @@ -39,12 +39,11 @@ atomicIncr(lazyfreed_objects,len); } -/* Release the rax mapping Redis Cluster keys to slots in the - * lazyfree thread. */ +/* Release the key tracking table. */ void lazyFreeTrackingTable(void *args[]) { rax *rt = args[0]; size_t len = rt->numele; - raxFree(rt); + freeTrackingRadixTree(rt); atomicDecr(lazyfree_objects,len); atomicIncr(lazyfreed_objects,len); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/lolwut.c new/redis-6.2.3/src/lolwut.c --- old/redis-6.2.2/src/lolwut.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/lolwut.c 2021-05-03 21:57:00.000000000 +0200 @@ -94,8 +94,8 @@ lwCanvas *canvas = zmalloc(sizeof(*canvas)); canvas->width = width; canvas->height = height; - canvas->pixels = zmalloc(width*height); - memset(canvas->pixels,bgcolor,width*height); + canvas->pixels = zmalloc((size_t)width*height); + memset(canvas->pixels,bgcolor,(size_t)width*height); return canvas; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/memtest.c new/redis-6.2.3/src/memtest.c --- old/redis-6.2.2/src/memtest.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/memtest.c 2021-05-03 21:57:00.000000000 +0200 @@ -71,7 +71,7 @@ printf("\x1b[H\x1b[2K"); /* Cursor home, clear current line. */ printf("%s [%d]\n", title, pass); /* Print title. */ progress_printed = 0; - progress_full = ws.ws_col*(ws.ws_row-3); + progress_full = (size_t)ws.ws_col*(ws.ws_row-3); fflush(stdout); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/module.c new/redis-6.2.3/src/module.c --- old/redis-6.2.2/src/module.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/module.c 2021-05-03 21:57:00.000000000 +0200 @@ -6168,7 +6168,7 @@ /* If the information is not available, the function will set the * field to zero bytes, so that when the field can't be populated the * function kinda remains predictable. */ - if (node->flags & CLUSTER_NODE_MASTER && node->slaveof) + if (node->flags & CLUSTER_NODE_SLAVE && node->slaveof) memcpy(master_id,node->slaveof->name,REDISMODULE_NODE_ID_LEN); else memset(master_id,0,REDISMODULE_NODE_ID_LEN); @@ -9205,6 +9205,7 @@ module->defrag_cb(&defrag_ctx); defragged += defrag_ctx.defragged; } + dictReleaseIterator(di); return defragged; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/object.c new/redis-6.2.3/src/object.c --- old/redis-6.2.2/src/object.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/object.c 2021-05-03 21:57:00.000000000 +0200 @@ -836,7 +836,7 @@ if (samples) asize += (double)elesize/samples*dictSize(d); } else if (o->encoding == OBJ_ENCODING_INTSET) { intset *is = o->ptr; - asize = sizeof(*o)+sizeof(*is)+is->encoding*is->length; + asize = sizeof(*o)+sizeof(*is)+(size_t)is->encoding*is->length; } else { serverPanic("Unknown set encoding"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/redis-benchmark.c new/redis-6.2.3/src/redis-benchmark.c --- old/redis-6.2.2/src/redis-benchmark.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/redis-benchmark.c 2021-05-03 21:57:00.000000000 +0200 @@ -99,7 +99,6 @@ int randomkeys_keyspacelen; int keepalive; int pipeline; - int showerrors; long long start; long long totlatency; const char *title; @@ -307,7 +306,9 @@ fprintf(stderr, "Node %s:%d replied with error:\n%s\n", ip, port, reply->str); else fprintf(stderr, "Node %s replied with error:\n%s\n", hostsocket, reply->str); - goto cleanup; + freeReplyObject(reply); + redisFree(ctx); + exit(1); } freeReplyObject(reply); return ctx; @@ -366,9 +367,15 @@ fprintf(stderr, "ERROR: failed to fetch CONFIG from "); if (hostsocket == NULL) fprintf(stderr, "%s:%d\n", ip, port); else fprintf(stderr, "%s\n", hostsocket); + int abort_test = 0; + if (!strncmp(reply->str,"NOAUTH",5) || + !strncmp(reply->str,"WRONGPASS",9) || + !strncmp(reply->str,"NOPERM",5)) + abort_test = 1; freeReplyObject(reply); redisFree(c); freeRedisConfig(cfg); + if (abort_test) exit(1); return NULL; } static void freeRedisConfig(redisConfig *cfg) { @@ -513,44 +520,39 @@ exit(1); } redisReply *r = reply; - int is_err = (r->type == REDIS_REPLY_ERROR); - - if (is_err && config.showerrors) { - /* TODO: static lasterr_time not thread-safe */ - static time_t lasterr_time = 0; - time_t now = time(NULL); - if (lasterr_time != now) { - lasterr_time = now; - if (c->cluster_node) { - printf("Error from server %s:%d: %s\n", + if (r->type == REDIS_REPLY_ERROR) { + /* Try to update slots configuration if reply error is + * MOVED/ASK/CLUSTERDOWN and the key(s) used by the command + * contain(s) the slot hash tag. + * If the error is not topology-update related then we + * immediately exit to avoid false results. */ + if (c->cluster_node && c->staglen) { + int fetch_slots = 0, do_wait = 0; + if (!strncmp(r->str,"MOVED",5) || !strncmp(r->str,"ASK",3)) + fetch_slots = 1; + else if (!strncmp(r->str,"CLUSTERDOWN",11)) { + /* Usually the cluster is able to recover itself after + * a CLUSTERDOWN error, so try to sleep one second + * before requesting the new configuration. */ + fetch_slots = 1; + do_wait = 1; + printf("Error from server %s:%d: %s.\n", c->cluster_node->ip, c->cluster_node->port, r->str); + } + if (do_wait) sleep(1); + if (fetch_slots && !fetchClusterSlotsConfiguration(c)) + exit(1); + } else { + if (c->cluster_node) { + printf("Error from server %s:%d: %s\n", + c->cluster_node->ip, + c->cluster_node->port, + r->str); } else printf("Error from server: %s\n", r->str); - } - } - - /* Try to update slots configuration if reply error is - * MOVED/ASK/CLUSTERDOWN and the key(s) used by the command - * contain(s) the slot hash tag. */ - if (is_err && c->cluster_node && c->staglen) { - int fetch_slots = 0, do_wait = 0; - if (!strncmp(r->str,"MOVED",5) || !strncmp(r->str,"ASK",3)) - fetch_slots = 1; - else if (!strncmp(r->str,"CLUSTERDOWN",11)) { - /* Usually the cluster is able to recover itself after - * a CLUSTERDOWN error, so try to sleep one second - * before requesting the new configuration. */ - fetch_slots = 1; - do_wait = 1; - printf("Error from server %s:%d: %s\n", - c->cluster_node->ip, - c->cluster_node->port, - r->str); - } - if (do_wait) sleep(1); - if (fetch_slots && !fetchClusterSlotsConfiguration(c)) exit(1); + } } freeReplyObject(reply); @@ -1293,8 +1295,7 @@ atomicGetIncr(config.is_fetching_slots, is_fetching_slots, 1); if (is_fetching_slots) return -1; //TODO: use other codes || errno ? atomicSet(config.is_fetching_slots, 1); - if (config.showerrors) - printf("Cluster slots configuration changed, fetching new one...\n"); + printf("WARNING: Cluster slots configuration changed, fetching new one...\n"); const char *errmsg = "Failed to update cluster slots configuration"; static dictType dtype = { dictSdsHash, /* hash function */ @@ -1470,7 +1471,8 @@ } else if (!strcmp(argv[i],"-I")) { config.idlemode = 1; } else if (!strcmp(argv[i],"-e")) { - config.showerrors = 1; + printf("WARNING: -e option has been deprecated. " + "We now immediatly exit on error to avoid false results.\n"); } else if (!strcmp(argv[i],"-t")) { if (lastarg) goto invalid; /* We get the list of tests to run as a string in the form @@ -1573,8 +1575,6 @@ " is executed. Default tests use this to hit random keys in the\n" " specified range.