summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPetr Vaněk <arkamar@atlas.cz>2022-10-22 11:52:31 +0200
committerJoonas Niilola <juippis@gentoo.org>2022-11-11 17:10:06 +0200
commit85442e23f002bbdbfe137a7fc15314eb6b048982 (patch)
tree5793a34bf38c3ca33c6deec5f71a362b90ff622b /dev-db/redis
parentdev-db/redis: apply recommended patch for CVE-2022-3647 to 7.0.5 (diff)
downloadgentoo-85442e23f002bbdbfe137a7fc15314eb6b048982.tar.gz
gentoo-85442e23f002bbdbfe137a7fc15314eb6b048982.tar.bz2
gentoo-85442e23f002bbdbfe137a7fc15314eb6b048982.zip
dev-db/redis: backport recommended patch for CVE-2022-3647 to 6.2.7
The original patch does not apply cleanly, it was necessary to backport it. Upstream-commit: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 Bug: https://bugs.gentoo.org/877863 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/27893 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Diffstat (limited to 'dev-db/redis')
-rw-r--r--dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch173
-rw-r--r--dev-db/redis/redis-6.2.7-r2.ebuild198
2 files changed, 371 insertions, 0 deletions
diff --git a/dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch b/dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch
new file mode 100644
index 000000000000..8c3a2358c8eb
--- /dev/null
+++ b/dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch
@@ -0,0 +1,173 @@
+This is backported patch from upstream commit for version 6.2.7 which fixes CVE-2022-3647.
+
+Upstream-commit: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3
+Bug: https://bugs.gentoo.org/877863
+
+diff --git a/src/debug.c b/src/debug.c
+index 71ef51f8b..40fffec52 100644
+--- a/src/debug.c
++++ b/src/debug.c
+@@ -1019,61 +1019,88 @@ void bugReportStart(void) {
+ }
+
+ #ifdef HAVE_BACKTRACE
+-static void *getMcontextEip(ucontext_t *uc) {
++
++/* Returns the current eip and set it to the given new value (if its not NULL) */
++static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
++#define NOT_SUPPORTED() do {\
++ UNUSED(uc);\
++ UNUSED(eip);\
++ return NULL;\
++} while(0)
++#define GET_SET_RETURN(target_var, new_val) do {\
++ void *old_val = (void*)target_var; \
++ if (new_val) { \
++ void **temp = (void**)&target_var; \
++ *temp = new_val; \
++ } \
++ return old_val; \
++} while(0)
+ #if defined(__APPLE__) && !defined(MAC_OS_X_VERSION_10_6)
+ /* OSX < 10.6 */
+ #if defined(__x86_64__)
+- return (void*) uc->uc_mcontext->__ss.__rip;
++ GET_SET_RETURN(uc->uc_mcontext->__ss.__rip, eip);
+ #elif defined(__i386__)
+- return (void*) uc->uc_mcontext->__ss.__eip;
++ GET_SET_RETURN(uc->uc_mcontext->__ss.__eip, eip);
+ #else
+- return (void*) uc->uc_mcontext->__ss.__srr0;
++ GET_SET_RETURN(uc->uc_mcontext->__ss.__srr0, eip);
+ #endif
+ #elif defined(__APPLE__) && defined(MAC_OS_X_VERSION_10_6)
+ /* OSX >= 10.6 */
+ #if defined(_STRUCT_X86_THREAD_STATE64) && !defined(__i386__)
+- return (void*) uc->uc_mcontext->__ss.__rip;
++ GET_SET_RETURN(uc->uc_mcontext->__ss.__rip, eip);
+ #elif defined(__i386__)
+- return (void*) uc->uc_mcontext->__ss.__eip;
++ GET_SET_RETURN(uc->uc_mcontext->__ss.__eip, eip);
+ #else
+ /* OSX ARM64 */
+- return (void*) arm_thread_state64_get_pc(uc->uc_mcontext->__ss);
++ void *old_val = (void*)arm_thread_state64_get_pc(uc->uc_mcontext->__ss);
++ if (eip) {
