From 19bcd717853d813bd07c36b100f059b97d73ea1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Feb 2025 18:03:12 +0100 Subject: [PATCH 01/27] Drop call to %sysusers_create_compat After https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers, rpm will handle account creation automatically. --- valkey.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/valkey.spec b/valkey.spec index c860eb2..9ab5592 100644 --- a/valkey.spec +++ b/valkey.spec @@ -9,7 +9,7 @@ Name: valkey Version: 8.0.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -283,8 +283,6 @@ taskset -c 1 ./runtest --clients 50 --skiptest "Active defrag - AOF loading" #./runtest-sentinel %endif -%pre -%sysusers_create_compat %{S:4} %post @@ -399,6 +397,9 @@ fi %changelog +* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 8.0.2-3 +- Drop call to %sysusers_create_compat + * Sun Jan 19 2025 Fedora Release Engineering - 8.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From ab458d3b8fc68fb0009f505cf1c7ba894b545276 Mon Sep 17 00:00:00 2001 From: Nathan Scott Date: Tue, 1 Apr 2025 15:39:54 +1100 Subject: [PATCH 02/27] Add tmpfiles.d entries for valkey directories below /var valkey-server currently fails to start within ImageMode RHEL projects - and presumably other rpm-ostree based systems - due to a more relaxed treatment of /var persistence. These issues are addressed through the addition of a systemd tmpfiles.d configuration, which this commit adds. https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html for details of the file format used here. --- valkey.spec | 5 +++++ valkey.tmpfiles | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 valkey.tmpfiles diff --git a/valkey.spec b/valkey.spec index 9ab5592..00d1e79 100644 --- a/valkey.spec +++ b/valkey.spec @@ -23,6 +23,7 @@ Source1: %{name}.logrotate Source2: %{name}-sentinel.service Source3: %{name}.service Source4: %{name}.sysusers +Source5: %{name}.tmpfiles Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh Source50: https://github.com/valkey-io/%{name}-doc/archive/%{version}/%{name}-doc-%{version}.tar.gz @@ -235,6 +236,9 @@ rm -rf %{buildroot}%{_datadir}/%{name} # System user install -p -D -m 0644 %{S:4} %{buildroot}%{_sysusersdir}/%{name}.conf +# Install tmpfiles.d file +install -p -D -m 0644 %{S:5} %{buildroot}%{_tmpfilesdir}/%{name}.conf + # Filesystem. install -d %{buildroot}%{_sharedstatedir}/%{name} install -d %{buildroot}%{_localstatedir}/log/%{name} @@ -365,6 +369,7 @@ fi %{_unitdir}/%{name}-sentinel.service %dir %attr(0755, valkey, valkey) %ghost %{_localstatedir}/run/%{name} %{_sysusersdir}/%{name}.conf +%{_tmpfilesdir}/%{name}.conf %if %{with docs} %{_mandir}/man1/%{name}*.gz %{_mandir}/man5/%{name}.conf.5.gz diff --git a/valkey.tmpfiles b/valkey.tmpfiles new file mode 100644 index 0000000..2383ddb --- /dev/null +++ b/valkey.tmpfiles @@ -0,0 +1,3 @@ +D /run/valkey 0755 valkey valkey - +d /var/lib/valkey 0750 valkey valkey - +d /var/log/valkey 0750 valkey valkey - From 6ae587f09935843e4ada0eeb3f86d38171253192 Mon Sep 17 00:00:00 2001 From: Nathan Scott Date: Fri, 4 Apr 2025 11:15:40 +1100 Subject: [PATCH 03/27] Migrate redis and sentinel .log files also --- migrate_redis_to_valkey.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/migrate_redis_to_valkey.sh b/migrate_redis_to_valkey.sh index 64f8c0f..3934956 100644 --- a/migrate_redis_to_valkey.sh +++ b/migrate_redis_to_valkey.sh @@ -4,12 +4,14 @@ if [ -f /etc/redis/redis.conf ]; then mv /etc/redis/redis.conf /etc/redis/redis.conf.rpmsave chown valkey:root /etc/valkey/valkey.conf sed -i 's|^dir\s.*|dir /var/lib/valkey|g' /etc/valkey/valkey.conf + sed -i 's|logfile /var/log/redis/redis.log|logfile /var/log/valkey/valkey.log|' /etc/valkey/valkey.conf echo "/etc/redis/redis.conf has been copied to /etc/valkey/valkey.conf. Manual review of valkey.conf is strongly suggested especially if you had modified redis.conf." fi if [ -f /etc/redis/sentinel.conf ]; then cp /etc/redis/sentinel.conf /etc/valkey/sentinel.conf mv /etc/redis/sentinel.conf /etc/redis/sentinel.conf.rpmsave chown valkey:root /etc/valkey/sentinel.conf + sed -i 's|logfile /var/log/redis/sentinel.log|logfile /var/log/valkey/sentinel.log|' /etc/valkey/sentinel.conf echo "/etc/redis/sentinel.conf has been copied to /etc/valkey/sentinel.conf. Manual review of sentinel.conf is strongly suggested especially if you had modified sentinel.conf." fi if [ -d /var/lib/redis ]; then @@ -20,7 +22,3 @@ if [ -d /var/lib/redis ]; then chown -R valkey. /var/lib/valkey echo "On-disk redis dumps moved from /var/lib/redis/ to /var/lib/valkey" fi - -# TODO -# 1. expand logic to read current redis conf for the dir setting. same for sentinel conf. if not stock /var/lib/redis, don't do the mv. redis and sentinel may be using two different paths. - From 0aa899dcd04a3af7b4e6a3a1265898d8a420b39c Mon Sep 17 00:00:00 2001 From: Nathan Scott Date: Fri, 4 Apr 2025 11:19:25 +1100 Subject: [PATCH 04/27] Rebase to 8.1.0 --- .gitignore | 2 ++ sources | 4 ++-- valkey.spec | 9 +++++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 21c040e..dbc0dbd 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ /valkey-doc-8.0.1.tar.gz /valkey-8.0.2.tar.gz /valkey-doc-8.0.2.tar.gz +/valkey-8.1.0.tar.gz +/valkey-doc-8.1.0.tar.gz diff --git a/sources b/sources index 052bf71..3fbf431 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.0.2.tar.gz) = 432e9b869234b784edcf644b1062bbc0ff1eb79e49c6fb7e66d5db9ddf0e089dfdccf5e5d5201119976699d4dab1b5ddb865767a8087551e9c8f2eff5d157df9 -SHA512 (valkey-doc-8.0.2.tar.gz) = 205eefb7aea66bc7750307b0c9c72c59cc472c12d3f593d4dfcfcc0d68446593c30f84ef697323bccdf5be4518058d13027d414deeebe2330603b22c9c83eb50 +SHA512 (valkey-8.1.0.tar.gz) = 54559ad697992611245aa92e33f976a609c44d7e3f97f4773a09a53cb55226367ac5a47a68c49f1d824b0327850f66ce3ff32e5fe42321c896ed3e33c5bcfe70 +SHA512 (valkey-doc-8.1.0.tar.gz) = 4d378f9495ff10479ad058e826b8916eb925bef59bb8b15dfb348d828daf064aa7b0c92625623bf79da07d31c9562821093981e2b611222d2625e2af4a374c48 diff --git a/valkey.spec b/valkey.spec index 00d1e79..3da03b7 100644 --- a/valkey.spec +++ b/valkey.spec @@ -8,8 +8,8 @@ %bcond_with tests Name: valkey -Version: 8.0.2 -Release: 3%{?dist} +Version: 8.1.0 +Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -402,6 +402,11 @@ fi %changelog +* Fri Apr 04 2025 Nathan Scott - 8.1.0-1 +- include tmpfiles.d configuration file +- redis.log transition rhbz#2316030 +- update to 8.1.0 rhbz#22356280 + * Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 8.0.2-3 - Drop call to %sysusers_create_compat From 571272adcefa8140bb492917af61d34fa4aecfbe Mon Sep 17 00:00:00 2001 From: Nathan Scott Date: Fri, 4 Apr 2025 12:09:37 +1100 Subject: [PATCH 05/27] Patch in a workaround for building on s390x and ppc64le Reported upstream https://github.com/valkey-io/valkey/issues/1916 --- used_memory_thread_type.patch | 16 ++++++++++++++++ valkey.spec | 3 +++ 2 files changed, 19 insertions(+) create mode 100644 used_memory_thread_type.patch diff --git a/used_memory_thread_type.patch b/used_memory_thread_type.patch new file mode 100644 index 0000000..29d1365 --- /dev/null +++ b/used_memory_thread_type.patch @@ -0,0 +1,16 @@ +diff -Naurp valkey-8.1.0.orig/src/zmalloc.c valkey-8.1.0/src/zmalloc.c +--- valkey-8.1.0.orig/src/zmalloc.c 2025-04-01 01:56:45.000000000 +1100 ++++ valkey-8.1.0/src/zmalloc.c 2025-04-04 11:39:32.762881364 +1100 +@@ -101,10 +101,11 @@ static thread_local int thread_index = - + #if defined(__i386__) || defined(__x86_64__) || defined(__amd64__) || defined(__POWERPC__) || defined(__arm__) || \ + defined(__arm64__) + static __attribute__((aligned(CACHE_LINE_SIZE))) size_t used_memory_thread_padded[MAX_THREADS_NUM + PADDING_ELEMENT_NUM]; ++static size_t *used_memory_thread = &used_memory_thread_padded[PADDING_ELEMENT_NUM]; + #else + static __attribute__((aligned(CACHE_LINE_SIZE))) _Atomic size_t used_memory_thread_padded[MAX_THREADS_NUM + PADDING_ELEMENT_NUM]; ++static _Atomic size_t *used_memory_thread = &used_memory_thread_padded[PADDING_ELEMENT_NUM]; + #endif +-static size_t *used_memory_thread = &used_memory_thread_padded[PADDING_ELEMENT_NUM]; + static atomic_int total_active_threads = 0; + /* This is a simple protection. It's used only if some modules create a lot of threads. */ + static atomic_size_t used_memory_for_additional_threads = 0; diff --git a/valkey.spec b/valkey.spec index 3da03b7..f195deb 100644 --- a/valkey.spec +++ b/valkey.spec @@ -28,6 +28,8 @@ Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh Source50: https://github.com/valkey-io/%{name}-doc/archive/%{version}/%{name}-doc-%{version}.tar.gz +Patch0: used_memory_thread_type.patch + BuildRequires: make BuildRequires: gcc %if %{with tests} @@ -156,6 +158,7 @@ Provides: redis-doc = %{version}-%{release} %prep # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 +%autopatch -p1 mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc From 766dfe113d18a2dfdbeadcba433cee46bc4fc97b Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 24 Apr 2025 09:52:21 +0200 Subject: [PATCH 06/27] v8.1.1 --- .gitignore | 1 + sources | 2 +- used_memory_thread_type.patch | 16 ---------------- valkey.spec | 16 +++++++++------- 4 files changed, 11 insertions(+), 24 deletions(-) delete mode 100644 used_memory_thread_type.patch diff --git a/.gitignore b/.gitignore index dbc0dbd..77f0970 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /valkey-doc-8.0.2.tar.gz /valkey-8.1.0.tar.gz /valkey-doc-8.1.0.tar.gz +/valkey-8.1.1.tar.gz diff --git a/sources b/sources index 3fbf431..77b9efd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.1.0.tar.gz) = 54559ad697992611245aa92e33f976a609c44d7e3f97f4773a09a53cb55226367ac5a47a68c49f1d824b0327850f66ce3ff32e5fe42321c896ed3e33c5bcfe70 +SHA512 (valkey-8.1.1.tar.gz) = 1f84b24839856c8d6cdbe1bca5f571fc41cda2b08f495ee80e9a0a03a8ba737f0effeedcb0508195f8d30570443cbccd3c0cf8f4d93980e57f9f8ac656379327 SHA512 (valkey-doc-8.1.0.tar.gz) = 4d378f9495ff10479ad058e826b8916eb925bef59bb8b15dfb348d828daf064aa7b0c92625623bf79da07d31c9562821093981e2b611222d2625e2af4a374c48 diff --git a/used_memory_thread_type.patch b/used_memory_thread_type.patch deleted file mode 100644 index 29d1365..0000000 --- a/used_memory_thread_type.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -Naurp valkey-8.1.0.orig/src/zmalloc.c valkey-8.1.0/src/zmalloc.c ---- valkey-8.1.0.orig/src/zmalloc.c 2025-04-01 01:56:45.000000000 +1100 -+++ valkey-8.1.0/src/zmalloc.c 2025-04-04 11:39:32.762881364 +1100 -@@ -101,10 +101,11 @@ static thread_local int thread_index = - - #if defined(__i386__) || defined(__x86_64__) || defined(__amd64__) || defined(__POWERPC__) || defined(__arm__) || \ - defined(__arm64__) - static __attribute__((aligned(CACHE_LINE_SIZE))) size_t used_memory_thread_padded[MAX_THREADS_NUM + PADDING_ELEMENT_NUM]; -+static size_t *used_memory_thread = &used_memory_thread_padded[PADDING_ELEMENT_NUM]; - #else - static __attribute__((aligned(CACHE_LINE_SIZE))) _Atomic size_t used_memory_thread_padded[MAX_THREADS_NUM + PADDING_ELEMENT_NUM]; -+static _Atomic size_t *used_memory_thread = &used_memory_thread_padded[PADDING_ELEMENT_NUM]; - #endif --static size_t *used_memory_thread = &used_memory_thread_padded[PADDING_ELEMENT_NUM]; - static atomic_int total_active_threads = 0; - /* This is a simple protection. It's used only if some modules create a lot of threads. */ - static atomic_size_t used_memory_for_additional_threads = 0; diff --git a/valkey.spec b/valkey.spec index f195deb..9222962 100644 --- a/valkey.spec +++ b/valkey.spec @@ -4,11 +4,12 @@ %else %bcond_with docs %endif +%global doc_version 8.1.0 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 8.1.0 +Version: 8.1.1 Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause @@ -26,9 +27,7 @@ Source4: %{name}.sysusers Source5: %{name}.tmpfiles Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh -Source50: https://github.com/valkey-io/%{name}-doc/archive/%{version}/%{name}-doc-%{version}.tar.gz - -Patch0: used_memory_thread_type.patch +Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz BuildRequires: make BuildRequires: gcc @@ -158,7 +157,6 @@ Provides: redis-doc = %{version}-%{release} %prep # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 -%autopatch -p1 mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc @@ -208,7 +206,7 @@ echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %if %{with docs} # docs -pushd %{name}-doc-%{version} +pushd %{name}-doc-%{doc_version} # build man pages %make_build VALKEY_ROOT=../ # build html docs @@ -221,7 +219,7 @@ popd %make_install %{make_flags} %if %{with docs} # install docs -pushd %{name}-doc-%{version} +pushd %{name}-doc-%{doc_version} # man pages %make_install INSTALL_MAN_DIR=%{buildroot}%{_mandir} VALKEY_ROOT=../ # install html docs @@ -405,6 +403,10 @@ fi %changelog +* Thu Apr 24 2025 Remi Collet - 8.1.1-1 +- update to 8.1.1 + fixes CVE-2025-21605 + * Fri Apr 04 2025 Nathan Scott - 8.1.0-1 - include tmpfiles.d configuration file - redis.log transition rhbz#2316030 From 3b6f43e0a51859940169a3441deec8d570e321ff Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 24 Apr 2025 09:57:51 +0200 Subject: [PATCH 07/27] v8.0.3 --- .gitignore | 1 + sources | 2 +- valkey.spec | 15 ++++++++++----- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 21c040e..6e77b87 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /valkey-doc-8.0.1.tar.gz /valkey-8.0.2.tar.gz /valkey-doc-8.0.2.tar.gz +/valkey-8.0.3.tar.gz diff --git a/sources b/sources index 052bf71..47d3d7e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.0.2.tar.gz) = 432e9b869234b784edcf644b1062bbc0ff1eb79e49c6fb7e66d5db9ddf0e089dfdccf5e5d5201119976699d4dab1b5ddb865767a8087551e9c8f2eff5d157df9 +SHA512 (valkey-8.0.3.tar.gz) = 3639855d2eced9dd1b38e95e46c515441c850b4fb087c45b2c81a15c5e864555281715fa90b47dc60260485c9469f523f1fac716b3e2114cf7e05c39833e6c96 SHA512 (valkey-doc-8.0.2.tar.gz) = 205eefb7aea66bc7750307b0c9c72c59cc472c12d3f593d4dfcfcc0d68446593c30f84ef697323bccdf5be4518058d13027d414deeebe2330603b22c9c83eb50 diff --git a/valkey.spec b/valkey.spec index c860eb2..06b7f79 100644 --- a/valkey.spec +++ b/valkey.spec @@ -4,12 +4,13 @@ %else %bcond_with docs %endif +%global doc_version 8.0.2 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 8.0.2 -Release: 2%{?dist} +Version: 8.0.3 +Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -25,7 +26,7 @@ Source3: %{name}.service Source4: %{name}.sysusers Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh -Source50: https://github.com/valkey-io/%{name}-doc/archive/%{version}/%{name}-doc-%{version}.tar.gz +Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz BuildRequires: make BuildRequires: gcc @@ -204,7 +205,7 @@ echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %if %{with docs} # docs -pushd %{name}-doc-%{version} +pushd %{name}-doc-%{doc_version} # build man pages %make_build VALKEY_ROOT=../ # build html docs @@ -217,7 +218,7 @@ popd %make_install %{make_flags} %if %{with docs} # install docs -pushd %{name}-doc-%{version} +pushd %{name}-doc-%{doc_version} # man pages %make_install INSTALL_MAN_DIR=%{buildroot}%{_mandir} VALKEY_ROOT=../ # install html docs @@ -399,6 +400,10 @@ fi %changelog +* Thu Apr 24 2025 Remi Collet - 8.0.3-1 +- update to 8.0.3 + fixes CVE-2025-21605 + * Sun Jan 19 2025 Fedora Release Engineering - 8.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 372fde33093cad536b4b42841d98147fdaf5c85b Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 24 Apr 2025 09:57:51 +0200 Subject: [PATCH 08/27] v8.0.3 (cherry picked from commit 3b6f43e0a51859940169a3441deec8d570e321ff) --- .gitignore | 1 + sources | 2 +- valkey.spec | 13 +++++++++---- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 21c040e..6e77b87 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /valkey-doc-8.0.1.tar.gz /valkey-8.0.2.tar.gz /valkey-doc-8.0.2.tar.gz +/valkey-8.0.3.tar.gz diff --git a/sources b/sources index 052bf71..47d3d7e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.0.2.tar.gz) = 432e9b869234b784edcf644b1062bbc0ff1eb79e49c6fb7e66d5db9ddf0e089dfdccf5e5d5201119976699d4dab1b5ddb865767a8087551e9c8f2eff5d157df9 +SHA512 (valkey-8.0.3.tar.gz) = 3639855d2eced9dd1b38e95e46c515441c850b4fb087c45b2c81a15c5e864555281715fa90b47dc60260485c9469f523f1fac716b3e2114cf7e05c39833e6c96 SHA512 (valkey-doc-8.0.2.tar.gz) = 205eefb7aea66bc7750307b0c9c72c59cc472c12d3f593d4dfcfcc0d68446593c30f84ef697323bccdf5be4518058d13027d414deeebe2330603b22c9c83eb50 diff --git a/valkey.spec b/valkey.spec index da238d1..f547f66 100644 --- a/valkey.spec +++ b/valkey.spec @@ -4,11 +4,12 @@ %else %bcond_with docs %endif +%global doc_version 8.0.2 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 8.0.2 +Version: 8.0.3 Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause @@ -25,7 +26,7 @@ Source3: %{name}.service Source4: %{name}.sysusers Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh -Source50: https://github.com/valkey-io/%{name}-doc/archive/%{version}/%{name}-doc-%{version}.tar.gz +Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz BuildRequires: make BuildRequires: gcc @@ -204,7 +205,7 @@ echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %if %{with docs} # docs -pushd %{name}-doc-%{version} +pushd %{name}-doc-%{doc_version} # build man pages %make_build VALKEY_ROOT=../ # build html docs @@ -217,7 +218,7 @@ popd %make_install %{make_flags} %if %{with docs} # install docs -pushd %{name}-doc-%{version} +pushd %{name}-doc-%{doc_version} # man pages %make_install INSTALL_MAN_DIR=%{buildroot}%{_mandir} VALKEY_ROOT=../ # install html docs @@ -399,6 +400,10 @@ fi %changelog +* Thu Apr 24 2025 Remi Collet - 8.0.3-1 +- update to 8.0.3 + fixes CVE-2025-21605 + * Wed Jan 08 2025 Jonathan Wright - 8.0.2-1 - update to 8.0.2 rhbz#2336259 fixes CVE-2024-46981 From 77ac0bbb2c6339c27a18582accb442239bd88f73 Mon Sep 17 00:00:00 2001 From: Jonathan Wright Date: Fri, 6 Jun 2025 09:49:49 -0500 Subject: [PATCH 09/27] Fixes CVE-2025-49112 --- 0001-valkey-cve-2025-49112.patch | 23 +++++++++++++++++++++++ valkey.spec | 7 ++++++- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 0001-valkey-cve-2025-49112.patch diff --git a/0001-valkey-cve-2025-49112.patch b/0001-valkey-cve-2025-49112.patch new file mode 100644 index 0000000..fcb8b15 --- /dev/null +++ b/0001-valkey-cve-2025-49112.patch @@ -0,0 +1,23 @@ +From 0b8147ca27d2d06efadf37f0f064f19607e7e1f8 Mon Sep 17 00:00:00 2001 +From: Zeroday BYTE +Date: Tue, 20 May 2025 00:59:10 +0700 +Subject: [PATCH] Update networking.c + +Signed-off-by: Zeroday BYTE +--- + src/networking.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/networking.c b/src/networking.c +index 5f57050971..78b62d0c59 100644 +--- a/src/networking.c ++++ b/src/networking.c +@@ -883,7 +883,7 @@ void setDeferredReply(client *c, void *node, const char *s, size_t length) { + * - It has enough room already allocated + * - And not too large (avoid large memmove) + * - And the client is not in a pending I/O state */ +- if (ln->prev != NULL && (prev = listNodeValue(ln->prev)) && prev->size - prev->used > 0 && ++ if (ln->prev != NULL && (prev = listNodeValue(ln->prev)) && prev->used < prev->size && + c->io_write_state != CLIENT_PENDING_IO) { + size_t len_to_copy = prev->size - prev->used; + if (len_to_copy > length) len_to_copy = length; diff --git a/valkey.spec b/valkey.spec index 06b7f79..f0ac31d 100644 --- a/valkey.spec +++ b/valkey.spec @@ -10,7 +10,7 @@ Name: valkey Version: 8.0.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -28,6 +28,8 @@ Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz +Patch: 0001-valkey-cve-2025-49112.patch + BuildRequires: make BuildRequires: gcc %if %{with tests} @@ -400,6 +402,9 @@ fi %changelog +* Fri Jun 06 2025 Jonathan Wright - 8.0.3-2 +- Fixes CVE-2025-49112 + * Thu Apr 24 2025 Remi Collet - 8.0.3-1 - update to 8.0.3 fixes CVE-2025-21605 From 45bd783dc0ac8a8277d63e9704bc49cbfe3844cf Mon Sep 17 00:00:00 2001 From: Jonathan Wright Date: Fri, 6 Jun 2025 15:53:36 -0500 Subject: [PATCH 10/27] Apply patch for CVE-2025-49112 properly --- valkey.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/valkey.spec b/valkey.spec index f0ac31d..dee02b1 100644 --- a/valkey.spec +++ b/valkey.spec @@ -10,7 +10,7 @@ Name: valkey Version: 8.0.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -28,7 +28,7 @@ Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz -Patch: 0001-valkey-cve-2025-49112.patch +Patch0: 0001-valkey-cve-2025-49112.patch BuildRequires: make BuildRequires: gcc @@ -159,6 +159,8 @@ Provides: redis-doc = %{version}-%{release} # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 +%patch 0 -p1 + mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc mv deps/hiredis/COPYING COPYING-hiredis-BSD-3-Clause @@ -402,6 +404,9 @@ fi %changelog +* Fri Jun 06 2025 Jonathan Wright - 8.0.3-3 +- Apply patch for CVE-2025-49112 properly + * Fri Jun 06 2025 Jonathan Wright - 8.0.3-2 - Fixes CVE-2025-49112 From c22133a9b79a08b872d0bff8838f807c6f389c40 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 18 Jun 2025 14:29:30 +0200 Subject: [PATCH 11/27] v8.1.2 --- .gitignore | 2 ++ sources | 4 ++-- valkey.spec | 9 +++++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 77f0970..02507ac 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,5 @@ /valkey-8.1.0.tar.gz /valkey-doc-8.1.0.tar.gz /valkey-8.1.1.tar.gz +/valkey-8.1.2.tar.gz +/valkey-doc-8.1.1.tar.gz diff --git a/sources b/sources index 77b9efd..a998e5a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.1.1.tar.gz) = 1f84b24839856c8d6cdbe1bca5f571fc41cda2b08f495ee80e9a0a03a8ba737f0effeedcb0508195f8d30570443cbccd3c0cf8f4d93980e57f9f8ac656379327 -SHA512 (valkey-doc-8.1.0.tar.gz) = 4d378f9495ff10479ad058e826b8916eb925bef59bb8b15dfb348d828daf064aa7b0c92625623bf79da07d31c9562821093981e2b611222d2625e2af4a374c48 +SHA512 (valkey-8.1.2.tar.gz) = 04908cd4652a8ba11052fed7c67ae9b23fff91c090e32588a9a22bb921251931bf62860cde2814e9eb51f113a2f62eb7b14e1ad42e3e6de7a516bc3d57f26bda +SHA512 (valkey-doc-8.1.1.tar.gz) = 37b664a4f07c1821df1cd83df0559127588523feef54785400fae3c2a618c93d86e9ef8bc50cc046d0904a853ae52410aa82f79413e05298f42a829b3508d2f9 diff --git a/valkey.spec b/valkey.spec index 9222962..b55b164 100644 --- a/valkey.spec +++ b/valkey.spec @@ -4,12 +4,13 @@ %else %bcond_with docs %endif -%global doc_version 8.1.0 +# See https://github.com/valkey-io/valkey-doc/tags +%global doc_version 8.1.1 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 8.1.1 +Version: 8.1.2 Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause @@ -403,6 +404,10 @@ fi %changelog +* Wed Jun 18 2025 Remi Collet - 8.1.2-1 +- update to 8.1.2 + fixes CVE-2025-27151 + * Thu Apr 24 2025 Remi Collet - 8.1.1-1 - update to 8.1.1 fixes CVE-2025-21605 From b0a4d17aaf83e22f21b59197b0570e60f8f4a326 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 7 Jul 2025 10:21:17 +0200 Subject: [PATCH 12/27] v8.1.3 --- .gitignore | 1 + sources | 2 +- valkey.spec | 6 +++++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 02507ac..2922f66 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /valkey-8.1.1.tar.gz /valkey-8.1.2.tar.gz /valkey-doc-8.1.1.tar.gz +/valkey-8.1.3.tar.gz diff --git a/sources b/sources index a998e5a..ae11069 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.1.2.tar.gz) = 04908cd4652a8ba11052fed7c67ae9b23fff91c090e32588a9a22bb921251931bf62860cde2814e9eb51f113a2f62eb7b14e1ad42e3e6de7a516bc3d57f26bda +SHA512 (valkey-8.1.3.tar.gz) = 33b5fe5011aa0d26aa797276f1371d063bd8fef2adb1d405d6ae8c4718d3ed602cf8e4c3a8f423b90e798213ae28a939720d61806a3614477e576b2115973864 SHA512 (valkey-doc-8.1.1.tar.gz) = 37b664a4f07c1821df1cd83df0559127588523feef54785400fae3c2a618c93d86e9ef8bc50cc046d0904a853ae52410aa82f79413e05298f42a829b3508d2f9 diff --git a/valkey.spec b/valkey.spec index b55b164..707b443 100644 --- a/valkey.spec +++ b/valkey.spec @@ -10,7 +10,7 @@ %bcond_with tests Name: valkey -Version: 8.1.2 +Version: 8.1.3 Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause @@ -404,6 +404,10 @@ fi %changelog +* Mon Jul 7 2025 Remi Collet - 8.1.3-1 +- update to 8.1.3 + fixes CVE-2025-CVE-2025-32023 and CVE-2025-48367 + * Wed Jun 18 2025 Remi Collet - 8.1.2-1 - update to 8.1.2 fixes CVE-2025-27151 From d76c20a247be3e9fc69372536d1fe0434f9d0505 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 16 Jul 2025 08:15:07 +0200 Subject: [PATCH 13/27] update to 8.0.4 fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023 (cherry picked from commit 89cb4d72623d307c5b6b691e442c00f9530c4ba5) --- .gitignore | 10 ++++------ sources | 4 ++-- valkey-cve-2025-27151.patch | 34 ++++++++++++++++++++++++++++++++++ valkey.spec | 14 ++++++++++---- 4 files changed, 50 insertions(+), 12 deletions(-) create mode 100644 valkey-cve-2025-27151.patch diff --git a/.gitignore b/.gitignore index 6e77b87..c84f339 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,9 @@ -/valkey-7.2.4-rc1.tar.gz -/valkey-7.2.5-rc1.tar.gz -/valkey-7.2.5.tar.gz -/valkey-7.2.6.tar.gz -/valkey-8.0.0.tar.gz -/valkey-doc-8.0.0.tar.gz +/valkey-8.1.*.tar.gz +/valkey-doc-8.1.*.tar.gz /valkey-8.0.1.tar.gz /valkey-doc-8.0.1.tar.gz /valkey-8.0.2.tar.gz /valkey-doc-8.0.2.tar.gz /valkey-8.0.3.tar.gz +/valkey-8.0.4.tar.gz +/valkey-doc-8.0.3.tar.gz diff --git a/sources b/sources index 47d3d7e..470e536 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.0.3.tar.gz) = 3639855d2eced9dd1b38e95e46c515441c850b4fb087c45b2c81a15c5e864555281715fa90b47dc60260485c9469f523f1fac716b3e2114cf7e05c39833e6c96 -SHA512 (valkey-doc-8.0.2.tar.gz) = 205eefb7aea66bc7750307b0c9c72c59cc472c12d3f593d4dfcfcc0d68446593c30f84ef697323bccdf5be4518058d13027d414deeebe2330603b22c9c83eb50 +SHA512 (valkey-8.0.4.tar.gz) = 2e6969a2c791f39943fe31c9c6dc5432accc37212c586f891f997df6dc74c0329d9f7254c54842f8203c8427f903e016cd465747d221349396327649ffa340fb +SHA512 (valkey-doc-8.0.3.tar.gz) = 7a44a6abc353d2a3af814ad7d243a59e6543d3af66f4aba07085eedc86ec7ced19af74993752285c31c7238d54d36392603afcb987c6618ea55ec0ca08322b45 diff --git a/valkey-cve-2025-27151.patch b/valkey-cve-2025-27151.patch new file mode 100644 index 0000000..275db2e --- /dev/null +++ b/valkey-cve-2025-27151.patch @@ -0,0 +1,34 @@ +From 73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7 Mon Sep 17 00:00:00 2001 +From: Madelyn Olson +Date: Thu, 29 May 2025 00:06:23 +0100 +Subject: [PATCH] Incorporate Redis CVE for CVE-2025-27151 (#2146) + +Resolves https://github.com/valkey-io/valkey/issues/2145 + +Incorporate the CVE patch that was sent to us by Redis Ltd. + +--------- + +Signed-off-by: Madelyn Olson +Co-authored-by: Ping Xie +--- + src/valkey-check-aof.