\n" " -P <numreq> Pipeline <numreq> requests. Default 1 (no pipeline).\n" -" -e If server replies with errors, show them on stdout.\n" -" (no more than 1 error per second is displayed)\n" " -q Quiet. Just show query/sec values\n" " --precision Number of decimal places to display in latency output (default 0)\n" " --csv Output in CSV format\n" @@ -1699,7 +1699,6 @@ config.keepalive = 1; config.datasize = 3; config.pipeline = 1; - config.showerrors = 0; config.randomkeys = 0; config.randomkeys_keyspacelen = 0; config.quiet = 0; @@ -1782,8 +1781,9 @@ } else { config.redis_config = getRedisConfig(config.hostip, config.hostport, config.hostsocket); - if (config.redis_config == NULL) + if (config.redis_config == NULL) { fprintf(stderr, "WARN: could not fetch server CONFIG\n"); + } } if (config.num_threads > 0) { pthread_mutex_init(&(config.liveclients_mutex), NULL); @@ -1946,8 +1946,8 @@ } if (test_is_selected("lrange") || test_is_selected("lrange_500")) { - len = redisFormatCommand(&cmd,"LRANGE mylist%s 0 449",tag); - benchmark("LRANGE_500 (first 450 elements)",cmd,len); + len = redisFormatCommand(&cmd,"LRANGE mylist%s 0 499",tag); + benchmark("LRANGE_500 (first 500 elements)",cmd,len); free(cmd); } @@ -1974,6 +1974,7 @@ if (!config.csv) printf("\n"); } while(config.loop); + zfree(data); if (config.redis_config != NULL) freeRedisConfig(config.redis_config); return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/redis-check-aof.c new/redis-6.2.3/src/redis-check-aof.c --- old/redis-6.2.2/src/redis-check-aof.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/redis-check-aof.c 2021-05-03 21:57:00.000000000 +0200 @@ -39,12 +39,14 @@ static char error[1044]; static off_t epos; +static long long line = 1; int consumeNewline(char *buf) { if (strncmp(buf,"\r\n",2) != 0) { ERROR("Expected \\r\\n, got: %02x%02x",buf[0],buf[1]); return 0; } + line += 1; return 1; } @@ -201,8 +203,8 @@ off_t pos = process(fp); off_t diff = size-pos; - printf("AOF analyzed: size=%lld, ok_up_to=%lld, diff=%lld\n", - (long long) size, (long long) pos, (long long) diff); + printf("AOF analyzed: size=%lld, ok_up_to=%lld, ok_up_to_line=%lld, diff=%lld\n", + (long long) size, (long long) pos, line, (long long) diff); if (diff > 0) { if (fix) { char buf[2]; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/redis-check-rdb.c new/redis-6.2.3/src/redis-check-rdb.c --- old/redis-6.2.2/src/redis-check-rdb.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/redis-check-rdb.c 2021-05-03 21:57:00.000000000 +0200 @@ -250,7 +250,7 @@ rdbstate.doing = RDB_CHECK_DOING_READ_LEN; if ((dbid = rdbLoadLen(&rdb,NULL)) == RDB_LENERR) goto eoferr; - rdbCheckInfo("Selecting DB ID %d", dbid); + rdbCheckInfo("Selecting DB ID %llu", (unsigned long long)dbid); continue; /* Read type again. */ } else if (type == RDB_OPCODE_RESIZEDB) { /* RESIZEDB: Hint about the size of the keys in the currently diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/redis-cli.c new/redis-6.2.3/src/redis-cli.c --- old/redis-6.2.2/src/redis-cli.