++ arm_thread_state64_set_pc_fptr(uc->uc_mcontext->__ss, eip);
++ }
++ return old_val;
+ #endif
+ #elif defined(__linux__)
+ /* Linux */
+ #if defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
+- return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
++ GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
+ #elif defined(__X86_64__) || defined(__x86_64__)
+- return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
++ GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
+ #elif defined(__ia64__) /* Linux IA64 */
+- return (void*) uc->uc_mcontext.sc_ip;
++ GET_SET_RETURN(uc->uc_mcontext.sc_ip, eip);
+ #elif defined(__arm__) /* Linux ARM */
+- return (void*) uc->uc_mcontext.arm_pc;
++ GET_SET_RETURN(uc->uc_mcontext.arm_pc, eip);
+ #elif defined(__aarch64__) /* Linux AArch64 */
+- return (void*) uc->uc_mcontext.pc;
++ GET_SET_RETURN(uc->uc_mcontext.pc, eip);
++ #else
++ NOT_SUPPORTED();
+ #endif
+ #elif defined(__FreeBSD__)
+ /* FreeBSD */
+ #if defined(__i386__)
+- return (void*) uc->uc_mcontext.mc_eip;
++ GET_SET_RETURN(uc->uc_mcontext.mc_eip, eip);
+ #elif defined(__x86_64__)
+- return (void*) uc->uc_mcontext.mc_rip;
++ GET_SET_RETURN(uc->uc_mcontext.mc_rip, eip);
++ #else
++ NOT_SUPPORTED();
+ #endif
+ #elif defined(__OpenBSD__)
+ /* OpenBSD */
+ #if defined(__i386__)
+- return (void*) uc->sc_eip;
++ GET_SET_RETURN(uc->sc_eip, eip);
+ #elif defined(__x86_64__)
+- return (void*) uc->sc_rip;
++ GET_SET_RETURN(uc->sc_rip, eip);
++ #else
++ NOT_SUPPORTED();
+ #endif
+ #elif defined(__NetBSD__)
+ #if defined(__i386__)
+- return (void*) uc->uc_mcontext.__gregs[_REG_EIP];
++ GET_SET_RETURN(uc->uc_mcontext.__gregs[_REG_EIP], eip);
+ #elif defined(__x86_64__)
+- return (void*) uc->uc_mcontext.__gregs[_REG_RIP];
++ GET_SET_RETURN(uc->uc_mcontext.__gregs[_REG_RIP], eip);
++ #else
++ NOT_SUPPORTED();
+ #endif
+ #elif defined(__DragonFly__)
+- return (void*) uc->uc_mcontext.mc_rip;
++ GET_SET_RETURN(uc->uc_mcontext.mc_rip, eip);
+ #else
+ return NULL;
+ #endif
+@@ -1800,6 +1827,10 @@ void dumpCodeAroundEIP(void *eip) {
+ }
+ }
+
++void invalidFunctionWasCalled() {}
++
++typedef void (*invalidFunctionWasCalledType)();
++
+ void sigsegvHandler(int sig, siginfo_t *info, void *secret) {
+ UNUSED(secret);
+ UNUSED(info);
+@@ -1817,13 +1848,30 @@ void sigsegvHandler(int sig, siginfo_t *info, void *secret) {
+
+ #ifdef HAVE_BACKTRACE
+ ucontext_t *uc = (ucontext_t*) secret;
+- void *eip = getMcontextEip(uc);
++ void *eip = getAndSetMcontextEip(uc, NULL);
+ if (eip != NULL) {
+ serverLog(LL_WARNING,
+ "Crashed running the instruction at: %p", eip);
+ }
+
+- logStackTrace(getMcontextEip(uc), 1);
++ if (eip == info->si_addr) {
++ /* When eip matches the bad address, it's an indication that we crashed when calling a non-mapped
++ * function pointer. In that case the call to backtrace will crash trying to access that address and we
++ * won't get a crash report logged. Set it to a valid point to avoid that crash. */
++
++ /* This trick allow to avoid compiler warning */
++ void *ptr;
++ invalidFunctionWasCalledType *ptr_ptr = (invalidFunctionWasCalledType*)&ptr;
++ *ptr_ptr = invalidFunctionWasCalled;
++ getAndSetMcontextEip(uc, ptr);
++ }
++
++ logStackTrace(eip, 1);
++
++ if (eip == info->si_addr) {
++ /* Restore old eip */
++ getAndSetMcontextEip(uc, eip);
++ }
+
+ logRegisters(uc);
+ #endif
+@@ -1918,7 +1966,7 @@ void watchdogSignalHandler(int sig, siginfo_t *info, void *secret) {
+
+ serverLogFromHandler(LL_WARNING,"\n--- WATCHDOG TIMER EXPIRED ---");
+ #ifdef HAVE_BACKTRACE
+- logStackTrace(getMcontextEip(uc), 1);
++ logStackTrace(getAndSetMcontextEip(uc, NULL), 1);
+ #else
+ serverLogFromHandler(LL_WARNING,"Sorry: no support for backtrace().");
+ #endif
+--
+2.37.4
+
diff --git a/dev-db/redis/redis-6.2.7-r2.ebuild b/dev-db/redis/redis-6.2.7-r2.ebuild
new file mode 100644
index 000000000000..012ad4d40847
--- /dev/null
+++ b/dev-db/redis/redis-6.2.7-r2.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Redis does NOT build with Lua 5.2 or newer at this time:
+# - 5.3 and 5.4 give:
+# lua_bit.c:83:2: error: #error "Unknown number type, check LUA_NUMBER_* in luaconf.h"
+# - 5.2 fails with:
+# scripting.c:(.text+0x1f9b): undefined reference to `lua_open'
+# because lua_open became lua_newstate in 5.2
+LUA_COMPAT=( lua5-1 luajit )
+
+# Upstream have deviated too far from vanilla Lua, adding their own APIs
+# like lua_enablereadonlytable, but we still need the eclass and such
+# for bug #841422.
+inherit autotools edo flag-o-matic lua-single multiprocessing systemd tmpfiles toolchain-funcs
+
+DESCRIPTION="A persistent caching system, key-value, and data structures database"
+HOMEPAGE="https://redis.io"
+SRC_URI="https://download.redis.io/releases/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
+IUSE="+jemalloc selinux ssl systemd tcmalloc test"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+ ${LUA_DEPS}
+ jemalloc? ( >=dev-libs/jemalloc-5.1:= )
+ ssl? ( dev-libs/openssl:0= )
+ systemd? ( sys-apps/systemd:= )
+ tcmalloc? ( dev-util/google-perftools )
+"
+
+RDEPEND="
+ ${COMMON_DEPEND}
+ acct-group/redis
+ acct-user/redis
+ selinux? ( sec-policy/selinux-redis )
+"
+
+BDEPEND="
+ ${COMMON_DEPEND}
+ virtual/pkgconfig
+"
+
+# Tcl is only needed in the CHOST test env
+DEPEND="
+ ${COMMON_DEPEND}
+ test? (
+ dev-lang/tcl:0=
+ ssl? ( dev-tcltk/tls )
+ )"
+
+REQUIRED_USE="?? ( jemalloc tcmalloc )
+ ${LUA_REQUIRED_USE}"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-6.2.1-config.patch
+ "${FILESDIR}"/${PN}-5.0-shared.patch
+ "${FILESDIR}"/${PN}-6.2.3-ppc-atomic.patch
+ "${FILESDIR}"/${PN}-sentinel-5.0-config.patch
+
+ # see bug 877863
+ "${FILESDIR}/${PN}-6.2.7-cve-2022-3647.patch"
+)
+
+src_prepare() {
+ default
+
+ # Copy lua modules into build dir
+ #cp "${S}"/deps/lua/src/{fpconv,lua_bit,lua_cjson,lua_cmsgpack,lua_struct,strbuf}.c "${S}"/src || die
+ #cp "${S}"/deps/lua/src/{fpconv,strbuf}.h "${S}"/src || die
+ # Append cflag for lua_cjson
+ # https://github.com/antirez/redis/commit/4fdcd213#diff-3ba529ae517f6b57803af0502f52a40bL61
+ append-cflags "-DENABLE_CJSON_GLOBAL"
+
+ # now we will rewrite present Makefiles
+ local makefiles="" MKF
+ for MKF in $(find -name 'Makefile' | cut -b 3-); do
+ mv "${MKF}" "${MKF}.in"
+ sed -i -e 's:$(CC):@CC@:g' \
+ -e 's:$(CFLAGS):@AM_CFLAGS@:g' \
+ -e 's: $(DEBUG)::g' \
+ -e 's:$(OBJARCH)::g' \
+ -e 's:ARCH:TARCH:g' \
+ -e '/^CCOPT=/s:$: $(LDFLAGS):g' \
+ "${MKF}.in" \
+ || die "Sed failed for ${MKF}"
+ makefiles+=" ${MKF}"
+ done
+ # autodetection of compiler and settings; generates the modified Makefiles
+ cp "${FILESDIR}"/configure.ac-3.2 configure.ac || die
+
+ # Use the correct pkgconfig name for Lua.
