CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-04 16:10:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
6be10fe608
meta-openembedded/meta-oe
History
Armin Kuster 6be10fe608 redis: update to 5.0.14 
Bug fix only updates. see: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES

Including these cves:

5.0.14
Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
overflow [reported by Meir Shpilraien].

5.0.11
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.

5.0.10
This release fixes a potential heap overflow when using a heap allocator other
than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963

Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-10-29 07:34:58 -07:00
..
classes gitpkgv.bbclass: Add support for extending the supported tag formats 2020-01-17 15:44:06 -08:00
conf debsums: Depend on po4a-native 2020-03-29 17:32:21 -07:00
dynamic-layers gperftools: Do not build on riscv 2020-04-25 08:32:41 -07:00
lib/oeqa/selftest/cases meta-oe: add selftest for sources.oe.org 2018-11-14 21:06:57 -08:00
licenses wxwidgets: initial add 3.1.3 2020-04-01 15:11:15 -07:00
recipes-benchmark fio: disable compiler optimizations for x86 arch 2020-03-13 10:57:21 -07:00
recipes-bsp flashrom: Fix build failure with glibc 2.32 2020-07-30 21:25:51 -07:00
recipes-connectivity gattlib: Place pkgconfig file in correct package 2021-10-14 13:57:41 -07:00
recipes-core packagegroup-meta-oe: add guider 2021-04-07 08:55:15 -07:00
recipes-crypto libmcrypt: set CLEANBROKEN 2020-07-12 19:20:17 -07:00
recipes-dbs mariadb: update to 10.4.20 2021-07-21 09:25:14 -07:00
recipes-devtools php: move to version 7.4.21 2021-08-14 13:54:01 -07:00
recipes-extended redis: update to 5.0.14 2021-10-29 07:34:58 -07:00
recipes-gnome gmime: upgrade 3.2.5 -> 3.2.6 2020-02-27 17:24:19 -08:00
recipes-graphics xterm: Security fix for CVE-2021-27135 2021-08-24 21:25:43 -07:00
recipes-kernel minicoredumper: update SRC_URI to use github instead 2020-07-12 19:20:37 -07:00
recipes-multimedia mpv: fetch waf in do_fetch 2020-11-09 19:09:03 -08:00
recipes-navigation gpsd: mark CLEANBROKEN 2021-01-31 09:42:35 -08:00
recipes-printing qpdf: fix typo in RDEPENDS 2020-06-12 09:32:04 -07:00
recipes-security passwdqc: remove double modify operation 2020-06-12 09:32:24 -07:00
recipes-shells mksh: upgrade 57 -> 58 2020-04-14 21:26:57 -07:00
recipes-support dstat: Add missing python-six runtime dependency 2021-09-20 15:52:10 -07:00
recipes-test cunit: fix upstream check URL 2020-04-05 10:38:14 -07:00
COPYING.MIT
README meta-oe/README: add Ubuntu prerequisite information 2021-02-15 08:21:20 -08:00

README 

meta-oe
=======

This layer depends on:

URI: git://github.com/openembedded/openembedded-core.git
branch: dunfell
revision: HEAD

luajit recipe requires host compiler to be able to generate 32bit code when target is 32bit
e.g. arm, so ensure that $CC -m32 is functional on build host, if building this recipe, needed
packages to fullfit this might have different names on different host distributions
e.g. on archlinux based distributions install prerequisites like below

pacman -S lib32-gcc-libs lib32-glibc

Ubuntu
sudo apt-get install gcc-multilib

Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe][dunfell]' in the subject'

When sending single patches, please use something like:
'git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix=meta-oe][dunfell][PATCH'

You are encouraged to fork the mirror on GitHub https://github.com/openembedded/meta-openembedded
to share your patches, this is preferred for patch sets consisting of more than one patch.

Other services like GitLab, repo.or.cz or self-hosted setups are of course accepted as well,
'git fetch <remote>' works the same on all of them. We recommend GitHub because it is free, easy
to use, has been proven to be reliable and has a really good web GUI.

dunfell maintainer: Armin Kuster <akuster808@gmail.com>