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/redis-cli.c 2021-05-03 21:57:00.000000000 +0200 @@ -663,7 +663,7 @@ help = entry->org; if (group == -1) { /* Compare all arguments */ - if (argc == entry->argc) { + if (argc <= entry->argc) { for (j = 0; j < argc; j++) { if (strcasecmp(argv[j],entry->argv[j]) != 0) break; } @@ -844,7 +844,9 @@ cliRefreshPrompt(); } - if (config.hostsocket == NULL) { + /* Do not use hostsocket when we got redirected in cluster mode */ + if (config.hostsocket == NULL || + (config.cluster_mode && config.cluster_reissue_command)) { context = redisConnect(config.hostip,config.hostport); } else { context = redisConnectUnix(config.hostsocket); @@ -5481,7 +5483,7 @@ static void clusterManagerNodeArrayShift(clusterManagerNodeArray *array, clusterManagerNode **nodeptr) { - assert(array->nodes < (array->nodes + array->len)); + assert(array->len > 0); /* If the first node to be shifted is not NULL, decrement count. */ if (*array->nodes != NULL) array->count--; /* Store the first node to be shifted into 'nodeptr'. */ @@ -5494,7 +5496,7 @@ static void clusterManagerNodeArrayAdd(clusterManagerNodeArray *array, clusterManagerNode *node) { - assert(array->nodes < (array->nodes + array->len)); + assert(array->len > 0); assert(node != NULL); assert(array->count < array->len); array->nodes[array->count++] = node; @@ -6871,7 +6873,7 @@ printf("\033[38;5;0m"); /* Set foreground color to black. */ for (j = 0; ; j++) { int coloridx = - ceil((float) samples[j].count / tot * (spectrum_palette_size-1)); + ceil((double) samples[j].count / tot * (spectrum_palette_size-1)); int color = spectrum_palette[coloridx]; printf("\033[48;5;%dm%c", (int)color, samples[j].character); samples[j].count = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/scripting.c new/redis-6.2.3/src/scripting.c --- old/redis-6.2.2/src/scripting.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/scripting.c 2021-05-03 21:57:00.000000000 +0200 @@ -31,6 +31,7 @@ #include "sha1.h" #include "rand.h" #include "cluster.h" +#include "monotonic.h" #include <lua.h> #include <lauxlib.h> @@ -1427,7 +1428,7 @@ /* This is the Lua script "count" hook that we use to detect scripts timeout. */ void luaMaskCountHook(lua_State *lua, lua_Debug *ar) { - long long elapsed = mstime() - server.lua_time_start; + long long elapsed = elapsedMs(server.lua_time_start); UNUSED(ar); UNUSED(lua); @@ -1578,7 +1579,8 @@ server.in_eval = 1; server.lua_caller = c; server.lua_cur_script = funcname + 2; - server.lua_time_start = mstime(); + server.lua_time_start = getMonotonicUs(); + server.lua_time_snapshot = mstime(); server.lua_kill = 0; if (server.lua_time_limit > 0 && ldb.active == 0) { lua_sethook(lua,luaMaskCountHook,LUA_MASKCOUNT,100000); @@ -2729,7 +2731,7 @@ /* Check if a timeout occurred. */ if (ar->event == LUA_HOOKCOUNT && ldb.step == 0 && bp == 0) { - mstime_t elapsed = mstime() - server.lua_time_start; + mstime_t elapsed = elapsedMs(server.lua_time_start); mstime_t timelimit = server.lua_time_limit ? server.lua_time_limit : 5000; if (elapsed >= timelimit) { @@ -2759,6 +2761,7 @@ lua_pushstring(lua, "timeout during Lua debugging with client closing connection"); lua_error(lua); } - server.lua_time_start = mstime(); + server.lua_time_start = getMonotonicUs(); + server.lua_time_snapshot = mstime(); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/sentinel.c new/redis-6.2.3/src/sentinel.c --- old/redis-6.2.2/src/sentinel.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/sentinel.c 2021-05-03 21:57:00.000000000 +0200 @@ -4119,16 +4119,16 @@ int numargs = j-old_j+1; switch(numargs) { case 2: - sentinelEvent(LL_WARNING,"+set",ri,"%@ %s %s",c->argv[old_j]->ptr, - c->argv[old_j+1]->ptr); + sentinelEvent(LL_WARNING,"+set",ri,"%@ %s %s",(char*)c->argv[old_j]->ptr, + (char*)c->argv[old_j+1]->ptr); break; case 3: - sentinelEvent(LL_WARNING,"+set",ri,"%@ %s %s %s",c->argv[old_j]->ptr, - c->argv[old_j+1]->ptr, - c->argv[old_j+2]->ptr); + sentinelEvent(LL_WARNING,"+set",ri,"%@ %s %s %s",(char*)c->argv[old_j]->ptr, + (char*)c->argv[old_j+1]->ptr, + (char*)c->argv[old_j+2]->ptr); break; default: - sentinelEvent(LL_WARNING,"+set",ri,"%@ %s",c->argv[old_j]->ptr); + sentinelEvent(LL_WARNING,"+set",ri,"%@ %s",(char*)c->argv[old_j]->ptr); break; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/server.c new/redis-6.2.3/src/server.c --- old/redis-6.2.2/src/server.