main/redis: security fix for CVE-2015-8080

ref #4943
fixes #4944

main/redis/APKBUILD

@@ -2,7 +2,7 @@
 # Maintainer: Eivind Uggedal <eivind@uggedal.com>
 pkgname=redis
 pkgver=3.0.5
-pkgrel=0
+pkgrel=1
 pkgdesc="Advanced key-value store"
 url="http://redis.io/"
 arch="all"
@@ -15,6 +15,7 @@ subpackages=""
 pkgusers="redis"
 pkggroups="redis"
 source="http://download.redis.io/releases/$pkgname-$pkgver.tar.gz
+	CVE-2015-8080.patch
 	redis.initd
 	redis.logrotate
 	redis.confd
@@ -72,14 +73,17 @@ package() {
 
 
 md5sums="c7ba233e5f92ad2f48860c815bb05480  redis-3.0.5.tar.gz
+764d954b972a9a0eb2bdb25282246161  CVE-2015-8080.patch
 e284cbbb7fcddbcb573bcd8318366316  redis.initd
 ed0a5e40633e82c52c50f8bf0ed93ae0  redis.logrotate
 bf204d560e41b854297c60aff8d862d5  redis.confd"
 sha256sums="4c176826eee909fbdc63db1c15adc22aab42d758043829e556f4331e6a5bd480  redis-3.0.5.tar.gz
+582f0c324c63076173d5c541aa449c236ef977e59031bbb8d83cf4762547e24f  CVE-2015-8080.patch
 0cc974108792aa49c7d2cddcb0d53c4223acdf38652ffac6b6b76e835ebcaf78  redis.initd
 aa078c4757fc426710310a0688cc1ab728acb7a2afa648e28b2ecbd57d003c0d  redis.logrotate
 97d50b2bee2df995317b505d459c31fe4abe74e670028f0335febdd6e4e31486  redis.confd"
 sha512sums="f44e2bcf2f4910da9f9d9e31ec542d5816ec0ba4329efe3e5053cc0176a5a8557d905f23bd3fd37e8a6e674eaf12804613718f63cb2ca1eac2b4f9c6082acab6  redis-3.0.5.tar.gz
+34edf38a3b11d6f572f01daeb7698dca0ab75dd1cbbf5a25fc88fef15c79eb9711ef6feebf5f9c19bd614cbe4fa560df285dfd1db8089be622a97d44803736a2  CVE-2015-8080.patch
 91b663f802aea9a473195940d3bf2ce3ca2af4e5b6e61a2d28ebbfe502ef2c764b574b7e87c49e60345d1a5d6b73d12920924c93b26be110c2ce824023347b6f  redis.initd
 6d17d169b40a7e23a0a2894eff0f3e2fe8e4461b36f2a9d45468f0abd84ea1035d679b4c0a34029bce093147f9c7bb697e843c113c17769d38c934d4a78a5848  redis.logrotate
 d87aad6185300c99cc9b6a478c83bf62c450fb2c225592d74cc43a3adb93e19d8d2a42cc279907b385aa73a7b9c77b66828dbfb001009edc16a604abb2087e99  redis.confd"

main/redis/CVE-2015-8080.patch

+From 8bb9cb38befd8c1131576b9fdbea605a7a094245 Mon Sep 17 00:00:00 2001
+From: Sun He <sunheehnus@gmail.com>
+Date: Sun, 13 Dec 2015 13:47:22 +0800
+Subject: [PATCH] lua_struct.c/getnum: throw error if overflow happen
+
+Fix issue #2855
+---
+ deps/lua/src/lua_struct.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/deps/lua/src/lua_struct.c b/deps/lua/src/lua_struct.c
+index ec78bcb..a602bb4 100644
+--- a/deps/lua/src/lua_struct.c
++++ b/deps/lua/src/lua_struct.c
+@@ -89,12 +89,14 @@ typedef struct Header {
+ } Header;
+ 
+ 
+-static int getnum (const char **fmt, int df) {
++static int getnum (lua_State *L, const char **fmt, int df) {
+   if (!isdigit(**fmt))  /* no number? */
+     return df;  /* return default value */
+   else {
+     int a = 0;
+     do {
++      if (a > (INT_MAX / 10) || a * 10 > (INT_MAX - (**fmt - '0')))
++        luaL_error(L, "integral size overflow");
+       a = a*10 + *((*fmt)++) - '0';
+     } while (isdigit(**fmt));
+     return a;
+@@ -115,9 +117,9 @@ static size_t optsize (lua_State *L, char opt, const char **fmt) {
+     case 'f':  return sizeof(float);
+     case 'd':  return sizeof(double);
+     case 'x': return 1;
+-    case 'c': return getnum(fmt, 1);
++    case 'c': return getnum(L, fmt, 1);
+     case 'i': case 'I': {
+-      int sz = getnum(fmt, sizeof(int));
++      int sz = getnum(L, fmt, sizeof(int));
+       if (sz > MAXINTSIZE)
+         luaL_error(L, "integral size %d is larger than limit of %d",
+                        sz, MAXINTSIZE);
+@@ -150,7 +152,7 @@ static void controloptions (lua_State *L, int opt, const char **fmt,
+     case '>': h->endian = BIG; return;
+     case '<': h->endian = LITTLE; return;
+     case '!': {
+-      int a = getnum(fmt, MAXALIGN);
++      int a = getnum(L, fmt, MAXALIGN);
+       if (!isp2(a))
+         luaL_error(L, "alignment %d is not a power of 2", a);
+       h->align = a;