| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recipes are not expected to set FILESPATH directly, they are
expected to use FILESEXTRAPATH.
I can see the seting of FILESPATH in this recipe only wants to
find redis-7 specific patches and files. This could be easily achieved by
using redis-7.0.11/ directory to hold all those files.
Using FILESPATH in this way removes the possibility of overriding
some files (e.g., the redis service file) from other layers via
FILESEXTRAPATH:prepend, which is kind of a common practice and is
actually working for basically all other recipes.
This is because we have:
meta/classes-global/base.bbclass:FILESPATH = "${@base_set_filespath(["${FILE_DIRNAME}/${BP}", "${FILE_DIRNAME}/${BPN}", "${FILE_DIRNAME}/files"], d)}"
And FILESEXTRAPATH is handled in base_set_filespath.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 34153d91b47765eedb3f0010ec7bc367a00c82d6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service
Bug Fixes
=========
* Large blocks of replica client output buffer may lead to psync loops and unnecessary memory usage (#11666)
* Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
* Trim excessive memory usage in stream nodes when exceeding `stream-node-max-bytes` (#11885)
* Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Under sysvinit when trying to restart redis-server using
service redis-server restart two calls are made to start-stop-daemon, first
with the --stop argument and then with --start argument consecutively.
Because the process doesn't immediately terminate when start-stop-daemon
--stop is called, the next call to start-stop-daemon --start finds the
process still running and does not attempt to start another one.
This leads to only a stop of the redis-server process when a restart is
requested. This behavior affects all redis versions using sysvinit only.
This can be fixed by using the --retry <timeout/schedule> argument with
start-stop-daemon --stop in order for the call to block until the process
terminates so that start-stop-daemon --start will attempt to start a new
process.
Unfortunately the --retry argument works only in the implementation of
start-stop-daemon provided by dpkg package and is ignored in the
implementation provided by busybox package.
A repeated check if the process is still running and another try with
another signal after a timeout will effectively simulate a stop with
--retry=TERM/5/KILL/5 schedule.
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
(CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic
(CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and
ZRANDMEMBER
commands can lead to denial-of-service
Bug Fixes:
Avoid possible hang when client issues long KEYS, SRANDMEMBER,
HRANDFIELD,
and ZRANDMEMBER commands and gets disconnected by client output buffer
limit (#11676)
Fix sentinel issue if replica changes IP (#11590)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
(CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic
(CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and
ZRANDMEMBER
commands can lead to denial-of-service
Bug Fixes
Avoid possible hang when client issues long KEYS, SRANDMEMBER,
HRANDFIELD,
and ZRANDMEMBER commands and gets disconnected by client output buffer
limit (#11676)
Make sure that fork child doesn't do incremental rehashing (#11692)
Fix a bug where blocking commands with a sub-second timeout would block
forever (#11688)
Fix sentinel issue if replica changes IP (#11590)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
| |
This upgrade include fix for CVE-2022-3647
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
| |
This upgrade include fix for CVE-2022-3647
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compile redis with full systemd support when the chosen init system is
systemd.
Enabling systemd supervision allows redis to communicate the actual server
status (i.e. "Loading dataset", "Waiting for master<->replica sync") to
systemd, instead of declaring readiness right after initializing the server
process.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix:
WARNING: lib32-redis-7.0.4-r0 do_patch: Fuzz detected:
Applying patch GNU_SOURCE.patch
patching file src/zmalloc.c
Hunk #1 succeeded at 32 with fuzz 2 (offset 4 lines).
There are two version of redis, and need different GNU_SOURCE.patch
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
----------------
(CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
| |
This upgrade include CVE fix:
CVE-2022-24735
CVE-2022-24736
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
WARNING: lib32-redis-7.0-rc1-r0 do_patch: Fuzz detected:
Applying patch GNU_SOURCE.patch
patching file src/zmalloc.c
Hunk #1 succeeded at 32 with fuzz 2 (offset 4 lines).
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Redis 7.0 "includes changes that potentially break backwards
compatibility with older versions", so let's let folks some time to
test 7.0 and later decide which version(s) we want to keep.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
(CVE-2021-41099) Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value [reported by yiyuaner].
(CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms [reported by Microsoft Vulnerability Research].
(CVE-2021-32687) Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value [reported by Pawel Wieczorkiewicz, AWS].
(CVE-2021-32675) Denial Of Service when processing RESP request payloads with
a large number of elements on many connections.
(CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
Meir Shpilraien].
(CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value [reported by sundb].
(CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit [reported by sundb].
(CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
overflow [reported by Meir Shpilraien].
Bug fixes that involve behavior changes:
GEO* STORE with empty source key deletes the destination key and return 0 (#9271)
Previously it would have returned an empty array like the non-STORE variant.
PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions (#9209)
This actually changed in 6.2.0 but was overlooked and omitted from the release notes.
Bug fixes that are only applicable to previous releases of Redis 6.2:
Fix CLIENT PAUSE, used an old timeout from previous PAUSE (#9477)
Fix CLIENT PAUSE in a replica would mess the replication offset (#9448)
Add some missing error statistics in INFO errorstats (#9328)
Other bug fixes:
Fix incorrect reply of COMMAND command key positions for MIGRATE command (#9455)
Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416)
Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371)
CLI tools:
When redis-cli received ASK response, it didn't handle it (#8930)
Improvements:
Add latency monitor sample when key is deleted via lazy expire (#9317)
Sanitize corrupt payload improvements (#9321, #9399)
Delete empty keys when loading RDB file or handling a RESTORE command (#9297, #9349)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
| |
Pull in fix for CVE-2021-32761.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream changelog:
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. MODERATE otherwise.
Fix integer overflow in STRALGO LCS (CVE-2021-32625)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.
Bug fixes that are only applicable to previous releases of Redis 6.2:
Fix crash after a diskless replication fork child is terminated (#8991)
Fix redis-benchmark crash on unsupported configs (#8916)
Other bug fixes:
Fix crash in UNLINK on a stream key with deleted consumer groups (#8932)
SINTERSTORE: Add missing keyspace del event when none of the sources exist (#8949)
Sentinel: Fix CONFIG SET of empty string sentinel-user/sentinel-pass configs (#8958)
Enforce client output buffer soft limit when no traffic (#8833)
Improvements:
Hide AUTH passwords in MIGRATE command from slowlog (#8859)
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Refresh 3 patches.
Removed Patch:
ilp32.patch fixed by upstream 0719388cfb1a79160204314beb1de1f9c29a3684
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
| |
clang defines __ILP32__ for rv32 but gcc does not as a result
backtracing gets enabled when using clang but not when using gcc so
clang build exposes a porting error. Therefore add code to return
correct mcontext on rv32
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
| |
-License-Update: Copyright year updated to 2020.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
-Refresh the following patch:
0001-src-Do-not-reset-FINAL_LIBS.patch
-0005-Mark-extern-definition-of-SDS_NOINIT-in-sds.h.patch
Removed since this is included in 5.0.8
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
| |
Remove an upstreamed patch
Add patches to build with new glibc/gcc
Drop atomic removal patch and link with libatomic when needed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
| |
The License of redis is BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Need to link with libatomics for 64bit atomics support
Fixes
i686-yoe-linux/i686-yoe-linux-ld: networking.o: in function `createClient':
| /usr/src/debug/redis/4.0.14-r0/redis-4.0.14/src/networking.c:103: undefined reference to `__atomic_fetch_add_8'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
| |
Add needed depends
Do not build jemalloc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes with high parallel build we see compile errors e.g.
clang-8: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [Makefile:52: lua] Error 1
Therefore try to build dependencies before main build
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
| |
Exclude atomics on ppc as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply the same patch used for mips.
Fix
|ld: networking.o: in function `createClient':
| /usr/src/debug/redis/4.0.8-r0/redis-4.0.8/src/networking.c:93:
undefined reference to `__atomic_fetch_add_8'
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
| |
Update redis to the latest 4.0.8 release. This also involves updating
the redis.conf while maintaining some OE specific config options.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Now that the processes no longer runs as root, we need to increase
the limit for it.
This only affects systemd based systems.
Signed-off-by: Frank Meerkoetter <frank@meerkoetter.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running a network facing daemon written in C as root is not
a good idea. Introduce a redis system user/group for that.
A drawback is that now redis can no longer increase the
number of open fds to 10000 (MaxClients). If this is needed
the ulimit needs to be tweaked in the init script or systemd
unit file.
This only affects systemd based systems.
Signed-off-by: Frank Meerkoetter <frank@meerkoetter.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Creating /var/log/redis.log requires root permissions to
create the file. Use syslog instead so redis does not
require root.
This affects both sysv and systemd based systems.
Signed-off-by: Frank Meerkoetter <frank@meerkoetter.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|