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/valkey-check-aof.c b/src/valkey-check-aof.c +index ed0eb2b49d..a6e4b97c6d 100644 +--- a/src/valkey-check-aof.c ++++ b/src/valkey-check-aof.c +@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) { + goto invalid_args; + } + ++ /* Check if filepath is longer than PATH_MAX */ ++ if (strnlen(filepath, PATH_MAX + 1) > PATH_MAX) { ++ printf("Error: filepath is too long (exceeds PATH_MAX)\n"); ++ goto invalid_args; ++ } ++ + /* In the glibc implementation dirname may modify their argument. */ + memcpy(temp_filepath, filepath, strlen(filepath) + 1); + dirpath = dirname(temp_filepath); diff --git a/valkey.spec b/valkey.spec index dee02b1..b540365 100644 --- a/valkey.spec +++ b/valkey.spec @@ -4,13 +4,13 @@ %else %bcond_with docs %endif -%global doc_version 8.0.2 +%global doc_version 8.0.3 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 8.0.3 -Release: 3%{?dist} +Version: 8.0.4 +Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -29,6 +29,7 @@ Source9: migrate_redis_to_valkey.sh Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz Patch0: 0001-valkey-cve-2025-49112.patch +Patch1: valkey-cve-2025-27151.patch BuildRequires: make BuildRequires: gcc @@ -159,7 +160,8 @@ Provides: redis-doc = %{version}-%{release} # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 -%patch 0 -p1 +%patch -P0 -p1 +%patch -P1 -p1 mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc @@ -404,6 +406,10 @@ fi %changelog +* Wed Jul 16 2025 Remi Collet - 8.0.4-1 +- update to 8.0.4 + fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023 + * Fri Jun 06 2025 Jonathan Wright - 8.0.3-3 - Apply patch for CVE-2025-49112 properly From 9eef320a122bf24f4023b678ea822bfd34e16bc0 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 19:57:37 +0000 Subject: [PATCH 14/27] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- valkey.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/valkey.spec b/valkey.spec index 707b443..05e6d52 100644 --- a/valkey.spec +++ b/valkey.spec @@ -11,7 +11,7 @@ Name: valkey Version: 8.1.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -404,6 +404,9 @@ fi %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 8.1.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Mon Jul 7 2025 Remi Collet - 8.1.3-1 - update to 8.1.3 fixes CVE-2025-CVE-2025-32023 and CVE-2025-48367 From c5ed702b27beed691bdb8a6b062c58bd5a85bdca Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 24 Jul 2025 10:29:21 +0200 Subject: [PATCH 15/27] use patch for configuration changes add /etc/valkey/modules drop-in directory for module configuration files add %valkey_modules_cfg macro --- .gitignore | 1 + macros.valkey | 2 -- valkey-conf.patch | 61 +++++++++++++++++++++++++++++++++++++++++++++++ valkey.spec | 35 +++++++++++++++++---------- 4 files changed, 84 insertions(+), 15 deletions(-) delete mode 100644 macros.valkey create mode 100644 valkey-conf.patch diff --git a/.gitignore b/.gitignore index 2922f66..a646f91 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +clog /valkey-7.2.4-rc1.tar.gz /valkey-7.2.5-rc1.tar.gz /valkey-7.2.5.tar.gz diff --git a/macros.valkey b/macros.valkey deleted file mode 100644 index f27c41d..0000000 --- a/macros.valkey +++ /dev/null @@ -1,2 +0,0 @@ -%valkey_modules_abi 1 -%valkey_modules_dir %{_libdir}/valkey/modules diff --git a/valkey-conf.patch b/valkey-conf.patch new file mode 100644 index 0000000..55badf7 --- /dev/null +++ b/valkey-conf.patch @@ -0,0 +1,61 @@ +diff -up ./sentinel.conf.rpm ./sentinel.conf +--- ./sentinel.conf.rpm 2025-07-24 10:05:46.477794769 +0200 ++++ ./sentinel.conf 2025-07-24 10:07:27.023483441 +0200 +@@ -17,7 +17,7 @@ daemonize no + # When running daemonized, Valkey Sentinel writes a pid file in + # /var/run/valkey-sentinel.pid by default. You can specify a custom pid file + # location here. +-pidfile /var/run/valkey-sentinel.pid ++pidfile /run/valkey/sentinel.pid + + # Specify the server verbosity level. + # This can be one of: +@@ -31,7 +31,7 @@ loglevel notice + # Specify the log file name. Also the empty string can be used to force + # Sentinel to log on the standard output. Note that if you use standard + # output for logging but daemonize, logs will be sent to /dev/null +-logfile "" ++logfile /var/log/valkey/sentinel.log + + # To enable logging to the system logger, just set 'syslog-enabled' to yes, + # and optionally update the other syslog parameters to suit your needs. +diff -up ./valkey.conf.rpm ./valkey.conf +--- ./valkey.conf.rpm 2025-07-24 10:05:46.475591081 +0200 ++++ ./valkey.conf 2025-07-24 10:07:23.219331838 +0200 +@@ -43,6 +43,9 @@ + # include /path/to/other.conf + # include /path/to/fragments/*.conf + # ++# Module configuration files ++include /etc/valkey/modules/*.conf ++ + + ################################## MODULES ##################################### + +@@ -153,7 +156,7 @@ tcp-backlog 511 + # incoming connections. There is no default, so the server will not listen + # on a unix socket when not specified. + # +-# unixsocket /run/valkey.sock ++unixsocket /run/valkey/valkey.sock + # unixsocketgroup wheel + # unixsocketperm 700 + +@@ -385,7 +388,7 @@ daemonize no + # + # Note that on modern Linux systems "/run/valkey.pid" is more conforming + # and should be used instead. +-pidfile /var/run/valkey_6379.pid ++pidfile /run/valkey/valkey.pid + + # Specify the server verbosity level. + # This can be one of: +@@ -416,7 +419,7 @@ loglevel notice + # Specify the log file name. Also the empty string can be used to force + # the server to log on the standard output. Note that if you use standard + # output for logging but daemonize, logs will be sent to /dev/null +-logfile "" ++logfile /var/log/valkey/valkey.log + + # To enable logging to the system logger, just set 'syslog-enabled' to yes, + # and optionally update the other syslog parameters to suit your needs. diff --git a/valkey.spec b/valkey.spec index 05e6d52..dc82286 100644 --- a/valkey.spec +++ b/valkey.spec @@ -11,7 +11,7 @@ Name: valkey Version: 8.1.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -26,10 +26,12 @@ Source2: %{name}-sentinel.service Source3: %{name}.service Source4: %{name}.sysusers Source5: %{name}.tmpfiles -Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz +# Fix default paths in configuration files for RPM layout +Patch0: %{name}-conf.patch + BuildRequires: make BuildRequires: gcc %if %{with tests} @@ -64,6 +66,7 @@ Provides: bundled(fpconv) %global valkey_modules_abi 1 %global valkey_modules_dir %{_libdir}/%{name}/modules +%global valkey_modules_cfg %{_sysconfdir}/%{name}/modules Provides: valkey(modules_abi)%{?_isa} = %{valkey_modules_abi} ExcludeArch: %{ix86} @@ -158,6 +161,7 @@ Provides: redis-doc = %{version}-%{release} %prep # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 +%patch -P0 -p1 -b.rpm mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc @@ -179,19 +183,17 @@ sed -e 's/--with-lg-quantum/--with-lg-page=16 --with-lg-quantum/' -i deps/Makefi api=`sed -n -e 's/#define VALKEYMODULE_APIVER_[0-9][0-9]* //p' src/valkeymodule.h` if test "$api" != "%{valkey_modules_abi}"; then : Error: Upstream API version is now ${api}, expecting %%{valkey_modules_abi}. - : Update the valkey_modules_abi macro, the rpmmacros file, and rebuild. + : Update the valkey_modules_abi macro, and rebuild. exit 1 fi - -sed -i -e 's|^logfile .*$|logfile /var/log/valkey/valkey.log|g' \ - -e 's|^# unixsocket .*$|unixsocket /run/valkey/valkey.sock|g' \ - -e 's|^pidfile .*$|pidfile /run/valkey/valkey.pid|g' \ - valkey.conf - -sed -i -e 's|^logfile .*$|logfile /var/log/valkey/sentinel.log|g' \ - -e 's|^pidfile .*$|pidfile /run/valkey/sentinel.pid|g' \ - sentinel.conf +# Generates macro file +cat << 'EOF' | tee macros.%{name} +%%valkey_version %version +%%valkey_modules_abi %valkey_modules_abi +%%valkey_modules_dir %valkey_modules_dir +%%valkey_modules_cfg %valkey_modules_cfg +EOF %if (%{defined fedora} && 0%{?fedora} < 42) || (%{defined rhel} && 0%{?rhel} < 10) # these lines are for conditionals around sysconfig to valkey.conf porting scriptlets to avoid re-runs @@ -253,6 +255,7 @@ install -pDm644 %{S:1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # Install configuration files. install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}/sentinel.conf +install -dm750 %{buildroot}%{valkey_modules_cfg} # Install systemd unit files. mkdir -p %{buildroot}%{_unitdir} @@ -267,7 +270,7 @@ install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h # Install rpm macros for valkey modules #mkdir -p %{buildroot}%{_rpmmacrodir} -install -pDm644 %{S:8} %{buildroot}%{_rpmmacrodir}/macros.%{name} +install -pDm644 macros.%{name} %{buildroot}%{_rpmmacrodir}/macros.%{name} # compat script install -Dpm 755 %{S:9} %{buildroot}%{_libexecdir}/migrate_redis_to_valkey.sh @@ -360,6 +363,7 @@ fi %license COPYING-hiredis-BSD-3-Clause %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %attr(0750, valkey, root) %dir %{_sysconfdir}/%{name} +%attr(0750, valkey, root) %dir %{valkey_modules_cfg} %attr(0640, valkey, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %attr(0640, valkey, root) %config(noreplace) %{_sysconfdir}/%{name}/sentinel.conf %dir %{_libdir}/%{name} @@ -404,6 +408,11 @@ fi %changelog +* Thu Jul 24 2025 Remi Collet - 8.1.3-3 +- use patch for configuration changes +- add /etc/valkey/modules drop-in directory for module configuration files +- add %%valkey_version and %%valkey_modules_cfg macros + * Fri Jul 25 2025 Fedora Release Engineering - 8.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From cd97a3f1a75ab268966fa2fff50f79a04b70a637 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 28 Aug 2025 11:07:39 +0200 Subject: [PATCH 16/27] fix date --- valkey.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/valkey.spec b/valkey.spec index dc82286..3f5355d 100644 --- a/valkey.spec +++ b/valkey.spec @@ -408,7 +408,7 @@ fi %changelog -* Thu Jul 24 2025 Remi Collet - 8.1.3-3 +* Thu Aug 28 2025 Remi Collet - 8.1.3-3 - use patch for configuration changes - add /etc/valkey/modules drop-in directory for module configuration files - add %%valkey_version and %%valkey_modules_cfg macros From 6d890386366c4b059ea7f0675fdbcc7d081efcc2 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 9 Sep 2025 11:24:43 +0200 Subject: [PATCH 17/27] fix for ImageMode: ensure ownership of /etc/valkey --- .gitignore | 16 ++-------------- valkey.spec | 5 ++++- valkey.tmpfiles | 7 ++++--- 3 files changed, 10 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index a646f91..18985d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,17 +1,5 @@ clog -/valkey-7.2.4-rc1.tar.gz -/valkey-7.2.5-rc1.tar.gz -/valkey-7.2.5.tar.gz -/valkey-7.2.6.tar.gz -/valkey-8.0.0.tar.gz -/valkey-doc-8.0.0.tar.gz -/valkey-8.0.1.tar.gz -/valkey-doc-8.0.1.tar.gz -/valkey-8.0.2.tar.gz -/valkey-doc-8.0.2.tar.gz -/valkey-8.1.0.tar.gz -/valkey-doc-8.1.0.tar.gz -/valkey-8.1.1.tar.gz -/valkey-8.1.2.tar.gz +valkey-8.0.*.tar.gz +valkey-doc-8.0.*.tar.gz /valkey-doc-8.1.1.tar.gz /valkey-8.1.3.tar.gz diff --git a/valkey.spec b/valkey.spec index 3f5355d..f2c9678 100644 --- a/valkey.spec +++ b/valkey.spec @@ -11,7 +11,7 @@ Name: valkey Version: 8.1.3 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -408,6 +408,9 @@ fi %changelog +* Tue Sep 9 2025 Remi Collet - 8.1.3-4 +- fix for ImageMode: ensure ownership of /etc/valkey + * Thu Aug 28 2025 Remi Collet - 8.1.3-3 - use patch for configuration changes - add /etc/valkey/modules drop-in directory for module configuration files diff --git a/valkey.tmpfiles b/valkey.tmpfiles index 2383ddb..2c99bad 100644 --- a/valkey.tmpfiles +++ b/valkey.tmpfiles @@ -1,3 +1,4 @@ -D /run/valkey 0755 valkey valkey - -d /var/lib/valkey 0750 valkey valkey - -d /var/log/valkey 0750 valkey valkey - +Z /etc/valkey ~0750 valkey root - +D /run/valkey 0755 valkey valkey - +d /var/lib/valkey 0750 valkey valkey - +d /var/log/valkey 0750 valkey valkey - From dca0ff1ce16e0e0a1a776ae93d87a4bf101c751e Mon Sep 17 00:00:00 2001 From: Nathan Scott Date: Fri, 26 Sep 2025 15:34:08 +1000 Subject: [PATCH 18/27] enable Remote Direct Memory Access (RDMA) capabilities --- valkey.