Navigation:
Browse pkgsrc
(this page)| 2017-02-14 11:30:03 by Filip Hajny | Files touched by this commit (2) |
Log message: Update databases/redis to 3.2.8. ================================================================================ Redis 3.2.8 Released Sun Feb 12 16:11:18 CET 2017 ================================================================================ Two important bug fixes, the first of one is critical: 1. Apparently Jemalloc 4.4.0 may contain a deadlock under particular conditions. See https://github.com/antirez/redis/issues/3799. We reverted back to the previously used Jemalloc versions and plan to upgrade Jemalloc again after having more info about the cause of the bug. 2. MIGRATE could crash the server after a socket error. See for reference: https://github.com/antirez/redis/issues/3796. ================================================================================ Redis 3.2.7 Released Tue Jan 31 16:21:41 CET 2017 ================================================================================ Main bugs fixes and improvements in this release: 1. MIGRATE could incorrectly move keys between Redis Cluster nodes by turning keys with an expire set into persisting keys. This bug was introduced with the multiple-keys migration recently. It is now fixed. Only applies to Redis Cluster users that use the resharding features of Redis Cluster. 2. As Redis 4.0 beta and the unstable branch already did (for some months at this point), Redis 3.2.7 also aliases the Host: and POST commands to QUIT avoiding to process the remaining pipeline if there are pending commands. This is a security protection against a "Cross Scripting" attack, that usually involves trying to feed Redis with HTTP in order to execute commands. Example: a developer is running a local copy of Redis for development purposes. She also runs a web browser in the same computer. The web browser could send an HTTP request to http://127.0.0.1:6379 in order to access the Redis instance, since a specially crafted HTTP requesta may also be partially valid Redis protocol. However if POST and Host: break the connection, this problem should be avoided. IMPORTANT: It is important to realize that it is not impossible that another way will be found to talk with a localhost Redis using a Cross Protocol attack not involving sending POST or Host: so this is only a layer of protection but not a definitive fix for this class of issues. 3. A ziplist bug that could cause data corruption, could crash the server and MAY ALSO HAVE SECURITY IMPLICATIONS was fixed. The bug looks complex to exploit, but attacks always get worse, never better (cit). The bug is very very hard to catch in practice, it required manual analysis of the ziplist code in order to be found. However it is also possible that rarely it happened in the wild. Upgrading is required if you use LINSERT and other in-the-middle list manipulation commands. 4. We upgraded to Jemalloc 4.4.0 since the version we used to ship with Redis was an early 4.0 release of Jemalloc. This version may have several improvements including the ability to better reclaim/use the memory of system. |
| 2017-01-03 08:18:45 by Filip Hajny | Files touched by this commit (2) |
Log message: Update databases/redis to 3.2.6. This release mainly fixes three bugs: 1. A bug with BITFIELD that may cause the bitmap corruption when setting offsets larger than the current string size. 2. A GEORADIUS bug that may happen when using very large radius lengths, in the range of 10000km or alike, due to wrong bounding box calculation. 3. A bug with Redis Cluster which crashes when reading a nodes configuration file with zero bytes at the end, which sometimes happens with certain ext4 configurations after a system crash. |
| 2016-12-21 01:23:22 by David A. Holland | Files touched by this commit (1) |
Log message: minor edits for grammar/usage |
| 2016-11-14 15:30:17 by Filip Hajny | Files touched by this commit (2) |
Log message: Fix NetBSD support. Thanks to Mustafa Dogan! |
| 2016-11-03 15:13:19 by Filip Hajny | Files touched by this commit (2) |
Log message:
Update databases/redis to 3.2.5.
Redis 3.2.5 Released Wed Oct 26 09:16:40 CEST 2016
===========================================================================
Upgrade urgency LOW: This release only fixes a compilation issue due to the
missing -ldl at linking time.
zach shipko in commit 4736407:
BSDs don't have -ldl
1 file changed, 15 insertions(+), 5 deletions(-)
antirez in commit 9ada818:
Fix modules compilation when libc malloc is used.
