[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted redis 5:7.0.4-1~bpo11+1 (source amd64 all) into bullseye-backports

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 20 Aug 2022 08:22:24 -0700
Source: redis
Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym
Built-For-Profiles: nocheck
Architecture: source amd64 all
Version: 5:7.0.4-1~bpo11+1
Distribution: bullseye-backports
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 redis      - Persistent key-value database with network interface (metapackage
 redis-sentinel - Persistent key-value database with network interface (monitoring)
 redis-server - Persistent key-value database with network interface
 redis-tools - Persistent key-value database with network interface (client)
Closes: 977852 981000 982122 983446 988045 989351 1005787 1011187 1012658 1013172
Changes:
 redis (5:7.0.4-1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 redis (5:7.0.4-1) unstable; urgency=high
 .
   * New upstream security release.
   * CVE-2022-31144: Prevent a potential heap overflow in Redis 7.0's
     XAUTOCLAIM command.
 .
 redis (5:7.0.3-1) unstable; urgency=medium
 .
   * New upstream release.
   * Refresh patches.
   * Bump Standards-Version to 4.6.1.
 .
 redis (5:7.0.2-2) unstable; urgency=medium
 .
   * Add /lib to allowed ExecPaths to support both usr-merged and non-usr-merged
     systems. Thanks to Christian Göttsche for the report. (Closes: #1013172)
 .
 redis (5:7.0.2-1) unstable; urgency=medium
 .
   * New upstream release.
   * Drop 0005-Fix-crash-when-systemd-ProcSubset-pid.patch; applied upstream.
 .
 redis (5:7.0.1-4) unstable; urgency=medium
 .
   * Upload 7.x branch to unstable.
   * Update gbp.conf.
 .
 redis (5:7.0.1-3) experimental; urgency=medium
 .
   * Fix crash when systemd's ProcSubset=pid. /proc/sys/vm/overcommit_memory was
     inaccessible and a log warning message was incorrectly constructed.
   * Add missing CPPFLAGS when building hdr_histogram.
   * Update Lintian overrides:
     - Ignore maintainer-manual-page warnings.
     - Ignore very-long-line-length-in-source-file warnings.
   * Update my entry in debian/copyright.
   * Update and renumber patches.
 .
 redis (5:7.0.1-2) experimental; urgency=medium
 .
   * Drop support (in patches, etc.) for using the systemwide hiredis and Lua,
     reverting to using the built-in cjson (etc.). (Closes: #1012658)
   * Add an internal timeout for the cluster tests to prevent FTBFS.
     (Closes: #1011187)
   * Drop a duplicate comment in debian/rules.
 .
 redis (5:7.0.1-1) experimental; urgency=medium
 .
   * New upstream release.
   * Refresh patches.
 .
 redis (5:7.0.0-1) experimental; urgency=medium
 .
   * New upstream release.
     - Disable, hopefully temporarily, the use of the systemwide Lua due to
       Redis' fork gaining security/hardening features (eg.
       lua_enablereadonlytable).
     - Refresh patches.
 .
 redis (5:7.0~rc3-1) experimental; urgency=medium
 .
   * New upstream release.
     - Refresh patches.
 .
 redis (5:7.0~rc2-2) experimental; urgency=high
 .
   * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
 .
     This vulnerability existed because the Lua library in Debian is provided as
     a dynamic library. A "package" variable was automatically populated that
     in turn permitted access to arbitrary Lua functionality. As this extended
     to, for example, the "execute" function from the "os" module, an attacker
     with the ability to execute arbitrary Lua code could potentially execute
     arbitrary shell commands.
 .
     Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
     reporting this issue. (Closes: #1005787)
 .
 redis (5:7.0~rc2-1) experimental; urgency=medium
 .
   * New upstream RC release.
     - Refresh patches.
 .
 redis (5:7.0~rc1-1) experimental; urgency=medium
 .
   * New upstream 7.x release candidate.
   * Refresh patches.
   * Set some DEP-3 forwarded headers.
 .
 redis (5:6.2.6-1) experimental; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
       redis-sentinel parsing large multi-bulk replies on some older and less
       common platforms.
 .
     - CVE-2021-32687: Integer to heap buffer overflow with intsets, when
       set-max-intset-entries is manually configured to a non-default, very
       large value.
 .
     - CVE-2021-32675: Denial Of Service when processing RESP request payloads
       with a large number of elements on many connections.
 .
     - CVE-2021-32672: Random heap reading issue with Lua Debugger.
 .
     - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
       data types, when configuring a large, non-default value for
       hash-max-ziplist-entries, hash-max-ziplist-value,
       zset-max-ziplist-entries or zset-max-ziplist-value.
 .
     - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
       configuring a non-default, large value for proto-max-bulk-len and
       client-query-buffer-limit.
 .
