!14 [sync] PR-9: Update to1.0.2 for fix CVE-2021-32765

From: @openeuler-sync-bot
Reviewed-by: @overweight
Signed-off-by: @overweight

0001-build-do-not-assume-that-INSTALL-is-cp.patch

@@ -1,39 +0,0 @@
-From 725a96aaa247cae90f46753ca85dadbf22a64e5f Mon Sep 17 00:00:00 2001
-From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
-Date: Mon, 30 Oct 2017 10:19:47 +0100
-Subject: [PATCH] build: do not assume that INSTALL is cp
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-INSTALL is supposed to be `install` in most of the cases which
-doesn't work with directories, but works perfectly with files.
-
-Don't do this assumption.
-
-Reported-by: Jiří Vymazal <jvymazal@redhat.com>
-References: https://bugzilla.redhat.com/show_bug.cgi?id=1506251
-Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
----
- Makefile | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 781a41d..c6eb229 100644
---- a/Makefile
-+++ b/Makefile
-@@ -181,8 +181,9 @@ $(PKGCONFNAME): hiredis.h
- 	@echo Cflags: -I\$${includedir} -D_FILE_OFFSET_BITS=64 >> $@
- 
- install: $(DYLIBNAME) $(STLIBNAME) $(PKGCONFNAME)
--	mkdir -p $(INSTALL_INCLUDE_PATH) $(INSTALL_LIBRARY_PATH)
--	$(INSTALL) hiredis.h async.h read.h sds.h adapters $(INSTALL_INCLUDE_PATH)
-+	mkdir -p $(INSTALL_INCLUDE_PATH) $(INSTALL_INCLUDE_PATH)/adapters $(INSTALL_LIBRARY_PATH)
-+	$(INSTALL) hiredis.h async.h read.h sds.h $(INSTALL_INCLUDE_PATH)
-+	$(INSTALL) adapters/*.h $(INSTALL_INCLUDE_PATH)/adapters
- 	$(INSTALL) $(DYLIBNAME) $(INSTALL_LIBRARY_PATH)/$(DYLIB_MINOR_NAME)
- 	cd $(INSTALL_LIBRARY_PATH) && ln -sf $(DYLIB_MINOR_NAME) $(DYLIBNAME)
- 	$(INSTALL) $(STLIBNAME) $(INSTALL_LIBRARY_PATH)
--- 
-2.14.3
-

CVE-2020-7105.patch

@@ -1,42 +0,0 @@
-diff -Nur hiredis-0.13.3.orig/async.c hiredis-0.13.3/async.c
---- hiredis-0.13.3.orig/async.c	2015-09-16 18:25:02.000000000 +0800
-+++ hiredis-0.13.3/async.c	2020-03-17 11:28:02.927579511 +0800
-@@ -69,6 +69,8 @@
- static void *callbackValDup(void *privdata, const void *src) {
-     ((void) privdata);
-     redisCallback *dup = malloc(sizeof(*dup));
-+    if(dup == NULL)
-+        abort();
-     memcpy(dup,src,sizeof(*dup));
-     return dup;
- }
-diff -Nur hiredis-0.13.3.orig/dict.c hiredis-0.13.3/dict.c
---- hiredis-0.13.3.orig/dict.c	2015-09-16 18:25:02.000000000 +0800
-+++ hiredis-0.13.3/dict.c	2020-03-17 11:29:44.708321131 +0800
-@@ -72,6 +72,8 @@
- /* Create a new hash table */
- static dict *dictCreate(dictType *type, void *privDataPtr) {
-     dict *ht = malloc(sizeof(*ht));
-+    if (ht == NULL)
-+        abort();
-     _dictInit(ht,type,privDataPtr);
-     return ht;
- }
-@@ -143,6 +145,8 @@
- 
-     /* Allocates the memory and stores key */
-     entry = malloc(sizeof(*entry));
-+    if (entry == NULL)
-+        abort();
-     entry->next = ht->table[index];
-     ht->table[index] = entry;
- 
-@@ -258,6 +262,8 @@
- static dictIterator *dictGetIterator(dict *ht) {
-     dictIterator *iter = malloc(sizeof(*iter));
- 
-+    if(iter == NULL)
-+        abort();
-     iter->ht = ht;
-     iter->index = -1;
-     iter->entry = NULL;

hiredis.spec

@@ -1,15 +1,13 @@
 Name:           hiredis
-Version:        0.13.3
-Release:        12
+Version:        1.0.2
+Release:        1
 Summary:        A minimalistic C client library for the Redis database
 License:        BSD
 URL:            https://github.com/redis/hiredis
-Source0:        https://github.com/redis/hiredis/archive/v0.13.3.tar.gz#/hiredis-0.13.3.tar.gz
+Source0:        https://github.com/redis/hiredis/archive/refs/tags/v%{version}.tar.gz
 BuildRequires:  gcc redis
 
-Patch0001:      0001-build-do-not-assume-that-INSTALL-is-cp.patch
-Patch0002:      CVE-2020-7105.patch
-Patch0003:      fix-heap-buffer-overflow-in-redisvFormatCommand.patch
+Patch0001:      fix-heap-buffer-overflow-in-redisvFormatCommand.patch
 
 %description
 Hiredis is a minimalistic C client library for the Redis database.
@@ -62,6 +60,9 @@ make check || true
 %{_libdir}/pkgconfig/hiredis.pc
 
 %changelog
+* Mon Oct 11 2021 houyingchao<houyingchao@huawei.com> - 1.0.2-1
+- Fix CVE-2021-32765
+
 * Fri Jun  4 2021 lingsheng<lingsheng@huawei.com> - 0.13.3-12
 - fix heap buffer overflow in redisvFormatCommand