1 file changed, 2 insertions(+), 2 deletions(-)
|
| 2016-09-26 15:35:43 by Filip Hajny | Files touched by this commit (2) |
Log message: Update databases/redis to 3.2.4. This is a Redis critical release in order to fix a security issue which is documented clearly here: https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977 Thanks to Cory Duplantis of Cisco Talos for reporting the issue. IMPACT: The gist is that using CONFIG SET calls (or by manipulating redis.conf) an attacker is able to compromise certain fields of the "server" global structure, including the aof filename pointer, that could be made pointing to something else. In turn the AOF name is used in different contexts such as logging, rename(2) and open(2) syscalls, leading to potential problems. Please note that since having access to CONFIG SET also means to be able to change the AOF filename (and many other things) directly, this issue actual real world impact is quite small, so I would not panik: if you have CONFIG SET level of access, you can do more and more easily. AFFECTED VERSIONS: - All Redis 3.2.x versions are affected. OTHER CHANGES IN THIS RELEASE: - TCP binding bug fixed when only certain addresses were available for a given port. - A much better crash report that includes part of the Redis binary: this will allow to fix bugs even when we just have a crash log and no other help from the original poster oft the issue. - A fix for Redis Cluster redis-trib displaying of info after creating a new cluster. |
2016-08-09 11:11:53 by Filip Hajny | Files touched by this commit (3) |  |
Log message: Update databases/redis to 3.2.3. Redis 3.2.3 Bugfixes: - There was an inverted if statement logic problem in replication.c causing a replication delay. - Redis-cli created the history file with insecure permissions, allowing reding from the file. Redis 3.2.2 - There was a bug in the List type implementation, able to cause the crash of the server under certain (non trivial to replicate) circumstances when the LSET command was used. - Redis Sentinel, when monitoring multiple masters, could crash after a Sentinel address update event. - Redis Sentinel now checks slaves INFO state more often when disconnected. - It was possible, under a variety of conditions, that the AOF and RDB children process could spawn at the same time. This is known to trash disk I/O, AOF performances, and to ultimately create latency in the Redis server. - Many GEORADIUS bugs are now fixed \o/. New features: - Now slaves support the slave-announce-ip and slave-announce-port options. - The RDB check utlity is now part of Redis and uses the same RDB code that Redis uses in order to load the dataset in memory. |
| 2016-06-21 09:53:50 by Filip Hajny | Files touched by this commit (1) |
Log message: Fix forgotten PLIST change. |
| 2016-06-19 23:28:58 by Filip Hajny | Files touched by this commit (3) | |
Log message: Update databases/redis to 3.2.1. Upgrade urgency HIGH: Critical fix to Redis Sentinel, due to 3.2.0 regression compared to 3.0. Hey, this is Redis 3.2.1, and this release should bring some grain of maturity to Redis 3.2. The list of commits following this note will tell you the details, but the main things addressed in this release are the following: 1. A critical bug in Sentinel was hopefully fixed. During the big 3.2 refactoring of Redis Sentinel, in order to implement connection sharing to make Sentinel able to scale better (few Sentinels to monitor many masters), a bug was introduced that mis-counted the number of pending commands in the Redis link. This in turn resulted into an inability to talk with certain Redis instances. A common result of this bug was the inability of Redis Sentinel to reconfigure back the old master, after a failover, when it is reachable again, as the slave of the new master. This was due to the inability to talk with the old master at all. 2. BITFIELD bugs fixed. 3. GEO commands fixes on syntax errors and edge cases. 4. RESTORE now accepts dumps generated by older Redis versions. 5. Jemalloc now is really configured to save you memory, for a problem a change in the jemalloc configuration did not really survived when the 3.2.0 release was finalized. 6. TTL and TYPE command no longer alter the last access time of a key, for LRU evictions purposes. A new TOUCH command was introduced *just* to update the access time of a key. 7. A bug was fixed in redis-cli, that connected to the instance running on the port 6379 if there was one, regardless of what was specified. 8. TCP keep alive is now enabled by default. This should fix most ghost connections problems without resulting in any practical change in otherwise sane deployments. 9. A Sentinel crash that could happen during failovers was fixed. |
| 2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89) |
Log message: Remove the stability entity, it has no meaning outside of an official context. |
New packages: