diff --git ../debian/patches/CVE-2018-11218.patch debian/patches/CVE-2018-11218.patch index 65cdd8c..9a7bd7e 100644 --- ../debian/patches/CVE-2018-11218.patch +++ debian/patches/CVE-2018-11218.patch @@ -64,19 +64,17 @@ even after the fix. Thank you to the Apple team and to the other persons that helped me checking the patch and coordinating this communication. -diff --git a/deps/lua/src/lua_cmsgpack.c b/deps/lua/src/lua_cmsgpack.c -index 0b82d00..035e819 100644 --- a/deps/lua/src/lua_cmsgpack.c +++ b/deps/lua/src/lua_cmsgpack.c -@@ -387,6 +387,7 @@ void mp_encode_lua_table_as_array(lua_State *L, mp_buf *buf, int level) { +@@ -385,6 +385,7 @@ void mp_encode_lua_table_as_array(lua_St #endif - mp_encode_array(buf,len); + mp_encode_array(L,buf,len); + luaL_checkstack(L, 1, "in function mp_encode_lua_table_as_array"); for (j = 1; j <= len; j++) { lua_pushnumber(L,j); lua_gettable(L,-2); -@@ -402,6 +403,7 @@ void mp_encode_lua_table_as_map(lua_State *L, mp_buf *buf, int level) { +@@ -400,6 +401,7 @@ void mp_encode_lua_table_as_map(lua_Stat * Lua API, we need to iterate a first time. Note that an alternative * would be to do a single run, and then hack the buffer to insert the * map opcodes for message pack. Too hackish for this lib. */ @@ -84,7 +82,7 @@ index 0b82d00..035e819 100644 lua_pushnil(L); while(lua_next(L,-2)) { lua_pop(L,1); /* remove value, keep key for next iteration. */ -@@ -518,10 +520,14 @@ int mp_pack(lua_State *L) { +@@ -515,10 +517,14 @@ int mp_pack(lua_State *L) { if (nargs == 0) return luaL_argerror(L, 0, "MessagePack pack needs input."); @@ -99,7 +97,7 @@ index 0b82d00..035e819 100644 lua_pushvalue(L, i); mp_encode_lua_type(L,buf,0); -@@ -550,6 +556,7 @@ void mp_decode_to_lua_array(lua_State *L, mp_cur *c, size_t len) { +@@ -547,6 +553,7 @@ void mp_decode_to_lua_array(lua_State *L int index = 1; lua_newtable(L); @@ -107,7 +105,7 @@ index 0b82d00..035e819 100644 while(len--) { lua_pushnumber(L,index++); mp_decode_to_lua_type(L,c); -@@ -824,6 +831,9 @@ int mp_unpack_full(lua_State *L, int limit, int offset) { +@@ -821,6 +828,9 @@ int mp_unpack_full(lua_State *L, int lim * subtract the entire buffer size from the unprocessed size * to get our next start offset */ int offset = len - c.left; diff --git ../debian/patches/CVE-2018-12326.patch debian/patches/CVE-2018-12326.patch index 6704c1d..3244a7c 100644 --- ../debian/patches/CVE-2018-12326.patch +++ debian/patches/CVE-2018-12326.patch @@ -9,33 +9,34 @@ static buffer only at the end. Origin: upstream, https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50 diff --git a/src/redis-cli.c b/src/redis-cli.c -index 93a0900..cd26463 100644 +index 1f8018ac7e7..cd3f47d6214 100644 --- a/src/redis-cli.c +++ b/src/redis-cli.c -@@ -139,20 +139,23 @@ static long long mstime(void) { +@@ -152,20 +152,25 @@ static long long mstime(void) { } static void cliRefreshPrompt(void) { - int len; - + if (config.eval_ldb) return; - if (config.hostsocket != NULL) - len = snprintf(config.prompt,sizeof(config.prompt),"redis %s", - config.hostsocket); - else -- len = snprintf(config.prompt,sizeof(config.prompt), -- strchr(config.hostip,':') ? "[%s]:%d" : "%s:%d", -- config.hostip, config.hostport); +- len = anetFormatAddr(config.prompt, sizeof(config.prompt), +- config.hostip, config.hostport); ++ + sds prompt = sdsempty(); + if (config.hostsocket != NULL) { -+ sdscatfmt(prompt,"redis %s",config.hostsocket); ++ prompt = sdscatfmt(prompt,"redis %s",config.hostsocket); + } else { + char addr[256]; -+ snprintf(addr, sizeof(addr), strchr(config.hostip,':') ? -+ "[%s]:%d" : "%s:%d", config.hostip, config.hostport); ++ anetFormatAddr(addr, sizeof(addr), config.hostip, config.hostport); + prompt = sdscatlen(prompt,addr,strlen(addr)); + } ++ /* Add [dbnum] if needed */ - if (config.dbnum != 0 && config.last_cmd_type != REDIS_REPLY_ERROR) + if (config.dbnum != 0) - len += snprintf(config.prompt+len,sizeof(config.prompt)-len,"[%d]", - config.dbnum); - snprintf(config.prompt+len,sizeof(config.prompt)-len,"> "); @@ -47,4 +48,4 @@ index 93a0900..cd26463 100644 + sdsfree(prompt); } - static sds getHistoryPath() { + /* Return the name of the dotfile for the specified 'dotfilename'.