Package: redis / 5:7.0.15-1~deb12u5

Metadata

Package Version Patches format
redis 5:7.0.15-1~deb12u5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian packaging/0001 Set Debian configuration defaults.patch | (download)

redis.conf | 10 5 + 5 - 0 !
sentinel.conf | 8 4 + 4 - 0 !
2 files changed, 9 insertions(+), 9 deletions(-)

 set debian configuration defaults

0001 Fix FTBFS on kFreeBSD.patch | (download)

src/fmacros.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix ftbfs on kfreebsd


0002 Add CPPFLAGS to upstream makefiles.patch | (download)

deps/hdr_histogram/Makefile | 2 1 + 1 - 0 !
deps/linenoise/Makefile | 2 1 + 1 - 0 !
src/Makefile | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 add cppflags to upstream makefiles


0003 Use get_current_dir_name over PATHMAX.patch | (download)

src/rdb.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 use get_current_dir_name over pathmax, etc.


0004 Add support for USE_SYSTEM_JEMALLOC flag.patch | (download)

deps/Makefile | 2 2 + 0 - 0 !
src/Makefile | 5 5 + 0 - 0 !
src/debug.c | 4 4 + 0 - 0 !
src/object.c | 5 5 + 0 - 0 !
src/sds.c | 4 4 + 0 - 0 !
src/zmalloc.c | 10 10 + 0 - 0 !
src/zmalloc.h | 4 4 + 0 - 0 !
7 files changed, 34 insertions(+)

 add support for use_system_jemalloc flag.

0001 Apply security fixes for CVEs 1113.patch | (download)

deps/lua/src/lua_bit.c | 1 1 + 0 - 0 !
src/acl.c | 2 1 + 1 - 0 !
src/util.c | 9 6 + 3 - 0 !
tests/unit/acl-v2.tcl | 5 5 + 0 - 0 !
tests/unit/keyspace.tcl | 6 6 + 0 - 0 !
tests/unit/scripting.tcl | 6 6 + 0 - 0 !
6 files changed, 25 insertions(+), 4 deletions(-)

 apply security fixes for cves (#1113)

Apply the security fixes for the release.

(CVE-2024-31449) Lua library commands may lead to stack overflow and
potential RCE.
(CVE-2024-31227) Potential Denial-of-service due to malformed ACL
selectors.
(CVE-2024-31228) Potential Denial-of-service due to unbounded pattern
matching.


0001 Fix LUA garbage collector CVE 2024 46981 1513.patch | (download)

src/eval.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fix lua garbage collector (cve-2024-46981) (#1513)

Reset GC state before closing the lua VM to prevent user data to be
wrongly freed while still might be used on destructor callbacks.

Created and publish by Redis in their OSS branch.

Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
Co-authored-by: YaacovHazan <yaacov.hazan@redis.com>

0002 Fix Read Write key pattern selector CVE 2024 51741 1.patch | (download)

src/acl.c | 11 8 + 3 - 0 !
tests/unit/acl-v2.tcl | 23 22 + 1 - 0 !
2 files changed, 30 insertions(+), 4 deletions(-)

 fix read/write key pattern selector (cve-2024-51741) (#1514)

The explanation on the original commit was wrong. Key based access must
have a `~` in order to correctly configure whey key prefixes to apply
the selector to. If this is missing, a server assert will be triggered
later.

Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
Co-authored-by: YaacovHazan <yaacov.hazan@redis.com>

0001 Limiting output buffer for unauthenticated client CV.patch | (download)

src/networking.c | 5 5 + 0 - 0 !
tests/unit/auth.tcl | 18 18 + 0 - 0 !
2 files changed, 23 insertions(+)

 limiting output buffer for unauthenticated client (cve-2025-21605)

For unauthenticated clients the output buffer is limited to prevent
them from abusing it by not reading the replies

0005 CVE 2025 27151.patch | (download)

src/redis-check-aof.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 [patch] check length of aof file name in redis-check-aof
  (CVE-2025-27151)

Ensure that the length of the input file name does not exceed PATH_MAX

0006 CVE 2025 32023.patch | (download)

src/hyperloglog.c | 47 42 + 5 - 0 !
tests/unit/hyperloglog.tcl | 51 51 + 0 - 0 !
2 files changed, 93 insertions(+), 5 deletions(-)

 [patch] fix out of bounds write in hyperloglog commands
  (CVE-2025-32023)

Co-authored-by: oranagra <oran@redislabs.com>

0007 CVE 2025 48367.patch | (download)

src/anet.c | 24 24 + 0 - 0 !
src/anet.h | 1 1 + 0 - 0 !
src/cluster.c | 2 2 + 0 - 0 !
src/networking.c | 6 6 + 0 - 0 !
4 files changed, 33 insertions(+)

 [patch] retry accept() even if accepted connection reports an error
  (CVE-2025-48367)

In case of accept4() returns an error, we should check errno value and decide if we should retry accept4() without waiting next event loop iteration.