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/server.c 2021-05-03 21:57:00.000000000 +0200 @@ -3985,6 +3985,8 @@ return C_OK; } + int is_read_command = (c->cmd->flags & CMD_READONLY) || + (c->cmd->proc == execCommand && (c->mstate.cmd_flags & CMD_READONLY)); int is_write_command = (c->cmd->flags & CMD_WRITE) || (c->cmd->proc == execCommand && (c->mstate.cmd_flags & CMD_WRITE)); int is_denyoom_command = (c->cmd->flags & CMD_DENYOOM) || @@ -4194,7 +4196,7 @@ c->cmd->proc != discardCommand && c->cmd->proc != watchCommand && c->cmd->proc != unwatchCommand && - c->cmd->proc != resetCommand && + c->cmd->proc != resetCommand && !(c->cmd->proc == shutdownCommand && c->argc == 2 && tolower(((char*)c->argv[1]->ptr)[0]) == 'n') && @@ -4206,6 +4208,14 @@ return C_OK; } + /* Prevent a replica from sending commands that access the keyspace. + * The main objective here is to prevent abuse of client pause check + * from which replicas are exempt. */ + if ((c->flags & CLIENT_SLAVE) && (is_may_replicate_command || is_write_command || is_read_command)) { + rejectCommandFormat(c, "Replica can't interract with the keyspace"); + return C_OK; + } + /* If the server is paused, block the client until * the pause has ended. Replicas are never paused. */ if (!(c->flags & CLIENT_SLAVE) && diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/server.h new/redis-6.2.3/src/server.h --- old/redis-6.2.2/src/server.h 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/server.h 2021-05-03 21:57:00.000000000 +0200 @@ -1571,7 +1571,8 @@ dict *lua_scripts; /* A dictionary of SHA1 -> Lua scripts */ unsigned long long lua_scripts_mem; /* Cached scripts' memory + oh */ mstime_t lua_time_limit; /* Script timeout in milliseconds */ - mstime_t lua_time_start; /* Start time of script, milliseconds time */ + monotime lua_time_start; /* monotonic timer to detect timed-out script */ + mstime_t lua_time_snapshot; /* Snapshot of mstime when script is started */ int lua_write_dirty; /* True if a write command was called during the execution of the current script. */ int lua_random_dirty; /* True if a random command was called during the @@ -1911,6 +1912,7 @@ void trackingRememberKeys(client *c); void trackingInvalidateKey(client *c, robj *keyobj); void trackingInvalidateKeysOnFlush(int async); +void freeTrackingRadixTree(rax *rt); void freeTrackingRadixTreeAsync(rax *rt); void trackingLimitUsedSlots(void); uint64_t trackingGetTotalItems(void); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/t_string.c new/redis-6.2.3/src/t_string.c --- old/redis-6.2.2/src/t_string.c 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/t_string.c 2021-05-03 21:57:00.000000000 +0200 @@ -805,7 +805,7 @@ /* Setup an uint32_t array to store at LCS[i,j] the length of the * LCS A0..i-1, B0..j-1. Note that we have a linear array here, so * we index it as LCS[j+(blen+1)*j] */ - uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t)); + uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t)); #define LCS(A,B) lcs[(B)+((A)*(blen+1))] /* Start building the LCS table. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/src/version.h new/redis-6.2.3/src/version.h --- old/redis-6.2.2/src/version.h 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/src/version.h 2021-05-03 21:57:00.000000000 +0200 @@ -1,2 +1,2 @@ -#define REDIS_VERSION "6.2.2" -#define REDIS_VERSION_NUM 0x00060202 +#define REDIS_VERSION "6.2.3" +#define REDIS_VERSION_NUM 0x00060203 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/tests/integration/aof.tcl new/redis-6.2.3/tests/integration/aof.tcl --- old/redis-6.2.2/tests/integration/aof.tcl 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/tests/integration/aof.tcl 2021-05-03 21:57:00.000000000 +0200 @@ -158,6 +158,18 @@ assert_match "*not valid*" $result } + test "Short read: Utility should show the abnormal line num in AOF" { + create_aof { + append_to_aof [formatCommand set foo hello] + append_to_aof "!!!" + } + + catch { + exec src/redis-check-aof $aof_path + } result + assert_match "*ok_up_to_line=8*" $result + } + test "Short read: Utility should be able to fix the AOF" { set result [exec src/redis-check-aof --fix $aof_path << "y\n"] assert_match "*Successfully truncated AOF*" $result diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/tests/unit/networking.tcl new/redis-6.2.3/tests/unit/networking.tcl --- old/redis-6.2.2/tests/unit/networking.tcl 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/tests/unit/networking.tcl 2021-05-03 21:57:00.000000000 +0200 @@ -25,7 +25,7 @@ test {CONFIG SET bind address} { start_server {} { # non-valid address - catch {r CONFIG SET bind "some.wrong.bind.address"} e + catch {r CONFIG SET bind "999.999.999.999"} e assert_match {*Failed to bind to specified addresses*} $e # make sure server still bound to the previous address @@ -33,4 +33,4 @@ $rd PING $rd close } -} \ No newline at end of file +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/redis-6.2.2/tests/unit/tracking.tcl new/redis-6.2.3/tests/unit/tracking.tcl --- old/redis-6.2.2/tests/unit/tracking.tcl 2021-04-20 07:03:58.000000000 +0200 +++ new/redis-6.2.3/tests/unit/tracking.tcl 2021-05-03 21:57:00.000000000 +0200 @@ -395,6 +395,17 @@ assert {[lindex msg 2] eq {} } } + test {Test ASYNC flushall} { + clean_all + r CLIENT TRACKING on REDIRECT $redir_id + r GET key1 + r GET key2 + assert_equal [s 0 tracking_total_keys] 2 + $rd_sg FLUSHALL ASYNC + assert_equal [s 0 tracking_total_keys] 0 + assert_equal [lindex [$rd_redirection read] 2] {} + } + # Keys are defined to be evicted 100 at a time by default. # If after eviction the number of keys still surpasses the limit # defined in tracking-table-max-keys, we increases eviction ++++++ redis.hashes ++++++ --- /var/tmp/diff_new_pack.TxdDbZ/_old 2021-05-07 16:45:34.948318988 +0200 +++ /var/tmp/diff_new_pack.TxdDbZ/_new 2021-05-07 16:45:34.952318975 +0200 @@ -123,3 +123,5 @@ hash redis-6.0.12.tar.gz sha256 f16ad973d19f80f121e53794d5eb48a997e2c6a85b5be41bb3b66750cc17bf6b http://download.redis.io/releases/redis-6.0.12.tar.gz hash redis-6.2.1.tar.gz sha256 cd222505012cce20b25682fca931ec93bd21ae92cb4abfe742cf7b76aa907520 http://download.redis.io/releases/redis-6.2.1.tar.gz hash redis-6.2.2.tar.gz sha256 7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535 http://download.redis.io/releases/redis-6.2.2.tar.gz +hash redis-6.0.13.tar.gz sha256 3049763f4553ddd5a69552f41da3dd7dde9fbc524dbb15e517fee24cc73b790c http://download.redis.io/releases/redis-6.0.13.tar.gz +hash redis-6.2.3.tar.gz sha256 98ed7d532b5e9671f5df0825bb71f0f37483a16546364049384c63db8764512b http://download.redis.io/releases/redis-6.2.3.tar.gz