Accepted redis 5:7.0.1-4 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 17 Jun 2022 10:09:07 +0100
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:7.0.1-4
Distribution: unstable
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 977852 981000 982122 983446 988045 989351 1005787 1011187 1012658
Changes:
redis (5:7.0.1-4) unstable; urgency=medium
.
* Upload 7.x branch to unstable.
* Update gbp.conf.
.
redis (5:7.0.1-3) experimental; urgency=medium
.
* Fix crash when systemd's ProcSubset=pid. /proc/sys/vm/overcommit_memory was
inaccessible and a log warning message was incorrectly constructed.
* Add missing CPPFLAGS when building hdr_histogram.
* Update Lintian overrides:
- Ignore maintainer-manual-page warnings.
- Ignore very-long-line-length-in-source-file warnings.
* Update my entry in debian/copyright.
* Update and renumber patches.
.
redis (5:7.0.1-2) experimental; urgency=medium
.
* Drop support (in patches, etc.) for using the systemwide hiredis and Lua,
reverting to using the built-in cjson (etc.). (Closes: #1012658)
* Add an internal timeout for the cluster tests to prevent FTBFS.
(Closes: #1011187)
* Drop a duplicate comment in debian/rules.
.
redis (5:7.0.1-1) experimental; urgency=medium
.
* New upstream release.
* Refresh patches.
.
redis (5:7.0.0-1) experimental; urgency=medium
.
* New upstream release.
- Disable, hopefully temporarily, the use of the systemwide Lua due to
Redis' fork gaining security/hardening features (eg.
lua_enablereadonlytable).
- Refresh patches.
.
redis (5:7.0~rc3-1) experimental; urgency=medium
.
* New upstream release.
- Refresh patches.
.
redis (5:7.0~rc2-2) experimental; urgency=high
.
* CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
.
This vulnerability existed because the Lua library in Debian is provided as
a dynamic library. A "package" variable was automatically populated that
in turn permitted access to arbitrary Lua functionality. As this extended
to, for example, the "execute" function from the "os" module, an attacker
with the ability to execute arbitrary Lua code could potentially execute
arbitrary shell commands.
.
Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
reporting this issue. (Closes: #1005787)
.
redis (5:7.0~rc2-1) experimental; urgency=medium
.
* New upstream RC release.
- Refresh patches.
.
redis (5:7.0~rc1-1) experimental; urgency=medium
.
* New upstream 7.x release candidate.
* Refresh patches.
* Set some DEP-3 forwarded headers.
.
redis (5:6.2.6-1) experimental; urgency=medium
.
* New upstream security release:
.
- CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less
common platforms.
.
- CVE-2021-32687: Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very
large value.
.
- CVE-2021-32675: Denial Of Service when processing RESP request payloads
with a large number of elements on many connections.
.
- CVE-2021-32672: Random heap reading issue with Lua Debugger.
.
- CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value,
zset-max-ziplist-entries or zset-max-ziplist-value.
.
- CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit.
.
- CVE-2021-32626: Specially crafted Lua scripts may result with Heap
buffer overflow.
.
- CVE-2021-41099: Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually
configured to a non-default, very large value.
.
* Refresh patches.
* Bump Standards-Version to 4.6.0.
.
redis (5:6.2.5-4) experimental; urgency=medium
.
* Use /run instead of /var/run for PID and UNIX socket files. Thanks to
@MichaIng-guest for the patch. (Closes: lamby/pkg-redis!5)
.
redis (5:6.2.5-3) experimental; urgency=medium
.
* Skip OOM-related tests on incompatible platforms. (Closes: #982122)
.
redis (5:6.2.5-2) experimental; urgency=medium
.
* Explicitly specify USE_JEMALLOC to override upstream's detection of ARM
systems. This was affecting reproducibility as the aarch64 kernel flavour
was using Jemalloc whilst armv7l was not.
* Increase the verbosity of logging when testing. (Re: #991476)
.
redis (5:6.2.5-1) experimental; urgency=medium
.
* New upstream security release:
- CVE-2021-32761: Integer overflow issues with BITFIELD command
on 32-bit systems.
* Bump Standards-Version to 4.5.1.
.
redis (5:6.2.4-1) experimental; urgency=medium
.
* CVE-2021-32625: Fix a vulnerability in the STRALGO LCS command.
(Closes: #989351)
* Refresh patches.
.
redis (5:6.2.3-1) experimental; urgency=medium
.
* New upstream security release:
- CVE-2021-29477: Vulnerability in the STRALGO LCS command.
- CVE-2021-29478: Vulnerability in the COPY command for large intsets.
(Closes: #988045)
* Refresh patches.
.
redis (5:6.2.2-1) experimental; urgency=medium
.
* New upstream release.
* Apply wrap-and-sort -sa.
* Refresh patches.
.
redis (5:6.2.1-1) experimental; urgency=medium
.
* New upstream release.
.
redis (5:6.2.0-1) experimental; urgency=medium
.
* New upstream release, incorporating some security fixes. (Closes: 983446)
* Refresh patches.
.
redis (5:6.2~rc3-1) experimental; urgency=medium
.
* New upstream RC release.
- Refresh patches.
.
redis (5:6.2~rc2-2) experimental; urgency=medium
.
* Also remove the /etc/redis directory in purge.
* Allow /etc/redis to be rewritten. Thanks to Yossi Gottlieb for the patch.
(Closes: #981000)
.
redis (5:6.2~rc2-1) experimental; urgency=medium
.
* New upstream release.
* Refresh patches.
.
redis (5:6.2~rc1-3) experimental; urgency=medium
.
* Specify "--supervised systemd" now that we specify "Type=notify" to prevent
failure under systemd. Thanks to Michael Prokop for the report.
.
redis (5:6.2~rc1-2) experimental; urgency=medium
.
[ Michael Prokop ]
* Enable systemd support by compiling against libsystemd-dev.
(Closes: #977852)
.
[ Chris Lamb ]
* Use Type=notify to use systemd supervisor when generating our systemd
service files.
* Explicitly request systemd support when building the package.
.
redis (5:6.2~rc1-1) experimental; urgency=medium
.
* New upstream RC release.
- Update patches.
* Bump Standards-Version to 4.5.1.
Checksums-Sha1:
7f7409c42deadaa07d227b2049abaed94a7073de 2266 redis_7.0.1-4.dsc
c60ad61ab13ab1ed9d2488c416835625deb1c836 27936 redis_7.0.1-4.debian.tar.xz
7b230149d690c614e46866fd7ac58e980d231cbd 7391 redis_7.0.1-4_amd64.buildinfo
Checksums-Sha256:
b0376e296ee104a3d5c68ca77c0c800eb271d3a55be80eb2b7dca7e064b0adf3 2266 redis_7.0.1-4.dsc
99cc0886fd636d462b10d02e84006bcd439528da20493503377a188ce5f23547 27936 redis_7.0.1-4.debian.tar.xz
9d51799bfcd3d9e9fe7ecba648e4cc91fb65ad08469ff6b7c3fb88138e80344a 7391 redis_7.0.1-4_amd64.buildinfo
Files:
3641c22a323ea16796841f83fa27046f 2266 database optional redis_7.0.1-4.dsc
569b43e4b99669b6911c5b4c09bd779b 27936 database optional redis_7.0.1-4.debian.tar.xz
a592befb1c55f6861764f64bc181a6b5 7391 database optional redis_7.0.1-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmKsRi8ACgkQHpU+J9Qx
HlhnPxAAuqM0zx4Fgs3U6wJXZUgmw4T/Iv1zBgLWJk/tY/pOvQA9jkQcTAxxRiON
gjh2Rq+Be7o5vL2Y/sDGlKwWlUWmCc4jx6pAkvK1xucKvdJ2WujdjsyoEwHTYpPQ
8/Dj8OS863maj++BPiLWSP95IVOTwl4TlioZkqFPgQruefd55qWidfVydbhqg7Hu
Fi4gDj8BlEPl53EXxERjCFJIYuXn7Cv2LUN0MRDKBPGddIKugy15YzAdhm2urngL
GwyKIXIni3xT4Aklw18PUzAkCD2rqbu6MwASaOKuekQDPc6+0Mg4YUegMeOT1zEr
7OW2vfyf8xdm99WnDPIla3sCPDGfxsQD9mwcxZdy8QfoGs0WoAZtjrXsoJ16YDPw
9PayLJ+y0QrEWn13M7vNuYB6SKNVheEm3fq1bHpTZytzXLjc8WdS/cpRwW7mNVZP
s+HPNmnZ1fdUpShjzMc6QamoAkVlLdSfmjlXVQbijHwrmIihv10YBYnDsToTdqnn
8htW6JRaiSsOkR47PJwHMrL6VEEu8uA2iVxiYJs+2XorZ4t1q5U+7VDQsVnahoHj
9geW8d2bl+hN4SI0MZhlzliirDKJpjLPOBig+h3jKS3B+bEp8TrVAfKKcrOw6ZMG
Wd/PohJsT3MuESZnp6TxP2bLxFBc5IaQvYxMuSu+VV0fQ+mmRS4=
=4wjg
-----END PGP SIGNATURE-----
Reply to: