diff --git a/.gitignore b/.gitignore index 5c9e18c..48de5de 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,11 @@ -clog -valkey-8.*.tar.gz -valkey-doc-8.*.tar.gz -/valkey-9.0.0.tar.gz -/valkey-doc-9.0.0.tar.gz -/valkey-9.0.1.tar.gz -/valkey-doc-9.0.1.tar.gz +/valkey-8.1.*.tar.gz +/valkey-doc-8.1.*.tar.gz +/valkey-8.0.1.tar.gz +/valkey-doc-8.0.1.tar.gz +/valkey-8.0.2.tar.gz +/valkey-doc-8.0.2.tar.gz +/valkey-8.0.3.tar.gz +/valkey-8.0.4.tar.gz +/valkey-doc-8.0.3.tar.gz +/valkey-8.0.6.tar.gz +/valkey-doc-8.0.5.tar.gz diff --git a/macros.valkey b/macros.valkey new file mode 100644 index 0000000..f27c41d --- /dev/null +++ b/macros.valkey @@ -0,0 +1,2 @@ +%valkey_modules_abi 1 +%valkey_modules_dir %{_libdir}/valkey/modules diff --git a/migrate_redis_to_valkey.sh b/migrate_redis_to_valkey.sh index 3934956..64f8c0f 100644 --- a/migrate_redis_to_valkey.sh +++ b/migrate_redis_to_valkey.sh @@ -4,14 +4,12 @@ if [ -f /etc/redis/redis.conf ]; then mv /etc/redis/redis.conf /etc/redis/redis.conf.rpmsave chown valkey:root /etc/valkey/valkey.conf sed -i 's|^dir\s.*|dir /var/lib/valkey|g' /etc/valkey/valkey.conf - sed -i 's|logfile /var/log/redis/redis.log|logfile /var/log/valkey/valkey.log|' /etc/valkey/valkey.conf echo "/etc/redis/redis.conf has been copied to /etc/valkey/valkey.conf. Manual review of valkey.conf is strongly suggested especially if you had modified redis.conf." fi if [ -f /etc/redis/sentinel.conf ]; then cp /etc/redis/sentinel.conf /etc/valkey/sentinel.conf mv /etc/redis/sentinel.conf /etc/redis/sentinel.conf.rpmsave chown valkey:root /etc/valkey/sentinel.conf - sed -i 's|logfile /var/log/redis/sentinel.log|logfile /var/log/valkey/sentinel.log|' /etc/valkey/sentinel.conf echo "/etc/redis/sentinel.conf has been copied to /etc/valkey/sentinel.conf. Manual review of sentinel.conf is strongly suggested especially if you had modified sentinel.conf." fi if [ -d /var/lib/redis ]; then @@ -22,3 +20,7 @@ if [ -d /var/lib/redis ]; then chown -R valkey. /var/lib/valkey echo "On-disk redis dumps moved from /var/lib/redis/ to /var/lib/valkey" fi + +# TODO +# 1. expand logic to read current redis conf for the dir setting. same for sentinel conf. if not stock /var/lib/redis, don't do the mv. redis and sentinel may be using two different paths. + diff --git a/sources b/sources index 6d26371..a962adc 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-9.0.1.tar.gz) = 99e1ab2abd0e1229df7804ac398088d4b3a8e1b031ab66da56ce98f56d0a97c7365b065bacc29d559194a18f5a85c9bf35c0c54f3a8402ec7c6fdbcf4f89181c -SHA512 (valkey-doc-9.0.1.tar.gz) = 061d3758cd754767bd0a45d6be3d709d82d91b2f7b0591b58cecd98cd39529bc0ec1bd490ef0890fb455f81fde33066412655005e25aa460989417803b15f45d +SHA512 (valkey-8.0.6.tar.gz) = 0f704ad06abab2817657abe60be6fb7c45df91cdaaa53d921e26c6f4e91a3712152a31550b876d8deba3493a6ca4b87194efd3a86cacd53906f01e845e7cb137 +SHA512 (valkey-doc-8.0.5.tar.gz) = 9cb90db9fcbed42dcf07b45b5493d0b72779d504c4eb18d8ebe2dc13b46aa35aff5be46e02aec74574b101f8ac0aa532abf6be26acc0a0954e3015f950a21049 diff --git a/valkey-conf.patch b/valkey-conf.patch deleted file mode 100644 index a079055..0000000 --- a/valkey-conf.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -up ./sentinel.conf.rpm ./sentinel.conf ---- ./sentinel.conf.rpm 2025-07-07 09:18:20.000000000 +0200 -+++ ./sentinel.conf 2025-08-01 07:57:21.892278834 +0200 -@@ -17,7 +17,7 @@ daemonize no - # When running daemonized, Valkey Sentinel writes a pid file in - # /var/run/valkey-sentinel.pid by default. You can specify a custom pid file - # location here. --pidfile /var/run/valkey-sentinel.pid -+pidfile /run/valkey/sentinel.pid - - # Specify the server verbosity level. - # This can be one of: -@@ -31,7 +31,7 @@ loglevel notice - # Specify the log file name. Also the empty string can be used to force - # Sentinel to log on the standard output. Note that if you use standard - # output for logging but daemonize, logs will be sent to /dev/null --logfile "" -+logfile /var/log/valkey/sentinel.log - - # To enable