Hello community,
here is the log from the commit of package redis for openSUSE:Factory checked
in at 2016-10-24 14:44:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/redis (Old)
and /work/SRC/openSUSE:Factory/.redis.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "redis"
Changes:
--------
--- /work/SRC/openSUSE:Factory/redis/redis.changes 2016-08-09
22:15:02.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.redis.new/redis.changes 2016-10-24
14:44:56.000000000 +0200
@@ -1,0 +2,13 @@
+Mon Oct 24 08:39:02 UTC 2016 - astie...@suse.com
+
+- update to redis 3.2.4, including fixes for security issues:
+ * CVE-2016-8339: CONFIG SET client-output-buffer-limit Code
+ Execution Vulnerability [boo#1002351]
+- bug fixes:
+ * TCP binding bug fixed when only certain addresses were available
+ for a given port
+ * improved crash report
+ * Fix for Redis Cluster redis-trib displaying of info after
+ creating a new cluster.
+
+-------------------------------------------------------------------
Old:
----
redis-3.2.3.tar.gz
New:
----
redis-3.2.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ redis.spec ++++++
--- /var/tmp/diff_new_pack.7bfKoy/_old 2016-10-24 14:44:58.000000000 +0200
+++ /var/tmp/diff_new_pack.7bfKoy/_new 2016-10-24 14:44:58.000000000 +0200
@@ -25,7 +25,7 @@
%bcond_with systemd
%endif
Name: redis
-Version: 3.2.3
+Version: 3.2.4
Release: 0
Summary: Persistent key-value database
License: BSD-3-Clause
@@ -45,9 +45,9 @@
BuildRequires: pkgconfig
BuildRequires: procps
BuildRequires: tcl
-Requires(pre): shadow
Requires: logrotate
Requires: sudo
+Requires(pre): shadow
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with systemd}
BuildRequires: pkgconfig(systemd)
++++++ redis-3.2.3.tar.gz -> redis-3.2.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/00-RELEASENOTES
new/redis-3.2.4/00-RELEASENOTES
--- old/redis-3.2.3/00-RELEASENOTES 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/00-RELEASENOTES 2016-09-26 09:10:17.000000000 +0200
@@ -11,6 +11,84 @@
--------------------------------------------------------------------------------
================================================================================
+Redis 3.2.4 Released Mon Sep 26 08:58:21 CEST 2016
+================================================================================
+
+Upgrade urgency CRITICAL: Redis 3.2 and unstable contained a security
+ vulnerability fixed by this release.
+
+Hello Redis Wizards of the Memory Stores Empire,
+
+this is a Redis critical release in order to fix a security issue
+which is documented clearly here:
+
+
https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
+
+Thanks to Cory Duplantis of Cisco Talos for reporting the issue.
+
+The gist is that using CONFIG SET calls (or by manipulating redis.conf)
+an attacker is able to compromise certain fields of the "server" global
+structure, including the aof filename pointer, that could be made pointing
+to something else. In turn the AOF name is used in different contexts such
+as logging, rename(2) and open(2) syscalls, leading to potential problems.
+
+All Redis 3.2.x versions are affected.
+
+This release also includes other things:
+
+* TCP binding bug fixed when only certain addresses were available for
+a given port.
+
+* A much better crash report that includes part of the Redis binary:
+this will allow to fix bugs even when we just have a crash log and
+no other help from the original poster oft the issue.
+
+* A fix for Redis Cluster redis-trib displaying of info after creating
+a new cluster.
+
+Please check the following list of commits for credits about who did what.
+Thanks to all the contributors and a special thank to Oran Agra for the
+help in this release.
+
+List of commits:
+
+antirez in commit 0539634:
+ Security: CONFIG SET client-output-buffer-limit overflow fixed.
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+antirez in commit c01abcd:
+ fix the fix for the TCP binding.
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+oranagra in commit a6d0698:
+ fix tcp binding when IPv6 is unsupported
+ 2 files changed, 14 insertions(+), 10 deletions(-)
+
+antirez in commit 22b6c28:
+ debug.c: no need to define _GNU_SOURCE, is defined in fmacros.h.
+ 1 file changed, 1 deletion(-)
+
+antirez in commit 9e9d398:
+ crash log - improve code dump with more info and called symbols.
+ 1 file changed, 59 insertions(+), 20 deletions(-)
+
+oranagra in commit 3745c5d:
+ crash log - add hex dump of function code
+ 1 file changed, 22 insertions(+)
+
+antirez in commit c1cc07b:
+ Sentinel example config: warn about protected mode.
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+rojingeorge in commit 011dc9f:
+ Display the nodes summary once the cluster is established using redis-trib.rb
+ 1 file changed, 5 insertions(+)
+
+Guo Xiao in commit f4e3a94:
+ Use the standard predefined identifier __func__ (since C99)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+================================================================================
Redis 3.2.3 Released Tue Aug 02 10:55:24 CEST 2016
================================================================================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/sentinel.conf
new/redis-3.2.4/sentinel.conf
--- old/redis-3.2.3/sentinel.conf 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/sentinel.conf 2016-09-26 09:10:17.000000000 +0200
@@ -1,5 +1,21 @@
# Example sentinel.conf
+# *** IMPORTANT ***
+#
+# By default Sentinel will not be reachable from interfaces different than
+# localhost, either use the 'bind' directive to bind to a list of network
+# interfaces, or disable protected mode with "protected-mode no" by
+# adding it to this configuration file.
+#
+# Before doing that MAKE SURE the instance is protected from the outside
+# world via firewalling or other means.
+#
+# For example you may use one of the following:
+#
+# bind 127.0.0.1 192.168.1.1
+#
+# protected-mode no
+
# port <sentinel-port>
# The port that this sentinel instance will run on
port 26379
@@ -178,4 +194,3 @@
#
# sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/src/anet.c new/redis-3.2.4/src/anet.c
--- old/redis-3.2.3/src/anet.c 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/src/anet.c 2016-09-26 09:10:17.000000000 +0200
@@ -486,7 +486,7 @@
goto end;
}
if (p == NULL) {
- anetSetError(err, "unable to bind socket");
+ anetSetError(err, "unable to bind socket, errno: %d", errno);
goto error;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/src/config.c new/redis-3.2.4/src/config.c
--- old/redis-3.2.3/src/config.c 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/src/config.c 2016-09-26 09:10:17.000000000 +0200
@@ -549,8 +549,9 @@
unsigned long long hard, soft;
int soft_seconds;
- if (class == -1) {
- err = "Unrecognized client limit class";
+ if (class == -1 || class == CLIENT_TYPE_MASTER) {
+ err = "Unrecognized client limit class: the user specified "
+ "an invalid one, or 'master' which has no buffer limits.";
goto loaderr;
}
hard = memtoll(argv[2],NULL);
@@ -834,7 +835,8 @@
long val;
if ((j % 4) == 0) {
- if (getClientTypeByName(v[j]) == -1) {
+ int class = getClientTypeByName(v[j]);
+ if (class == -1 || class == CLIENT_TYPE_MASTER) {
sdsfreesplitres(v,vlen);
goto badfmt;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/src/debug.c new/redis-3.2.4/src/debug.c
--- old/redis-3.2.3/src/debug.c 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/src/debug.c 2016-09-26 09:10:17.000000000 +0200
@@ -39,6 +39,8 @@
#include <ucontext.h>
#include <fcntl.h>
#include "bio.h"
+#include <unistd.h>
+#include <dlfcn.h>
#endif /* HAVE_BACKTRACE */
#ifdef __CYGWIN__
@@ -671,6 +673,8 @@
return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
#elif defined(__ia64__) /* Linux IA64 */
return (void*) uc->uc_mcontext.sc_ip;
+ #elif defined(__arm__) /* Linux ARM */
+ return (void*) uc->uc_mcontext.arm_pc;
#endif
#else
return NULL;
@@ -972,6 +976,32 @@
}
#endif
+/* Scans the (assumed) x86 code starting at addr, for a max of `len`
+ * bytes, searching for E8 (callq) opcodes, and dumping the symbols
+ * and the call offset if they appear to be valid. */
+void dumpX86Calls(void *addr, size_t len) {
+ size_t j;
+ unsigned char *p = addr;
+ Dl_info info;
+ /* Hash table to best-effort avoid printing the same symbol
+ * multiple times. */
+ unsigned long ht[256] = {0};
+
+ if (len < 5) return;
+ for (j = 0; j < len-4; j++) {
+ if (p[j] != 0xE8) continue; /* Not an E8 CALL opcode. */
+ unsigned long target = (unsigned long)addr+j+5;
+ target += *((int32_t*)(p+j+1));
+ if (dladdr((void*)target, &info) != 0 && info.dli_sname != NULL) {
+ if (ht[target&0xff] != target) {
+ printf("Function at 0x%lx is %s\n",target,info.dli_sname);
+ ht[target&0xff] = target;
+ }
+ j += 4; /* Skip the 32 bit immediate. */
+ }
+ }
+}
+
void sigsegvHandler(int sig, siginfo_t *info, void *secret) {
ucontext_t *uc = (ucontext_t*) secret;
void *eip = getMcontextEip(uc);
@@ -1022,19 +1052,49 @@
bioKillThreads();
if (memtest_test_linux_anonymous_maps()) {
serverLogRaw(LL_WARNING|LL_RAW,
- "!!! MEMORY ERROR DETECTED! Check your memory ASAP !!!");
+ "!!! MEMORY ERROR DETECTED! Check your memory ASAP !!!\n");
} else {
serverLogRaw(LL_WARNING|LL_RAW,
- "Fast memory test PASSED, however your memory can still be broken.
Please run a memory test for several hours if possible.");
+ "Fast memory test PASSED, however your memory can still be broken.
Please run a memory test for several hours if possible.\n");
}
#endif
+ if (eip != NULL) {
+ Dl_info info;
+ if (dladdr(eip, &info) != 0) {
+ serverLog(LL_WARNING|LL_RAW,
+ "\n------ DUMPING CODE AROUND EIP ------\n"
+ "Symbol: %s (base: %p)\n"
+ "Module: %s (base %p)\n"
+ "$ xxd -r -p /tmp/dump.hex /tmp/dump.bin\n"
+ "$ objdump --adjust-vma=%p -D -b binary -m i386:x86-64
/tmp/dump.bin\n"
+ "------\n",
+ info.dli_sname, info.dli_saddr, info.dli_fname, info.dli_fbase,
+ info.dli_saddr);
+ size_t len = (long)eip - (long)info.dli_saddr;
+ unsigned long sz = sysconf(_SC_PAGESIZE);
+ if (len < 1<<13) { /* we don't have functions over 8k (verified) */
+ /* Find the address of the next page, which is our "safety"
+ * limit when dumping. Then try to dump just 128 bytes more
+ * than EIP if there is room, or stop sooner. */
+ unsigned long next = ((unsigned long)eip + sz) & ~(sz-1);
+ unsigned long end = (unsigned long)eip + 128;
+ if (end > next) end = next;
+ len = end - (unsigned long)info.dli_saddr;
+ serverLogHexDump(LL_WARNING, "dump of function",
+ info.dli_saddr ,len);
+ dumpX86Calls(info.dli_saddr,len);
+ }
+ }
+ }
+
serverLogRaw(LL_WARNING|LL_RAW,
"\n=== REDIS BUG REPORT END. Make sure to include from START to END. ===\n\n"
" Please report the crash by opening an issue on github:\n\n"
" http://github.com/antirez/redis/issues\n\n";