+ # The upstream configure script handles luajit specially, and is not
+ # affected by these changes.
+ sed -i \
+ -e "/^AC_INIT/s|, [0-9].+, |, $PV, |" \
+ -e "s:AC_CONFIG_FILES(\[Makefile\]):AC_CONFIG_FILES([${makefiles}]):g" \
+ -e "/PKG_CHECK_MODULES.*\<LUA\>/s,lua5.1,${ELUA},g" \
+ configure.ac || die "Sed failed for configure.ac"
+ eautoreconf
+}
+
+src_configure() {
+ econf #$(use_with lua_single_target_luajit luajit)
+
+ # Linenoise can't be built with -std=c99, see https://bugs.gentoo.org/451164
+ # also, don't define ANSI/c99 for lua twice
+ sed -i -e "s:-std=c99::g" deps/linenoise/Makefile deps/Makefile || die
+}
+
+src_compile() {
+ local myconf=""
+
+ if use jemalloc; then
+ myconf+="MALLOC=jemalloc"
+ elif use tcmalloc; then
+ myconf+="MALLOC=tcmalloc"
+ else
+ myconf+="MALLOC=libc"
+ fi
+
+ if use ssl; then
+ myconf+=" BUILD_TLS=yes"
+ fi
+
+ export USE_SYSTEMD=$(usex systemd)
+
+ tc-export AR CC RANLIB
+ emake V=1 ${myconf} AR="${AR}" CC="${CC}" RANLIB="${RANLIB}"
+}
+
+src_test() {
+ local runtestargs=(
+ --clients "$(makeopts_jobs)" # see bug #649868
+ )
+
+ if has usersandbox ${FEATURES} || ! has userpriv ${FEATURES}; then
+ ewarn "unit/oom-score-adj test will be skipped." \
+ "It is known to fail with FEATURES usersandbox or -userpriv. See bug #756382."
+
+ # unit/oom-score-adj was introduced in version 6.2.0
+ runtestargs+=( --skipunit unit/oom-score-adj ) # see bug #756382
+ fi
+
+ if use ssl; then
+ edo ./utils/gen-test-certs.sh
+ runtestargs+=( --tls )
+ fi
+
+ edo ./runtest "${runtestargs[@]}"
+}
+
+src_install() {
+ insinto /etc/redis
+ doins redis.conf sentinel.conf
+ use prefix || fowners -R redis:redis /etc/redis /etc/redis/{redis,sentinel}.conf
+ fperms 0750 /etc/redis
+ fperms 0644 /etc/redis/{redis,sentinel}.conf
+
+ newconfd "${FILESDIR}/redis.confd-r2" redis
+ newinitd "${FILESDIR}/redis.initd-6" redis
+
+ systemd_newunit "${FILESDIR}/redis.service-4" redis.service
+ newtmpfiles "${FILESDIR}/redis.tmpfiles-2" redis.conf
+
+ newconfd "${FILESDIR}/redis-sentinel.confd-r1" redis-sentinel
+ newinitd "${FILESDIR}/redis-sentinel.initd-r1" redis-sentinel
+
+ insinto /etc/logrotate.d/
+ newins "${FILESDIR}/${PN}.logrotate" ${PN}
+
+ dodoc 00-RELEASENOTES BUGS CONTRIBUTING MANIFESTO README.md
+
+ dobin src/redis-cli
+ dosbin src/redis-benchmark src/redis-server src/redis-check-aof src/redis-check-rdb
+ fperms 0750 /usr/sbin/redis-benchmark
+ dosym redis-server /usr/sbin/redis-sentinel
+
+ if use prefix; then
+ diropts -m0750
+ else
+ diropts -m0750 -o redis -g redis
+ fi
+ keepdir /var/{log,lib}/redis
+}
+
+pkg_postinst() {
+ tmpfiles_process redis.conf
+
+ ewarn "The default redis configuration file location changed to:"
+ ewarn " /etc/redis/{redis,sentinel}.conf"
+ ewarn "Please apply your changes to the new configuration files."
+}