On 12 Mar 22:19, Theo Buehler wrote: > Released earlier today. According to the changelog [1]: > > Upgrade urgency HIGH: This release fixes security issues. > > HIGH means that there is a critical bug that affects a subset of users. > I'm unsure which one of the listed bugs that is, though. > > The source diff to 5.0.7 is relatively small and there should not be any > fallout from backwards-incompatible changes. > > The new hunk in src/Makefile fixes the build on armv7 (the resulting > redis-server binary is still completely broken). I added a fix for a > small 32-bit time_t truncation issue in src/networking.c. > > Built and regress tests run successfully on amd64, macppc and sparc64. > Some further light testing on amd64 with some toy databases. > > [1]: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES > > Index: Makefile > =================================================================== > RCS file: /var/cvs/ports/databases/redis/Makefile,v > retrieving revision 1.109 > diff -u -p -r1.109 Makefile > --- Makefile 11 Feb 2020 08:11:13 -0000 1.109 > +++ Makefile 12 Mar 2020 19:15:42 -0000 > @@ -1,7 +1,7 @@ > # $OpenBSD: Makefile,v 1.109 2020/02/11 08:11:13 tb Exp $ > > COMMENT = persistent key-value database > -DISTNAME = redis-5.0.7 > +DISTNAME = redis-5.0.8 > CATEGORIES = databases > HOMEPAGE = https://redis.io/ > > Index: distinfo > =================================================================== > RCS file: /var/cvs/ports/databases/redis/distinfo,v > retrieving revision 1.84 > diff -u -p -r1.84 distinfo > --- distinfo 11 Feb 2020 08:11:13 -0000 1.84 > +++ distinfo 12 Mar 2020 19:17:51 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (redis-5.0.7.tar.gz) = Ydt06r9oAfBX/SS1kCMvLzN9QiKA/RlIbsoDvofTqCs= > -SIZE (redis-5.0.7.tar.gz) = 1984203 > +SHA256 (redis-5.0.8.tar.gz) = 88fqxC9DMyao2YG1DboBaf369Gq7I/zaL5M6dVLuTtc= > +SIZE (redis-5.0.8.tar.gz) = 1985757 > Index: patches/patch-src_Makefile > =================================================================== > RCS file: /var/cvs/ports/databases/redis/patches/patch-src_Makefile,v > retrieving revision 1.30 > diff -u -p -r1.30 patch-src_Makefile > --- patches/patch-src_Makefile 11 Feb 2020 08:11:13 -0000 1.30 > +++ patches/patch-src_Makefile 12 Mar 2020 19:57:00 -0000 > @@ -28,7 +28,16 @@ Index: src/Makefile > endif > endif > > -@@ -127,7 +128,7 @@ endif > +@@ -82,7 +83,7 @@ ifneq (,$(filter aarch64 armv,$(uname_M))) > + FINAL_LIBS+=-latomic > + else > + ifneq (,$(findstring armv,$(uname_M))) > +- FINAL_LIBS+=-latomic > ++# FINAL_LIBS+=-latomic > + endif > + endif > + > +@@ -136,7 +137,7 @@ endif > endif > endif > # Include paths to dependencies > @@ -37,7 +46,7 @@ Index: src/Makefile > > ifeq ($(MALLOC),tcmalloc) > FINAL_CFLAGS+= -DUSE_TCMALLOC > -@@ -165,6 +166,7 @@ endif > +@@ -174,6 +175,7 @@ endif > REDIS_SERVER_NAME=redis-server > REDIS_SENTINEL_NAME=redis-sentinel > REDIS_SERVER_OBJ=adlist.o quicklist.o ae.o anet.o dict.o server.o sds.o > zmalloc.o lzf_c.o lzf_d.o pqsort.o zipmap.o sha1.o ziplist.o release.o > networking.o util.o object.o db.o replication.o rdb.o t_string.o t_list.o > t_set.o t_zset.o t_hash.o config.o aof.o pubsub.o multi.o debug.o sort.o > intset.o syncio.o cluster.o crc16.o endianconv.o slowlog.o scripting.o bio.o > rio.o rand.o memtest.o crc64.o bitops.o sentinel.o notify.o setproctitle.o > blocked.o hyperloglog.o latency.o sparkline.o redis-check-rdb.o > redis-check-aof.o geo.o lazyfree.o module.o evict.o expire.o geohash.o > geohash_helper.o childinfo.o defrag.o siphash.o rax.o t_stream.o listpack.o > localtime.o lolwut.o lolwut5.o > @@ -45,7 +54,7 @@ Index: src/Makefile > REDIS_CLI_NAME=redis-cli > REDIS_CLI_OBJ=anet.o adlist.o dict.o redis-cli.o zmalloc.o release.o anet.o > ae.o crc64.o siphash.o crc16.o > REDIS_BENCHMARK_NAME=redis-benchmark > -@@ -216,7 +218,7 @@ endif > +@@ -225,7 +227,7 @@ endif > > # redis-server > $(REDIS_SERVER_NAME): $(REDIS_SERVER_OBJ) > @@ -54,7 +63,7 @@ Index: src/Makefile > > # redis-sentinel > $(REDIS_SENTINEL_NAME): $(REDIS_SERVER_NAME) > -@@ -259,7 +261,7 @@ distclean: clean > +@@ -268,7 +270,7 @@ distclean: clean > .PHONY: distclean > > test: $(REDIS_SERVER_NAME) $(REDIS_CHECK_AOF_NAME) > @@ -63,7 +72,7 @@ Index: src/Makefile > > test-sentinel: $(REDIS_SENTINEL_NAME) > @(cd ..; ./runtest-sentinel) > -@@ -303,13 +305,14 @@ src/help.h: > +@@ -312,13 +314,14 @@ src/help.h: > @../utils/generate-command-help.rb > help.h > > install: all > Index: patches/patch-src_networking_c > =================================================================== > RCS file: patches/patch-src_networking_c > diff -N patches/patch-src_networking_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_networking_c 12 Mar 2020 19:59:42 -0000 > @@ -0,0 +1,14 @@ > +$OpenBSD$ > + > +Index: src/networking.c > +--- src/networking.c.orig > ++++ src/networking.c > +@@ -1939,7 +1939,7 @@ void securityWarningCommand(client *c) { > + static time_t logged_time; > + time_t now = time(NULL); > + > +- if (labs(now-logged_time) > 60) { > ++ if (llabs(now-logged_time) > 60) { > + serverLog(LL_WARNING,"Possible SECURITY ATTACK detected. It looks > like somebody is sending POST or Host: commands to Redis. This is likely due > to an attacker attempting to use Cross Protocol Scripting to compromise your > Redis instance. Connection aborted."); > + logged_time = now; > + } >
Hi Theo, just "back ported" redis to 6.6 and it works like a charm on amd64 (except sentinel which segfaults - but it did also on 4.0.14). Kind regards Uwe --