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/valkey.spec b/valkey.spec index f2c9678..b15dd5b 100644 --- a/valkey.spec +++ b/valkey.spec @@ -11,7 +11,7 @@ Name: valkey Version: 8.1.3 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -41,6 +41,7 @@ BuildRequires: tcl BuildRequires: pkgconfig(libsystemd) BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros +BuildRequires: rdma-core-devel BuildRequires: openssl-devel %if %{with docs} # for docs/man pages @@ -201,7 +202,7 @@ echo '# valkey_rpm_conf' >> valkey.conf echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %endif -%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes +%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes BUILD_RDMA=yes %build @@ -408,6 +409,9 @@ fi %changelog +* Fri Sep 26 2025 Nathan Scott - 8.1.3-5 +- enable Remote Direct Memory Access (RDMA) capabilities + * Tue Sep 9 2025 Remi Collet - 8.1.3-4 - fix for ImageMode: ensure ownership of /etc/valkey From 3fc3880de4c245ba215e21dd103cedd8563c5151 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 30 Sep 2025 14:01:16 +0200 Subject: [PATCH 19/27] add sub-package for rdma module --- valkey.spec | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/valkey.spec b/valkey.spec index b15dd5b..1bfd19c 100644 --- a/valkey.spec +++ b/valkey.spec @@ -11,7 +11,7 @@ Name: valkey Version: 8.1.3 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -101,10 +101,18 @@ You can use Valkey from most programming languages also. Summary: Development header for Valkey module development # Header-Only Library (https://fedoraproject.org/wiki/Packaging:Guidelines) Provides: %{name}-static = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} %description devel Header file required for building loadable Valkey modules. +%package rdma +Summary: RDMA module for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Supplements: %{name} + +%description rdma +%summary. %package compat-redis Summary: Conversion script and compatibility symlinks for Redis @@ -202,7 +210,13 @@ echo '# valkey_rpm_conf' >> valkey.conf echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %endif -%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes BUILD_RDMA=yes +%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes BUILD_RDMA=module + +: RDMA configuration file +cat << EOF | tee rdma.conf +# RDMA module +loadmodule %{valkey_modules_dir}/rdma.so +EOF %build @@ -283,6 +297,10 @@ install -pDm644 src/redismodule.h %{buildroot}%{_includedir}/redismodule.h ln -sr %{buildroot}/usr/lib/systemd/system/valkey.service %{buildroot}/usr/lib/systemd/system/redis.service ln -sr %{buildroot}/usr/lib/systemd/system/valkey-sentinel.service %{buildroot}/usr/lib/systemd/system/redis-sentinel.service +# RDMA module +install -pm755 src/valkey-rdma.so %{buildroot}%{valkey_modules_dir}/rdma.so +install -pm640 rdma.conf %{buildroot}%{valkey_modules_cfg}/rdma.conf + %check %if %{with tests} @@ -391,6 +409,11 @@ fi %endif +%files rdma +%attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/rdma.conf +%{valkey_modules_dir}/rdma.so + + %files devel # main package is not required %license COPYING @@ -409,6 +432,9 @@ fi %changelog +* Tue Sep 30 2025 Remi Collet - 8.1.3-6 +- add sub-package for rdma module + * Fri Sep 26 2025 Nathan Scott - 8.1.3-5 - enable Remote Direct Memory Access (RDMA) capabilities From 6bb7032bb5344a745e08fa1e96407fcb86d16e87 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 1 Oct 2025 06:50:40 +0200 Subject: [PATCH 20/27] add sub-package for TLS module --- valkey.spec | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/valkey.spec b/valkey.spec index 1bfd19c..dcac124 100644 --- a/valkey.spec +++ b/valkey.spec @@ -97,6 +97,8 @@ a cache. You can use Valkey from most programming languages also. +See https://valkey.io/topics/ + %package devel Summary: Development header for Valkey module development # Header-Only Library (https://fedoraproject.org/wiki/Packaging:Guidelines) @@ -114,6 +116,18 @@ Supplements: %{name} %description rdma %summary. +See https://valkey.io/topics/RDMA/ + +%package tls +Summary: TLS module for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Supplements: %{name} + +%description tls +%summary. + +See https://valkey.io/topics/encryption/ + %package compat-redis Summary: Conversion script and compatibility symlinks for Redis Requires: valkey = %{version}-%{release} @@ -210,7 +224,7 @@ echo '# valkey_rpm_conf' >> valkey.conf echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %endif -%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes BUILD_RDMA=module +%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=module BUILD_RDMA=module : RDMA configuration file cat << EOF | tee rdma.conf @@ -218,6 +232,12 @@ cat << EOF | tee rdma.conf loadmodule %{valkey_modules_dir}/rdma.so EOF +: TLS configuration file +cat << EOF | tee tls.conf +# TLS module +loadmodule %{valkey_modules_dir}/tls.so +EOF + %build %make_build %{make_flags} @@ -301,6 +321,10 @@ ln -sr %{buildroot}/usr/lib/systemd/system/valkey-sentinel.service %{buildroot}/ install -pm755 src/valkey-rdma.so %{buildroot}%{valkey_modules_dir}/rdma.so install -pm640 rdma.conf %{buildroot}%{valkey_modules_cfg}/rdma.conf +# TLS module +install -pm755 src/valkey-tls.so %{buildroot}%{valkey_modules_dir}/tls.so +install -pm640 tls.conf %{buildroot}%{valkey_modules_cfg}/tls.conf + %check %if %{with tests} @@ -408,11 +432,13 @@ fi %{_mandir}/man{3,7}/*%{name}*.gz %endif - %files rdma %attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/rdma.conf %{valkey_modules_dir}/rdma.so +%files tls +%attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/tls.conf +%{valkey_modules_dir}/tls.so %files devel # main package is not required @@ -432,8 +458,9 @@ fi %changelog -* Tue Sep 30 2025 Remi Collet - 8.1.3-6 -- add sub-package for rdma module +* Wed Oct 1 2025 Remi Collet - 8.1.3-6 +- add sub-package for RDMA module +- add sub-package for TLS module * Fri Sep 26 2025 Nathan Scott - 8.1.3-5 - enable Remote Direct Memory Access (RDMA) capabilities From 17ff7b914d8017de60d2d88ce40eb689087987e9 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sat, 4 Oct 2025 07:52:38 +0200 Subject: [PATCH 21/27] Valkey 8.1.4 - Released Fri 09 October 2025 Upgrade urgency SECURITY: CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 fix CONFIG REWRITE breaks configuration reported as https://github.com/valkey-io/valkey/issues/2678 using patch from https://github.com/valkey-io/valkey/pull/2689 --- .gitignore | 1 + sources | 2 +- valkey-loadmod.patch | 112 +++++++++++++++++++++++++++++++++++++++++++ valkey.spec | 17 +++++-- 4 files changed, 128 insertions(+), 4 deletions(-) create mode 100644 valkey-loadmod.patch diff --git a/.gitignore b/.gitignore index 18985d0..6b099d4 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ valkey-8.0.*.tar.gz valkey-doc-8.0.*.tar.gz /valkey-doc-8.1.1.tar.gz /valkey-8.1.3.tar.gz +/valkey-8.1.4.tar.gz diff --git a/sources b/sources index ae11069..006c638 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.1.3.tar.gz) = 33b5fe5011aa0d26aa797276f1371d063bd8fef2adb1d405d6ae8c4718d3ed602cf8e4c3a8f423b90e798213ae28a939720d61806a3614477e576b2115973864 +SHA512 (valkey-8.1.4.tar.gz) = ee44a550a0868dd42ebe3b015bdc2940b00e2e2984b6870f287605399f52986ee87e957193097a07ab5da1a1194a2b7873ed1919a74c9212903f5748d722f5f0 SHA512 (valkey-doc-8.1.1.tar.gz) = 37b664a4f07c1821df1cd83df0559127588523feef54785400fae3c2a618c93d86e9ef8bc50cc046d0904a853ae52410aa82f79413e05298f42a829b3508d2f9 diff --git a/valkey-loadmod.patch b/valkey-loadmod.patch new file mode 100644 index 0000000..15e8489 --- /dev/null +++ b/valkey-loadmod.patch @@ -0,0 +1,112 @@ +From c48838c5086cd3eec40f227ab6fa3ab36450c6ed Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Sat, 4 Oct 2025 07:23:52 +0200 +Subject: [PATCH] Fix #2678 don't add loadmodule when from config + +--- + src/config.c | 2 +- + src/module.c | 15 +++++++++++---- + src/module.h | 2 +- + 3 files changed, 13 insertions(+), 6 deletions(-) + +diff --git a/src/config.c b/src/config.c +index d0158b2c4d..9d9ac2608a 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -1605,7 +1605,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) { + while ((de = dictNext(di)) != NULL) { + struct ValkeyModule *module = dictGetVal(de); + line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule"); +- rewriteConfigRewriteLine(state, "loadmodule", line, 1); ++ if (line) rewriteConfigRewriteLine(state, "loadmodule", line, 1); + } + dictReleaseIterator(di); + /* Mark "loadmodule" as processed in case modules is empty. */ +diff --git a/src/module.c b/src/module.c +index e5afa952fa..42f42ba80c 100644 +--- a/src/module.c ++++ b/src/module.c +@@ -84,6 +84,7 @@ + + struct moduleLoadQueueEntry { + sds path; ++ int conf; + int argc; + robj **argv; + }; +@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { + loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL; + loadmod->path = sdsnew(path); + loadmod->argc = argc; ++ loadmod->conf = 1; + for (i = 0; i < argc; i++) { + loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i])); + } +@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, + const char *config_option_str) { + sds line; + ++ if (module->loadmod->conf) { ++ /* no need to add as already from config */ ++ return NULL; ++ } + line = sdsnew(config_option_str); + line = sdscatlen(line, " ", 1); + line = sdscatsds(line, module->loadmod->path); +@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) { + listRewind(server.loadmodule_queue, &li); + while ((ln = listNext(&li))) { + struct moduleLoadQueueEntry *loadmod = ln->value; +- if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0) == C_ERR) { ++ if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, 1) == C_ERR) { + serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path); + exit(1); + } +@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) { + + /* Load a module and initialize it. On success C_OK is returned, otherwise + * C_ERR is returned. */ +-int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex) { ++int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int is_config) { + int (*onload)(void *, void **, int); + void *handle; + +@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa + ctx.module->loadmod->path = sdsnew(path); + ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL; + ctx.module->loadmod->argc = module_argc; ++ ctx.module->loadmod->conf = is_config; + for (int i = 0; i < module_argc; i++) { + ctx.module->loadmod->argv[i] = module_argv[i]; + incrRefCount(ctx.module->loadmod->argv[i]); +@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) { + argv = &c->argv[3]; + } + +- if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0) == C_OK) ++ if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0, 0) == C_OK) + addReply(c, shared.ok); + else + addReplyError(c, "Error loading the extension. Please check the server logs."); +@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) { + /* If this is a loadex command we want to populate server.module_configs_queue with + * sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */ + if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK && +- moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1) == C_OK) ++ moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1, 0) == C_OK) + addReply(c, shared.ok); + else { + dictEmpty(server.module_configs_queue, NULL); +diff --git a/src/module.h b/src/module.h +index f6c266b592..1a964c1af9 100644 +--- a/src/module.h ++++ b/src/module.h +@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx); + void moduleInitModulesSystem(void); + void moduleInitModulesSystemLast(void); + void modulesCron(void); +-int moduleLoad(const char *path, void **argv, int argc, int is_loadex); ++int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int is_config); + int moduleUnload(sds name, const char **errmsg); + void moduleLoadFromQueue(void); + int moduleGetCommandKeysViaAPI(struct serverCommand *cmd, robj **argv, int argc, getKeysResult *result); diff --git a/valkey.spec b/valkey.spec index dcac124..8a0447e 100644 --- a/valkey.spec +++ b/valkey.spec @@ -10,8 +10,8 @@ %bcond_with tests Name: valkey -Version: 8.1.3 -Release: 6%{?dist} +Version: 8.1.4 +Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -31,6 +31,8 @@ Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_versio # Fix default paths in configuration files for RPM layout Patch0: %{name}-conf.patch +# Workaround to https://github.com/valkey-io/valkey/issues/2678 +Patch1: %{name}-loadmod.patch BuildRequires: make BuildRequires: gcc @@ -184,7 +186,8 @@ Provides: redis-doc = %{version}-%{release} %prep # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 -%patch -P0 -p1 -b.rpm +%patch -P0 -p1 -b .rpm +%patch -P1 -p1 -b .loadmod mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc @@ -458,6 +461,14 @@ fi %changelog +* Sat Oct 4 2025 Remi Collet - 8.1.4-1 +- Valkey 8.1.4 - Released Fri 09 October 2025 +- Upgrade urgency SECURITY: + CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 +- fix CONFIG REWRITE breaks configuration + reported as https://github.com/valkey-io/valkey/issues/2678 + using patch from https://github.com/valkey-io/valkey/pull/2689 + * Wed Oct 1 2025 Remi Collet - 8.1.3-6 - add sub-package for RDMA module - add sub-package for TLS module From 4e9254d710ade92699bc2c7e624d99924fa608c8 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 6 Oct 2025 03:28:18 +0200 Subject: [PATCH 22/27] improve the patch for loadmodule directive --- valkey-loadmod.patch | 113 ++++++++++++++++++++++++++++--------------- valkey.spec | 5 +- 2 files changed, 78 insertions(+), 40 deletions(-) diff --git a/valkey-loadmod.patch b/valkey-loadmod.patch index 15e8489..3341863 100644 --- a/valkey-loadmod.patch +++ b/valkey-loadmod.patch @@ -1,19 +1,38 @@ -From c48838c5086cd3eec40f227ab6fa3ab36450c6ed Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Sat, 4 Oct 2025 07:23:52 +0200 -Subject: [PATCH] Fix #2678 don't add loadmodule when from config +Adapted for 8.1.4 from +https://github.com/valkey-io/valkey/pull/2689 ---- - src/config.c | 2 +- - src/module.c | 15 +++++++++++---- - src/module.h | 2 +- - 3 files changed, 13 insertions(+), 6 deletions(-) - -diff --git a/src/config.c b/src/config.c -index d0158b2c4d..9d9ac2608a 100644 ---- a/src/config.c -+++ b/src/config.c -@@ -1605,7 +1605,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) { +diff -up ./src/config.c.loadmod ./src/config.c +--- ./src/config.c.loadmod 2025-10-03 21:17:43.000000000 +0200 ++++ ./src/config.c 2025-10-06 03:06:41.774448336 +0200 +@@ -438,6 +438,8 @@ static int updateClientOutputBufferLimit + * within conf file parsing. This is only needed to support the deprecated + * abnormal aggregate `save T C` functionality. Remove in the future. */ + static int reading_config_file; ++/* support detecting include vs main config file */ ++static int reading_include_file = 0; + + void loadServerConfigFromString(char *config) { + deprecatedConfig deprecated_configs[] = { +@@ -529,7 +531,9 @@ void loadServerConfigFromString(char *co + + /* Execute config directives */ + if (!strcasecmp(argv[0], "include") && argc == 2) { ++ reading_include_file = 1; + loadServerConfig(argv[1], 0, NULL); ++ reading_include_file = 0; + } else if (!strcasecmp(argv[0], "rename-command") && argc == 3) { + struct serverCommand *cmd = lookupCommandBySds(argv[1]); + +@@ -562,7 +566,7 @@ void loadServerConfigFromString(char *co + goto loaderr; + } + } else if (!strcasecmp(argv[0], "loadmodule") && argc >= 2) { +- moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2); ++ moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2, reading_include_file); + } else if (strchr(argv[0], '.')) { + if (argc < 2) { + err = "Module config specified without value"; +@@ -1579,7 +1583,7 @@ void rewriteConfigLoadmoduleOption(struc while ((de = dictNext(di)) != NULL) { struct ValkeyModule *module = dictGetVal(de); line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule"); @@ -22,64 +41,72 @@ index d0158b2c4d..9d9ac2608a 100644 } dictReleaseIterator(di); /* Mark "loadmodule" as processed in case modules is empty. */ -diff --git a/src/module.c b/src/module.c -index e5afa952fa..42f42ba80c 100644 ---- a/src/module.c -+++ b/src/module.c -@@ -84,6 +84,7 @@ +diff -up ./src/module.c.loadmod ./src/module.c +--- ./src/module.c.loadmod 2025-10-03 21:17:43.000000000 +0200 ++++ ./src/module.c 2025-10-06 03:05:36.498290506 +0200 +@@ -83,6 +83,7 @@ struct moduleLoadQueueEntry { sds path; -+ int conf; ++ int from_include; int argc; robj **argv; }; -@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { +@@ -669,7 +670,7 @@ void freeClientModuleData(client *c) { + c->module_data = NULL; + } + +-void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { ++void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include) { + int i; + struct moduleLoadQueueEntry *loadmod; + +@@ -677,6 +678,7 @@ void moduleEnqueueLoadModule(sds path, s loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL; loadmod->path = sdsnew(path); loadmod->argc = argc; -+ loadmod->conf = 1; ++ loadmod->from_include = from_include; for (i = 0; i < argc; i++) { loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i])); } -@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, +@@ -687,6 +689,10 @@ sds moduleLoadQueueEntryToLoadmoduleOpti const char *config_option_str) { sds line; -+ if (module->loadmod->conf) { ++ if (module->loadmod->from_include) { + /* no need to add as already from config */ + return NULL; + } line = sdsnew(config_option_str); line = sdscatlen(line, " ", 1); line = sdscatsds(line, module->loadmod->path); -@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) { +@@ -12188,7 +12194,7 @@ void moduleLoadFromQueue(void) { listRewind(server.loadmodule_queue, &li); while ((ln = listNext(&li))) { struct moduleLoadQueueEntry *loadmod = ln->value; - if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0) == C_ERR) { -+ if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, 1) == C_ERR) { ++ if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, loadmod->from_include) == C_ERR) { serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path); exit(1); } -@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) { +@@ -12369,7 +12375,7 @@ void moduleUnregisterCleanup(ValkeyModul /* Load a module and initialize it. On success C_OK is returned, otherwise * C_ERR is returned. */ -int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex) { -+int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int is_config) { ++int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int from_include) { int (*onload)(void *, void **, int); void *handle; -@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa +@@ -12444,6 +12450,7 @@ int moduleLoad(const char *path, void ** ctx.module->loadmod->path = sdsnew(path); ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL; ctx.module->loadmod->argc = module_argc; -+ ctx.module->loadmod->conf = is_config; ++ ctx.module->loadmod->from_include = from_include; for (int i = 0; i < module_argc; i++) { ctx.module->loadmod->argv[i] = module_argv[i]; incrRefCount(ctx.module->loadmod->argv[i]); -@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) { +@@ -13361,7 +13368,7 @@ void moduleCommand(client *c) { argv = &c->argv[3]; } @@ -88,7 +115,7 @@ index e5afa952fa..42f42ba80c 100644 addReply(c, shared.ok); else addReplyError(c, "Error loading the extension. Please check the server logs."); -@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) { +@@ -13376,7 +13383,7 @@ void moduleCommand(client *c) { /* If this is a loadex command we want to populate server.module_configs_queue with * sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */ if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK && @@ -97,16 +124,24 @@ index e5afa952fa..42f42ba80c 100644 addReply(c, shared.ok); else { dictEmpty(server.module_configs_queue, NULL); -diff --git a/src/module.h b/src/module.h -index f6c266b592..1a964c1af9 100644 ---- a/src/module.h -+++ b/src/module.h -@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx); +diff -up ./src/module.h.loadmod ./src/module.h +--- ./src/module.h.loadmod 2025-10-03 21:17:43.000000000 +0200 ++++ ./src/module.h 2025-10-06 03:05:36.498698194 +0200 +@@ -169,7 +169,7 @@ static inline void moduleInitDigestConte + memset(mdvar->x, 0, sizeof(mdvar->x)); + } + +-void moduleEnqueueLoadModule(sds path, sds *argv, int argc); ++void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include); + sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, + const char *config_option_str); + ValkeyModuleCtx *moduleAllocateContext(void); +@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx * void moduleInitModulesSystem(void); void moduleInitModulesSystemLast(void); void modulesCron(void); -int moduleLoad(const char *path, void **argv, int argc, int is_loadex); -+int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int is_config); ++int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int from_include); int moduleUnload(sds name, const char **errmsg); void moduleLoadFromQueue(void); int moduleGetCommandKeysViaAPI(struct serverCommand *cmd, robj **argv, int argc, getKeysResult *result); diff --git a/valkey.spec b/valkey.spec index 8a0447e..028de35 100644 --- a/valkey.spec +++ b/valkey.spec @@ -11,7 +11,7 @@ Name: valkey Version: 8.1.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -461,6 +461,9 @@ fi %changelog +* Mon Oct 6 2025 Remi Collet - 8.1.4-2 +- improve the patch for loadmodule directive + * Sat Oct 4 2025 Remi Collet - 8.1.4-1 - Valkey 8.1.4 - Released Fri 09 October 2025 - Upgrade urgency SECURITY: From 241a98c5bdb77404992654bc17c11b3dee51b39f Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sat, 4 Oct 2025 08:12:41 +0200 Subject: [PATCH 23/27] update to 8.0.6 fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819 update documentation to 8.0.5 (cherry picked from commit 139a204bfb5e05bcec97f43cb7b50210dcc1c212) --- .gitignore | 2 ++ 0001-valkey-cve-2025-49112.patch | 23 ----------------------- sources | 4 ++-- valkey.spec | 11 +++++++---- 4 files changed, 11 insertions(+), 29 deletions(-) delete mode 100644 0001-valkey-cve-2025-49112.patch diff --git a/.gitignore b/.gitignore index c84f339..48de5de 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ /valkey-8.0.3.tar.gz /valkey-8.0.4.tar.gz /valkey-doc-8.0.3.tar.gz +/valkey-8.0.6.tar.gz +/valkey-doc-8.0.5.tar.gz diff --git a/0001-valkey-cve-2025-49112.patch b/0001-valkey-cve-2025-49112.patch deleted file mode 100644 index fcb8b15..0000000 --- a/0001-valkey-cve-2025-49112.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0b8147ca27d2d06efadf37f0f064f19607e7e1f8 Mon Sep 17 00:00:00 2001 -From: Zeroday BYTE -Date: Tue, 20 May 2025 00:59:10 +0700 -Subject: [PATCH] Update networking.c - -Signed-off-by: Zeroday BYTE ---- - src/networking.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/networking.c b/src/networking.c -index 5f57050971..78b62d0c59 100644 ---- a/src/networking.c -+++ b/src/networking.c -@@ -883,7 +883,7 @@ void setDeferredReply(client *c, void *node, const char *s, size_t length) { - * - It has enough room already allocated - * - And not too large (avoid large memmove) - * - And the client is not in a pending I/O state */ -- if (ln->prev != NULL && (prev = listNodeValue(ln->prev)) && prev->size - prev->used > 0 && -+ if (ln->prev != NULL && (prev = listNodeValue(ln->prev)) && prev->used < prev->size && - c->io_write_state != CLIENT_PENDING_IO) { - size_t len_to_copy = prev->size - prev->used; - if (len_to_copy > length) len_to_copy = length; diff --git a/sources b/sources index 470e536..a962adc 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.0.4.tar.gz) = 2e6969a2c791f39943fe31c9c6dc5432accc37212c586f891f997df6dc74c0329d9f7254c54842f8203c8427f903e016cd465747d221349396327649ffa340fb -SHA512 (valkey-doc-8.0.3.tar.gz) = 7a44a6abc353d2a3af814ad7d243a59e6543d3af66f4aba07085eedc86ec7ced19af74993752285c31c7238d54d36392603afcb987c6618ea55ec0ca08322b45 +SHA512 (valkey-8.0.6.tar.gz) = 0f704ad06abab2817657abe60be6fb7c45df91cdaaa53d921e26c6f4e91a3712152a31550b876d8deba3493a6ca4b87194efd3a86cacd53906f01e845e7cb137 +SHA512 (valkey-doc-8.0.5.tar.gz) = 9cb90db9fcbed42dcf07b45b5493d0b72779d504c4eb18d8ebe2dc13b46aa35aff5be46e02aec74574b101f8ac0aa532abf6be26acc0a0954e3015f950a21049 diff --git a/valkey.spec b/valkey.spec index b540365..407ab71 100644 --- a/valkey.spec +++ b/valkey.spec @@ -4,12 +4,12 @@ %else %bcond_with docs %endif -%global doc_version 8.0.3 +%global doc_version 8.0.5 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 8.0.4 +Version: 8.0.6 Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause @@ -28,7 +28,6 @@ Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz -Patch0: 0001-valkey-cve-2025-49112.patch Patch1: valkey-cve-2025-27151.patch BuildRequires: make @@ -160,7 +159,6 @@ Provides: redis-doc = %{version}-%{release} # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 -%patch -P0 -p1 %patch -P1 -p1 mv deps/lua/COPYRIGHT COPYRIGHT-lua @@ -406,6 +404,11 @@ fi %changelog +* Sat Oct 4 2025 Remi Collet - 8.0.6-1 +- update to 8.0.6 + fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819 +- update documentation to 8.0.5 + * Wed Jul 16 2025 Remi Collet - 8.0.4-1 - update to 8.0.4 fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023 From 4f495819b0774f2ed6b6a61b7dd972f51cf7b16a Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 22 Oct 2025 10:12:02 +0200 Subject: [PATCH 24/27] Valkey 9.0.0 GA - October 21, 2025 bundled hiredis replaced by libvalkey --- .gitignore | 9 +++--- sources | 4 +-- valkey-conf.patch | 14 ++++----- valkey-loadmod.patch | 68 ++++++++++++++++++++++++++------------------ valkey.spec | 23 +++++++++------ 5 files changed, 68 insertions(+), 50 deletions(-) diff --git a/.gitignore b/.gitignore index 6b099d4..52d5805 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ clog -valkey-8.0.*.tar.gz -valkey-doc-8.0.*.tar.gz -/valkey-doc-8.1.1.tar.gz -/valkey-8.1.3.tar.gz -/valkey-8.1.4.tar.gz +valkey-8.*.tar.gz +valkey-doc-8.*.tar.gz +/valkey-9.0.0.tar.gz +/valkey-doc-9.0.0.tar.gz diff --git a/sources b/sources index 006c638..f9f5cbf 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.1.4.tar.gz) = ee44a550a0868dd42ebe3b015bdc2940b00e2e2984b6870f287605399f52986ee87e957193097a07ab5da1a1194a2b7873ed1919a74c9212903f5748d722f5f0 -SHA512 (valkey-doc-8.1.1.tar.gz) = 37b664a4f07c1821df1cd83df0559127588523feef54785400fae3c2a618c93d86e9ef8bc50cc046d0904a853ae52410aa82f79413e05298f42a829b3508d2f9 +SHA512 (valkey-9.0.0.tar.gz) = 387e8ebf26a307940bf0f26eb4ba51f016445a618435f4c61ec4c8b8d4b7e2cbfc7a7e93b6c35b7c6832e3161981b4b2ce0d09bdc1799dbb5271052cf70654e4 +SHA512 (valkey-doc-9.0.0.tar.gz) = 931c85bc229a24de9b579353a365b1ab46123d190ba84359ec36d95153c1c6c42cdf1dbd2f08d24896e0bef9e71c3c95431fbd8af6fa0260a3e4b00ed6d17ebf diff --git a/valkey-conf.patch b/valkey-conf.patch index 55badf7..a079055 100644 --- a/valkey-conf.patch +++ b/valkey-conf.patch @@ -1,6 +1,6 @@ diff -up ./sentinel.conf.rpm ./sentinel.conf ---- ./sentinel.conf.rpm 2025-07-24 10:05:46.477794769 +0200 -+++ ./sentinel.conf 2025-07-24 10:07:27.023483441 +0200 +--- ./sentinel.conf.rpm 2025-07-07 09:18:20.000000000 +0200 ++++ ./sentinel.conf 2025-08-01 07:57:21.892278834 +0200 @@ -17,7 +17,7 @@ daemonize no # When running daemonized, Valkey Sentinel writes a pid file in # /var/run/valkey-sentinel.pid by default. You can specify a custom pid file @@ -20,8 +20,8 @@ diff -up ./sentinel.conf.rpm ./sentinel.conf # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. diff -up ./valkey.conf.rpm ./valkey.conf ---- ./valkey.conf.rpm 2025-07-24 10:05:46.475591081 +0200 -+++ ./valkey.conf 2025-07-24 10:07:23.219331838 +0200 +--- ./valkey.conf.rpm 2025-07-07 09:18:20.000000000 +0200 ++++ ./valkey.conf 2025-08-01 07:57:17.825116953 +0200 @@ -43,6 +43,9 @@ # include /path/to/other.conf # include /path/to/fragments/*.conf @@ -32,7 +32,7 @@ diff -up ./valkey.conf.rpm ./valkey.conf ################################## MODULES ##################################### -@@ -153,7 +156,7 @@ tcp-backlog 511 +@@ -163,7 +166,7 @@ tcp-backlog 511 # incoming connections. There is no default, so the server will not listen # on a unix socket when not specified. # @@ -41,7 +41,7 @@ diff -up ./valkey.conf.rpm ./valkey.conf # unixsocketgroup wheel # unixsocketperm 700 -@@ -385,7 +388,7 @@ daemonize no +@@ -409,7 +412,7 @@ daemonize no # # Note that on modern Linux systems "/run/valkey.pid" is more conforming # and should be used instead. @@ -50,7 +50,7 @@ diff -up ./valkey.conf.rpm ./valkey.conf # Specify the server verbosity level. # This can be one of: -@@ -416,7 +419,7 @@ loglevel notice +@@ -440,7 +443,7 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # the server to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null diff --git a/valkey-loadmod.patch b/valkey-loadmod.patch index 3341863..dad9cb9 100644 --- a/valkey-loadmod.patch +++ b/valkey-loadmod.patch @@ -1,19 +1,31 @@ -Adapted for 8.1.4 from -https://github.com/valkey-io/valkey/pull/2689 +From b40ab88996d0bbe9bdd366af9426f7400b21e19c Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Sat, 4 Oct 2025 07:23:52 +0200 +Subject: [PATCH] Fix #2678 don't add loadmodule when from config -diff -up ./src/config.c.loadmod ./src/config.c ---- ./src/config.c.loadmod 2025-10-03 21:17:43.000000000 +0200 -+++ ./src/config.c 2025-10-06 03:06:41.774448336 +0200 -@@ -438,6 +438,8 @@ static int updateClientOutputBufferLimit +only protect loadmodule from include files + +Signed-off-by: Remi Collet +--- + src/config.c | 8 ++++++-- + src/module.c | 17 ++++++++++++----- + src/module.h | 4 ++-- + 3 files changed, 20 insertions(+), 9 deletions(-) + +diff --git a/src/config.c b/src/config.c +index d0158b2c4d..ab453056df 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -448,6 +448,8 @@ static int updateClientOutputBufferLimit(sds *args, int arg_len, const char **er * within conf file parsing. This is only needed to support the deprecated * abnormal aggregate `save T C` functionality. Remove in the future. */ static int reading_config_file; +/* support detecting include vs main config file */ +static int reading_include_file = 0; - void loadServerConfigFromString(char *config) { + void loadServerConfigFromString(sds config) { deprecatedConfig deprecated_configs[] = { -@@ -529,7 +531,9 @@ void loadServerConfigFromString(char *co +@@ -539,7 +541,9 @@ void loadServerConfigFromString(sds config) { /* Execute config directives */ if (!strcasecmp(argv[0], "include") && argc == 2) { @@ -23,7 +35,7 @@ diff -up ./src/config.c.loadmod ./src/config.c } else if (!strcasecmp(argv[0], "rename-command") && argc == 3) { struct serverCommand *cmd = lookupCommandBySds(argv[1]); -@@ -562,7 +566,7 @@ void loadServerConfigFromString(char *co +@@ -572,7 +576,7 @@ void loadServerConfigFromString(sds config) { goto loaderr; } } else if (!strcasecmp(argv[0], "loadmodule") && argc >= 2) { @@ -32,7 +44,7 @@ diff -up ./src/config.c.loadmod ./src/config.c } else if (strchr(argv[0], '.')) { if (argc < 2) { err = "Module config specified without value"; -@@ -1579,7 +1583,7 @@ void rewriteConfigLoadmoduleOption(struc +@@ -1605,7 +1609,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) { while ((de = dictNext(di)) != NULL) { struct ValkeyModule *module = dictGetVal(de); line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule"); @@ -41,10 +53,11 @@ diff -up ./src/config.c.loadmod ./src/config.c } dictReleaseIterator(di); /* Mark "loadmodule" as processed in case modules is empty. */ -diff -up ./src/module.c.loadmod ./src/module.c ---- ./src/module.c.loadmod 2025-10-03 21:17:43.000000000 +0200 -+++ ./src/module.c 2025-10-06 03:05:36.498290506 +0200 -@@ -83,6 +83,7 @@ +diff --git a/src/module.c b/src/module.c +index e5afa952fa..f18bc3c6bf 100644 +--- a/src/module.c ++++ b/src/module.c +@@ -84,6 +84,7 @@ struct moduleLoadQueueEntry { sds path; @@ -52,7 +65,7 @@ diff -up ./src/module.c.loadmod ./src/module.c int argc; robj **argv; }; -@@ -669,7 +670,7 @@ void freeClientModuleData(client *c) { +@@ -670,7 +671,7 @@ void freeClientModuleData(client *c) { c->module_data = NULL; } @@ -61,7 +74,7 @@ diff -up ./src/module.c.loadmod ./src/module.c int i; struct moduleLoadQueueEntry *loadmod; -@@ -677,6 +678,7 @@ void moduleEnqueueLoadModule(sds path, s +@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL; loadmod->path = sdsnew(path); loadmod->argc = argc; @@ -69,7 +82,7 @@ diff -up ./src/module.c.loadmod ./src/module.c for (i = 0; i < argc; i++) { loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i])); } -@@ -687,6 +689,10 @@ sds moduleLoadQueueEntryToLoadmoduleOpti +@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, const char *config_option_str) { sds line; @@ -80,7 +93,7 @@ diff -up ./src/module.c.loadmod ./src/module.c line = sdsnew(config_option_str); line = sdscatlen(line, " ", 1); line = sdscatsds(line, module->loadmod->path); -@@ -12188,7 +12194,7 @@ void moduleLoadFromQueue(void) { +@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) { listRewind(server.loadmodule_queue, &li); while ((ln = listNext(&li))) { struct moduleLoadQueueEntry *loadmod = ln->value; @@ -89,7 +102,7 @@ diff -up ./src/module.c.loadmod ./src/module.c serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path); exit(1); } -@@ -12369,7 +12375,7 @@ void moduleUnregisterCleanup(ValkeyModul +@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) { /* Load a module and initialize it. On success C_OK is returned, otherwise * C_ERR is returned. */ @@ -98,7 +111,7 @@ diff -up ./src/module.c.loadmod ./src/module.c int (*onload)(void *, void **, int); void *handle; -@@ -12444,6 +12450,7 @@ int moduleLoad(const char *path, void ** +@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa ctx.module->loadmod->path = sdsnew(path); ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL; ctx.module->loadmod->argc = module_argc; @@ -106,7 +119,7 @@ diff -up ./src/module.c.loadmod ./src/module.c for (int i = 0; i < module_argc; i++) { ctx.module->loadmod->argv[i] = module_argv[i]; incrRefCount(ctx.module->loadmod->argv[i]); -@@ -13361,7 +13368,7 @@ void moduleCommand(client *c) { +@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) { argv = &c->argv[3]; } @@ -115,7 +128,7 @@ diff -up ./src/module.c.loadmod ./src/module.c addReply(c, shared.ok); else addReplyError(c, "Error loading the extension. Please check the server logs."); -@@ -13376,7 +13383,7 @@ void moduleCommand(client *c) { +@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) { /* If this is a loadex command we want to populate server.module_configs_queue with * sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */ if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK && @@ -124,10 +137,11 @@ diff -up ./src/module.c.loadmod ./src/module.c addReply(c, shared.ok); else { dictEmpty(server.module_configs_queue, NULL); -diff -up ./src/module.h.loadmod ./src/module.h ---- ./src/module.h.loadmod 2025-10-03 21:17:43.000000000 +0200 -+++ ./src/module.h 2025-10-06 03:05:36.498698194 +0200 -@@ -169,7 +169,7 @@ static inline void moduleInitDigestConte +diff --git a/src/module.h b/src/module.h +index f6c266b592..1f9e729e56 100644 +--- a/src/module.h ++++ b/src/module.h +@@ -169,7 +169,7 @@ static inline void moduleInitDigestContext(ValkeyModuleDigest *mdvar) { memset(mdvar->x, 0, sizeof(mdvar->x)); } @@ -136,7 +150,7 @@ diff -up ./src/module.h.loadmod ./src/module.h sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, const char *config_option_str); ValkeyModuleCtx *moduleAllocateContext(void); -@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx * +@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx); void moduleInitModulesSystem(void); void moduleInitModulesSystemLast(void); void modulesCron(void); diff --git a/valkey.spec b/valkey.spec index 028de35..6815c05 100644 --- a/valkey.spec +++ b/valkey.spec @@ -5,13 +5,13 @@ %bcond_with docs %endif # See https://github.com/valkey-io/valkey-doc/tags -%global doc_version 8.1.1 +%global doc_version 9.0.0 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 8.1.4 -Release: 2%{?dist} +Version: 9.0.0 +Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -53,8 +53,8 @@ BuildRequires: python3-pyyaml %endif Requires: logrotate -# from deps/hiredis/hiredis.h -Provides: bundled(hiredis) = 1.0.3 +# from deps/libvalkey/include/valkey/valkey.h +Provides: bundled(libvalkey) = 0.2.1 # from deps/jemalloc/VERSION Provides: bundled(jemalloc) = 5.3.0 # from deps/lua/src/lua.h @@ -62,8 +62,9 @@ Provides: bundled(lua-libs) = 5.1.5 # from deps/linenoise/linenoise.h Provides: bundled(linenoise) = 1.0 Provides: bundled(lzf) -# from deps/hdr_histogram/README.md -Provides: bundled(hdr_histogram) = 0.11.0 +# from deps/README.md +# e4448cf6d1cd08fff519812d3b1e58bd5a94ac42 +Provides: bundled(hdr_histogram) = 0.11.9 # no version Provides: bundled(fpconv) @@ -191,7 +192,7 @@ Provides: redis-doc = %{version}-%{release} mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc -mv deps/hiredis/COPYING COPYING-hiredis-BSD-3-Clause +mv deps/libvalkey/COPYING COPYING-libvalkey mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram mv deps/fpconv/LICENSE.txt LICENSE-fpconv @@ -406,7 +407,7 @@ fi %license LICENSE-hdrhistogram %license COPYING-hdrhistogram %license LICENSE-fpconv -%license COPYING-hiredis-BSD-3-Clause +%license COPYING-libvalkey %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %attr(0750, valkey, root) %dir %{_sysconfdir}/%{name} %attr(0750, valkey, root) %dir %{valkey_modules_cfg} @@ -461,6 +462,10 @@ fi %changelog +* Wed Oct 22 2025 Remi Collet - 9.0.0-1 +- Valkey 9.0.0 GA - October 21, 2025 +- bundled hiredis replaced by libvalkey + * Mon Oct 6 2025 Remi Collet - 8.1.4-2 - improve the patch for loadmodule directive From fd37db1832e4ec16f9f7c497d5723491a3d25e69 Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Thu, 20 Nov 2025 10:47:51 -0800 Subject: [PATCH 25/27] Added to RHEL 9.7 rhbz#2369374 --- .gitignore | 11 - README.md | 3 - dead.package | 1 + macros.valkey | 2 - migrate_redis_to_valkey.sh | 26 -- sources | 2 - valkey-cve-2025-27151.patch | 34 --- valkey-sentinel.service | 34 --- valkey.logrotate | 9 - valkey.service | 35 --- valkey.spec | 507 ------------------------------------ valkey.sysusers | 1 - 12 files changed, 1 insertion(+), 664 deletions(-) delete mode 100644 .gitignore delete mode 100644 README.md create mode 100644 dead.package delete mode 100644 macros.valkey delete mode 100644 migrate_redis_to_valkey.sh delete mode 100644 sources delete mode 100644 valkey-cve-2025-27151.patch delete mode 100644 valkey-sentinel.service delete mode 100644 valkey.logrotate delete mode 100644 valkey.service delete mode 100644 valkey.spec delete mode 100644 valkey.sysusers diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 48de5de..0000000 --- a/.gitignore +++ /dev/null @@ -1,11 +0,0 @@ -/valkey-8.1.*.tar.gz -/valkey-doc-8.1.*.tar.gz -/valkey-8.0.1.tar.gz -/valkey-doc-8.0.1.tar.gz -/valkey-8.0.2.tar.gz -/valkey-doc-8.0.2.tar.gz -/valkey-8.0.3.tar.gz -/valkey-8.0.4.tar.gz -/valkey-doc-8.0.3.tar.gz -/valkey-8.0.6.tar.gz -/valkey-doc-8.0.5.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 37b6c08..0000000 --- a/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# valkey - -The valkey package diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..5694108 --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +Added to RHEL 9.7 rhbz#2369374 diff --git a/macros.valkey b/macros.valkey deleted file mode 100644 index f27c41d..0000000 --- a/macros.valkey +++ /dev/null @@ -1,2 +0,0 @@ -%valkey_modules_abi 1 -%valkey_modules_dir %{_libdir}/valkey/modules diff --git a/migrate_redis_to_valkey.sh b/migrate_redis_to_valkey.sh deleted file mode 100644 index 64f8c0f..0000000 --- a/migrate_redis_to_valkey.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -if [ -f /etc/redis/redis.conf ]; then - cp /etc/redis/redis.conf /etc/valkey/valkey.conf - mv /etc/redis/redis.conf /etc/redis/redis.conf.rpmsave - chown valkey:root /etc/valkey/valkey.conf - sed -i 's|^dir\s.*|dir /var/lib/valkey|g' /etc/valkey/valkey.conf - echo "/etc/redis/redis.conf has been copied to /etc/valkey/valkey.conf. Manual review of valkey.conf is strongly suggested especially if you had modified redis.conf." -fi -if [ -f /etc/redis/sentinel.conf ]; then - cp /etc/redis/sentinel.conf /etc/valkey/sentinel.conf - mv /etc/redis/sentinel.conf /etc/redis/sentinel.conf.rpmsave - chown valkey:root /etc/valkey/sentinel.conf - echo "/etc/redis/sentinel.conf has been copied to /etc/valkey/sentinel.conf. Manual review of sentinel.conf is strongly suggested especially if you had modified sentinel.conf." -fi -if [ -d /var/lib/redis ]; then - # cp could take a while, and this is a one-way move anyway - mv /var/lib/redis/* /var/lib/valkey/ - # don't leave garbage behind, plus we check if this dir exists when running this script - rm -rf /var/lib/redis - chown -R valkey. /var/lib/valkey - echo "On-disk redis dumps moved from /var/lib/redis/ to /var/lib/valkey" -fi - -# TODO -# 1. expand logic to read current redis conf for the dir setting. same for sentinel conf. if not stock /var/lib/redis, don't do the mv. redis and sentinel may be using two different paths. - diff --git a/sources b/sources deleted file mode 100644 index a962adc..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -SHA512 (valkey-8.0.6.tar.gz) = 0f704ad06abab2817657abe60be6fb7c45df91cdaaa53d921e26c6f4e91a3712152a31550b876d8deba3493a6ca4b87194efd3a86cacd53906f01e845e7cb137 -SHA512 (valkey-doc-8.0.5.tar.gz) = 9cb90db9fcbed42dcf07b45b5493d0b72779d504c4eb18d8ebe2dc13b46aa35aff5be46e02aec74574b101f8ac0aa532abf6be26acc0a0954e3015f950a21049 diff --git a/valkey-cve-2025-27151.patch b/valkey-cve-2025-27151.patch deleted file mode 100644 index 275db2e..0000000 --- a/valkey-cve-2025-27151.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7 Mon Sep 17 00:00:00 2001 -From: Madelyn Olson -Date: Thu, 29 May 2025 00:06:23 +0100 -Subject: [PATCH] Incorporate Redis CVE for CVE-2025-27151 (#2146) - -Resolves https://github.com/valkey-io/valkey/issues/2145 - -Incorporate the CVE patch that was sent to us by Redis Ltd. - ---------- - -Signed-off-by: Madelyn Olson -Co-authored-by: Ping Xie ---- - src/valkey-check-aof.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/valkey-check-aof.c b/src/valkey-check-aof.c -index ed0eb2b49d..a6e4b97c6d 100644 ---- a/src/valkey-check-aof.c -+++ b/src/valkey-check-aof.c -@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) { - goto invalid_args; - } - -+ /* Check if filepath is longer than PATH_MAX */ -+ if (strnlen(filepath, PATH_MAX + 1) > PATH_MAX) { -+ printf("Error: filepath is too long (exceeds PATH_MAX)\n"); -+ goto invalid_args; -+ } -+ - /* In the glibc implementation dirname may modify their argument. */ - memcpy(temp_filepath, filepath, strlen(filepath) + 1); - dirpath = dirname(temp_filepath); diff --git a/valkey-sentinel.service b/valkey-sentinel.service deleted file mode 100644 index 36093e0..0000000 --- a/valkey-sentinel.service +++ /dev/null @@ -1,34 +0,0 @@ -[Unit] -Description=Valkey Sentinel -After=network.target -After=network-online.target -Wants=network-online.target - -[Service] -# ensure var is set -Environment=OPTIONS= -EnvironmentFile=-/etc/sysconfig/valkey-sentinel -# we must keep $OPTIONS and the env file as some older installs will still be using /etc/sysconfig/valkey-sentinel -ExecStart=/usr/bin/valkey-sentinel /etc/valkey/sentinel.conf --daemonize no --supervised systemd $OPTIONS -Type=notify -User=valkey -Group=valkey -RuntimeDirectory=valkey -RuntimeDirectoryMode=0755 - -# If you need to change max open file limit -# for example, when you change maxclient in configuration -# you can change the LimitNOFILE value below. -# See "man systemd.exec" for more information. -LimitNOFILE=10240 - -# Slave nodes on large system may take lot of time to start. -# You may need to uncomment TimeoutStartSec and TimeoutStopSec -# directives below and raise their value. -# See "man systemd.service" for more information. -#TimeoutStartSec=90s -#TimeoutStopSec=90s - -[Install] -WantedBy=multi-user.target - diff --git a/valkey.logrotate b/valkey.logrotate deleted file mode 100644 index e91fcd3..0000000 --- a/valkey.logrotate +++ /dev/null @@ -1,9 +0,0 @@ -/var/log/valkey/*.log { - weekly - rotate 10 - copytruncate - delaycompress - compress - notifempty - missingok -} diff --git a/valkey.service b/valkey.service deleted file mode 100644 index 827f5f2..0000000 --- a/valkey.service +++ /dev/null @@ -1,35 +0,0 @@ -[Unit] -Description=Valkey persistent key-value database -After=network.target -After=network-online.target -Wants=network-online.target - -[Service] -WorkingDirectory=/var/lib/valkey -# ensure var is set -Environment=OPTIONS= -EnvironmentFile=-/etc/sysconfig/valkey -# we must keep $OPTIONS and the env file as some older installs will still be using /etc/sysconfig/valkey -ExecStart=/usr/bin/valkey-server /etc/valkey/valkey.conf --daemonize no --supervised systemd $OPTIONS -Type=notify -User=valkey -Group=valkey -RuntimeDirectory=valkey -RuntimeDirectoryMode=0755 - -# If you need to change max open file limit -# for example, when you change maxclient in configuration -# you can change the LimitNOFILE value below. -# See "man systemd.exec" for more information. -LimitNOFILE=10240 - -# Slave nodes on large system may take lot of time to start. -# You may need to uncomment TimeoutStartSec and TimeoutStopSec -# directives below and raise their value. -# See "man systemd.service" for more information. -#TimeoutStartSec=90s -#TimeoutStopSec=90s - -[Install] -WantedBy=multi-user.target - diff --git a/valkey.spec b/valkey.spec deleted file mode 100644 index 407ab71..0000000 --- a/valkey.spec +++ /dev/null @@ -1,507 +0,0 @@ -# Docs require pandoc, which is not included in RHEL -%if %{undefined rhel} || %{defined epel} -%bcond_without docs -%else -%bcond_with docs -%endif -%global doc_version 8.0.5 -# Tests fail in mock, not in local build. -%bcond_with tests - -Name: valkey -Version: 8.0.6 -Release: 1%{?dist} -Summary: A persistent key-value database -# valkey: BSD-3-Clause -# hiredis: BSD-3-Clause -# hdrhistogram, jemalloc, lzf, linenoise: BSD-2-Clause -# lua: MIT -# fpconv: BSL-1.0 -License: BSD-3-Clause AND BSD-2-Clause AND MIT AND BSL-1.0 -URL: https://valkey.io -Source0: https://github.com/valkey-io/%{name}/archive/%{version}/%{name}-%{version}.tar.gz -Source1: %{name}.logrotate -Source2: %{name}-sentinel.service -Source3: %{name}.service -Source4: %{name}.sysusers -Source8: macros.%{name} -Source9: migrate_redis_to_valkey.sh -Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz - -Patch1: valkey-cve-2025-27151.patch - -BuildRequires: make -BuildRequires: gcc -%if %{with tests} -BuildRequires: procps-ng -BuildRequires: tcl -%endif -BuildRequires: pkgconfig(libsystemd) -BuildRequires: systemd-devel -BuildRequires: systemd-rpm-macros -BuildRequires: openssl-devel -%if %{with docs} -# for docs/man pages -BuildRequires: pandoc -BuildRequires: python3 -BuildRequires: python3-pyyaml -%endif - -Requires: logrotate -# from deps/hiredis/hiredis.h -Provides: bundled(hiredis) = 1.0.3 -# from deps/jemalloc/VERSION -Provides: bundled(jemalloc) = 5.3.0 -# from deps/lua/src/lua.h -Provides: bundled(lua-libs) = 5.1.5 -# from deps/linenoise/linenoise.h -Provides: bundled(linenoise) = 1.0 -Provides: bundled(lzf) -# from deps/hdr_histogram/README.md -Provides: bundled(hdr_histogram) = 0.11.0 -# no version -Provides: bundled(fpconv) - -%global valkey_modules_abi 1 -%global valkey_modules_dir %{_libdir}/%{name}/modules -Provides: valkey(modules_abi)%{?_isa} = %{valkey_modules_abi} - -ExcludeArch: %{ix86} - -%description -Valkey is an advanced key-value store. It is often referred to as a data -structure server since keys can contain strings, hashes, lists, sets and -sorted sets. - -You can run atomic operations on these types, like appending to a string; -incrementing the value in a hash; pushing to a list; computing set -intersection, union and difference; or getting the member with highest -ranking in a sorted set. - -In order to achieve its outstanding performance, Valkey works with an -in-memory dataset. Depending on your use case, you can persist it either -by dumping the dataset to disk every once in a while, or by appending -each command to a log. - -Valkey also supports trivial-to-setup master-slave replication, with very -fast non-blocking first synchronization, auto-reconnection on net split -and so forth. - -Other features include Transactions, Pub/Sub, Lua scripting, Keys with a -limited time-to-live, and configuration settings to make Valkey behave like -a cache. - -You can use Valkey from most programming languages also. - -%package devel -Summary: Development header for Valkey module development -# Header-Only Library (https://fedoraproject.org/wiki/Packaging:Guidelines) -Provides: %{name}-static = %{version}-%{release} - -%description devel -Header file required for building loadable Valkey modules. - - -%package compat-redis -Summary: Conversion script and compatibility symlinks for Redis -Requires: valkey = %{version}-%{release} -%if 0%{?fedora} > 40 || 0%{?rhel} > 9 -Obsoletes: redis < 7.4 -Provides: redis = %{version}-%{release} -%else -Conflicts: redis < 7.4 -%endif -BuildArch: noarch - - -%description compat-redis -%summary - - -%package compat-redis-devel -Summary: Compatibility development header for Redis API Valkey modules -Requires: valkey-devel = %{version}-%{release} -%if 0%{?fedora} > 40 || 0%{?rhel} > 9 -Obsoletes: redis-devel < 7.4 -Provides: redis-devel = %{version}-%{release} -# Header-Only Library (https://fedoraproject.org/wiki/Packaging:Guidelines) -Obsoletes: redis-static < 7.4 -Provides: redis-static = %{version}-%{release} -%else -Conflicts: redis-devel < 7.4 -Conflicts: redis-static < 7.4 -%endif -BuildArch: noarch - - -%description compat-redis-devel -Header file required for building loadable Valkey modules with the legacy -Redis API. - - -%if %{with docs} -%package doc -Summary: Documentation and extra man pages for %{name} -BuildArch: noarch -License: CC-BY-SA-4.0 -%if 0%{?fedora} > 40 || 0%{?rhel} > 9 -Obsoletes: redis-doc < 7.4 -Provides: redis-doc = %{version}-%{release} -%endif - - -%description doc -%summary -%endif - - -%prep -# no autosetup due to no support for multiple source extraction -%setup -n %{name}-%{version} -a50 - -%patch -P1 -p1 - -mv deps/lua/COPYRIGHT COPYRIGHT-lua -mv deps/jemalloc/COPYING COPYING-jemalloc -mv deps/hiredis/COPYING COPYING-hiredis-BSD-3-Clause -mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram -mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram -mv deps/fpconv/LICENSE.txt LICENSE-fpconv - -# See https://bugzilla.redhat.com/2240293 -# See https://src.fedoraproject.org/rpms/jemalloc/blob/rawhide/f/jemalloc.spec#_34 -%ifarch %ix86 %arm x86_64 s390x -sed -e 's/--with-lg-quantum/--with-lg-page=12 --with-lg-quantum/' -i deps/Makefile -%endif -%ifarch ppc64 ppc64le aarch64 -sed -e 's/--with-lg-quantum/--with-lg-page=16 --with-lg-quantum/' -i deps/Makefile -%endif - -# Module API version safety check -api=`sed -n -e 's/#define VALKEYMODULE_APIVER_[0-9][0-9]* //p' src/valkeymodule.h` -if test "$api" != "%{valkey_modules_abi}"; then - : Error: Upstream API version is now ${api}, expecting %%{valkey_modules_abi}. - : Update the valkey_modules_abi macro, the rpmmacros file, and rebuild. - exit 1 -fi - - -sed -i -e 's|^logfile .*$|logfile /var/log/valkey/valkey.log|g' \ - -e 's|^# unixsocket .*$|unixsocket /run/valkey/valkey.sock|g' \ - -e 's|^pidfile .*$|pidfile /run/valkey/valkey.pid|g' \ - valkey.conf - -sed -i -e 's|^logfile .*$|logfile /var/log/valkey/sentinel.log|g' \ - -e 's|^pidfile .*$|pidfile /run/valkey/sentinel.pid|g' \ - sentinel.conf - -%if (%{defined fedora} && 0%{?fedora} < 42) || (%{defined rhel} && 0%{?rhel} < 10) -# these lines are for conditionals around sysconfig to valkey.conf porting scriptlets to avoid re-runs -echo '# valkey_rpm_conf' >> valkey.conf -echo '# valkey-sentinel_rpm_conf' >> sentinel.conf -%endif - -%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes - - -%build -%make_build %{make_flags} - -%if %{with docs} -# docs -pushd %{name}-doc-%{doc_version} -# build man pages -%make_build VALKEY_ROOT=../ -# build html docs -%make_build html VALKEY_ROOT=../ -popd -%endif - - -%install -%make_install %{make_flags} -%if %{with docs} -# install docs -pushd %{name}-doc-%{doc_version} -# man pages -%make_install INSTALL_MAN_DIR=%{buildroot}%{_mandir} VALKEY_ROOT=../ -# install html docs -install -d %{buildroot}%{_docdir}/%{name}/ -cp -ra _build/html/* %{buildroot}%{_docdir}/%{name}/ -# install doc license -install -d %{buildroot}%{_defaultlicensedir}/valkey-doc/ -cp -a LICENSE %{buildroot}%{_defaultlicensedir}/valkey-doc/ -popd -%endif - -# remove sample confs -rm -rf %{buildroot}%{_datadir}/%{name} - -# System user -install -p -D -m 0644 %{S:4} %{buildroot}%{_sysusersdir}/%{name}.conf - -# Filesystem. -install -d %{buildroot}%{_sharedstatedir}/%{name} -install -d %{buildroot}%{_localstatedir}/log/%{name} -install -d %{buildroot}%{_localstatedir}/run/%{name} -install -d %{buildroot}%{valkey_modules_dir} - -# Install logrotate file. -install -pDm644 %{S:1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} - -# Install configuration files. -install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf -install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}/sentinel.conf - -# Install systemd unit files. -mkdir -p %{buildroot}%{_unitdir} -install -pm644 %{S:3} %{buildroot}%{_unitdir} -install -pm644 %{S:2} %{buildroot}%{_unitdir} - -# Fix non-standard-executable-perm error. -chmod 755 %{buildroot}%{_bindir}/%{name}-* - -# Install valkey module header -install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h - -# Install rpm macros for valkey modules -#mkdir -p %{buildroot}%{_rpmmacrodir} -install -pDm644 %{S:8} %{buildroot}%{_rpmmacrodir}/macros.%{name} - -# compat script -install -Dpm 755 %{S:9} %{buildroot}%{_libexecdir}/migrate_redis_to_valkey.sh - -# compat header -install -pDm644 src/redismodule.h %{buildroot}%{_includedir}/redismodule.h - -# compat systemd symlinks -ln -sr %{buildroot}/usr/lib/systemd/system/valkey.service %{buildroot}/usr/lib/systemd/system/redis.service -ln -sr %{buildroot}/usr/lib/systemd/system/valkey-sentinel.service %{buildroot}/usr/lib/systemd/system/redis-sentinel.service - - -%check -%if %{with tests} -# https://github.com/redis/redis/issues/1417 (for "taskset -c 1") -taskset -c 1 ./runtest --clients 50 --skiptest "Active defrag - AOF loading" - -# sentinel tests fail in mock, but we want the normal tests above -#./runtest-sentinel -%endif - -%pre -%sysusers_create_compat %{S:4} - - -%post -%if (%{defined fedora} && 0%{?fedora} < 42) || (%{defined rhel} && 0%{?rhel} < 10) -# migrate away from /etc/sysconfig/valkey -# only during upgrades, not installs -if [ $1 -eq 2 ]; then - # if valkey.rpmsave doesn't exist then it wasn't modified by the user - # and we should write our defaults into the config file to ensure continuity of service - # these defaults are what was previously in /etc/sysconfig/valkey - # if there's no .rpmnew file they got the updated default config file so we don't need to sed - if [ ! -f /etc/sysconfig/valkey.rpmsave ] && [ -f /etc/valkey/valkey.conf.rpmnew ] && ! grep -q valkey_rpm_conf /etc/valkey/valkey.conf; then - sed -i -e 's|^logfile ""$|logfile /var/log/valkey/valkey.log|g' \ - -e 's|^pidfile /var/run/valkey_6379.pid$|pidfile /run/valkey/valkey.pid|g' \ - /etc/valkey/valkey.conf - # we need an extra conditional around this one to make sure we don't end up with duplicate - # config lines for unixsocket since the default is commented - if ! grep -q "^unixsocket " /etc/valkey/valkey.conf; then - sed -i 's|^# unixsocket /run/valkey.sock$|unixsocket /run/valkey/valkey.sock|g' /etc/valkey/valkey.conf - fi - echo '# valkey_rpm_conf' >> /etc/valkey/valkey.conf - fi - if [ ! -f /etc/sysconfig/valkey-sentinel.rpmsave ] && [ -f /etc/valkey/valkey-sentinel.conf.rpmnew ] && ! grep -q valkey-sentinel_rpm_conf /etc/valkey/sentinel.conf; then - sed -i -e 's|^logfile ""$|logfile /var/log/valkey/sentinel.log|g' \ - -e 's|^pidfile /var/run/valkey_6379.pid$|pidfile /run/valkey/sentinel.pid|g' \ - /etc/valkey/sentinel.conf - echo '# valkey-sentinel_rpm_conf' >> /etc/valkey/sentinel.conf - fi - - # if valkey.rpmsave does exist then it was modified and we still need it - # becuase we don't know what was modified so we cannot sed the main config - # or remove the sysconfig file. This will detach the sysconfig file from the RPM - # and as long as we keep the line to load it in the service file nothing will break - # for the user - if [ -f /etc/sysconfig/valkey.rpmsave ]; then - mv -n /etc/sysconfig/valkey{.rpmsave,} - fi - if [ -f /etc/sysconfig/valkey-sentinel.rpmsave ]; then - mv -n /etc/sysconfig/valkey-sentinel{.rpmsave,} - fi -fi -%endif - -%systemd_post %{name}.service -%systemd_post %{name}-sentinel.service - - -%post compat-redis -%{_libexecdir}/migrate_redis_to_valkey.sh - - -%preun -%systemd_preun %{name}.service -%systemd_preun %{name}-sentinel.service - - -%postun -%systemd_postun_with_restart %{name}.service -%systemd_postun_with_restart %{name}-sentinel.service - - -%files -%license COPYING -%license COPYRIGHT-lua -%license COPYING-jemalloc -%license LICENSE-hdrhistogram -%license COPYING-hdrhistogram -%license LICENSE-fpconv -%license COPYING-hiredis-BSD-3-Clause -%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} -%attr(0750, valkey, root) %dir %{_sysconfdir}/%{name} -%attr(0640, valkey, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf -%attr(0640, valkey, root) %config(noreplace) %{_sysconfdir}/%{name}/sentinel.conf -%dir %{_libdir}/%{name} -%dir %{valkey_modules_dir} -%dir %attr(0750, valkey, valkey) %{_sharedstatedir}/%{name} -%dir %attr(0750, valkey, valkey) %{_localstatedir}/log/%{name} -%{_bindir}/%{name}-* -%{_unitdir}/%{name}.service -%{_unitdir}/%{name}-sentinel.service -%dir %attr(0755, valkey, valkey) %ghost %{_localstatedir}/run/%{name} -%{_sysusersdir}/%{name}.conf -%if %{with docs} -%{_mandir}/man1/%{name}*.gz -%{_mandir}/man5/%{name}.conf.5.gz -%endif - - -%if %{with docs} -%files doc -%license LICENSE -%doc %{_docdir}/valkey/ -%{_mandir}/man{3,7}/*%{name}*.gz -%endif - - -%files devel -# main package is not required -%license COPYING -%{_includedir}/%{name}module.h -%{_rpmmacrodir}/macros.%{name} - - -%files compat-redis -%{_libexecdir}/migrate_redis_to_valkey.sh -%{_bindir}/redis-* -%{_unitdir}/redis.service -%{_unitdir}/redis-sentinel.service - -%files compat-redis-devel -%{_includedir}/redismodule.h - - -%changelog -* Sat Oct 4 2025 Remi Collet - 8.0.6-1 -- update to 8.0.6 - fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819 -- update documentation to 8.0.5 - -* Wed Jul 16 2025 Remi Collet - 8.0.4-1 -- update to 8.0.4 - fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023 - -* Fri Jun 06 2025 Jonathan Wright - 8.0.3-3 -- Apply patch for CVE-2025-49112 properly - -* Fri Jun 06 2025 Jonathan Wright - 8.0.3-2 -- Fixes CVE-2025-49112 - -* Thu Apr 24 2025 Remi Collet - 8.0.3-1 -- update to 8.0.3 - fixes CVE-2025-21605 - -* Sun Jan 19 2025 Fedora Release Engineering - 8.0.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Wed Jan 08 2025 Jonathan Wright - 8.0.2-1 -- update to 8.0.2 rhbz#2336259 - fixes CVE-2024-46981 - fixes CVE-2024-51741 - -* Wed Nov 13 2024 Jonathan Wright - 8.0.1-3 -- include license with doc sub-package -- include systemd symlinks for redis in compat package - -* Mon Oct 07 2024 Jonathan Wright - 8.0.1-2 -- fix spec for epel8 -- buildrequires python3 for docs - -* Mon Oct 07 2024 Jonathan Wright - 8.0.1-1 -- update to 8.0.1 rhbz#2316254 - fixes CVE-2024-31449 - fixes CVE-2024-31227 - fixes CVE-2024-31228 - -* Fri Sep 27 2024 Yaakov Selkowitz - 8.0.0-3 -- Disable docs on RHEL - -* Tue Sep 24 2024 Jonathan Wright - 8.0.0-2 -- add man pages rhbz#2276017 -- add doc subpackage rhbz#2276020 - -* Mon Sep 16 2024 Jonathan Wright - 8.0.0-1 -- update to 8.0.0 rhbz#2312577 - -* Mon Aug 12 2024 Neal Gompa - 7.2.6-2 -- Add compat-redis-devel subpackage for Redis API Valkey modules - Resolves: rhbz#2304083 - -* Mon Aug 05 2024 Jonathan Wright - 7.2.6-1 -- update to 7.2.6 rhbz#2302510 - -* Thu Aug 1 2024 Remi Collet - 7.2.5-11 -- merge limit.conf in main service files -- fix obsoletes/conflicts up to 7.4 - -* Sat Jul 20 2024 Fedora Release Engineering - 7.2.5-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Mon Jul 15 2024 Jonathan Wright - 7.2.5-9 -- Fix journal warning rhbz#2297457 - -* Tue Jul 02 2024 Jonathan Wright - 7.2.5-8 -- Enable tests by default - selectively disable tests that fail in mock for redis - disable redis-sentinel tests, they always fail in mock - -* Sat Jun 22 2024 Neal Gompa - 7.2.5-7 -- Enable automatic replacement of redis with valkey - -* Mon Jun 17 2024 Jonathan Wright - 7.2.5-6 -- drop /etc/sysconfig/valkey - -* Mon Apr 29 2024 Jonathan Wright - 7.2.5-5 -- improve migration scripts -- rename compat package -- fix working dir - -* Mon Apr 22 2024 Nathan Scott - 7.2.5-3 -- remove version_no_tilde code - -* Mon Apr 22 2024 Nathan Scott - 7.2.5-2 -- move redis compat symlinks to compat subpackage - -* Wed Apr 17 2024 Jonathan Wright - 7.2.5-1 -- update to 7.2.5 rhbz#2275379 - -* Fri Apr 12 2024 Jonathan Wright - 7.2.5~rc1-2 -- add compat subpackage with migration scripts from redis - -* Fri Apr 12 2024 Jonathan Wright - 7.2.5~rc1-1 -- update to 7.2.5-rc1 - -* Tue Apr 09 2024 Jonathan Wright - 7.2.4~rc1-1 -- Initial package build, release candidate diff --git a/valkey.sysusers b/valkey.sysusers deleted file mode 100644 index 94242f3..0000000 --- a/valkey.sysusers +++ /dev/null @@ -1 +0,0 @@ -u valkey - "Valkey Database Server" /dev/null /sbin/nologin From 3777ce183258f9275f1cbe679ddabbeeab476305 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 27 Nov 2025 08:08:00 +0100 Subject: [PATCH 26/27] build TLS statically as module not supported by sentinel drop sub-package for TLS module --- valkey.spec | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/valkey.spec b/valkey.spec index 6815c05..06a1c88 100644 --- a/valkey.spec +++ b/valkey.spec @@ -11,7 +11,7 @@ Name: valkey Version: 9.0.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -68,6 +68,10 @@ Provides: bundled(hdr_histogram) = 0.11.9 # no version Provides: bundled(fpconv) +# sub-package was dropped +Obsoletes: valkey-tls < %{version}-%{release} +Provides: valkey-tls = %{version}-%{release} + %global valkey_modules_abi 1 %global valkey_modules_dir %{_libdir}/%{name}/modules %global valkey_modules_cfg %{_sysconfdir}/%{name}/modules @@ -121,15 +125,6 @@ Supplements: %{name} See https://valkey.io/topics/RDMA/ -%package tls -Summary: TLS module for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} -Supplements: %{name} - -%description tls -%summary. - -See https://valkey.io/topics/encryption/ %package compat-redis Summary: Conversion script and compatibility symlinks for Redis @@ -228,7 +223,7 @@ echo '# valkey_rpm_conf' >> valkey.conf echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %endif -%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=module BUILD_RDMA=module +%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes BUILD_RDMA=module : RDMA configuration file cat << EOF | tee rdma.conf @@ -236,12 +231,6 @@ cat << EOF | tee rdma.conf loadmodule %{valkey_modules_dir}/rdma.so EOF -: TLS configuration file -cat << EOF | tee tls.conf -# TLS module -loadmodule %{valkey_modules_dir}/tls.so -EOF - %build %make_build %{make_flags} @@ -325,10 +314,6 @@ ln -sr %{buildroot}/usr/lib/systemd/system/valkey-sentinel.service %{buildroot}/ install -pm755 src/valkey-rdma.so %{buildroot}%{valkey_modules_dir}/rdma.so install -pm640 rdma.conf %{buildroot}%{valkey_modules_cfg}/rdma.conf -# TLS module -install -pm755 src/valkey-tls.so %{buildroot}%{valkey_modules_dir}/tls.so -install -pm640 tls.conf %{buildroot}%{valkey_modules_cfg}/tls.conf - %check %if %{with tests} @@ -440,10 +425,6 @@ fi %attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/rdma.conf %{valkey_modules_dir}/rdma.so -%files tls -%attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/tls.conf -%{valkey_modules_dir}/tls.so - %files devel # main package is not required %license COPYING @@ -462,6 +443,10 @@ fi %changelog +* Thu Nov 27 2025 Remi Collet - 9.0.0-2 +- build TLS statically as module not supported by sentinel +- drop sub-package for TLS module + * Wed Oct 22 2025 Remi Collet - 9.0.0-1 - Valkey 9.0.0 GA - October 21, 2025 - bundled hiredis replaced by libvalkey From 3c0883cd0279ac47b5cf13bcfb790c97cc2b128d Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 10 Dec 2025 08:06:39 +0100 Subject: [PATCH 27/27] v9.0.1 --- .gitignore | 2 ++ sources | 4 ++-- valkey.spec | 10 +++++++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 52d5805..5c9e18c 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ valkey-8.*.tar.gz valkey-doc-8.*.tar.gz /valkey-9.0.0.tar.gz /valkey-doc-9.0.0.tar.gz +/valkey-9.0.1.tar.gz +/valkey-doc-9.0.1.tar.gz diff --git a/sources b/sources index f9f5cbf..6d26371 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-9.0.0.tar.gz) = 387e8ebf26a307940bf0f26eb4ba51f016445a618435f4c61ec4c8b8d4b7e2cbfc7a7e93b6c35b7c6832e3161981b4b2ce0d09bdc1799dbb5271052cf70654e4 -SHA512 (valkey-doc-9.0.0.tar.gz) = 931c85bc229a24de9b579353a365b1ab46123d190ba84359ec36d95153c1c6c42cdf1dbd2f08d24896e0bef9e71c3c95431fbd8af6fa0260a3e4b00ed6d17ebf +SHA512 (valkey-9.0.1.tar.gz) = 99e1ab2abd0e1229df7804ac398088d4b3a8e1b031ab66da56ce98f56d0a97c7365b065bacc29d559194a18f5a85c9bf35c0c54f3a8402ec7c6fdbcf4f89181c +SHA512 (valkey-doc-9.0.1.tar.gz) = 061d3758cd754767bd0a45d6be3d709d82d91b2f7b0591b58cecd98cd39529bc0ec1bd490ef0890fb455f81fde33066412655005e25aa460989417803b15f45d diff --git a/valkey.spec b/valkey.spec index 06a1c88..8b97070 100644 --- a/valkey.spec +++ b/valkey.spec @@ -5,13 +5,13 @@ %bcond_with docs %endif # See https://github.com/valkey-io/valkey-doc/tags -%global doc_version 9.0.0 +%global doc_version 9.0.1 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 9.0.0 -Release: 2%{?dist} +Version: 9.0.1 +Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -443,6 +443,10 @@ fi %changelog +* Wed Dec 10 2025 Remi Collet - 9.0.1-1 +- Valkey 9.0.1 - December 9, 2025 +- Upgrade urgency MODERATE + * Thu Nov 27 2025 Remi Collet - 9.0.0-2 - build TLS statically as module not supported by sentinel - drop sub-package for TLS module