" Suspect RAM error? Use redis-server --test-memory to verify it.\n\n"
);
+
/* free(messages); Don't call free() with possibly corrupted memory. */
if (server.daemonize && server.supervised == 0) unlink(server.pidfile);
@@ -1055,7 +1115,7 @@
unsigned char *v = value;
char charset[] = "0123456789abcdef";
- serverLog(level,"%s (hexdump):", descr);
+ serverLog(level,"%s (hexdump of %zu bytes):", descr, len);
b = buf;
while(len) {
b[0] = charset[(*v)>>4];
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/src/debugmacro.h
new/redis-3.2.4/src/debugmacro.h
--- old/redis-3.2.3/src/debugmacro.h 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/src/debugmacro.h 2016-09-26 09:10:17.000000000 +0200
@@ -34,7 +34,7 @@
#define D(...) \
do { \
FILE *fp = fopen("/tmp/log.txt","a"); \
- fprintf(fp,"%s:%s:%d:\t", __FILE__, __FUNCTION__, __LINE__); \
+ fprintf(fp,"%s:%s:%d:\t", __FILE__, __func__, __LINE__); \
fprintf(fp,__VA_ARGS__); \
fprintf(fp,"\n"); \
fclose(fp); \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/src/redis-trib.rb
new/redis-3.2.4/src/redis-trib.rb
--- old/redis-3.2.3/src/redis-trib.rb 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/src/redis-trib.rb 2016-09-26 09:10:17.000000000 +0200
@@ -1305,6 +1305,11 @@
sleep 1
wait_cluster_join
flush_nodes_config # Useful for the replicas
+ # Reset the node information, so that when the
+ # final summary is listed in check_cluster about the newly created
cluster
+ # all the nodes would get properly listed as slaves or masters
+ reset_nodes
+ load_cluster_info_from_node(argv[0])
check_cluster
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/src/server.c new/redis-3.2.4/src/server.c
--- old/redis-3.2.3/src/server.c 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/src/server.c 2016-09-26 09:10:17.000000000 +0200
@@ -1776,6 +1776,7 @@
if (server.bindaddr_count == 0) server.bindaddr[0] = NULL;
for (j = 0; j < server.bindaddr_count || j == 0; j++) {
if (server.bindaddr[j] == NULL) {
+ int unsupported = 0;
/* Bind * for both IPv6 and IPv4, we enter here only if
* server.bindaddr_count == 0. */
fds[*count] = anetTcp6Server(server.neterr,port,NULL,
@@ -1783,19 +1784,27 @@
if (fds[*count] != ANET_ERR) {
anetNonBlock(NULL,fds[*count]);
(*count)++;
+ } else if (errno == EAFNOSUPPORT) {
+ unsupported++;
+ serverLog(LL_WARNING,"Not listening to IPv6: unsupproted");
+ }
+ if (*count == 1 || unsupported) {
/* Bind the IPv4 address as well. */
fds[*count] = anetTcpServer(server.neterr,port,NULL,
server.tcp_backlog);
if (fds[*count] != ANET_ERR) {
anetNonBlock(NULL,fds[*count]);
(*count)++;
+ } else if (errno == EAFNOSUPPORT) {
+ unsupported++;
+ serverLog(LL_WARNING,"Not listening to IPv4: unsupproted");
}
}
/* Exit the loop if we were able to bind * on IPv4 and IPv6,
* otherwise fds[*count] will be ANET_ERR and we'll print an
* error and return to the caller with an error. */
- if (*count == 2) break;
+ if (*count + unsupported == 2) break;
} else if (strchr(server.bindaddr[j],':')) {
/* Bind IPv6 address. */
fds[*count] = anetTcp6Server(server.neterr,port,server.bindaddr[j],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/redis-3.2.3/src/version.h
new/redis-3.2.4/src/version.h
--- old/redis-3.2.3/src/version.h 2016-08-02 11:00:29.000000000 +0200
+++ new/redis-3.2.4/src/version.h 2016-09-26 09:10:17.000000000 +0200
@@ -1 +1 @@
-#define REDIS_VERSION "3.2.3"
+#define REDIS_VERSION "3.2.4"
