[1/1] package/redis: security bump to v7.2.4

Message ID	20240118193717.915022-1-titouanchristophe@gmail.com
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Titouan Christophe <titouanchristophe@gmail.com> To: buildroot@buildroot.org Date: Thu, 18 Jan 2024 20:37:17 +0100 Message-ID: <20240118193717.915022-1-titouanchristophe@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705606654; x=1706211454; darn=buildroot.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=S7iAFG00opTuXBUqSAp5ukCy6vcjWCEpxXtRb8DsmAU=; b=O6GCe+cG2eUOnFxlft+fCPvJ+oqNPAnbCC3s+PmbJyuqEdL9UM8Uqj/r9IdJnm68I8 gA5G5LuBBQa8ahcjeUYFTiLcsEczhEMS6zry1esS1jIPrDFluWD5RDZ6Ov61r0WV/Z/3 bVGS7Of4IGgZ/kqyr7pY0On0z08YktshM709oxzaAYImDjoYafwvEQuMHsEyMmhp09EV QkxXXUfiRoT6If09TwaBL/R67zabDZ8hcUzCJ6BjH4oQFRlO37hKguRTaAmICsbvejT+ Q4Ob8Pe+3c0lb7n6yf0I7v0/+QT9DgIB0L4UHLyue4NbBRmY7NrQg9Z5bKeQ++RAUJjk o6AA== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=O6GCe+cG Subject: [Buildroot] [PATCH 1/1] package/redis: security bump to v7.2.4 Precedence: list Cc: Titouan Christophe <titouanchristophe@gmail.com>, Daniel Price <daniel.price@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/1] package/redis: security bump to v7.2.4 \| expand [1/1] package/redis: security bump to v7.2.4

Message ID

20240118193717.915022-1-titouanchristophe@gmail.com

State

Accepted

Headers

From: Titouan Christophe <titouanchristophe@gmail.com>
To: buildroot@buildroot.org
Date: Thu, 18 Jan 2024 20:37:17 +0100
Message-ID: <20240118193717.915022-1-titouanchristophe@gmail.com>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20230601 header.b=O6GCe+cG
Subject: [Buildroot] [PATCH 1/1] package/redis: security bump to v7.2.4
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Titouan Christophe <titouanchristophe@gmail.com>,
 Daniel Price <daniel.price@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/1] package/redis: security bump to v7.2.4 | expand

Commit Message

Titouan Christophe Jan. 18, 2024, 7:37 p.m. UTC

See release notes (https://github.com/redis/redis/blob/7.2.4/00-RELEASENOTES):

================================================================================
Redis 7.2.4    Released Tue 09 Jan 2024 10:45:52 IST
================================================================================

Upgrade urgency SECURITY: See security fixes below.

Security fixes
==============
* (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
  buffers which can result in incorrect accounting of buffer sizes and lead to
  heap overflow and potential remote code execution.

Bug fixes
=========

* Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
* Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
* Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
 package/redis/redis.hash | 2 +-
 package/redis/redis.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Peter Korsgaard Jan. 21, 2024, 9:45 a.m. UTC | #1

>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:

 > See release notes (https://github.com/redis/redis/blob/7.2.4/00-RELEASENOTES):
 > ================================================================================
 > Redis 7.2.4    Released Tue 09 Jan 2024 10:45:52 IST
 > ================================================================================

 > Upgrade urgency SECURITY: See security fixes below.

 > Security fixes
 > ==============
 > * (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
 >   buffers which can result in incorrect accounting of buffer sizes and lead to
 >   heap overflow and potential remote code execution.

 > Bug fixes
 > =========

 > * Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
 > * Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
 > * Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)

 > Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>

Committed, thanks.

Peter Korsgaard Feb. 4, 2024, 2:52 p.m. UTC | #2

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:
 >> See release notes (https://github.com/redis/redis/blob/7.2.4/00-RELEASENOTES):
 >> ================================================================================
 >> Redis 7.2.4    Released Tue 09 Jan 2024 10:45:52 IST
 >> ================================================================================

 >> Upgrade urgency SECURITY: See security fixes below.

 >> Security fixes
 >> ==============
 >> * (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
 >> buffers which can result in incorrect accounting of buffer sizes and lead to
 >> heap overflow and potential remote code execution.

 >> Bug fixes
 >> =========

 >> * Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
 >> * Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
 >> * Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)

 >> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>

 > Committed, thanks.

Committed to 2023.11.x, thanks.

For 2023.02.x I have instead bumped to 7.0.15.

diff --git a/package/redis/redis.hash b/package/redis/redis.hash
index 365fbf4063..378b930374 100644
--- a/package/redis/redis.hash
+++ b/package/redis/redis.hash
@@ -1,5 +1,5 @@ 
 # From https://github.com/redis/redis-hashes/blob/master/README
-sha256  3e2b196d6eb4ddb9e743088bfc2915ccbb42d40f5a8a3edd8cb69c716ec34be7  redis-7.2.3.tar.gz
+sha256  8d104c26a154b29fd67d6568b4f375212212ad41e0c2caa3d66480e78dbd3b59  redis-7.2.4.tar.gz
 
 # Locally calculated
 sha256  97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828  COPYING
diff --git a/package/redis/redis.mk b/package/redis/redis.mk
index 77cfb1e0b1..09a3b9448b 100644
--- a/package/redis/redis.mk
+++ b/package/redis/redis.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-REDIS_VERSION = 7.2.3
+REDIS_VERSION = 7.2.4
 REDIS_SITE = http://download.redis.io/releases
 REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
 REDIS_LICENSE_FILES = COPYING

[1/1] package/redis: security bump to v7.2.4

Commit Message

Comments

Patch