logging to the system logger, just set 'syslog-enabled' to yes, - # and optionally update the other syslog parameters to suit your needs. -diff -up ./valkey.conf.rpm ./valkey.conf ---- ./valkey.conf.rpm 2025-07-07 09:18:20.000000000 +0200 -+++ ./valkey.conf 2025-08-01 07:57:17.825116953 +0200 -@@ -43,6 +43,9 @@ - # include /path/to/other.conf - # include /path/to/fragments/*.conf - # -+# Module configuration files -+include /etc/valkey/modules/*.conf -+ - - ################################## MODULES ##################################### - -@@ -163,7 +166,7 @@ tcp-backlog 511 - # incoming connections. There is no default, so the server will not listen - # on a unix socket when not specified. - # --# unixsocket /run/valkey.sock -+unixsocket /run/valkey/valkey.sock - # unixsocketgroup wheel - # unixsocketperm 700 - -@@ -409,7 +412,7 @@ daemonize no - # - # Note that on modern Linux systems "/run/valkey.pid" is more conforming - # and should be used instead. --pidfile /var/run/valkey_6379.pid -+pidfile /run/valkey/valkey.pid - - # Specify the server verbosity level. - # This can be one of: -@@ -440,7 +443,7 @@ loglevel notice - # Specify the log file name. Also the empty string can be used to force - # the server to log on the standard output. Note that if you use standard - # output for logging but daemonize, logs will be sent to /dev/null --logfile "" -+logfile /var/log/valkey/valkey.log - - # To enable logging to the system logger, just set 'syslog-enabled' to yes, - # and optionally update the other syslog parameters to suit your needs. diff --git a/valkey-cve-2025-27151.patch b/valkey-cve-2025-27151.patch new file mode 100644 index 0000000..275db2e --- /dev/null +++ b/valkey-cve-2025-27151.patch @@ -0,0 +1,34 @@ +From 73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7 Mon Sep 17 00:00:00 2001 +From: Madelyn Olson +Date: Thu, 29 May 2025 00:06:23 +0100 +Subject: [PATCH] Incorporate Redis CVE for CVE-2025-27151 (#2146) + +Resolves https://github.com/valkey-io/valkey/issues/2145 + +Incorporate the CVE patch that was sent to us by Redis Ltd. + +--------- + +Signed-off-by: Madelyn Olson +Co-authored-by: Ping Xie +--- + src/valkey-check-aof.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/valkey-check-aof.c b/src/valkey-check-aof.c +index ed0eb2b49d..a6e4b97c6d 100644 +--- a/src/valkey-check-aof.c ++++ b/src/valkey-check-aof.c +@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) { + goto invalid_args; + } + ++ /* Check if filepath is longer than PATH_MAX */ ++ if (strnlen(filepath, PATH_MAX + 1) > PATH_MAX) { ++ printf("Error: filepath is too long (exceeds PATH_MAX)\n"); ++ goto invalid_args; ++ } ++ + /* In the glibc implementation dirname may modify their argument. */ + memcpy(temp_filepath, filepath, strlen(filepath) + 1); + dirpath = dirname(temp_filepath); diff --git a/valkey-loadmod.patch b/valkey-loadmod.patch deleted file mode 100644 index dad9cb9..0000000 --- a/valkey-loadmod.patch +++ /dev/null @@ -1,161 +0,0 @@ -From b40ab88996d0bbe9bdd366af9426f7400b21e19c Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Sat, 4 Oct 2025 07:23:52 +0200 -Subject: [PATCH] Fix #2678 don't add loadmodule when from config - -only protect loadmodule from include files - -Signed-off-by: Remi Collet ---- - src/config.c | 8 ++++++-- - src/module.c | 17 ++++++++++++----- - src/module.h | 4 ++-- - 3 files changed, 20 insertions(+), 9 deletions(-) - -diff --git a/src/config.c b/src/config.c -index d0158b2c4d..ab453056df 100644 ---- a/src/config.c -+++ b/src/config.c -@@ -448,6 +448,8 @@ static int updateClientOutputBufferLimit(sds *args, int arg_len, const char **er - * within conf file parsing. This is only needed to support the deprecated - * abnormal aggregate `save T C` functionality. Remove in the future. */ - static int reading_config_file; -+/* support detecting include vs main config file */ -+static int reading_include_file = 0; - - void loadServerConfigFromString(sds config) { - deprecatedConfig deprecated_configs[] = { -@@ -539,7 +541,9 @@ void loadServerConfigFromString(sds config) { - - /* Execute config directives */ - if (!strcasecmp(argv[0], "include") && argc == 2) { -+ reading_include_file = 1; - loadServerConfig(argv[1], 0, NULL); -+ reading_include_file = 0; - } else if (!strcasecmp(argv[0], "rename-command") && argc == 3) { - struct serverCommand *cmd = lookupCommandBySds(argv[1]); - -@@ -572,7 +576,7 @@ void loadServerConfigFromString(sds config) { - goto loaderr; - } - } else if (!strcasecmp(argv[0], "loadmodule") && argc >= 2) { -- moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2); -+ moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2, reading_include_file); - } else if (strchr(argv[0], '.')) { - if (argc < 2) { - err = "Module config specified without value"; -@@ -1605,7 +1609,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) { - while ((de = dictNext(di)) != NULL) { - struct ValkeyModule *module = dictGetVal(de); - line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule"); -- rewriteConfigRewriteLine(state, "loadmodule", line, 1); -+ if (line) rewriteConfigRewriteLine(state, "loadmodule", line, 1); - } - dictReleaseIterator(di); - /* Mark "loadmodule" as processed in case modules is empty. */ -diff --git a/src/module.c b/src/module.c -index e5afa952fa..f18bc3c6bf 100644 ---- a/src/module.c -+++ b/src/module.c -@@ -84,6 +84,7 @@ - - struct moduleLoadQueueEntry { - sds path; -+ int from_include; - int argc; - robj **argv; - }; -@@ -670,7 +671,7 @@ void freeClientModuleData(client *c) { - c->module_data = NULL; - } - --void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { -+void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include) { - int i; - struct moduleLoadQueueEntry *loadmod; - -@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { - loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL; - loadmod->path = sdsnew(path); - loadmod->argc = argc; -+ loadmod->from_include = from_include; - for (i = 0; i < argc; i++) { - loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i])); - } -@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, - const char *config_option_str) { - sds line; - -+ if (module->loadmod->from_include) { -+ /* no need to add as already from config */ -+ return NULL; -+ } - line = sdsnew(config_option_str); - line = sdscatlen(line, " ", 1); - line = sdscatsds(line, module->loadmod->path); -@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) { - listRewind(server.loadmodule_queue, &li); - while ((ln = listNext(&li))) { - struct moduleLoadQueueEntry *loadmod = ln->value; -- if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0) == C_ERR) { -+ if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, loadmod->from_include) == C_ERR) { - serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path); - exit(1); - } -@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) { - - /* Load a module and initialize it. On success C_OK is returned, otherwise - * C_ERR is returned. */ --int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex) { -+int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int from_include) { - int (*onload)(void *, void **, int); - void *handle; - -@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa - ctx.module->loadmod->path = sdsnew(path); - ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL; - ctx.module->loadmod->argc = module_argc; -+ ctx.module->loadmod->from_include = from_include; - for (int i = 0; i < module_argc; i++) { - ctx.module->loadmod->argv[i] = module_argv[i]; - incrRefCount(ctx.module->loadmod->argv[i]); -@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) { - argv = &c->argv[3]; - } - -- if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0) == C_OK) -+ if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0, 0) == C_OK) - addReply(c, shared.ok); - else - addReplyError(c, "Error loading the extension. Please check the server logs."); -@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) { - /* If this is a loadex command we want to populate server.module_configs_queue with - * sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */ - if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK && -- moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1) == C_OK) -+ moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1, 0) == C_OK) - addReply(c, shared.ok); - else { - dictEmpty(server.module_configs_queue, NULL); -diff --git a/src/module.h b/src/module.h -index f6c266b592..1f9e729e56 100644 ---- a/src/module.h -+++ b/src/module.h -@@ -169,7 +169,7 @@ static inline void moduleInitDigestContext(ValkeyModuleDigest *mdvar) { - memset(mdvar->x, 0, sizeof(mdvar->x)); - } - --void moduleEnqueueLoadModule(sds path, sds *argv, int argc); -+void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include); - sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, - const char *config_option_str); - ValkeyModuleCtx *moduleAllocateContext(void); -@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx); - void moduleInitModulesSystem(void); - void moduleInitModulesSystemLast(void); - void modulesCron(void); --int moduleLoad(const char *path, void **argv, int argc, int is_loadex); -+int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int from_include); - int moduleUnload(sds name, const char **errmsg); - void moduleLoadFromQueue(void); - int moduleGetCommandKeysViaAPI(struct serverCommand *cmd, robj **argv, int argc, getKeysResult *result); diff --git a/valkey.spec b/valkey.spec index 8b97070..407ab71 100644 --- a/valkey.spec +++ b/valkey.spec @@ -4,13 +4,12 @@ %else %bcond_with docs %endif -# See https://github.com/valkey-io/valkey-doc/tags -%global doc_version 9.0.1 +%global doc_version 8.0.5 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 9.0.1 +Version: 8.0.6 Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause @@ -25,14 +24,11 @@ Source1: %{name}.logrotate Source2: %{name}-sentinel.service Source3: %{name}.service Source4: %{name}.sysusers -Source5: %{name}.tmpfiles +Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz -# Fix default paths in configuration files for RPM layout -Patch0: %{name}-conf.patch -# Workaround to https://github.com/valkey-io/valkey/issues/2678 -Patch1: %{name}-loadmod.patch +Patch1: valkey-cve-2025-27151.patch BuildRequires: make BuildRequires: gcc @@ -43,7 +39,6 @@ BuildRequires: tcl BuildRequires: pkgconfig(libsystemd) BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros -BuildRequires: rdma-core-devel BuildRequires: openssl-devel %if %{with docs} # for docs/man pages @@ -53,8 +48,8 @@ BuildRequires: python3-pyyaml %endif Requires: logrotate -# from deps/libvalkey/include/valkey/valkey.h -Provides: bundled(libvalkey) = 0.2.1 +# from deps/hiredis/hiredis.h +Provides: bundled(hiredis) = 1.0.3 # from deps/jemalloc/VERSION Provides: bundled(jemalloc) = 5.3.0 # from deps/lua/src/lua.h @@ -62,19 +57,13 @@ Provides: bundled(lua-libs) = 5.1.5 # from deps/linenoise/linenoise.h Provides: bundled(linenoise) = 1.0 Provides: bundled(lzf) -# from deps/README.md -# e4448cf6d1cd08fff519812d3b1e58bd5a94ac42 -Provides: bundled(hdr_histogram) = 0.11.9 +# from deps/hdr_histogram/README.md +Provides: bundled(hdr_histogram) = 0.11.0 # no version Provides: bundled(fpconv) -# sub-package was dropped -Obsoletes: valkey-tls < %{version}-%{release} -Provides: valkey-tls = %{version}-%{release} - %global valkey_modules_abi 1 %global valkey_modules_dir %{_libdir}/%{name}/modules -%global valkey_modules_cfg %{_sysconfdir}/%{name}/modules Provides: valkey(modules_abi)%{?_isa} = %{valkey_modules_abi} ExcludeArch: %{ix86} @@ -104,27 +93,14 @@ a cache. You can use Valkey from most programming languages also. -See https://valkey.io/topics/ - %package devel Summary: Development header for Valkey module development # Header-Only Library (https://fedoraproject.org/wiki/Packaging:Guidelines) Provides: %{name}-static = %{version}-%{release} -Requires: %{name}%{?_isa} = %{version}-%{release} %description devel Header file required for building loadable Valkey modules. -%package rdma -Summary: RDMA module for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} -Supplements: %{name} - -%description rdma -%summary. - -See https://valkey.io/topics/RDMA/ - %package compat-redis Summary: Conversion script and compatibility symlinks for Redis @@ -182,12 +158,12 @@ Provides: redis-doc = %{version}-%{release} %prep # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 -%patch -P0 -p1 -b .rpm -%patch -P1 -p1 -b .loadmod + +%patch -P1 -p1 mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc -mv deps/libvalkey/COPYING COPYING-libvalkey +mv deps/hiredis/COPYING COPYING-hiredis-BSD-3-Clause mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram mv deps/fpconv/LICENSE.txt LICENSE-fpconv @@ -205,17 +181,19 @@ sed -e 's/--with-lg-quantum/--with-lg-page=16 --with-lg-quantum/' -i deps/Makefi api=`sed -n -e 's/#define VALKEYMODULE_APIVER_[0-9][0-9]* //p' src/valkeymodule.h` if test "$api" != "%{valkey_modules_abi}"; then : Error: Upstream API version is now ${api}, expecting %%{valkey_modules_abi}. - : Update the valkey_modules_abi macro, and rebuild. + : Update the valkey_modules_abi macro, the rpmmacros file, and rebuild. exit 1 fi -# Generates macro file -cat << 'EOF' | tee macros.%{name} -%%valkey_version %version -%%valkey_modules_abi %valkey_modules_abi -%%valkey_modules_dir %valkey_modules_dir -%%valkey_modules_cfg %valkey_modules_cfg -EOF + +sed -i -e 's|^logfile .*$|logfile /var/log/valkey/valkey.log|g' \ + -e 's|^# unixsocket .*$|unixsocket /run/valkey/valkey.sock|g' \ + -e 's|^pidfile .*$|pidfile /run/valkey/valkey.pid|g' \ + valkey.conf + +sed -i -e 's|^logfile .*$|logfile /var/log/valkey/sentinel.log|g' \ + -e 's|^pidfile .*$|pidfile /run/valkey/sentinel.pid|g' \ + sentinel.conf %if (%{defined fedora} && 0%{?fedora} < 42) || (%{defined rhel} && 0%{?rhel} < 10) # these lines are for conditionals around sysconfig to valkey.conf porting scriptlets to avoid re-runs @@ -223,13 +201,7 @@ echo '# valkey_rpm_conf' >> valkey.conf echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %endif -%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes BUILD_RDMA=module - -: RDMA configuration file -cat << EOF | tee rdma.conf -# RDMA module -loadmodule %{valkey_modules_dir}/rdma.so -EOF +%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes %build @@ -268,9 +240,6 @@ rm -rf %{buildroot}%{_datadir}/%{name} # System user install -p -D -m 0644 %{S:4} %{buildroot}%{_sysusersdir}/%{name}.conf -# Install tmpfiles.d file -install -p -D -m 0644 %{S:5} %{buildroot}%{_tmpfilesdir}/%{name}.conf - # Filesystem. install -d %{buildroot}%{_sharedstatedir}/%{name} install -d %{buildroot}%{_localstatedir}/log/%{name} @@ -283,7 +252,6 @@ install -pDm644 %{S:1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # Install configuration files. install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}/sentinel.conf -install -dm750 %{buildroot}%{valkey_modules_cfg} # Install systemd unit files. mkdir -p %{buildroot}%{_unitdir} @@ -298,7 +266,7 @@ install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h # Install rpm macros for valkey modules #mkdir -p %{buildroot}%{_rpmmacrodir} -install -pDm644 macros.%{name} %{buildroot}%{_rpmmacrodir}/macros.%{name} +install -pDm644 %{S:8} %{buildroot}%{_rpmmacrodir}/macros.%{name} # compat script install -Dpm 755 %{S:9} %{buildroot}%{_libexecdir}/migrate_redis_to_valkey.sh @@ -310,10 +278,6 @@ install -pDm644 src/redismodule.h %{buildroot}%{_includedir}/redismodule.h ln -sr %{buildroot}/usr/lib/systemd/system/valkey.service %{buildroot}/usr/lib/systemd/system/redis.service ln -sr %{buildroot}/usr/lib/systemd/system/valkey-sentinel.service %{buildroot}/usr/lib/systemd/system/redis-sentinel.service -# RDMA module -install -pm755 src/valkey-rdma.so %{buildroot}%{valkey_modules_dir}/rdma.so -install -pm640 rdma.conf %{buildroot}%{valkey_modules_cfg}/rdma.conf - %check %if %{with tests} @@ -324,6 +288,8 @@ taskset -c 1 ./runtest --clients 