Hi, Upgrade urgency: SECURITY, contains fixes to security issues that affect authenticated client connections on 32-bit versions. MODERATE otherwise.
Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761). An integer overflow bug in Redis version 2.2 or newer can be exploited using the BITFIELD command to corrupt the heap and potentially result with remote code execution. Full release note: https://github.com/redis/redis/releases/tag/6.2.5 Comments? OK? Cheers, Daniel Index: Makefile =================================================================== RCS file: /cvs/ports/databases/redis/Makefile,v retrieving revision 1.123 diff -u -p -r1.123 Makefile --- Makefile 5 Jun 2021 11:51:16 -0000 1.123 +++ Makefile 22 Jul 2021 00:35:50 -0000 @@ -2,7 +2,7 @@ COMMENT = persistent key-value database -DISTNAME = redis-6.2.4 +DISTNAME = redis-6.2.5 CATEGORIES = databases HOMEPAGE = https://redis.io/ Index: distinfo =================================================================== RCS file: /cvs/ports/databases/redis/distinfo,v retrieving revision 1.96 diff -u -p -r1.96 distinfo --- distinfo 5 Jun 2021 11:51:16 -0000 1.96 +++ distinfo 22 Jul 2021 00:35:50 -0000 @@ -1,2 +1,2 @@ -SHA256 (redis-6.2.4.tar.gz) = ujLEBqEPwsCUJuK+J4fXT/IE6zouSW2Hz/dqR2tq4W4= -SIZE (redis-6.2.4.tar.gz) = 2457940 +SHA256 (redis-6.2.5.tar.gz) = S5p1cJobdLN4XiCmwVjKuUz1IpiqOB7qlHpnimDVUa4= +SIZE (redis-6.2.5.tar.gz) = 2465302 Index: patches/patch-src_Makefile =================================================================== RCS file: /cvs/ports/databases/redis/patches/patch-src_Makefile,v retrieving revision 1.41 diff -u -p -r1.41 patch-src_Makefile --- patches/patch-src_Makefile 11 May 2021 00:17:53 -0000 1.41 +++ patches/patch-src_Makefile 22 Jul 2021 00:35:50 -0000 @@ -25,16 +25,16 @@ Index: src/Makefile endif ifeq ($(uname_S),SunOS) -@@ -380,7 +380,7 @@ distclean: clean +@@ -382,7 +382,7 @@ distclean: clean .PHONY: distclean test: $(REDIS_SERVER_NAME) $(REDIS_CHECK_AOF_NAME) $(REDIS_CLI_NAME) $(REDIS_BENCHMARK_NAME) - @(cd ..; ./runtest) + @(cd ..; ulimit -Sd `ulimit -Hd`; ulimit -Sn `ulimit -Hn`; ulimit -Sp `ulimit -Hp`; ulimit -Ss `ulimit -Hs`; ${TCL_BIN} tests/test_helper.tcl) - test-sentinel: $(REDIS_SENTINEL_NAME) $(REDIS_CLI_NAME) - @(cd ..; ./runtest-sentinel) -@@ -420,7 +420,7 @@ src/help.h: + test-modules: $(REDIS_SERVER_NAME) + @(cd ..; ./runtest-moduleapi) +@@ -425,7 +425,7 @@ src/help.h: @../utils/generate-command-help.rb > help.h install: all Index: patches/patch-src_tls_c =================================================================== RCS file: /cvs/ports/databases/redis/patches/patch-src_tls_c,v retrieving revision 1.1 diff -u -p -r1.1 patch-src_tls_c --- patches/patch-src_tls_c 11 May 2021 00:17:53 -0000 1.1 +++ patches/patch-src_tls_c 22 Jul 2021 00:35:50 -0000 @@ -3,7 +3,7 @@ $OpenBSD: patch-src_tls_c,v 1.1 2021/05/ Index: src/tls.c --- src/tls.c.orig +++ src/tls.c -@@ -174,7 +174,7 @@ void tlsCleanup(void) { +@@ -176,7 +176,7 @@ void tlsCleanup(void) { redis_tls_client_ctx = NULL; }