     - CVE-2021-32626: Specially crafted Lua scripts may result with Heap
       buffer overflow.
 .
     - CVE-2021-41099: Integer to heap buffer overflow handling certain string
       commands and network payloads, when proto-max-bulk-len is manually
       configured to a non-default, very large value.
 .
   * Refresh patches.
   * Bump Standards-Version to 4.6.0.
 .
 redis (5:6.2.5-4) experimental; urgency=medium
 .
   * Use /run instead of /var/run for PID and UNIX socket files. Thanks to
     @MichaIng-guest for the patch. (Closes: lamby/pkg-redis!5)
 .
 redis (5:6.2.5-3) experimental; urgency=medium
 .
   * Skip OOM-related tests on incompatible platforms. (Closes: #982122)
 .
 redis (5:6.2.5-2) experimental; urgency=medium
 .
   * Explicitly specify USE_JEMALLOC to override upstream's detection of ARM
     systems. This was affecting reproducibility as the aarch64 kernel flavour
     was using Jemalloc whilst armv7l was not.
   * Increase the verbosity of logging when testing. (Re: #991476)
 .
 redis (5:6.2.5-1) experimental; urgency=medium
 .
   * New upstream security release:
     - CVE-2021-32761: Integer overflow issues with BITFIELD command
       on 32-bit systems.
   * Bump Standards-Version to 4.5.1.
 .
 redis (5:6.2.4-1) experimental; urgency=medium
 .
   * CVE-2021-32625: Fix a vulnerability in the STRALGO LCS command.
     (Closes: #989351)
   * Refresh patches.
 .
 redis (5:6.2.3-1) experimental; urgency=medium
 .
   * New upstream security release:
     - CVE-2021-29477: Vulnerability in the STRALGO LCS command.
     - CVE-2021-29478: Vulnerability in the COPY command for large intsets.
     (Closes: #988045)
   * Refresh patches.
 .
 redis (5:6.2.2-1) experimental; urgency=medium
 .
   * New upstream release.
   * Apply wrap-and-sort -sa.
   * Refresh patches.
 .
 redis (5:6.2.1-1) experimental; urgency=medium
 .
   * New upstream release.
 .
 redis (5:6.2.0-1) experimental; urgency=medium
 .
   * New upstream release, incorporating some security fixes. (Closes: 983446)
   * Refresh patches.
 .
 redis (5:6.2~rc3-1) experimental; urgency=medium
 .
   * New upstream RC release.
     - Refresh patches.
 .
 redis (5:6.2~rc2-2) experimental; urgency=medium
 .
   * Also remove the /etc/redis directory in purge.
   * Allow /etc/redis to be rewritten. Thanks to Yossi Gottlieb for the patch.
     (Closes: #981000)
 .
 redis (5:6.2~rc2-1) experimental; urgency=medium
 .
   * New upstream release.
   * Refresh patches.
 .
 redis (5:6.2~rc1-3) experimental; urgency=medium
 .
   * Specify "--supervised systemd" now that we specify "Type=notify" to prevent
     failure under systemd. Thanks to Michael Prokop for the report.
 .
 redis (5:6.2~rc1-2) experimental; urgency=medium
 .
   [ Michael Prokop ]
   * Enable systemd support by compiling against libsystemd-dev.
     (Closes: #977852)
 .
   [ Chris Lamb ]
   * Use Type=notify to use systemd supervisor when generating our systemd
     service files.
   * Explicitly request systemd support when building the package.
 .
 redis (5:6.2~rc1-1) experimental; urgency=medium
 .
   * New upstream RC release.
     - Update patches.
   * Bump Standards-Version to 4.5.1.