50 --skiptest "Active defrag - AOF loading" #./runtest-sentinel %endif +%pre +%sysusers_create_compat %{S:4} %post @@ -392,10 +358,9 @@ fi %license LICENSE-hdrhistogram %license COPYING-hdrhistogram %license LICENSE-fpconv -%license COPYING-libvalkey +%license COPYING-hiredis-BSD-3-Clause %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %attr(0750, valkey, root) %dir %{_sysconfdir}/%{name} -%attr(0750, valkey, root) %dir %{valkey_modules_cfg} %attr(0640, valkey, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %attr(0640, valkey, root) %config(noreplace) %{_sysconfdir}/%{name}/sentinel.conf %dir %{_libdir}/%{name} @@ -407,7 +372,6 @@ fi %{_unitdir}/%{name}-sentinel.service %dir %attr(0755, valkey, valkey) %ghost %{_localstatedir}/run/%{name} %{_sysusersdir}/%{name}.conf -%{_tmpfilesdir}/%{name}.conf %if %{with docs} %{_mandir}/man1/%{name}*.gz %{_mandir}/man5/%{name}.conf.5.gz @@ -421,9 +385,6 @@ fi %{_mandir}/man{3,7}/*%{name}*.gz %endif -%files rdma -%attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/rdma.conf -%{valkey_modules_dir}/rdma.so %files devel # main package is not required @@ -443,67 +404,25 @@ fi %changelog -* Wed Dec 10 2025 Remi Collet - 9.0.1-1 -- Valkey 9.0.1 - December 9, 2025 -- Upgrade urgency MODERATE +* Sat Oct 4 2025 Remi Collet - 8.0.6-1 +- update to 8.0.6 + fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819 +- update documentation to 8.0.5 -* Thu Nov 27 2025 Remi Collet - 9.0.0-2 -- build TLS statically as module not supported by sentinel -- drop sub-package for TLS module +* Wed Jul 16 2025 Remi Collet - 8.0.4-1 +- update to 8.0.4 + fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023 -* Wed Oct 22 2025 Remi Collet - 9.0.0-1 -- Valkey 9.0.0 GA - October 21, 2025 -- bundled hiredis replaced by libvalkey +* Fri Jun 06 2025 Jonathan Wright - 8.0.3-3 +- Apply patch for CVE-2025-49112 properly -* Mon Oct 6 2025 Remi Collet - 8.1.4-2 -- improve the patch for loadmodule directive +* Fri Jun 06 2025 Jonathan Wright - 8.0.3-2 +- Fixes CVE-2025-49112 -* Sat Oct 4 2025 Remi Collet - 8.1.4-1 -- Valkey 8.1.4 - Released Fri 09 October 2025 -- Upgrade urgency SECURITY: - CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 -- fix CONFIG REWRITE breaks configuration - reported as https://github.com/valkey-io/valkey/issues/2678 - using patch from https://github.com/valkey-io/valkey/pull/2689 - -* Wed Oct 1 2025 Remi Collet - 8.1.3-6 -- add sub-package for RDMA module -- add sub-package for TLS module - -* Fri Sep 26 2025 Nathan Scott - 8.1.3-5 -- enable Remote Direct Memory Access (RDMA) capabilities - -* Tue Sep 9 2025 Remi Collet - 8.1.3-4 -- fix for ImageMode: ensure ownership of /etc/valkey - -* Thu Aug 28 2025 Remi Collet - 8.1.3-3 -- use patch for configuration changes -- add /etc/valkey/modules drop-in directory for module configuration files -- add %%valkey_version and %%valkey_modules_cfg macros - -* Fri Jul 25 2025 Fedora Release Engineering - 8.1.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Mon Jul 7 2025 Remi Collet - 8.1.3-1 -- update to 8.1.3 - fixes CVE-2025-CVE-2025-32023 and CVE-2025-48367 - -* Wed Jun 18 2025 Remi Collet - 8.1.2-1 -- update to 8.1.2 - fixes CVE-2025-27151 - -* Thu Apr 24 2025 Remi Collet - 8.1.1-1 -- update to 8.1.1 +* Thu Apr 24 2025 Remi Collet - 8.0.3-1 +- update to 8.0.3 fixes CVE-2025-21605 -* Fri Apr 04 2025 Nathan Scott - 8.1.0-1 -- include tmpfiles.d configuration file -- redis.log transition rhbz#2316030 -- update to 8.1.0 rhbz#22356280 - -* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 8.0.2-3 -- Drop call to %sysusers_create_compat - * Sun Jan 19 2025 Fedora Release Engineering - 8.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild diff --git a/valkey.tmpfiles b/valkey.tmpfiles deleted file mode 100644 index 2c99bad..0000000 --- a/valkey.tmpfiles +++ /dev/null @@ -1,4 +0,0 @@ -Z /etc/valkey ~0750 valkey root - -D /run/valkey 0755 valkey valkey - -d /var/lib/valkey 0750 valkey valkey - -d /var/log/valkey 0750 valkey valkey -