antirez 299d5a4b2c Security: fix Lua struct package offset handling. | há 6 anos atrás | |
---|---|---|
.. | ||
geohash-int | há 8 anos atrás | |
hiredis | há 9 anos atrás | |
jemalloc | há 7 anos atrás | |
linenoise | há 8 anos atrás | |
lua | há 6 anos atrás | |
Makefile | há 8 anos atrás | |
README.md | há 9 anos atrás | |
update-jemalloc.sh | há 10 anos atrás |
This directory contains all Redis dependencies, except for the libc that should be provided by the operating system.
Jemalloc is unmodified. We only change settings via the configure
script of Jemalloc using the --with-lg-quantum
option, setting it to the value of 3 instead of 4. This provides us with more size classes that better suit the Redis data structures, in order to gain memory efficiency.
So in order to upgrade jemalloc:
This is never upgraded since it's part of the Redis project. If there are changes to merge from Ardb there is the need to manually check differences, but at this point the source code is pretty different.
Hiredis uses the SDS string library, that must be the same version used inside Redis itself. Hiredis is also very critical for Sentinel. Historically Redis often used forked versions of hiredis in a way or the other. In order to upgrade it is adviced to take a lot of care:
Linenoise is rarely upgraded as needed. The upgrade process is trivial since Redis uses a non modified version of linenoise, so to upgrade just do the following:
We use Lua 5.1 and no upgrade is planned currently, since we don't want to break Lua scripts for new Lua features: in the context of Redis Lua scripts the capabilities of 5.1 are usually more than enough, the release is rock solid, and we definitely don't want to break old scripts.
So upgrading of Lua is up to the Redis project maintainers and should be a manual procedure performed by taking a diff between the different versions.
Currently we have at least the following differences between official Lua 5.1 and our version:
lua_cjson.o
, lua_struct.o
, lua_cmsgpack.o
and lua_bit.o
.ldo.c
, line 498: The check for LUA_SIGNATURE[0]
is removed in order toa void direct bytecode exectuion.