Changes announced upstream:
Upgrade urgency HIGH: many issues fixed, some may have an impact.
Redis 5.0.7 fixes a number of bugs, none is very critical, however
there are a few that may have an impact. It's a good idea to upgrade.
There are fixes in the area of replication from modules commands and
callbacks, AOF fsync (non critical issue), memory leaks (very rare and small),
streams beahvior (non critical), and a potential crash in commands
processing multiple keys at the same time that is there for years, and happens
very rarely, but is not impossible to trigger.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The release notes at
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
say:
==
Upgrade urgency CRITICAL: Only in case of exposed instances to untrusted users.
This Redis release, 5.0.6, is a bugfix and enhancement release. The most
important bugfix is a corruption related to the HyperLogLog. A malformed
HyperLogLog string could cause an invalid access to the memory. At a first
glance the vulnerability appears to be not exploitable but just a DoS. The
way to trigger the issue is complex, we'll not provide any information about
how to do that for the users safety.
==
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
>From the release notes:
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
================================================================================
Redis 5.0.5 Released Wed May 15 17:57:41 CEST 2019
================================================================================
Upgrade urgency CRITICAL: This release fixes an important AOF fysnc bug
and other less critical issues.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Redis 5 now supports reproducible builds via SOURCE_DATE_EPOCH
* Add myself to DEVELOPERS for Redis
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes
(https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES):
Upgrade urgency HIGH: not critical but very important bugs fixed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes:
================================================================================
Redis 3.2.12 Released Wed Jun 13 12:43:01 CEST 2018
================================================================================
Upgrade urgency CRITICAL:
* Multilple security issues fixed.
* Backport of an older AOF fsync=always fix. Check 4.x release notes.
* Backport of a *SCAN bug. Sometimes elements could be missing from the scan.
* Other minor things.
https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
For more details about the lua related security issues, see the blog:
http://antirez.com/news/119
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3.2.11 fixes important issues. From the release notes:
================================================================================
Redis 3.2.11 Released Thu Sep 21 15:47:53 CEST 2017
================================================================================
Upgrade urgency HIGH: Potentially critical bugs fixed.
AOF flush on SHUTDOWN did not cared to really write the AOF buffers
(not in the kernel but in the Redis process memory) to disk before exiting.
Calling SHUTDOWN during traffic resulted into not every operation to be
persisted on disk.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It fixes a regression in the 3.2.7 security release that can cause server
deadlocks.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Release notes:
https://www.reddit.com/r/redis/comments/5r8wxn/redis_327_is_out_important_security_fixes_inside/
From the notes:
Upgrade urgency HIGH.
This release fixes important security and correctness issues. It is
especially important to upgrade for Redis Cluster users and for users
running Redis in their laptop since a cross-scripting attack is fixed in
this release.
[Peter: extend description]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adjust default config patch to match new major version.
localhost binding is now default so drop it, 300s keepalive is now
default as well (instead of 60s from the previous patch and 0 by
default) - which sounds reasonable so keep it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add hash file.
Drop redis-002-lua-AR.patch (upstream).
Rename patches to new naming convention.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>