Checksums-Sha1:
 291cfeeaf92a64971c85a7f461599669e4baedda 2298 redis_7.0.4-1~bpo11+1.dsc
 8999fa9ce69ef130164446e46bea2ff244ec1d2c 2994242 redis_7.0.4.orig.tar.gz
 c933f27c112cc8058973e410b9cfec20960a8491 27900 redis_7.0.4-1~bpo11+1.debian.tar.xz
 3f13e126d3aa8e6bd518b7428a372918294edcf7 43016 redis-sentinel_7.0.4-1~bpo11+1_amd64.deb
 29c25ef65c7b3b40bae9ebfcefbf8466a56d93a6 81844 redis-server_7.0.4-1~bpo11+1_amd64.deb
 7fd5a847ccb2d31fd3453396a1ac3cc5424ffe58 2620460 redis-tools-dbgsym_7.0.4-1~bpo11+1_amd64.deb
 c3e881e17086daa49b59dccafc6f486097b1c3cd 991300 redis-tools_7.0.4-1~bpo11+1_amd64.deb
 099839d760c98dd4516686e4b5e80bb9b4113855 34008 redis_7.0.4-1~bpo11+1_all.deb
 0dc968db642dbd0b2491c5d9a58686486e6af85f 7819 redis_7.0.4-1~bpo11+1_amd64.buildinfo
Checksums-Sha256:
 b6d430e91ba93b9f164f586270a778bf778c25cb525de493fecf9e5671a8d988 2298 redis_7.0.4-1~bpo11+1.dsc
 1eeacd656e6b6e45aee3c4037dd098932979d3853220bbeb84cb35ca7ef6d2ca 2994242 redis_7.0.4.orig.tar.gz
 af1785e0b996de1f56e1745b3014acb04e8796e1d3c4a42a894ed6b7a8fec8f0 27900 redis_7.0.4-1~bpo11+1.debian.tar.xz
 fd885c02e20e47e7be4bb03ff42be03df552ea9d907b6c155cd24b3edfc8f336 43016 redis-sentinel_7.0.4-1~bpo11+1_amd64.deb
 6867f37e8d0c5bf64f9f31be5fee0b7d3cf425dfcb3369b1dd464697aebdf035 81844 redis-server_7.0.4-1~bpo11+1_amd64.deb
 1865df0c38f7242499bdfb83031cd5e7c7a13ffa4c1dc00da25fbd865672c9e6 2620460 redis-tools-dbgsym_7.0.4-1~bpo11+1_amd64.deb
 f34891733f04339ad6eea7d896e04f771f19d8e076964aa892ef14a09780e949 991300 redis-tools_7.0.4-1~bpo11+1_amd64.deb
 8c8bdab5235e174c4ecabdad62231605eb7c401df0e93cbc00422a596839eb8d 34008 redis_7.0.4-1~bpo11+1_all.deb
 547c75baf5e1c6a20513f59e6c98bc15fd830e51a236c50541227393a5f6efc8 7819 redis_7.0.4-1~bpo11+1_amd64.buildinfo
Files:
 7a22363ddd746f026cc7ce9a55fead99 2298 database optional redis_7.0.4-1~bpo11+1.dsc
 3a2ce76ef8f5ca3cc6463c487f2d532c 2994242 database optional redis_7.0.4.orig.tar.gz
 657894833cc9d87a6290c9ea9b91595e 27900 database optional redis_7.0.4-1~bpo11+1.debian.tar.xz
 d5e2d2ba41956b96c86f6cf1c6605ee8 43016 database optional redis-sentinel_7.0.4-1~bpo11+1_amd64.deb
 294e157a820ecdd1bf4fd40101f0a840 81844 database optional redis-server_7.0.4-1~bpo11+1_amd64.deb
 076040297be23773d692b781853a03fe 2620460 debug optional redis-tools-dbgsym_7.0.4-1~bpo11+1_amd64.deb
 25566e1f0023344e61a66719b7ea57b8 991300 database optional redis-tools_7.0.4-1~bpo11+1_amd64.deb
 831b8bd14f8c739f7f734ec89e46f320 34008 database optional redis_7.0.4-1~bpo11+1_all.deb
 2685c72429726bb806d2546ddfb8c2fa 7819 database optional redis_7.0.4-1~bpo11+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmMA/ecACgkQHpU+J9Qx
HlgqVg/9FcRtavrSU2+G9HlSlmKqatwPYbFdZENDFs9S/QQM/E/NplDgXhs3QlWY
JKCC0KxvU/98onLMBAqwfPjtuSXELsrvgLafx2oRL5vTmyRiCKxZZ/x8mt680LXA
WQ7FihFycPvKPrPVIneZ60vpmCH4U0YlFTSB4aBTRwJdR0XOmChzdC0Nkfovm9cp
b4YerVxeG7hlLBFxu83p1Clp2qDSNmeAf6IQNyXLXIta1Csn95rl2zxzCqn9aRUc
EqsRgVuPx25yGmQgg7PcVYu31FERPKF/7Cey0hWRa2EDODMvAopEGvOQu+UU+Tsn
efqnkjY+s1Bqn3XtBUVFgYpIKRu/JtxsPsEp6bRC+YD1rjBfOqGqqBH0vbUh4yoC
oS6kB5q0AqvaN52abzlj1KVfeW/rL0rzpHj+nu5VrJFVo27teUJcENat9yIJSDGH
3XrNE25+ppIzH5EqnTyM4QD2nvvkdj9W5tgegRaxcXPKn5aa8cGb3ao635kVbVFr
+YGSER0L6VefAKDT4QHmft/JCRas6Uw8K/vQ1+pU4LvmWlQ7yPWAsx0bI5oHAMq0
Qry5pS5iT+6zXvUTqmVmTb6QNX50BU9Opmeth3sPoxahuA7Rpr6k3Oho18vKw9kX
/izR9id7uigCTTtHzJKgL2C9XWuw89/+JlQVe8GaQQtFcCOnuu8=
=Yhrj
-----END PGP SIGNATURE-----
Reply to: