packages/redis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!120 [sync] PR-118: Update to 7.2.7 for fix CVEs

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2025-02-17 06:04:42 +00:00 committed by Gitee
commit fcabef4d4f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
25 changed files with 810 additions and 2083 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

652
0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch Normal file
View File

@ -0,0 +1,652 @@
From d68953c34d4d6987883ddf6158c3c69e7500667f Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Thu, 8 Sep 2016 14:51:15 +0200
Subject: [PATCH 1/3] 1st man pageis for - redis-cli - redis-benchmark -
redis-check-aof - redis-check-rdb - redis-server - redis.conf
as redis-sentinel is a symlink to redis-server, same page can be used (also symlinked)
redis.conf can also be used for sentinel.conf
---
man/man1/redis-benchmark.1 | 132 ++++++++++++++++++++++++++++
man/man1/redis-check-aof.1 | 60 +++++++++++++
man/man1/redis-check-rdb.1 | 53 ++++++++++++
man/man1/redis-cli.1 | 171 +++++++++++++++++++++++++++++++++++++
man/man1/redis-server.1 | 117 +++++++++++++++++++++++++
man/man5/redis.conf.5 | 57 +++++++++++++
6 files changed, 590 insertions(+)
create mode 100644 man/man1/redis-benchmark.1
create mode 100644 man/man1/redis-check-aof.1
create mode 100644 man/man1/redis-check-rdb.1
create mode 100644 man/man1/redis-cli.1
create mode 100644 man/man1/redis-server.1
create mode 100644 man/man5/redis.conf.5
diff --git a/man/man1/redis-benchmark.1 b/man/man1/redis-benchmark.1
new file mode 100644
index 0000000..a3e4c62
--- /dev/null
+++ b/man/man1/redis-benchmark.1
@@ -0,0 +1,132 @@
+.TH REDIS-BENCHMARK 1 "2016" "Redis" "User commands"
+.SH NAME
+redis\-benchmark \- Redis benchmark
+
+.SH SYNOPSIS
+.B redis\-benchmark
+[ options ]
+.LP
+
+.SH DESCRIPTION
+\fBRedis\fP is an open source (BSD licensed), in-memory data structure store,
+used as database, cache and message broker, found at
+.B http://redis.io/
+
+The \fBredis\-benchmark\fP command is a command to benchmark redis-server.
+
+.SH OPTIONS
+.TP 15
+.B \-h \fIhostname\fP
+Server hostname (default: 127.0.0.1).
+.TP
+.B \-p \fIport\fP
+Server port (default: 6379).
+.TP
+.B \-s \fIsocket\fP
+Server socket (overrides hostname and port).
+.TP
+.B \-a \fIpassword\fP
+Password to use when connecting to the server.
+.TP
+.B \-c \fIclients\fP
+Number of parallel connections (default 50)
+.TP
+.B \-dnnum \fIdb\fP
+SELECT the specified db number (default 0)
+.TP
+.B \-k \fIboolean\fP
+1=keep alive 0=reconnect (default 1)
+.TP
+.B \-r \fIkeyspacelen\fP
+Use random keys for SET/GET/INCR, random values for SADD
+Using this option the benchmark will expand the string __rand_int__
+inside an argument with a 12 digits number in the specified range
+from 0 to keyspacelen-1. The substitution changes every time a command
+is executed. Default tests use this to hit random keys in the
+specified range.
+.TP
+.B \-P \fInumreq\fP
+Pipeline <numreq> requests. Default 1 (no pipeline).
+.TP
+.B \-e
+If server replies with errors, show them on stdout.
+(no more than 1 error per second is displayed)
+.TP
+.B \-q
+Quiet. Just show query/sec values
+.TP
+.B \-\-csv
+Output in CSV format
+.TP
+.B \-l
+Loop. Run the tests forever
+.TP
+.B \-t \fItests\fP
+Only run the comma separated list of tests. The test
+names are the same as the ones produced as output.
+.TP
+.B \-I
+Idle mode. Just open N idle connections and wait.
+
+.SH EXAMPLES
+.TP 5
+Run the benchmark with the default configuration against 127.0.0.1:6379:
+$ redis\-benchmark
+.TP
+Use 20 parallel clients, for a total of 100k requests, against 192.168.1.1:
+$ redis-benchmark \-h 192.168.1.1 \-p 6379 \-n 100000 \-c 20
+.TP
+Fill 127.0.0.1:6379 with about 1 million keys only using the SET test:
+$ redis\-benchmark \-t set \-n 1000000 \-r 100000000
+.TP
+Benchmark 127.0.0.1:6379 for a few commands producing CSV output:
+$ redis\-benchmark \-t ping,set,get \-n 100000 \-\-csv
+.TP
+Benchmark a specific command line:
+$ redis\-benchmark \-r 10000 \-n 10000 eval 'return redis.call("ping")' 0
+.TP
+Fill a list with 10000 random elements:
+$ redis\-benchmark \-r 10000 \-n 10000 lpush mylist __rand_int__
+.TP
+On user specified command lines __rand_int__ is replaced with a random integer
+with a range of values selected by the -r option.
+
+
+.SH BUGS
+See:
+.PD 0
+.B http://redis.io/support
+and
+.B https://github.com/antirez/redis/issues
+
+.SH COPYRIGHT
+Copyright \(co 2006\-2016
+Salvatore Sanfilippo
+.P
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+.TP 2
+*
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+.TP
+*
+Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+.TP
+*
+Neither the name of Redis nor the names of its contributors may be used
+to endorse or promote products derived from this software without specific
+prior written permission.
+.P
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/man/man1/redis-check-aof.1 b/man/man1/redis-check-aof.1
new file mode 100644
index 0000000..1569fd9
--- /dev/null
+++ b/man/man1/redis-check-aof.1
@@ -0,0 +1,60 @@
+.TH REDIS-CHECK-AOF 1 "2016" "Redis" "User commands"
+.SH NAME
+redis\-check\-aof \- Redis AOF file checker and repairer
+
+.SH SYNOPSIS
+.B redis\-check\-aof
+[\-\-fix]
+.IR file.aof
+
+.SH DESCRIPTION
+\fBRedis\fP is an open source (BSD licensed), in-memory data structure store,
+used as database, cache and message broker, found at
+.B http://redis.io/
+
+The \fBredis\-check\-aof\fP command to check or repair redis-server AOF files.
+
+.SH OPTIONS
+.TP 15
+.B \-\-fix
+Fix the file
+
+
+.SH BUGS
+See:
+.PD 0
+.B http://redis.io/support
+and
+.B https://github.com/antirez/redis/issues
+
+.SH COPYRIGHT
+Copyright \(co 2006\-2016
+Salvatore Sanfilippo
+.P
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+.TP 2
+*
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+.TP
+*
+Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+.TP
+*
+Neither the name of Redis nor the names of its contributors may be used
+to endorse or promote products derived from this software without specific
+prior written permission.
+.P
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/man/man1/redis-check-rdb.1 b/man/man1/redis-check-rdb.1
new file mode 100644
index 0000000..0e798ab
--- /dev/null
+++ b/man/man1/redis-check-rdb.1
@@ -0,0 +1,53 @@
+.TH REDIS-CHECK-RDB 1 "2016" "Redis" "User commands"
+.SH NAME
+redis\-check\-aof \- Redis RDB file checker
+
+.SH SYNOPSIS
+.B redis\-check\-aof
+.IR file.rdb
+
+.SH DESCRIPTION
+\fBRedis\fP is an open source (BSD licensed), in-memory data structure store,
+used as database, cache and message broker, found at
+.B http://redis.io/
+
+The \fBredis\-check\-rdb\fP command to check redis-server RDB files.
+
+.SH BUGS
+See:
+.PD 0
+.B http://redis.io/support
+and
+.B https://github.com/antirez/redis/issues
+
+.SH COPYRIGHT
+Copyright \(co 2006\-2016
+Salvatore Sanfilippo
+.P
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+.TP 2
+*
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+.TP
+*
+Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+.TP
+*
+Neither the name of Redis nor the names of its contributors may be used
+to endorse or promote products derived from this software without specific
+prior written permission.
+.P
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/man/man1/redis-cli.1 b/man/man1/redis-cli.1
new file mode 100644
index 0000000..14f84df
--- /dev/null
+++ b/man/man1/redis-cli.1
@@ -0,0 +1,171 @@
+.TH REDIS-CLI 1 "2016" "Redis" "User commands"
+.SH NAME
+redis\-cli \- Redis client
+
+.SH SYNOPSIS
+.B redis\-cli
+[ options ] [cmd [arg [arg ...]]]
+.LP
+
+.SH DESCRIPTION
+\fBRedis\fP is an open source (BSD licensed), in-memory data structure store,
+used as database, cache and message broker, found at
+.B http://redis.io/
+
+The \fBredis-cli\fP command is a command line client to redis-server.
+
+.SH OPTIONS
+.TP 15
+.B \-h \fIhostname\fP
+Server hostname (default: 127.0.0.1).
+.TP
+.B \-p \fIport\fP
+Server port (default: 6379).
+.TP
+.B \-s \fIsocket\fP
+Server socket (overrides hostname and port).
+.TP
+.B \-a \fIpassword\fP
+Password to use when connecting to the server.
+.TP
+.B \-r \fIrepeat\fP
+Execute specified command N times.
+.TP
+.B \-i \fIinterval\fP
+When -r is used, waits \fIinterval\fP seconds per command.
+It is possible to specify sub-second times like -i 0.1.
+.TP
+.B \-n \fIdb\fP
+Database number.
+.TP
+.B \-x
+Read last argument from STDIN.
+.TP
+.B \-d \fIdelimiter\fP
+Multi-bulk delimiter in for raw formatting (default: \n).
+.TP
+.B \-c
+Enable cluster mode (follow -ASK and -MOVED redirections).
+.TP
+.B \-\-raw
+Use raw formatting for replies (default when STDOUT is not a tty).
+.TP
+.B \-\-no\-raw
+Force formatted output even when STDOUT is not a tty.
+.TP
+.B \-\-csv
+Output in CSV format.
+.TP
+.B \-\-stat
+Print rolling stats about server: mem, clients, ...
+.TP
+.B \-\-latency
+Enter a special mode continuously sampling latency.
+.TP
+.B \-\-latency\-history
+Like \-\-latency but tracking latency changes over time.
+Default time interval is 15 sec. Change it using -i.
+.TP
+.B \-\-latency\-dist
+Shows latency as a spectrum, requires xterm 256 colors.
+Default time interval is 1 sec. Change it using -i.
+.TP
+.B \-\-lru\-test
+Simulate a cache workload with an 80-20 distribution.
+.TP
+.B \-\-slave
+Simulate a slave showing commands received from the master.
+.TP
+.B \-\-rdb \fIfilename\fP
+Transfer an RDB dump from remote server to local file.
+.TP
+.B \-\-pipe
+Transfer raw Redis protocol from stdin to server.
+.TP
+.B \-\-pipe-timeout \fIn\fP
+In --pipe mode, abort with error if after sending all data.
+no reply is received within \fIn\fP seconds.
+Default timeout: 30. Use 0 to wait forever.
+.TP
+.B \-\-bigkeys
+Sample Redis keys looking for big keys.
+.TP
+.B \-\-scan
+List all keys using the SCAN command.
+.TP
+.B \-\-pattern \fIpat\fP
+Useful with --scan to specify a SCAN pattern.
+.TP
+.B \-\-intrinsic-latency \fIsec\fP
+Run a test to measure intrinsic system latency.
+The test will run for the specified amount of seconds.
+.TP
+.B \-\-eval \fIfile\fP
+Send an EVAL command using the Lua script at \fIfile\fP.
+.TP
+.B \-\-ldb
+Used with --eval enable the Redis Lua debugger.
+.TP
+.B \-\-ldb-sync-mode
+Like --ldb but uses the synchronous Lua debugger, in
+this mode the server is blocked and script changes are
+are not rolled back from the server memory.
+.TP
+.B \-\-help
+Output this help and exit.
+.TP
+.B \-\-version
+Output version and exit.
+
+.SH EXAMPLES
+.TP
+cat /etc/passwd | redis-cli -x set mypasswd
+.TP
+redis-cli get mypasswd
+.TP
+redis-cli \-r 100 lpush mylist x
+.TP
+redis-cli \-r 100 \-i 1 info | grep used_memory_human:
+.TP
+redis-cli \-\-eval myscript.lua key1 key2 , arg1 arg2 arg3
+.TP
+redis-cli \-\-scan \-\-pattern '*:12345*'
+
+.SH BUGS
+See:
+.PD 0
+.B http://redis.io/support
+and
+.B https://github.com/antirez/redis/issues
+
+.SH COPYRIGHT
+Copyright \(co 2006\-2016
+Salvatore Sanfilippo
+.P
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+.TP 2
+*
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+.TP
+*
+Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+.TP
+*
+Neither the name of Redis nor the names of its contributors may be used
+to endorse or promote products derived from this software without specific
+prior written permission.
+.P
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/man/man1/redis-server.1 b/man/man1/redis-server.1
new file mode 100644
index 0000000..d6edd25
--- /dev/null
+++ b/man/man1/redis-server.1
@@ -0,0 +1,117 @@
+.TH REDIS-SERVER 1 "2016" "Redis" "User commands"
+.SH NAME
+redis\-server, redis\-sentinel \- Redis server
+
+.SH SYNOPSIS
+.B redis\-server
+[
+.IR configuration_file
+] [ options ] [ \-\-sentinel ]
+.LP
+.B redis\-sentinel
+[
+.IR configuration_file
+] [ options ]
+
+
+.SH DESCRIPTION
+\fBRedis\fP is an open source (BSD licensed), in-memory data structure store,
+used as database, cache and message broker, found at
+.B http://redis.io/
+.LP
+The \fBredis\-server\fP command is a command line to launch a Redis server.
+.LP
+The \fBredis\-sentinel\fP command is a symbolic link to the \fBredis\-server\fP
+command which imply the \fB\-\-sentionel\fP option.
+
+.SH OPTIONS
+.TP 15
+.B \-
+Read configuration from stdin.
+.TP
+.TP 15
+.B \-\-sentinel
+Run in sentinel mode
+.TP
+.B \-\-test-memory \fImegabytes\fP
+Run a memory check and exit.
+.TP
+.PD 0
+.B \-\-help
+.TP
+.PD 1
+.B \-h
+Output this help and exit.
+.TP
+.PD 0
+.B \-\-version
+.TP
+.PD 1
+.B \-v
+Output version and exit.
+.P
+All parameters described in \fBredis.conf\fR file can be passed as
+command line option, e.g.
+.B \-\-port
+.IR port
+.
+
+.SH EXAMPLES
+.TP 5
+Run the server with default conf
+redis-server
+.TP
+Run the server with a configuration file
+redis-server /etc/6379.conf
+.TP
+Run the server changing some default options
+redis-server --port 7777 --slaveof 127.0.0.1 8888
+.TP
+Run the server with a configuration file and changing some options
+redis-server /etc/myredis.conf --loglevel verbose
+.TP
+Run in sentinel mode
+redis-server /etc/redis-sentinel.conf --sentinel
+
+.SH "SEE ALSO"
+.PP
+\fBredis.conf\fR(5)
+
+.SH BUGS
+See:
+.PD 0
+.B http://redis.io/support
+and
+.B https://github.com/antirez/redis/issues
+
+.SH COPYRIGHT
+Copyright \(co 2006\-2016
+Salvatore Sanfilippo
+.P
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+.TP 2
+*
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+.TP
+*
+Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+.TP
+*
+Neither the name of Redis nor the names of its contributors may be used
+to endorse or promote products derived from this software without specific
+prior written permission.
+.P
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/man/man5/redis.conf.5 b/man/man5/redis.conf.5
new file mode 100644
index 0000000..1e0c9c9
--- /dev/null
+++ b/man/man5/redis.conf.5
@@ -0,0 +1,57 @@
+.TH REDIS.CONF 5 "2016" "Redis" "Configuration files"
+.SH NAME
+redis.conf, sentinel.conf - redis server configuration files.
+
+.SH PARAMETERS
+.TP
+All empty lines or lines beginning with '#' are ignored.
+.TP
+See inline comments for parameters description.
+
+.SH DESCRIPTION
+.TP
+\fBredis-server\fP read the configuration file passed as first argument.
+
+.SH "SEE ALSO"
+.PP
+\fBredis\-server\fR(1)
+
+
+.SH BUGS
+See:
+.PD 0
+.B http://redis.io/support
+and
+.B https://github.com/antirez/redis/issues
+
+.SH COPYRIGHT
+Copyright \(co 2006\-2016
+Salvatore Sanfilippo
+.P
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+.TP 2
+*
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+.TP
+*
+Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+.TP
+*
+Neither the name of Redis nor the names of its contributors may be used
+to endorse or promote products derived from this software without specific
+prior written permission.
+.P
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--
2.24.1

185
Aesthetic-changes-to-PR.patch
View File

@ -1,185 +0,0 @@
From 7413dc16572ffd672835c1391b08409472771093 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Fri, 16 Mar 2018 16:57:53 +0100
Subject: [PATCH] Aesthetic changes to PR #4749.
---
src/hyperloglog.c | 80 +++++++++++++++++++++++------------------------
1 file changed, 40 insertions(+), 40 deletions(-)
diff --git a/src/hyperloglog.c b/src/hyperloglog.c
index 77109c8..68d591c 100644
--- a/src/hyperloglog.c
+++ b/src/hyperloglog.c
@@ -403,7 +403,7 @@ uint64_t MurmurHash64A (const void * key, int len, unsigned int seed) {
#if (BYTE_ORDER == LITTLE_ENDIAN)
#ifdef USE_ALIGNED_ACCESS
- memcpy(&k,data,sizeof(uint64_t));
+ memcpy(&k,data,sizeof(uint64_t));
#else
k = *((uint64_t*)data);
#endif
@@ -512,7 +512,7 @@ int hllDenseAdd(uint8_t *registers, unsigned char *ele, size_t elesize) {
}
/* Compute the register histogram in the dense representation. */
-void hllDenseRegHisto(uint8_t *registers, int* regHisto) {
+void hllDenseRegHisto(uint8_t *registers, int* reghisto) {
int j;
/* Redis default is to use 16384 registers 6 bits each. The code works
@@ -541,22 +541,22 @@ void hllDenseRegHisto(uint8_t *registers, int* regHisto) {
r14 = (r[10] >> 4 | r[11] << 4) & 63;
r15 = (r[11] >> 2) & 63;
- regHisto[r0] += 1;
- regHisto[r1] += 1;
- regHisto[r2] += 1;
- regHisto[r3] += 1;
- regHisto[r4] += 1;
- regHisto[r5] += 1;
- regHisto[r6] += 1;
- regHisto[r7] += 1;
- regHisto[r8] += 1;
- regHisto[r9] += 1;
- regHisto[r10] += 1;
- regHisto[r11] += 1;
- regHisto[r12] += 1;
- regHisto[r13] += 1;
- regHisto[r14] += 1;
- regHisto[r15] += 1;
+ reghisto[r0]++;
+ reghisto[r1]++;
+ reghisto[r2]++;
+ reghisto[r3]++;
+ reghisto[r4]++;
+ reghisto[r5]++;
+ reghisto[r6]++;
+ reghisto[r7]++;
+ reghisto[r8]++;
+ reghisto[r9]++;
+ reghisto[r10]++;
+ reghisto[r11]++;
+ reghisto[r12]++;
+ reghisto[r13]++;
+ reghisto[r14]++;
+ reghisto[r15]++;
r += 12;
}
@@ -564,7 +564,7 @@ void hllDenseRegHisto(uint8_t *registers, int* regHisto) {
for(j = 0; j < HLL_REGISTERS; j++) {
unsigned long reg;
HLL_DENSE_GET_REGISTER(reg,registers,j);
- regHisto[reg] += 1;
+ reghisto[reg]++;
}
}
}
@@ -904,7 +904,7 @@ int hllSparseAdd(robj *o, unsigned char *ele, size_t elesize) {
}
/* Compute the register histogram in the sparse representation. */
-void hllSparseRegHisto(uint8_t *sparse, int sparselen, int *invalid, int* regHisto) {
+void hllSparseRegHisto(uint8_t *sparse, int sparselen, int *invalid, int* reghisto) {
int idx = 0, runlen, regval;
uint8_t *end = sparse+sparselen, *p = sparse;
@@ -912,18 +912,18 @@ void hllSparseRegHisto(uint8_t *sparse, int sparselen, int *invalid, int* regHis
if (HLL_SPARSE_IS_ZERO(p)) {
runlen = HLL_SPARSE_ZERO_LEN(p);
idx += runlen;
- regHisto[0] += runlen;
+ reghisto[0] += runlen;
p++;
} else if (HLL_SPARSE_IS_XZERO(p)) {
runlen = HLL_SPARSE_XZERO_LEN(p);
idx += runlen;
- regHisto[0] += runlen;
+ reghisto[0] += runlen;
p += 2;
} else {
runlen = HLL_SPARSE_VAL_LEN(p);
regval = HLL_SPARSE_VAL_VALUE(p);
idx += runlen;
- regHisto[regval] += runlen;
+ reghisto[regval] += runlen;
p++;
}
}
@@ -938,24 +938,24 @@ void hllSparseRegHisto(uint8_t *sparse, int sparselen, int *invalid, int* regHis
/* Implements the register histogram calculation for uint8_t data type
* which is only used internally as speedup for PFCOUNT with multiple keys. */
-void hllRawRegHisto(uint8_t *registers, int* regHisto) {
+void hllRawRegHisto(uint8_t *registers, int* reghisto) {
uint64_t *word = (uint64_t*) registers;
uint8_t *bytes;
int j;
for (j = 0; j < HLL_REGISTERS/8; j++) {
if (*word == 0) {
- regHisto[0] += 8;
+ reghisto[0] += 8;
} else {
bytes = (uint8_t*) word;
- regHisto[bytes[0]] += 1;
- regHisto[bytes[1]] += 1;
- regHisto[bytes[2]] += 1;
- regHisto[bytes[3]] += 1;
- regHisto[bytes[4]] += 1;
- regHisto[bytes[5]] += 1;
- regHisto[bytes[6]] += 1;
- regHisto[bytes[7]] += 1;
+ reghisto[bytes[0]]++;
+ reghisto[bytes[1]]++;
+ reghisto[bytes[2]]++;
+ reghisto[bytes[3]]++;
+ reghisto[bytes[4]]++;
+ reghisto[bytes[5]]++;
+ reghisto[bytes[6]]++;
+ reghisto[bytes[7]]++;
}
word++;
}
@@ -1011,16 +1011,16 @@ uint64_t hllCount(struct hllhdr *hdr, int *invalid) {
double E;
int j;
double alphaInf = 0.5 / log(2.);
- int regHisto[HLL_Q+2] = {0};
+ int reghisto[HLL_Q+2] = {0};
/* Compute register histogram */
if (hdr->encoding == HLL_DENSE) {
- hllDenseRegHisto(hdr->registers,regHisto);
+ hllDenseRegHisto(hdr->registers,reghisto);
} else if (hdr->encoding == HLL_SPARSE) {
hllSparseRegHisto(hdr->registers,
- sdslen((sds)hdr)-HLL_HDR_SIZE,invalid,regHisto);
+ sdslen((sds)hdr)-HLL_HDR_SIZE,invalid,reghisto);
} else if (hdr->encoding == HLL_RAW) {
- hllRawRegHisto(hdr->registers,regHisto);
+ hllRawRegHisto(hdr->registers,reghisto);
} else {
serverPanic("Unknown HyperLogLog encoding in hllCount()");
}
@@ -1028,12 +1028,12 @@ uint64_t hllCount(struct hllhdr *hdr, int *invalid) {
/* Estimate cardinality form register histogram. See:
* "New cardinality estimation algorithms for HyperLogLog sketches"
* Otmar Ertl, arXiv:1702.01284 */
- double z = m * hllTau((m-regHisto[HLL_Q+1])/(double)m);
+ double z = m * hllTau((m-reghisto[HLL_Q+1])/(double)m);
for (j = HLL_Q; j >= 1; --j) {
- z += regHisto[j];
+ z += reghisto[j];
z *= 0.5;
}
- z += m * hllSigma(regHisto[0]/(double)m);
+ z += m * hllSigma(reghisto[0]/(double)m);
E = llroundl(alphaInf*m*m/z);
return (uint64_t) E;
--
2.23.0

30
CVE-2019-10193.patch
View File

@ -1,30 +0,0 @@
From 4c7eda965af7f231148219267c9b039d06cab519 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Fri, 15 Mar 2019 17:10:16 +0100
Subject: [PATCH] HyperLogLog: enlarge reghisto variable for safety.
---
src/hyperloglog.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/hyperloglog.c b/src/hyperloglog.c
index 68d591c..24cf81a 100644
--- a/src/hyperloglog.c
+++ b/src/hyperloglog.c
@@ -1011,7 +1011,12 @@ uint64_t hllCount(struct hllhdr *hdr, int *invalid) {
double E;
int j;
double alphaInf = 0.5 / log(2.);
- int reghisto[HLL_Q+2] = {0};
+ /* Note that reghisto could be just HLL_Q+1, becuase this is the
+ * maximum frequency of the "000...1" sequence the hash function is
+ * able to return. However it is slow to check for sanity of the
+ * input: instead we history array at a safe size: overflows will
+ * just write data to wrong, but correctly allocated, places. */
+ int reghisto[64] = {0};
/* Compute register histogram */
if (hdr->encoding == HLL_DENSE) {
--
2.23.0

50
CVE-2020-14147.patch
View File

@ -1,50 +0,0 @@
From ef764dde1cca2f25d00686673d1bc89448819571 Mon Sep 17 00:00:00 2001
From: Seunghoon Woo <toad58@nate.com>
Date: Mon, 10 Feb 2020 16:32:46 +0900
Subject: [PATCH] [FIX] revisit CVE-2015-8080 vulnerability
---
deps/lua/src/lua_struct.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/deps/lua/src/lua_struct.c b/deps/lua/src/lua_struct.c
index 4d5f027b85c..c58c8e72b08 100644
--- a/deps/lua/src/lua_struct.c
+++ b/deps/lua/src/lua_struct.c
@@ -89,12 +89,14 @@ typedef struct Header {
} Header;
-static int getnum (const char **fmt, int df) {
+static int getnum (lua_State *L, const char **fmt, int df) {
if (!isdigit(**fmt)) /* no number? */
return df; /* return default value */
else {
int a = 0;
do {
+ if (a > (INT_MAX / 10) || a * 10 > (INT_MAX - (**fmt - '0')))
+ luaL_error(L, "integral size overflow");
a = a*10 + *((*fmt)++) - '0';
} while (isdigit(**fmt));
return a;
@@ -115,9 +117,9 @@ static size_t optsize (lua_State *L, char opt, const char **fmt) {
case 'f': return sizeof(float);
case 'd': return sizeof(double);
case 'x': return 1;
- case 'c': return getnum(fmt, 1);
+ case 'c': return getnum(L, fmt, 1);
case 'i': case 'I': {
- int sz = getnum(fmt, sizeof(int));
+ int sz = getnum(L, fmt, sizeof(int));
if (sz > MAXINTSIZE)
luaL_error(L, "integral size %d is larger than limit of %d",
sz, MAXINTSIZE);
@@ -150,7 +152,7 @@ static void controloptions (lua_State *L, int opt, const char **fmt,
case '>': h->endian = BIG; return;
case '<': h->endian = LITTLE; return;
case '!': {
- int a = getnum(fmt, MAXALIGN);
+ int a = getnum(L, fmt, MAXALIGN);
if (!isp2(a))
luaL_error(L, "alignment %d is not a power of 2", a);
h->align = a;

150
CVE-2021-21309.patch
View File

@ -1,150 +0,0 @@
From 48f04a82a0ac542341fb644a4cfbebadd5c59a33 Mon Sep 17 00:00:00 2001
From: Yossi Gottlieb <yossigo@gmail.com>
Date: Mon, 22 Feb 2021 15:41:32 +0200
Subject: [PATCH] Fix integer overflow (CVE-2021-21309). (#8522)
On 32-bit systems, setting the proto-max-bulk-len config parameter to a high value may result with integer overflow and a subsequent heap overflow when parsing an input bulk (CVE-2021-21309).
This fix has two parts:
Set a reasonable limit to the config parameter.
Add additional checks to prevent the problem in other potential but unknown code paths.
(cherry picked from commit d32f2e9999ce003bad0bd2c3bca29f64dcce4433)
Fix MSVR reported issue.
---
src/config.c | 16 ++++++++--------
src/sds.c | 3 +++
src/zmalloc.c | 10 ++++++++++
3 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/src/config.c b/src/config.c
index 5f22442ecc5..0814768b9d9 100644
--- a/src/config.c
+++ b/src/config.c
@@ -817,10 +817,10 @@ void loadServerConfig(char *filename, ch
if (max != LLONG_MAX && ll > max) goto badfmt; \
_var = ll;
-#define config_set_memory_field(_name,_var) \
+#define config_set_memory_field(_name,_var,min,max) \
} else if (!strcasecmp(c->argv[2]->ptr,_name)) { \
ll = memtoll(o->ptr,&err); \
- if (err || ll < 0) goto badfmt; \
+ if (err || ll < (long long) (min) || ll > (long long) (max)) goto badfmt; \
_var = ll;
#define config_set_enum_field(_name,_var,_enumvar) \
@@ -1063,7 +1063,7 @@ void configSetCommand(client *c) {
} config_set_numerical_field(
"active-defrag-threshold-upper",server.active_defrag_threshold_upper,0,1000) {
} config_set_memory_field(
- "active-defrag-ignore-bytes",server.active_defrag_ignore_bytes) {
+ "active-defrag-ignore-bytes",server.active_defrag_ignore_bytes,0,LONG_MAX) {
} config_set_numerical_field(
"active-defrag-cycle-min",server.active_defrag_cycle_min,1,99) {
} config_set_numerical_field(
@@ -1139,7 +1139,7 @@ void configSetCommand(client *c) {
/* Memory fields.
* config_set_memory_field(name,var) */
- } config_set_memory_field("maxmemory",server.maxmemory) {
+ } config_set_memory_field("maxmemory",server.maxmemory,0,LONG_MAX) {
if (server.maxmemory) {
if (server.maxmemory < zmalloc_used_memory()) {
serverLog(LL_WARNING,"WARNING: the new maxmemory value set via CONFIG SET is smaller than the current memory usage. This will result in keys eviction and/or inability to accept new write commands depending on the maxmemory-policy.");
@@ -1147,12 +1147,12 @@ void configSetCommand(client *c) {
freeMemoryIfNeeded();
}
} config_set_memory_field(
- "proto-max-bulk-len",server.proto_max_bulk_len) {
+ "proto-max-bulk-len",server.proto_max_bulk_len,1024*1024,LONG_MAX/2) {
} config_set_memory_field(
- "client-query-buffer-limit",server.client_max_querybuf_len) {
- } config_set_memory_field("repl-backlog-size",ll) {
+ "client-query-buffer-limit",server.client_max_querybuf_len,0,LONG_MAX) {
+ } config_set_memory_field("repl-backlog-size",ll,0,LONG_MAX) {
resizeReplicationBacklog(ll);
- } config_set_memory_field("auto-aof-rewrite-min-size",ll) {
+ } config_set_memory_field("auto-aof-rewrite-min-size",ll,0,LONG_MAX) {
server.aof_rewrite_min_size = ll;
/* Enumeration fields.
diff --git a/src/sds.c b/src/sds.c
index cd60946bdd3..12c9da356d9 100644
--- a/src/sds.c
+++ b/src/sds.c
@@ -91,6 +91,7 @@ sds sdsnewlen(const void *init, size_t initlen) {
int hdrlen = sdsHdrSize(type);
unsigned char *fp; /* flags pointer. */
+ assert(hdrlen+initlen+1 > initlen); /* Catch size_t overflow */
sh = s_malloc(hdrlen+initlen+1);
if (!init)
memset(sh, 0, hdrlen+initlen+1);
@@ -207,6 +208,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
len = sdslen(s);
sh = (char*)s-sdsHdrSize(oldtype);
newlen = (len+addlen);
+ assert(newlen > len); /* Catch size_t overflow */
if (newlen < SDS_MAX_PREALLOC)
newlen *= 2;
else
@@ -220,6 +222,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
if (type == SDS_TYPE_5) type = SDS_TYPE_8;
hdrlen = sdsHdrSize(type);
+ assert(hdrlen+newlen+1 > len); /* Catch size_t overflow */
if (oldtype==type) {
newsh = s_realloc(sh, hdrlen+newlen+1);
if (newsh == NULL) return NULL;
diff --git a/src/zmalloc.c b/src/zmalloc.c
index 972db79d7ab..29e68180f0d 100644
--- a/src/zmalloc.c
+++ b/src/zmalloc.c
@@ -55,6 +55,12 @@ void zlibc_free(void *ptr) {
#endif
#endif
+#if PREFIX_SIZE > 0
+#define ASSERT_NO_SIZE_OVERFLOW(sz) assert((sz) + PREFIX_SIZE > (sz))
+#else
+#define ASSERT_NO_SIZE_OVERFLOW(sz)
+#endif
+
/* Explicitly override malloc/free etc when using tcmalloc. */
#if defined(USE_TCMALLOC)
#define malloc(size) tc_malloc(size)
@@ -95,6 +101,7 @@ static void zmalloc_default_oom(size_t size) {
static void (*zmalloc_oom_handler)(size_t) = zmalloc_default_oom;
void *zmalloc(size_t size) {
+ ASSERT_NO_SIZE_OVERFLOW(size);
void *ptr = malloc(size+PREFIX_SIZE);
if (!ptr) zmalloc_oom_handler(size);
@@ -113,6 +120,7 @@ void *zmalloc(size_t size) {
* Currently implemented only for jemalloc. Used for online defragmentation. */
#ifdef HAVE_DEFRAG
void *zmalloc_no_tcache(size_t size) {
+ ASSERT_NO_SIZE_OVERFLOW(size);
void *ptr = mallocx(size+PREFIX_SIZE, MALLOCX_TCACHE_NONE);
if (!ptr) zmalloc_oom_handler(size);
update_zmalloc_stat_alloc(zmalloc_size(ptr));
@@ -127,6 +135,7 @@ void zfree_no_tcache(void *ptr) {
#endif
void *zcalloc(size_t size) {
+ ASSERT_NO_SIZE_OVERFLOW(size);
void *ptr = calloc(1, size+PREFIX_SIZE);
if (!ptr) zmalloc_oom_handler(size);
@@ -141,6 +150,7 @@ void *zcalloc(size_t size) {
}
void *zrealloc(void *ptr, size_t size) {
+ ASSERT_NO_SIZE_OVERFLOW(size);
#ifndef HAVE_MALLOC_SIZE
void *realptr;
#endif

35
CVE-2021-29478.patch
View File

@ -1,35 +0,0 @@
From ef78ba0a7793a0b6be026ec77ef3c7e919efa08a Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Mon, 3 May 2021 08:27:22 +0300
Subject: [PATCH] Fix integer overflow in intset (CVE-2021-29478)
An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
potentially result with remote code execution.
The vulnerability involves changing the default set-max-intset-entries
configuration value, creating a large set key that consists of integer values
and using the COPY command to duplicate it.
The integer overflow bug exists in all versions of Redis starting with 2.6,
where it could result with a corrupted RDB or DUMP payload, but not exploited
through COPY (which did not exist before 6.2).
---
src/intset.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/intset.c b/src/intset.c
index 198c90a..8d35536 100644
--- a/src/intset.c
+++ b/src/intset.c
@@ -278,7 +278,7 @@ uint32_t intsetLen(const intset *is) {
/* Return intset blob size in bytes. */
size_t intsetBlobLen(intset *is) {
- return sizeof(intset)+intrev32ifbe(is->length)*intrev32ifbe(is->encoding);
+ return sizeof(intset)+(size_t)intrev32ifbe(is->length)*intrev32ifbe(is->encoding);
}
#ifdef REDIS_TEST
--
2.23.0

132
CVE-2021-32672.patch
View File

@ -1,132 +0,0 @@
From 6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd Mon Sep 17 00:00:00 2001
From: "meir@redislabs.com" <meir@redislabs.com>
Date: Sun, 13 Jun 2021 14:29:20 +0300
Subject: [PATCH] Fix protocol parsing on 'ldbReplParseCommand'
(CVE-2021-32672)
The protocol parsing on 'ldbReplParseCommand' (LUA debugging)Assumed protocol correctness. This means that if the following
is given:
*1
$100
test
The parser will try to read additional 94 unallocated bytes after
the client buffer.
This commit fixes this issue by validating that there are actually enough
bytes to read. It also limits the amount of data that can be sent by
the debugger client to 1M so the client will not be able to explode
the memory.
---
src/scripting.c | 29 +++++++++++++++++++++++++----
tests/unit/scripting.tcl | 14 ++++++++++++++
2 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/src/scripting.c b/src/scripting.c
index a781e68..ecb6811 100644
--- a/src/scripting.c
+++ b/src/scripting.c
@@ -1784,7 +1784,8 @@ int ldbDelBreakpoint(int line) {
/* Expect a valid multi-bulk command in the debugging client query buffer.
* On success the command is parsed and returned as an array of SDS strings,
* otherwise NULL is returned and there is to read more buffer. */
-sds *ldbReplParseCommand(int *argcp) {
+sds *ldbReplParseCommand(int *argcp, char** err) {
+ static char* protocol_error = "protocol error";
sds *argv = NULL;
int argc = 0;
if (sdslen(ldb.cbuf) == 0) return NULL;
@@ -1801,7 +1802,7 @@ sds *ldbReplParseCommand(int *argcp) {
/* Seek and parse *<count>\r\n. */
p = strchr(p,'*'); if (!p) goto protoerr;
char *plen = p+1; /* Multi bulk len pointer. */
- p = strstr(p,"\r\n"); if (!p) goto protoerr;
+ p = strstr(p,"\r\n"); if (!p) goto keep_reading;
*p = '\0'; p += 2;
*argcp = atoi(plen);
if (*argcp <= 0 || *argcp > 1024) goto protoerr;
@@ -1810,12 +1811,16 @@ sds *ldbReplParseCommand(int *argcp) {
argv = zmalloc(sizeof(sds)*(*argcp));
argc = 0;
while(argc < *argcp) {
+ // reached the end but there should be more data to read
+ if (*p == '\0') goto keep_reading;
+
if (*p != '$') goto protoerr;
plen = p+1; /* Bulk string len pointer. */
- p = strstr(p,"\r\n"); if (!p) goto protoerr;
+ p = strstr(p,"\r\n"); if (!p) goto keep_reading;
*p = '\0'; p += 2;
int slen = atoi(plen); /* Length of this arg. */
if (slen <= 0 || slen > 1024) goto protoerr;
+ if ((size_t)(p + slen + 2 - copy) > sdslen(copy) ) goto keep_reading;
argv[argc++] = sdsnewlen(p,slen);
p += slen; /* Skip the already parsed argument. */
if (p[0] != '\r' || p[1] != '\n') goto protoerr;
@@ -1825,6 +1830,8 @@ sds *ldbReplParseCommand(int *argcp) {
return argv;
protoerr:
+ *err = protocol_error;
+keep_reading:
sdsfreesplitres(argv,argc);
sdsfree(copy);
return NULL;
@@ -2246,12 +2253,17 @@ void ldbMaxlen(sds *argv, int argc) {
int ldbRepl(lua_State *lua) {
sds *argv;
int argc;
+ char* err = NULL;
/* We continue processing commands until a command that should return
* to the Lua interpreter is found. */
while(1) {
- while((argv = ldbReplParseCommand(&argc)) == NULL) {
+ while((argv = ldbReplParseCommand(&argc, &err)) == NULL) {
char buf[1024];
+ if (err) {
+ lua_pushstring(lua, err);
+ lua_error(lua);
+ }
int nread = read(ldb.fd,buf,sizeof(buf));
if (nread <= 0) {
/* Make sure the script runs without user input since the
@@ -2261,6 +2273,15 @@ int ldbRepl(lua_State *lua) {
return C_ERR;
}
ldb.cbuf = sdscatlen(ldb.cbuf,buf,nread);
+ /* after 1M we will exit with an error
+ * so that the client will not blow the memory
+ */
+ if (sdslen(ldb.cbuf) > 1<<20) {
+ sdsfree(ldb.cbuf);
+ ldb.cbuf = sdsempty();
+ lua_pushstring(lua, "max client buffer reached");
+ lua_error(lua);
+ }
}
/* Flush the old buffer. */
diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
index be82e15..48c9f1f 100644
--- a/tests/unit/scripting.tcl
+++ b/tests/unit/scripting.tcl
@@ -733,3 +733,17 @@ start_server {tags {"scripting repl"}} {
}
}
+start_server {tags {"scripting needs:debug external:skip"}} {
+ test {Test scripting debug protocol parsing} {
+ r script debug sync
+ r eval {return 'hello'} 0
+ catch {r 'hello\0world'} e
+ assert_match {*Unknown Redis Lua debugger command*} $e
+ catch {r 'hello\0'} e
+ assert_match {*Unknown Redis Lua debugger command*} $e
+ catch {r '\0hello'} e
+ assert_match {*Unknown Redis Lua debugger command*} $e
+ catch {r '\0hello\0'} e
+ assert_match {*Unknown Redis Lua debugger command*} $e
+ }
+}
--
2.27.0

39
CVE-2021-3470.patch
View File

@ -1,39 +0,0 @@
From a714d2561b78985ec85f3056aac83c603cbaaa5f Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Wed, 7 Apr 2021 10:00:53 +0800
Subject: [PATCH] Fix wrong zmalloc_size() assumption. (#7963)
When using a system with no malloc_usable_size(), zmalloc_size() assumed
that the heap allocator always returns blocks that are long-padded.
This may not always be the case, and will result with zmalloc_size()
returning a size that is bigger than allocated. At least in one case
this leads to out of bound write, process crash and a potential security
vulnerability.
Effectively this does not affect the vast majority of users, who use
jemalloc or glibc.
This problem along with a (different) fix was reported by Drew DeVault.
---
src/zmalloc.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/zmalloc.c b/src/zmalloc.c
index cc47f71..67b1b65 100644
--- a/src/zmalloc.c
+++ b/src/zmalloc.c
@@ -186,9 +186,6 @@ void *zrealloc(void *ptr, size_t size) {
size_t zmalloc_size(void *ptr) {
void *realptr = (char*)ptr-PREFIX_SIZE;
size_t size = *((size_t*)realptr);
- /* Assume at least that all the allocations are padded at sizeof(long) by
- * the underlying allocator. */
- if (size&(sizeof(long)-1)) size += sizeof(long)-(size&(sizeof(long)-1));
return size+PREFIX_SIZE;
}
#endif
--
2.23.0

689
CVE-2022-24834.patch
View File

@ -1,689 +0,0 @@
From 4fe8a0af3f479a4a5b17885334cb67a3887ae96e Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Sun, 2 Jul 2023 14:56:10 +0300
Subject: [PATCH] Lua cjson and cmsgpack integer overflow issues
(CVE-2022-24834)
* Fix integer overflows due to using wrong integer size.
* Add assertions / panic when overflow still happens.
* Deletion of dead code to avoid need to maintain it
* Some changes are not because of bugs, but rather paranoia.
* Improve cmsgpack and cjson test coverage.
Co-authored-by: Yossi Gottlieb <yossigo@gmail.com>
Origin: https://github.com/redis/redis/commit/4fe8a0af3f479a4a5b17885334cb67a3887ae96e
---
deps/Makefile | 7 ++
deps/lua/src/lua_cjson.c | 9 ++-
deps/lua/src/lua_cmsgpack.c | 31 +++++----
deps/lua/src/strbuf.c | 109 ++++++++------------------------
deps/lua/src/strbuf.h | 46 ++++++--------
tests/unit/scripting.tcl | 123 ++++++++++++++++++++++++++++++++++++
6 files changed, 200 insertions(+), 125 deletions(-)
diff --git a/deps/Makefile b/deps/Makefile
index 700867f3b61c..dea4cd656c6f 100644
--- a/deps/Makefile
+++ b/deps/Makefile
@@ -2,6 +2,8 @@
uname_S:= $(shell sh -c 'uname -s 2>/dev/null || echo not')
+LUA_COVERAGE?=no
+
CCCOLOR="\033[34m"
LINKCOLOR="\033[34;1m"
SRCCOLOR="\033[33m"
@@ -64,6 +66,11 @@ endif
LUA_CFLAGS+= -O2 -Wall -DLUA_ANSI -DENABLE_CJSON_GLOBAL -DREDIS_STATIC='' $(CFLAGS)
LUA_LDFLAGS+= $(LDFLAGS)
+ifeq ($(LUA_COVERAGE),yes)
+ LUA_CFLAGS += -fprofile-arcs -ftest-coverage
+ LUA_LDFLAGS += -fprofile-arcs -ftest-coverage
+endif
+
# lua's Makefile defines AR="ar rcu", which is unusual, and makes it more
# challenging to cross-compile lua (and redis). These defines make it easier
# to fit redis into cross-compilation environments, which typically set AR.
diff --git a/deps/lua/src/lua_cjson.c b/deps/lua/src/lua_cjson.c
index c26c0d7b8ea4..991f5d31ddb3 100644
--- a/deps/lua/src/lua_cjson.c
+++ b/deps/lua/src/lua_cjson.c
@@ -39,6 +39,7 @@
#include <assert.h>
#include <string.h>
#include <math.h>
+#include <stdint.h>
#include <limits.h>
#include "lua.h"
#include "lauxlib.h"
@@ -141,13 +142,13 @@ typedef struct {
typedef struct {
json_token_type_t type;
- int index;
+ size_t index;
union {
const char *string;
double number;
int boolean;
} value;
- int string_len;
+ size_t string_len;
} json_token_t;
static const char *char2escape[256] = {
@@ -473,6 +474,8 @@ static void json_append_string(lua_State *l, strbuf_t *json, int lindex)
* This buffer is reused constantly for small strings
* If there are any excess pages, they won't be hit anyway.
* This gains ~5% speedup. */
+ if (len > SIZE_MAX / 6 - 3)
+ abort(); /* Overflow check */
strbuf_ensure_empty_length(json, len * 6 + 2);
strbuf_append_char_unsafe(json, '\"');
@@ -706,7 +709,7 @@ static int json_encode(lua_State *l)
strbuf_t local_encode_buf;
strbuf_t *encode_buf;
char *json;
- int len;
+ size_t len;
luaL_argcheck(l, lua_gettop(l) == 1, 1, "expected 1 argument");
diff --git a/deps/lua/src/lua_cmsgpack.c b/deps/lua/src/lua_cmsgpack.c
index 892154793991..49879455a4a9 100644
--- a/deps/lua/src/lua_cmsgpack.c
+++ b/deps/lua/src/lua_cmsgpack.c
@@ -117,7 +117,9 @@ mp_buf *mp_buf_new(lua_State *L) {
void mp_buf_append(lua_State *L, mp_buf *buf, const unsigned char *s, size_t len) {
if (buf->free < len) {
- size_t newsize = (buf->len+len)*2;
+ size_t newsize = buf->len+len;
+ if (newsize < buf->len || newsize >= SIZE_MAX/2) abort();
+ newsize *= 2;
buf->b = (unsigned char*)mp_realloc(L, buf->b, buf->len + buf->free, newsize);
buf->free = newsize - buf->len;
@@ -173,7 +175,7 @@ void mp_cur_init(mp_cur *cursor, const unsigned char *s, size_t len) {
void mp_encode_bytes(lua_State *L, mp_buf *buf, const unsigned char *s, size_t len) {
unsigned char hdr[5];
- int hdrlen;
+ size_t hdrlen;
if (len < 32) {
hdr[0] = 0xa0 | (len&0xff); /* fix raw */
@@ -220,7 +222,7 @@ void mp_encode_double(lua_State *L, mp_buf *buf, double d) {
void mp_encode_int(lua_State *L, mp_buf *buf, int64_t n) {
unsigned char b[9];
- int enclen;
+ size_t enclen;
if (n >= 0) {
if (n <= 127) {
@@ -290,9 +292,9 @@ void mp_encode_int(lua_State *L, mp_buf *buf, int64_t n) {
mp_buf_append(L,buf,b,enclen);
}
-void mp_encode_array(lua_State *L, mp_buf *buf, int64_t n) {
+void mp_encode_array(lua_State *L, mp_buf *buf, uint64_t n) {
unsigned char b[5];
- int enclen;
+ size_t enclen;
if (n <= 15) {
b[0] = 0x90 | (n & 0xf); /* fix array */
@@ -313,7 +315,7 @@ void mp_encode_array(lua_State *L, mp_buf *buf, int64_t n) {
mp_buf_append(L,buf,b,enclen);
}
-void mp_encode_map(lua_State *L, mp_buf *buf, int64_t n) {
+void mp_encode_map(lua_State *L, mp_buf *buf, uint64_t n) {
unsigned char b[5];
int enclen;
@@ -790,7 +792,7 @@ void mp_decode_to_lua_type(lua_State *L, mp_cur *c) {
}
}
-int mp_unpack_full(lua_State *L, int limit, int offset) {
+int mp_unpack_full(lua_State *L, lua_Integer limit, lua_Integer offset) {
size_t len;
const char *s;
mp_cur c;
@@ -802,10 +804,10 @@ int mp_unpack_full(lua_State *L, int limit, int offset) {
if (offset < 0 || limit < 0) /* requesting negative off or lim is invalid */
return luaL_error(L,
"Invalid request to unpack with offset of %d and limit of %d.",
- offset, len);
+ (int) offset, (int) len);
else if (offset > len)
return luaL_error(L,
- "Start offset %d greater than input length %d.", offset, len);
+ "Start offset %d greater than input length %d.", (int) offset, (int) len);
if (decode_all) limit = INT_MAX;
@@ -827,12 +829,13 @@ int mp_unpack_full(lua_State *L, int limit, int offset) {
/* c->left is the remaining size of the input buffer.
* subtract the entire buffer size from the unprocessed size
* to get our next start offset */
- int offset = len - c.left;
+ size_t new_offset = len - c.left;
+ if (new_offset > LONG_MAX) abort();
luaL_checkstack(L, 1, "in function mp_unpack_full");
/* Return offset -1 when we have have processed the entire buffer. */
- lua_pushinteger(L, c.left == 0 ? -1 : offset);
+ lua_pushinteger(L, c.left == 0 ? -1 : (lua_Integer) new_offset);
/* Results are returned with the arg elements still
* in place. Lua takes care of only returning
* elements above the args for us.
@@ -851,15 +854,15 @@ int mp_unpack(lua_State *L) {
}
int mp_unpack_one(lua_State *L) {
- int offset = luaL_optinteger(L, 2, 0);
+ lua_Integer offset = luaL_optinteger(L, 2, 0);
/* Variable pop because offset may not exist */
lua_pop(L, lua_gettop(L)-1);
return mp_unpack_full(L, 1, offset);
}
int mp_unpack_limit(lua_State *L) {
- int limit = luaL_checkinteger(L, 2);
- int offset = luaL_optinteger(L, 3, 0);
+ lua_Integer limit = luaL_checkinteger(L, 2);
+ lua_Integer offset = luaL_optinteger(L, 3, 0);
/* Variable pop because offset may not exist */
lua_pop(L, lua_gettop(L)-1);
diff --git a/deps/lua/src/strbuf.c b/deps/lua/src/strbuf.c
index f0f7f4b9a366..775e8baf1be9 100644
--- a/deps/lua/src/strbuf.c
+++ b/deps/lua/src/strbuf.c
@@ -26,6 +26,7 @@
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
+#include <stdint.h>
#include "strbuf.h"
@@ -38,22 +39,22 @@ static void die(const char *fmt, ...)
va_end(arg);
fprintf(stderr, "\n");
- exit(-1);
+ abort();
}
-void strbuf_init(strbuf_t *s, int len)
+void strbuf_init(strbuf_t *s, size_t len)
{
- int size;
+ size_t size;
- if (len <= 0)
+ if (!len)
size = STRBUF_DEFAULT_SIZE;
else
- size = len + 1; /* \0 terminator */
-
+ size = len + 1;
+ if (size < len)
+ die("Overflow, len: %zu", len);
s->buf = NULL;
s->size = size;
s->length = 0;
- s->increment = STRBUF_DEFAULT_INCREMENT;
s->dynamic = 0;
s->reallocs = 0;
s->debug = 0;
@@ -65,7 +66,7 @@ void strbuf_init(strbuf_t *s, int len)
strbuf_ensure_null(s);
}
-strbuf_t *strbuf_new(int len)
+strbuf_t *strbuf_new(size_t len)
{
strbuf_t *s;
@@ -81,20 +82,10 @@ strbuf_t *strbuf_new(int len)
return s;
}
-void strbuf_set_increment(strbuf_t *s, int increment)
-{
- /* Increment > 0: Linear buffer growth rate
- * Increment < -1: Exponential buffer growth rate */
- if (increment == 0 || increment == -1)
- die("BUG: Invalid string increment");
-
- s->increment = increment;
-}
-
static inline void debug_stats(strbuf_t *s)
{
if (s->debug) {
- fprintf(stderr, "strbuf(%lx) reallocs: %d, length: %d, size: %d\n",
+ fprintf(stderr, "strbuf(%lx) reallocs: %d, length: %zd, size: %zd\n",
(long)s, s->reallocs, s->length, s->size);
}
}
@@ -113,7 +104,7 @@ void strbuf_free(strbuf_t *s)
free(s);
}
-char *strbuf_free_to_string(strbuf_t *s, int *len)
+char *strbuf_free_to_string(strbuf_t *s, size_t *len)
{
char *buf;
@@ -131,57 +122,62 @@ char *strbuf_free_to_string(strbuf_t *s, int *len)
return buf;
}
-static int calculate_new_size(strbuf_t *s, int len)
+static size_t calculate_new_size(strbuf_t *s, size_t len)
{
- int reqsize, newsize;
+ size_t reqsize, newsize;
if (len <= 0)
die("BUG: Invalid strbuf length requested");
/* Ensure there is room for optional NULL termination */
reqsize = len + 1;
+ if (reqsize < len)
+ die("Overflow, len: %zu", len);
/* If the user has requested to shrink the buffer, do it exactly */
if (s->size > reqsize)
return reqsize;
newsize = s->size;
- if (s->increment < 0) {
+ if (reqsize >= SIZE_MAX / 2) {
+ newsize = reqsize;
+ } else {
/* Exponential sizing */
while (newsize < reqsize)
- newsize *= -s->increment;
- } else {
- /* Linear sizing */
- newsize = ((newsize + s->increment - 1) / s->increment) * s->increment;
+ newsize *= 2;
}
+ if (newsize < reqsize)
+ die("BUG: strbuf length would overflow, len: %zu", len);
+
return newsize;
}
/* Ensure strbuf can handle a string length bytes long (ignoring NULL
* optional termination). */
-void strbuf_resize(strbuf_t *s, int len)
+void strbuf_resize(strbuf_t *s, size_t len)
{
- int newsize;
+ size_t newsize;
newsize = calculate_new_size(s, len);
if (s->debug > 1) {
- fprintf(stderr, "strbuf(%lx) resize: %d => %d\n",
+ fprintf(stderr, "strbuf(%lx) resize: %zd => %zd\n",
(long)s, s->size, newsize);
}
s->size = newsize;
s->buf = realloc(s->buf, s->size);
if (!s->buf)
- die("Out of memory");
+ die("Out of memory, len: %zu", len);
s->reallocs++;
}
void strbuf_append_string(strbuf_t *s, const char *str)
{
- int space, i;
+ int i;
+ size_t space;
space = strbuf_empty_length(s);
@@ -197,55 +193,6 @@ void strbuf_append_string(strbuf_t *s, const char *str)
}
}
-/* strbuf_append_fmt() should only be used when an upper bound
- * is known for the output string. */
-void strbuf_append_fmt(strbuf_t *s, int len, const char *fmt, ...)
-{
- va_list arg;
- int fmt_len;
-
- strbuf_ensure_empty_length(s, len);
-
- va_start(arg, fmt);
- fmt_len = vsnprintf(s->buf + s->length, len, fmt, arg);
- va_end(arg);
-
- if (fmt_len < 0)
- die("BUG: Unable to convert number"); /* This should never happen.. */
-
- s->length += fmt_len;
-}
-
-/* strbuf_append_fmt_retry() can be used when the there is no known
- * upper bound for the output string. */
-void strbuf_append_fmt_retry(strbuf_t *s, const char *fmt, ...)
-{
- va_list arg;
- int fmt_len, try;
- int empty_len;
-
- /* If the first attempt to append fails, resize the buffer appropriately
- * and try again */
- for (try = 0; ; try++) {
- va_start(arg, fmt);
- /* Append the new formatted string */
- /* fmt_len is the length of the string required, excluding the
- * trailing NULL */
- empty_len = strbuf_empty_length(s);
- /* Add 1 since there is also space to store the terminating NULL. */
- fmt_len = vsnprintf(s->buf + s->length, empty_len + 1, fmt, arg);
- va_end(arg);
-
- if (fmt_len <= empty_len)
- break; /* SUCCESS */
- if (try > 0)
- die("BUG: length of formatted string changed");
-
- strbuf_resize(s, s->length + fmt_len);
- }
-
- s->length += fmt_len;
-}
/* vi:ai et sw=4 ts=4:
*/
diff --git a/deps/lua/src/strbuf.h b/deps/lua/src/strbuf.h
index d861108c14cd..c10f83f0db89 100644
--- a/deps/lua/src/strbuf.h
+++ b/deps/lua/src/strbuf.h
@@ -27,15 +27,13 @@
/* Size: Total bytes allocated to *buf
* Length: String length, excluding optional NULL terminator.
- * Increment: Allocation increments when resizing the string buffer.
* Dynamic: True if created via strbuf_new()
*/
typedef struct {
char *buf;
- int size;
- int length;
- int increment;
+ size_t size;
+ size_t length;
int dynamic;
int reallocs;
int debug;
@@ -44,32 +42,26 @@ typedef struct {
#ifndef STRBUF_DEFAULT_SIZE
#define STRBUF_DEFAULT_SIZE 1023
#endif
-#ifndef STRBUF_DEFAULT_INCREMENT
-#define STRBUF_DEFAULT_INCREMENT -2
-#endif
/* Initialise */
-extern strbuf_t *strbuf_new(int len);
-extern void strbuf_init(strbuf_t *s, int len);
-extern void strbuf_set_increment(strbuf_t *s, int increment);
+extern strbuf_t *strbuf_new(size_t len);
+extern void strbuf_init(strbuf_t *s, size_t len);
/* Release */
extern void strbuf_free(strbuf_t *s);
-extern char *strbuf_free_to_string(strbuf_t *s, int *len);
+extern char *strbuf_free_to_string(strbuf_t *s, size_t *len);
/* Management */
-extern void strbuf_resize(strbuf_t *s, int len);
-static int strbuf_empty_length(strbuf_t *s);
-static int strbuf_length(strbuf_t *s);
-static char *strbuf_string(strbuf_t *s, int *len);
-static void strbuf_ensure_empty_length(strbuf_t *s, int len);
+extern void strbuf_resize(strbuf_t *s, size_t len);
+static size_t strbuf_empty_length(strbuf_t *s);
+static size_t strbuf_length(strbuf_t *s);
+static char *strbuf_string(strbuf_t *s, size_t *len);
+static void strbuf_ensure_empty_length(strbuf_t *s, size_t len);
static char *strbuf_empty_ptr(strbuf_t *s);
-static void strbuf_extend_length(strbuf_t *s, int len);
+static void strbuf_extend_length(strbuf_t *s, size_t len);
/* Update */
-extern void strbuf_append_fmt(strbuf_t *s, int len, const char *fmt, ...);
-extern void strbuf_append_fmt_retry(strbuf_t *s, const char *format, ...);
-static void strbuf_append_mem(strbuf_t *s, const char *c, int len);
+static void strbuf_append_mem(strbuf_t *s, const char *c, size_t len);
extern void strbuf_append_string(strbuf_t *s, const char *str);
static void strbuf_append_char(strbuf_t *s, const char c);
static void strbuf_ensure_null(strbuf_t *s);
@@ -87,12 +79,12 @@ static inline int strbuf_allocated(strbuf_t *s)
/* Return bytes remaining in the string buffer
* Ensure there is space for a NULL terminator. */
-static inline int strbuf_empty_length(strbuf_t *s)
+static inline size_t strbuf_empty_length(strbuf_t *s)
{
return s->size - s->length - 1;
}
-static inline void strbuf_ensure_empty_length(strbuf_t *s, int len)
+static inline void strbuf_ensure_empty_length(strbuf_t *s, size_t len)
{
if (len > strbuf_empty_length(s))
strbuf_resize(s, s->length + len);
@@ -103,12 +95,12 @@ static inline char *strbuf_empty_ptr(strbuf_t *s)
return s->buf + s->length;
}
-static inline void strbuf_extend_length(strbuf_t *s, int len)
+static inline void strbuf_extend_length(strbuf_t *s, size_t len)
{
s->length += len;
}
-static inline int strbuf_length(strbuf_t *s)
+static inline size_t strbuf_length(strbuf_t *s)
{
return s->length;
}
@@ -124,14 +116,14 @@ static inline void strbuf_append_char_unsafe(strbuf_t *s, const char c)
s->buf[s->length++] = c;
}
-static inline void strbuf_append_mem(strbuf_t *s, const char *c, int len)
+static inline void strbuf_append_mem(strbuf_t *s, const char *c, size_t len)
{
strbuf_ensure_empty_length(s, len);
memcpy(s->buf + s->length, c, len);
s->length += len;
}
-static inline void strbuf_append_mem_unsafe(strbuf_t *s, const char *c, int len)
+static inline void strbuf_append_mem_unsafe(strbuf_t *s, const char *c, size_t len)
{
memcpy(s->buf + s->length, c, len);
s->length += len;
@@ -142,7 +134,7 @@ static inline void strbuf_ensure_null(strbuf_t *s)
s->buf[s->length] = 0;
}
-static inline char *strbuf_string(strbuf_t *s, int *len)
+static inline char *strbuf_string(strbuf_t *s, size_t *len)
{
if (len)
*len = s->length;
diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
index 8314f0268f41..552ed757a711 100644
--- a/tests/unit/scripting.tcl
+++ b/tests/unit/scripting.tcl
@@ -215,6 +215,66 @@ start_server {tags {"scripting"}} {
} 0
} {a b}
+ test {EVAL - JSON smoke test} {
+ r eval {
+ local some_map = {
+ s1="Some string",
+ n1=100,
+ a1={"Some","String","Array"},
+ nil1=nil,
+ b1=true,
+ b2=false}
+ local encoded = cjson.encode(some_map)
+ local decoded = cjson.decode(encoded)
+ assert(table.concat(some_map) == table.concat(decoded))
+
+ cjson.encode_keep_buffer(false)
+ encoded = cjson.encode(some_map)
+ decoded = cjson.decode(encoded)
+ assert(table.concat(some_map) == table.concat(decoded))
+
+ -- Table with numeric keys
+ local table1 = {one="one", [1]="one"}
+ encoded = cjson.encode(table1)
+ decoded = cjson.decode(encoded)
+ assert(decoded["one"] == table1["one"])
+ assert(decoded["1"] == table1[1])
+
+ -- Array
+ local array1 = {[1]="one", [2]="two"}
+ encoded = cjson.encode(array1)
+ decoded = cjson.decode(encoded)
+ assert(table.concat(array1) == table.concat(decoded))
+
+ -- Invalid keys
+ local invalid_map = {}
+ invalid_map[false] = "false"
+ local ok, encoded = pcall(cjson.encode, invalid_map)
+ assert(ok == false)
+
+ -- Max depth
+ cjson.encode_max_depth(1)
+ ok, encoded = pcall(cjson.encode, some_map)
+ assert(ok == false)
+
+ cjson.decode_max_depth(1)
+ ok, decoded = pcall(cjson.decode, '{"obj": {"array": [1,2,3,4]}}')
+ assert(ok == false)
+
+ -- Invalid numbers
+ ok, encoded = pcall(cjson.encode, {num1=0/0})
+ assert(ok == false)
+ cjson.encode_invalid_numbers(true)
+ ok, encoded = pcall(cjson.encode, {num1=0/0})
+ assert(ok == true)
+
+ -- Restore defaults
+ cjson.decode_max_depth(1000)
+ cjson.encode_max_depth(1000)
+ cjson.encode_invalid_numbers(false)
+ } 0
+ }
+
test {EVAL - cmsgpack can pack double?} {
r eval {local encoded = cmsgpack.pack(0.1)
local h = ""
@@ -235,6 +295,68 @@ start_server {tags {"scripting"}} {
} 0
} {d3ffffff0000000000}
+ test {EVAL - cmsgpack pack/unpack smoke test} {
+ r eval {
+ local str_lt_32 = string.rep("x", 30)
+ local str_lt_255 = string.rep("x", 250)
+ local str_lt_65535 = string.rep("x", 65530)
+ local str_long = string.rep("x", 100000)
+ local array_lt_15 = {1, 2, 3, 4, 5}
+ local array_lt_65535 = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18}
+ local array_big = {}
+ for i=1, 100000 do
+ array_big[i] = i
+ end
+ local map_lt_15 = {a=1, b=2}
+ local map_big = {}
+ for i=1, 100000 do
+ map_big[tostring(i)] = i
+ end
+ local some_map = {
+ s1=str_lt_32,
+ s2=str_lt_255,
+ s3=str_lt_65535,
+ s4=str_long,
+ d1=0.1,
+ i1=1,
+ i2=250,
+ i3=65530,
+ i4=100000,
+ i5=2^40,
+ i6=-1,
+ i7=-120,
+ i8=-32000,
+ i9=-100000,
+ i10=-3147483648,
+ a1=array_lt_15,
+ a2=array_lt_65535,
+ a3=array_big,
+ m1=map_lt_15,
+ m2=map_big,
+ b1=false,
+ b2=true,
+ n=nil
+ }
+ local encoded = cmsgpack.pack(some_map)
+ local decoded = cmsgpack.unpack(encoded)
+ assert(table.concat(some_map) == table.concat(decoded))
+ local offset, decoded_one = cmsgpack.unpack_one(encoded, 0)
+ assert(table.concat(some_map) == table.concat(decoded_one))
+ assert(offset == -1)
+
+ local encoded_multiple = cmsgpack.pack(str_lt_32, str_lt_255, str_lt_65535, str_long)
+ local offset, obj = cmsgpack.unpack_limit(encoded_multiple, 1, 0)
+ assert(obj == str_lt_32)
+ offset, obj = cmsgpack.unpack_limit(encoded_multiple, 1, offset)
+ assert(obj == str_lt_255)
+ offset, obj = cmsgpack.unpack_limit(encoded_multiple, 1, offset)
+ assert(obj == str_lt_65535)
+ offset, obj = cmsgpack.unpack_limit(encoded_multiple, 1, offset)
+ assert(obj == str_long)
+ assert(offset == -1)
+ } 0
+ }
+
test {EVAL - cmsgpack can pack and unpack circular references?} {
r eval {local a = {x=nil,y=5}
local b = {x=a}
@@ -396,6 +518,7 @@ start_server {tags {"scripting"}} {
}
test {EVAL does not leak in the Lua stack} {
+ r script flush ;# reset Lua VM
r set x 0
# Use a non blocking client to speedup the loop.
set rd [redis_deferring_client]

92
CVE-2022-36021.patch
View File

@ -1,92 +0,0 @@
From dcbfcb916ca1a269b3feef86ee86835294758f84 Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Tue, 28 Feb 2023 15:15:26 +0200
Subject: [PATCH] String pattern matching had exponential time complexity on
pathological patterns (CVE-2022-36021) (#11858)
Authenticated users can use string matching commands with a
specially crafted pattern to trigger a denial-of-service attack on Redis,
causing it to hang and consume 100% CPU time.
Co-authored-by: Tom Levy <tomlevy93@gmail.com>
---
src/util.c | 27 +++++++++++++++++++++++----
tests/unit/keyspace.tcl | 6 ++++++
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/src/util.c b/src/util.c
index d33f4522a507..26d92b92290e 100644
--- a/src/util.c
+++ b/src/util.c
@@ -44,8 +44,8 @@
#include "sha1.h"
/* Glob-style pattern matching. */
-int stringmatchlen(const char *pattern, int patternLen,
- const char *string, int stringLen, int nocase)
+static int stringmatchlen_impl(const char *pattern, int patternLen,
+ const char *string, int stringLen, int nocase, int *skipLongerMatches)
{
while(patternLen && stringLen) {
switch(pattern[0]) {
@@ -57,12 +57,24 @@
if (patternLen == 1)
return 1; /* match */
while(stringLen) {
- if (stringmatchlen(pattern+1, patternLen-1,
- string, stringLen, nocase))
+ if (stringmatchlen_impl(pattern+1, patternLen-1,
+ string, stringLen, nocase, skipLongerMatches))
return 1; /* match */
+ if (*skipLongerMatches)
+ return 0; /* no match */
string++;
stringLen--;
}
+ /* There was no match for the rest of the pattern starting
+ * from anywhere in the rest of the string. If there were
+ * any '*' earlier in the pattern, we can terminate the
+ * search early without trying to match them to longer
+ * substrings. This is because a longer match for the
+ * earlier part of the pattern would require the rest of the
+ * pattern to match starting later in the string, and we
+ * have just determined that there is no match for the rest
+ * of the pattern starting from anywhere in the current
+ * string. */
return 0; /* no match */
break;
case '?':
@@ -166,10 +178,17 @@
return 0;
}
+int stringmatchlen(const char *pattern, int patternLen,
+ const char *string, int stringLen, int nocase) {
+ int skipLongerMatches = 0;
+ return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
+}
+
int stringmatch(const char *pattern, const char *string, int nocase) {
return stringmatchlen(pattern,strlen(pattern),string,strlen(string),nocase);
}
+
/* Convert a string representing an amount of memory into the number of
* bytes, so for instance memtoll("1Gb") will return 1073741824 that is
* (1024*1024*1024).
diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
index b173e0efcacc..43690d06b321 100644
--- a/tests/unit/keyspace.tcl
+++ b/tests/unit/keyspace.tcl
@@ -493,4 +493,10 @@ foreach {type large} [array get largevalue] {
r keys *
r keys *
} {dlskeriewrioeuwqoirueioqwrueoqwrueqw}
+
+ test {Regression for pattern matching long nested loops} {
+ r flushdb
+ r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
+ r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b"
+ } {}
}

49
CVE-2023-28856.patch
View File

@ -1,49 +0,0 @@
From c924ac3fdf8fe544891dc66c88018e259ee4be87 Mon Sep 17 00:00:00 2001
From: chendianqiang <c.d_q@163.com>
Date: Sun, 28 Aug 2022 16:33:41 +0800
Subject: [PATCH] fix hincrbyfloat not to create a key if the new value is
invalid (#11149)
Check the validity of the value before performing the create operation,
prevents new data from being generated even if the request fails to execute.
Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: chendianqiang <chendianqiang@meituan.com>
Co-authored-by: Binbin <binloveplay1314@qq.com>
(cherry picked from commit bc7fe41e5857a0854d524e2a63a028e9394d2a5c)
(cherry picked from commit 606a385935363ea46c0df4f40f8a949d85f7a20a)
(cherry picked from commit 7df23a5f51488ce002411c9d24b38520ad67b764)
---
src/t_hash.c | 4 ++++
tests/unit/type/hash.tcl | 5 +++++
2 files changed, 9 insertions(+)
diff --git a/src/t_hash.c b/src/t_hash.c
index 3cdfdd169abf..13e65502f145 100644
--- a/src/t_hash.c
+++ b/src/t_hash.c
@@ -605,6 +605,10 @@ void hincrbyfloatCommand(client *c) {
unsigned int vlen;
if (getLongDoubleFromObjectOrReply(c,c->argv[3],&incr,NULL) != C_OK) return;
+ if (isnan(incr) || isinf(incr)) {
+ addReplyError(c,"value is NaN or Infinity");
+ return;
+ }
if ((o = hashTypeLookupWriteOrCreate(c,c->argv[1])) == NULL) return;
if (hashTypeGetValue(o,c->argv[2]->ptr,&vstr,&vlen,&ll) == C_OK) {
if (vstr) {
diff --git a/tests/unit/type/hash.tcl b/tests/unit/type/hash.tcl
index 9f8a21b1ce11..931662989d82 100644
--- a/tests/unit/type/hash.tcl
+++ b/tests/unit/type/hash.tcl
@@ -540,4 +540,9 @@ start_server {tags {"hash"}} {
assert {[r hincrbyfloat myhash float -0.1] eq {1.9}}
}
}
+
+ test {HINCRBYFLOAT does not allow NaN or Infinity} {
+ assert_error "*value is NaN or Infinity*" {r hincrbyfloat hfoo field +inf}
+ assert_equal 0 [r exists hfoo]
+ }
}

66
CVE-2023-45145.patch
View File

@ -1,66 +0,0 @@
From 7f486ea6eebf0afce74f2e59763b9b82b78629dc Mon Sep 17 00:00:00 2001
From: Yossi Gottlieb <yossigo@gmail.com>
Date: Wed, 11 Oct 2023 22:45:34 +0300
Subject: [PATCH] Fix issue of listen before chmod on Unix sockets
(CVE-2023-45145)
Before this commit, Unix socket setup performed chmod(2) on the socket
file after calling listen(2). Depending on what umask is used, this
could leave the file with the wrong permissions for a short period of
time. As a result, another process could exploit this race condition and
establish a connection that would otherwise not be possible.
We now make sure the socket permissions are set up prior to calling
listen(2).
(cherry picked from commit a11b3bc34a054818f2ac70e50adfc542ca1cba42)
---
src/anet.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/anet.c b/src/anet.c
index dc88eb7..d0db80f 100644
--- a/src/anet.c
+++ b/src/anet.c
@@ -437,13 +437,16 @@ int anetWrite(int fd, char *buf, int count)
return totlen;
}
-static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) {
+static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) {
if (bind(s,sa,len) == -1) {
anetSetError(err, "bind: %s", strerror(errno));
close(s);
return ANET_ERR;
}
+ if (sa->sa_family == AF_LOCAL && perm)
+ chmod(((struct sockaddr_un *) sa)->sun_path, perm);
+
if (listen(s, backlog) == -1) {
anetSetError(err, "listen: %s", strerror(errno));
close(s);
@@ -484,7 +487,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl
if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error;
if (anetSetReuseAddr(err,s) == ANET_ERR) goto error;
- if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR;
+ if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog,0) == ANET_ERR) s = ANET_ERR;
goto end;
}
if (p == NULL) {
@@ -521,10 +524,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog)
memset(&sa,0,sizeof(sa));
sa.sun_family = AF_LOCAL;
strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1);
- if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR)
+ if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR)
return ANET_ERR;
- if (perm)
- chmod(sa.sun_path, perm);
return s;
}
--
2.33.0

63
CVE-2024-31228.patch
View File

@ -1,63 +0,0 @@
From c8649f8e852d1dc388b5446e003bb0eefa33d61f Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Wed, 2 Oct 2024 20:11:01 +0300
Subject: [PATCH] Prevent pattern matching abuse (CVE-2024-31228)
---
src/util.c | 9 ++++++---
tests/unit/keyspace.tcl | 6 ++++++
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/util.c b/src/util.c
index 861ef67..0f5e8e1 100644
--- a/src/util.c
+++ b/src/util.c
@@ -45,8 +45,11 @@
/* Glob-style pattern matching. */
static int stringmatchlen_impl(const char *pattern, int patternLen,
- const char *string, int stringLen, int nocase, int *skipLongerMatches)
+ const char *string, int stringLen, int nocase, int *skipLongerMatches, int nesting)
{
+ /* Protection against abusive patterns. */
+ if (nesting > 1000) return 0;
+
while(patternLen && stringLen) {
switch(pattern[0]) {
case '*':
@@ -58,7 +61,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
return 1; /* match */
while(stringLen) {
if (stringmatchlen_impl(pattern+1, patternLen-1,
- string, stringLen, nocase, skipLongerMatches))
+ string, stringLen, nocase, skipLongerMatches, nesting+1))
return 1; /* match */
if (*skipLongerMatches)
return 0; /* no match */
@@ -181,7 +184,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
int stringmatchlen(const char *pattern, int patternLen,
const char *string, int stringLen, int nocase) {
int skipLongerMatches = 0;
- return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
+ return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches,0);
}
int stringmatch(const char *pattern, const char *string, int nocase) {
diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
index 1617ac5..2217b29 100644
--- a/tests/unit/keyspace.tcl
+++ b/tests/unit/keyspace.tcl
@@ -278,4 +278,10 @@ start_server {tags {"keyspace"}} {
r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b"
} {}
+
+ test {Regression for pattern matching very long nested loops} {
+ r flushdb
+ r SET [string repeat "a" 50000] 1
+ r KEYS [string repeat "*?" 50000]
+ } {}
}
--
2.33.0

43
CVE-2024-31449.patch
View File

@ -1,43 +0,0 @@
From fe8de4313f85e0f8af2eff1f78b52cfe56fb4c71 Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Wed, 2 Oct 2024 19:54:06 +0300
Subject: [PATCH] Fix lua bit.tohex (CVE-2024-31449)
INT_MIN value must be explicitly checked, and cannot be negated.
---
deps/lua/src/lua_bit.c | 1 +
tests/unit/scripting.tcl | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c
index 690df7d..a459ca9 100644
--- a/deps/lua/src/lua_bit.c
+++ b/deps/lua/src/lua_bit.c
@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L)
const char *hexdigits = "0123456789abcdef";
char buf[8];
int i;
+ if (n == INT32_MIN) n = INT32_MIN+1;
if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; }
if (n > 8) n = 8;
for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; }
diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
index d747fa6..a7e1e9e 100644
--- a/tests/unit/scripting.tcl
+++ b/tests/unit/scripting.tcl
@@ -459,6 +459,12 @@ start_server {tags {"scripting"}} {
set e
} {*ERR*attempted to create global*}
+ test {lua bit.tohex bug} {
+ set res [run_script {return bit.tohex(65535, -2147483648)} 0]
+ r ping
+ set res
+ } {0000FFFF}
+
test {Test an example script DECR_IF_GT} {
set decr_if_gt {
local current
--
2.33.0

62
huawei-deps-jemalloc-support-riscv.patch
View File

@ -1,62 +0,0 @@
From 1b9b76419cf0b6c2ff73bb0d02c8c04896bdde20 Mon Sep 17 00:00:00 2001
From: yangyanchao <yangyanchao6@huawei.com>
Date: Wed, 11 Nov 2020 17:49:37 +0800
Subject: [PATCH] jemalloc_support_riscv
---
deps/jemalloc/config.guess | 3 +++
deps/jemalloc/config.sub | 2 ++
deps/jemalloc/include/jemalloc/internal/jemalloc_internal.h.in | 3 +++
3 files changed, 8 insertions(+)
diff --git a/deps/jemalloc/config.guess b/deps/jemalloc/config.guess
index 1f5c50c..e5a8c92 100755
--- a/deps/jemalloc/config.guess
+++ b/deps/jemalloc/config.guess
@@ -1001,6 +1001,9 @@ EOF
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-${LIBC}
exit ;;
+ riscv32:Linux:*:* | riscv64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
exit ;;
diff --git a/deps/jemalloc/config.sub b/deps/jemalloc/config.sub
index 0ccff77..76df7ee 100755
--- a/deps/jemalloc/config.sub
+++ b/deps/jemalloc/config.sub
@@ -302,6 +302,7 @@ case $basic_machine in
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
+ | riscv32 | riscv64 \
| rl78 | rx \
| score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
@@ -423,6 +424,7 @@ case $basic_machine in
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
+ | riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
diff --git a/deps/jemalloc/include/jemalloc/internal/jemalloc_internal.h.in b/deps/jemalloc/include/jemalloc/internal/jemalloc_internal.h.in
index 8536a3e..cfbe169 100644
--- a/deps/jemalloc/include/jemalloc/internal/jemalloc_internal.h.in
+++ b/deps/jemalloc/include/jemalloc/internal/jemalloc_internal.h.in
@@ -256,6 +256,9 @@ typedef unsigned szind_t;
# ifdef __powerpc__
# define LG_QUANTUM 4
# endif
+# if defined(__riscv) || defined(__riscv__)
+# define LQ_QUANTUM 4
+# endif
# ifdef __s390__
# define LG_QUANTUM 4
# endif
--
1.8.3.1

328
improved-HyperLogLog-cardinality-estimation.patch
View File

@ -1,328 +0,0 @@
From 1e9a7748716e1cd234893dd858d07ffa77920e41 Mon Sep 17 00:00:00 2001
From: Otmar Ertl <otmar.ertl@gmail.com>
Date: Sat, 10 Mar 2018 20:13:21 +0100
Subject: [PATCH] improved HyperLogLog cardinality estimation
based on method described in https://arxiv.org/abs/1702.01284
that does not rely on any magic constants
---
src/hyperloglog.c | 230 +++++++++++++++++++++++-----------------------
1 file changed, 117 insertions(+), 113 deletions(-)
diff --git a/src/hyperloglog.c b/src/hyperloglog.c
index 8ab9d2a30c0..7f5f62445c9 100644
--- a/src/hyperloglog.c
+++ b/src/hyperloglog.c
@@ -192,6 +192,7 @@ struct hllhdr {
#define HLL_VALID_CACHE(hdr) (((hdr)->card[7] & (1<<7)) == 0)
#define HLL_P 14 /* The greater is P, the smaller the error. */
+#define HLL_Q (63-HLL_P)
#define HLL_REGISTERS (1<<HLL_P) /* With P=14, 16384 registers. */
#define HLL_P_MASK (HLL_REGISTERS-1) /* Mask to index register. */
#define HLL_BITS 6 /* Enough to count up to 63 leading zeroes. */
@@ -510,13 +511,9 @@ int hllDenseAdd(uint8_t *registers, unsigned char *ele, size_t elesize) {
return hllDenseSet(registers,index,count);
}
-/* Compute SUM(2^-reg) in the dense representation.
- * PE is an array with a pre-computer table of values 2^-reg indexed by reg.
- * As a side effect the integer pointed by 'ezp' is set to the number
- * of zero registers. */
-double hllDenseSum(uint8_t *registers, double *PE, int *ezp) {
- double E = 0;
- int j, ez = 0;
+/* Compute the register histogram in the dense representation. */
+void hllDenseRegHisto(uint8_t *registers, int* regHisto) {
+ int j;
/* Redis default is to use 16384 registers 6 bits each. The code works
* with other values by modifying the defines, but for our target value
@@ -527,47 +524,49 @@ double hllDenseSum(uint8_t *registers, double *PE, int *ezp) {
r10, r11, r12, r13, r14, r15;
for (j = 0; j < 1024; j++) {
/* Handle 16 registers per iteration. */
- r0 = r[0] & 63; if (r0 == 0) ez++;
- r1 = (r[0] >> 6 | r[1] << 2) & 63; if (r1 == 0) ez++;
- r2 = (r[1] >> 4 | r[2] << 4) & 63; if (r2 == 0) ez++;
- r3 = (r[2] >> 2) & 63; if (r3 == 0) ez++;
- r4 = r[3] & 63; if (r4 == 0) ez++;
- r5 = (r[3] >> 6 | r[4] << 2) & 63; if (r5 == 0) ez++;
- r6 = (r[4] >> 4 | r[5] << 4) & 63; if (r6 == 0) ez++;
- r7 = (r[5] >> 2) & 63; if (r7 == 0) ez++;
- r8 = r[6] & 63; if (r8 == 0) ez++;
- r9 = (r[6] >> 6 | r[7] << 2) & 63; if (r9 == 0) ez++;
- r10 = (r[7] >> 4 | r[8] << 4) & 63; if (r10 == 0) ez++;
- r11 = (r[8] >> 2) & 63; if (r11 == 0) ez++;
- r12 = r[9] & 63; if (r12 == 0) ez++;
- r13 = (r[9] >> 6 | r[10] << 2) & 63; if (r13 == 0) ez++;
- r14 = (r[10] >> 4 | r[11] << 4) & 63; if (r14 == 0) ez++;
- r15 = (r[11] >> 2) & 63; if (r15 == 0) ez++;
-
- /* Additional parens will allow the compiler to optimize the
- * code more with a loss of precision that is not very relevant
- * here (floating point math is not commutative!). */
- E += (PE[r0] + PE[r1]) + (PE[r2] + PE[r3]) + (PE[r4] + PE[r5]) +
- (PE[r6] + PE[r7]) + (PE[r8] + PE[r9]) + (PE[r10] + PE[r11]) +
- (PE[r12] + PE[r13]) + (PE[r14] + PE[r15]);
+ r0 = r[0] & 63;
+ r1 = (r[0] >> 6 | r[1] << 2) & 63;
+ r2 = (r[1] >> 4 | r[2] << 4) & 63;
+ r3 = (r[2] >> 2) & 63;
+ r4 = r[3] & 63;
+ r5 = (r[3] >> 6 | r[4] << 2) & 63;
+ r6 = (r[4] >> 4 | r[5] << 4) & 63;
+ r7 = (r[5] >> 2) & 63;
+ r8 = r[6] & 63;
+ r9 = (r[6] >> 6 | r[7] << 2) & 63;
+ r10 = (r[7] >> 4 | r[8] << 4) & 63;
+ r11 = (r[8] >> 2) & 63;
+ r12 = r[9] & 63;
+ r13 = (r[9] >> 6 | r[10] << 2) & 63;
+ r14 = (r[10] >> 4 | r[11] << 4) & 63;
+ r15 = (r[11] >> 2) & 63;
+
+ regHisto[r0] += 1;
+ regHisto[r1] += 1;
+ regHisto[r2] += 1;
+ regHisto[r3] += 1;
+ regHisto[r4] += 1;
+ regHisto[r5] += 1;
+ regHisto[r6] += 1;
+ regHisto[r7] += 1;
+ regHisto[r8] += 1;
+ regHisto[r9] += 1;
+ regHisto[r10] += 1;
+ regHisto[r11] += 1;
+ regHisto[r12] += 1;
+ regHisto[r13] += 1;
+ regHisto[r14] += 1;
+ regHisto[r15] += 1;
+
r += 12;
}
} else {
- for (j = 0; j < HLL_REGISTERS; j++) {
+ for(j = 0; j < HLL_REGISTERS; j++) {
unsigned long reg;
-
HLL_DENSE_GET_REGISTER(reg,registers,j);
- if (reg == 0) {
- ez++;
- /* Increment E at the end of the loop. */
- } else {
- E += PE[reg]; /* Precomputed 2^(-reg[j]). */
- }
+ regHisto[reg] += 1;
}
- E += ez; /* Add 2^0 'ez' times. */
}
- *ezp = ez;
- return E;
}
/* ================== Sparse representation implementation ================= */
@@ -903,76 +902,96 @@ int hllSparseAdd(robj *o, unsigned char *ele, size_t elesize) {
return hllSparseSet(o,index,count);
}
-/* Compute SUM(2^-reg) in the sparse representation.
- * PE is an array with a pre-computer table of values 2^-reg indexed by reg.
- * As a side effect the integer pointed by 'ezp' is set to the number
- * of zero registers. */
-double hllSparseSum(uint8_t *sparse, int sparselen, double *PE, int *ezp, int *invalid) {
- double E = 0;
- int ez = 0, idx = 0, runlen, regval;
+/* Compute the register histogram in the sparse representation. */
+void hllSparseRegHisto(uint8_t *sparse, int sparselen, int *invalid, int* regHisto) {
+ int idx = 0, runlen, regval;
uint8_t *end = sparse+sparselen, *p = sparse;
while(p < end) {
if (HLL_SPARSE_IS_ZERO(p)) {
runlen = HLL_SPARSE_ZERO_LEN(p);
idx += runlen;
- ez += runlen;
- /* Increment E at the end of the loop. */
+ regHisto[0] += runlen;
p++;
} else if (HLL_SPARSE_IS_XZERO(p)) {
runlen = HLL_SPARSE_XZERO_LEN(p);
idx += runlen;
- ez += runlen;
- /* Increment E at the end of the loop. */
+ regHisto[0] += runlen;
p += 2;
} else {
runlen = HLL_SPARSE_VAL_LEN(p);
regval = HLL_SPARSE_VAL_VALUE(p);
idx += runlen;
- E += PE[regval]*runlen;
+ regHisto[regval] += runlen;
p++;
}
}
if (idx != HLL_REGISTERS && invalid) *invalid = 1;
- E += ez; /* Add 2^0 'ez' times. */
- *ezp = ez;
- return E;
}
/* ========================= HyperLogLog Count ==============================
* This is the core of the algorithm where the approximated count is computed.
- * The function uses the lower level hllDenseSum() and hllSparseSum() functions
- * as helpers to compute the SUM(2^-reg) part of the computation, which is
- * representation-specific, while all the rest is common. */
-
-/* Implements the SUM operation for uint8_t data type which is only used
- * internally as speedup for PFCOUNT with multiple keys. */
-double hllRawSum(uint8_t *registers, double *PE, int *ezp) {
- double E = 0;
- int j, ez = 0;
+ * The function uses the lower level hllDenseRegHisto() and hllSparseRegHisto()
+ * functions as helpers to compute histogram of register values part of the
+ * computation, which is representation-specific, while all the rest is common. */
+
+/* Implements the register histogram calculation for uint8_t data type
+ * which is only used internally as speedup for PFCOUNT with multiple keys. */
+void hllRawRegHisto(uint8_t *registers, int* regHisto) {
uint64_t *word = (uint64_t*) registers;
uint8_t *bytes;
+ int j;
for (j = 0; j < HLL_REGISTERS/8; j++) {
if (*word == 0) {
- ez += 8;
+ regHisto[0] += 8;
} else {
bytes = (uint8_t*) word;
- if (bytes[0]) E += PE[bytes[0]]; else ez++;
- if (bytes[1]) E += PE[bytes[1]]; else ez++;
- if (bytes[2]) E += PE[bytes[2]]; else ez++;
- if (bytes[3]) E += PE[bytes[3]]; else ez++;
- if (bytes[4]) E += PE[bytes[4]]; else ez++;
- if (bytes[5]) E += PE[bytes[5]]; else ez++;
- if (bytes[6]) E += PE[bytes[6]]; else ez++;
- if (bytes[7]) E += PE[bytes[7]]; else ez++;
+ regHisto[bytes[0]] += 1;
+ regHisto[bytes[1]] += 1;
+ regHisto[bytes[2]] += 1;
+ regHisto[bytes[3]] += 1;
+ regHisto[bytes[4]] += 1;
+ regHisto[bytes[5]] += 1;
+ regHisto[bytes[6]] += 1;
+ regHisto[bytes[7]] += 1;
}
word++;
}
- E += ez; /* 2^(-reg[j]) is 1 when m is 0, add it 'ez' times for every
- zero register in the HLL. */
- *ezp = ez;
- return E;
+}
+
+/* Helper function sigma as defined in
+ * "New cardinality estimation algorithms for HyperLogLog sketches"
+ * Otmar Ertl, arXiv:1702.01284 */
+double hllSigma(double x) {
+ if (x == 1.) return INFINITY;
+ double zPrime;
+ double y = 1;
+ double z = x;
+ do {
+ x *= x;
+ zPrime = z;
+ z += x * y;
+ y += y;
+ } while(zPrime != z);
+ return z;
+}
+
+/* Helper function tau as defined in
+ * "New cardinality estimation algorithms for HyperLogLog sketches"
+ * Otmar Ertl, arXiv:1702.01284 */
+double hllTau(double x) {
+ if (x == 0. || x == 1.) return 0.;
+ double zPrime;
+ double y = 1.0;
+ double z = 1 - x;
+ do {
+ x = sqrt(x);
+ zPrime = z;
+ y *= 0.5;
+ z -= pow(1 - x, 2)*y;
+ } while(zPrime != z);
+ return z / 3;
}
/* Return the approximated cardinality of the set based on the harmonic
@@ -988,49 +1007,34 @@ double hllRawSum(uint8_t *registers, double *PE, int *ezp) {
* keys (no need to work with 6-bit integers encoding). */
uint64_t hllCount(struct hllhdr *hdr, int *invalid) {
double m = HLL_REGISTERS;
- double E, alpha = 0.7213/(1+1.079/m);
- int j, ez; /* Number of registers equal to 0. */
-
- /* We precompute 2^(-reg[j]) in a small table in order to
- * speedup the computation of SUM(2^-register[0..i]). */
- static int initialized = 0;
- static double PE[64];
- if (!initialized) {
- PE[0] = 1; /* 2^(-reg[j]) is 1 when m is 0. */
- for (j = 1; j < 64; j++) {
- /* 2^(-reg[j]) is the same as 1/2^reg[j]. */
- PE[j] = 1.0/(1ULL << j);
- }
- initialized = 1;
- }
+ double E;
+ int j;
+ double alphaInf = 0.5 / log(2.);
+ int regHisto[HLL_Q+2] = {0};
- /* Compute SUM(2^-register[0..i]). */
+ /* Compute register histogram */
if (hdr->encoding == HLL_DENSE) {
- E = hllDenseSum(hdr->registers,PE,&ez);
+ hllDenseRegHisto(hdr->registers,regHisto);
} else if (hdr->encoding == HLL_SPARSE) {
- E = hllSparseSum(hdr->registers,
- sdslen((sds)hdr)-HLL_HDR_SIZE,PE,&ez,invalid);
+ hllSparseRegHisto(hdr->registers,
+ sdslen((sds)hdr)-HLL_HDR_SIZE,invalid,regHisto);
} else if (hdr->encoding == HLL_RAW) {
- E = hllRawSum(hdr->registers,PE,&ez);
+ hllRawRegHisto(hdr->registers,regHisto);
} else {
serverPanic("Unknown HyperLogLog encoding in hllCount()");
}
- /* Apply loglog-beta to the raw estimate. See:
- * "LogLog-Beta and More: A New Algorithm for Cardinality Estimation
- * Based on LogLog Counting" Jason Qin, Denys Kim, Yumei Tung
- * arXiv:1612.02284 */
- double zl = log(ez + 1);
- double beta = -0.370393911*ez +
- 0.070471823*zl +
- 0.17393686*pow(zl,2) +
- 0.16339839*pow(zl,3) +
- -0.09237745*pow(zl,4) +
- 0.03738027*pow(zl,5) +
- -0.005384159*pow(zl,6) +
- 0.00042419*pow(zl,7);
-
- E = llroundl(alpha*m*(m-ez)*(1/(E+beta)));
+ /* Estimate cardinality form register histogram. See:
+ * "New cardinality estimation algorithms for HyperLogLog sketches"
+ * Otmar Ertl, arXiv:1702.01284 */
+ double z = m * hllTau((m-regHisto[HLL_Q+1])/(double)m);
+ for (j = HLL_Q; j >= 1; --j) {
+ z += regHisto[j];
+ z *= 0.5;
+ }
+ z += m * hllSigma(regHisto[0]/(double)m);
+ E = llroundl(alphaInf*m*m/z);
+
return (uint64_t) E;
}

2
macros.redis Normal file
View File

@ -0,0 +1,2 @@
%redis_modules_abi 1
%redis_modules_dir %{_libdir}/redis/modules

13
modify-aarch64-architecture-jemalloc-page-size-from-4k-to-64k.patch
View File

@ -1,13 +0,0 @@
diff --git a/deps/Makefile b/deps/Makefile
index e148a33..f1855f3 100644
--- a/deps/Makefile
+++ b/deps/Makefile
@@ -77,7 +77,7 @@ JEMALLOC_LDFLAGS= $(LDFLAGS)
jemalloc: .make-prerequisites
@printf '%b %b\n' $(MAKECOLOR)MAKE$(ENDCOLOR) $(BINCOLOR)$@$(ENDCOLOR)
- cd jemalloc && ./configure --with-lg-quantum=3 --with-jemalloc-prefix=je_ --enable-cc-silence CFLAGS="$(JEMALLOC_CFLAGS)" LDFLAGS="$(JEMALLOC_LDFLAGS)"
+ cd jemalloc && ./configure --with-lg-quantum=3 --with-jemalloc-prefix=je_ --enable-cc-silence CFLAGS="$(JEMALLOC_CFLAGS)" LDFLAGS="$(JEMALLOC_LDFLAGS)" --with-lg-page=16
cd jemalloc && $(MAKE) CFLAGS="$(JEMALLOC_CFLAGS)" LDFLAGS="$(JEMALLOC_LDFLAGS)" lib/libjemalloc.a
.PHONY: jemalloc

BIN
redis-4.0.14.tar.gz
View File

Binary file not shown.

BIN
redis-7.2.7.tar.gz Normal file
View File

Binary file not shown.

BIN
redis-doc-3541d0e.tar.gz Normal file
View File

Binary file not shown.

14
redis-limit-systemd Normal file
View File

@ -0,0 +1,14 @@
# If you need to change max open file limit
# for example, when you change maxclient in configuration
# you can change the LimitNOFILE value below.
# See "man systemd.exec" for more information.
# Slave nodes on large system may take lot of time to start.
# You may need to uncomment TimeoutStartSec and TimeoutStopSec
# directives below and raise their value.
# See "man systemd.service" for more information.
[Service]
LimitNOFILE=10240
#TimeoutStartSec=90s
#TimeoutStopSec=90s

5
redis-sentinel.service
View File

@ -1,9 +1,11 @@
[Unit]
Description=Redis Sentinel
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/bin/redis-sentinel /etc/redis-sentinel.conf --supervised systemd
ExecStart=/usr/bin/redis-sentinel /etc/redis-sentinel.conf --daemonize no --supervised systemd
Type=notify
User=redis
Group=redis
@ -12,3 +14,4 @@ RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target

4
redis.service
View File

@ -1,9 +1,11 @@
[Unit]
Description=Redis persistent key-value database
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/bin/redis-server /etc/redis.conf --supervised systemd
ExecStart=/usr/bin/redis-server /etc/redis.conf --daemonize no --supervised systemd
Type=notify
User=redis
Group=redis

190
redis.spec
View File

@ -1,32 +1,35 @@
Name: redis
Version: 4.0.14
Release: 7
Summary: A persistent key-value database
License: BSD-3-Clause and MIT
URL: https://redis.io
Source0: http://download.redis.io/releases/%{name}-%{version}.tar.gz
Source1: %{name}.logrotate
Source2: %{name}-sentinel.service
Source3: %{name}.service
# Commit IDs for the (unversioned) redis-doc repository
# https://fedoraproject.org/wiki/Packaging:SourceURL "Commit Revision"
%global doc_commit 3541d0e20cc4bb7873bdbf51a7717757b806577f
%global short_doc_commit %(c=%{doc_commit}; echo ${c:0:7})
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
Patch0001: CVE-2020-14147.patch
Patch0002: improved-HyperLogLog-cardinality-estimation.patch
Patch0003: Aesthetic-changes-to-PR.patch
Patch0004: CVE-2019-10193.patch
Patch0005: modify-aarch64-architecture-jemalloc-page-size-from-4k-to-64k.patch
Patch0006: huawei-deps-jemalloc-support-riscv.patch
Patch0007: CVE-2021-21309.patch
Patch0008: CVE-2021-3470.patch
Patch0009: CVE-2021-29478.patch
Patch0010: CVE-2021-32672.patch
Patch0011: CVE-2022-36021.patch
Patch0012: CVE-2023-28856.patch
Patch0013: CVE-2022-24834.patch
Patch0014: CVE-2023-45145.patch
Patch0015: CVE-2024-31228.patch
Patch0016: CVE-2024-31449.patch
Name: redis
Version: 7.2.7
Release: 1
Summary: A persistent key-value database
# redis, hiredis: BSD-3-Clause
# hdrhistogram, jemalloc, lzf, linenoise: BSD-2-Clause
# lua: MIT
# fpconv: BSL-1.0
License: BSD-3-Clause AND BSD-2-Clause AND MIT AND BSL-1.0 AND CC-BY-SA-4.0
URL: https://redis.io
Source0: http://download.redis.io/releases/%{name}-%{version}.tar.gz
Source1: %{name}.logrotate
Source2: %{name}-sentinel.service
Source3: %{name}.service
Source4: %{name}-limit-systemd
Source5: macros.%{name}
Source6: https://github.com/%{name}/%{name}-doc/archive/%{doc_commit}/%{name}-doc-%{short_doc_commit}.tar.gz
# https://github.com/redis/redis/pull/3491 - man pages
Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch
BuildRequires: systemd gcc
BuildRequires: systemd
BuildRequires: systemd-devel
BuildRequires: gcc
BuildRequires: make
BuildRequires: openssl-devel
Requires: /bin/awk
Requires: logrotate
Requires(pre): shadow-utils
@ -34,55 +37,106 @@ Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%global redis_modules_abi 1
%global redis_modules_dir %{_libdir}/%{name}/modules
Provides: redis(modules_abi)%{?_isa} = %{redis_modules_abi}
%description
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes
,lists, sets anorted sets.
%prep
%setup
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
%patch0004 -p1
%ifarch aarch64
%patch0005 -p1
%endif
%patch0006 -p1
%patch0007 -p1
%patch0008 -p1
%patch0009 -p1
%patch0010 -p1
%patch0011 -p1
%patch0012 -p1
%patch0013 -p1
%patch0014 -p1
%patch0015 -p1
%patch0016 -p1
%ifarch loongarch64
%_update_config_guess
%_update_config_sub
%endif
%setup -q -n %{name}-%{version} -b 6
mv ../%{name}-doc-%{doc_commit} doc
%patch -P0001 -p1
mv deps/lua/COPYRIGHT COPYRIGHT-lua
mv deps/jemalloc/COPYING COPYING-jemalloc
mv deps/hiredis/COPYING COPYING-hiredis
mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram
mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram
mv deps/fpconv/LICENSE.txt LICENSE-fpconv
# Configuration file changes
sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf
sed -i -e '$ alogfile /var/log/redis/sentinel.log' sentinel.conf
sed -i -e 's|^logfile .*$|logfile /var/log/redis/sentinel.log|g' sentinel.conf
sed -i -e 's|^dir .*$|dir /var/lib/redis|g' redis.conf
# See https://bugzilla.redhat.com/2240293
# See https://src.fedoraproject.org/rpms/jemalloc/blob/rawhide/f/jemalloc.spec#_34
%ifarch %ix86 %arm x86_64 s390x
sed -e 's/--with-lg-quantum/--with-lg-page=12 --with-lg-quantum/' -i deps/Makefile
%endif
%ifarch ppc64 ppc64le aarch64
sed -e 's/--with-lg-quantum/--with-lg-page=16 --with-lg-quantum/' -i deps/Makefile
%endif
# Module API version safety check
api=`sed -n -e 's/#define REDISMODULE_APIVER_[0-9][0-9]* //p' src/redismodule.h`
if test "$api" != "%{redis_modules_abi}"; then
: Error: Upstream API version is now ${api}, expecting %%{redis_modules_abi}.
: Update the redis_modules_abi macro, the rpmmacros file, and rebuild.
exit 1
fi
%global make_flags DEBUG="" V="echo" LDFLAGS="%{?__global_ldflags}" CFLAGS+="%{optflags} -fPIC" INSTALL="install -p" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes
%build
make
%make_build %{make_flags} all
%install
%make_install PREFIX=%{buildroot}%{_prefix}
make %{make_flags} install
# Filesystem.
install -d %{buildroot}%{_sharedstatedir}/%{name}
install -d %{buildroot}%{_localstatedir}/log/%{name}
install -d %{buildroot}%{_localstatedir}/run/%{name}
install -d %{buildroot}%{_libdir}/%{name}/modules
# Install logrotate file.
install -pDm644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
# Install systemd unit files.
mkdir -p %{buildroot}%{_unitdir}
install -pm644 %{SOURCE2} %{buildroot}%{_unitdir}
install -pm644 %{SOURCE3} %{buildroot}%{_unitdir}
install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
# Install configuration files.
install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}-sentinel.conf
# Install systemd limit files (requires systemd >= 204)
install -p -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d/limit.conf
install -p -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/systemd/system/%{name}-sentinel.service.d/limit.conf
# Fix non-standard-executable-perm error.
chmod 755 %{buildroot}%{_bindir}/%{name}-*
# Install redis module header
install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h
# Install man pages
man=$(dirname %{buildroot}%{_mandir})
for page in man/man?/*; do
install -Dpm644 $page $man/$page
done
ln -s redis-server.1 %{buildroot}%{_mandir}/man1/redis-sentinel.1
ln -s redis.conf.5 %{buildroot}%{_mandir}/man5/redis-sentinel.conf.5
# Install documentation and html pages
doc=$(echo %{buildroot}/%{_docdir}/%{name})
for page in 00-RELEASENOTES BUGS MANIFESTO *.md; do
install -Dpm644 $page $doc/$page
done
for page in $(find doc -name \*.md | sed -e 's|.md$||g'); do
base=$(echo $page | sed -e 's|doc/||g')
install -Dpm644 $page.md $doc/$base.md
done
# Install rpm macros for redis modules
mkdir -p %{buildroot}%{macrosdir}
install -pDm644 %{SOURCE5} %{buildroot}%{macrosdir}/macros.%{name}
%pre
getent group %{name} &> /dev/null || \
groupadd -r %{name} &> /dev/null
@ -106,7 +160,12 @@ exit 0
%files
%license COPYING
%doc BUGS README.md 00-RELEASENOTES MANIFESTO CONTRIBUTING
%license COPYRIGHT-lua
%license COPYING-jemalloc
%license COPYING-hiredis
%license LICENSE-hdrhistogram
%license COPYING-hdrhistogram
%license LICENSE-fpconv
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}.conf
%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}-sentinel.conf
@ -117,8 +176,29 @@ exit 0
%{_bindir}/%{name}-*
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}-sentinel.service
%dir %{_sysconfdir}/systemd/system/%{name}.service.d
%config(noreplace) %{_sysconfdir}/systemd/system/%{name}.service.d/limit.conf
%dir %{_sysconfdir}/systemd/system/%{name}-sentinel.service.d
%config(noreplace) %{_sysconfdir}/systemd/system/%{name}-sentinel.service.d/limit.conf
%{_mandir}/man1/%{name}*
%{_mandir}/man5/%{name}*
%{_includedir}/%{name}module.h
%{macrosdir}/*
# specific for documentation (CC-BY-SA)
%license doc/LICENSE
%docdir %{_docdir}/%{name}
%{_docdir}/%{name}
%changelog
* Wed Feb 12 2025 wangkai <13474090681@163.com> - 7.2.7-1
- Update to 7.2.7
- Fix CVE-2021-32626 CVE-2021-32627 CVE-2021-32762 CVE-2021-32675
CVE-2021-41099 CVE-2021-32628 CVE-2021-32687 CVE-2022-24735
CVE-2022-24736 CVE-2022-3647 CVE-2022-3734 CVE-2022-35977
CVE-2023-25155 CVE-2024-46981
* Wed Oct 09 2024 yaoxin <yao_xin001@hoperun.com> - 4.0.14-7
- Fix CVE-2023-45145,CVE-2024-31228 and CVE-2024-31449