diff --git a/.gitignore b/.gitignore index 18985d0..5c9e18c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ clog -valkey-8.0.*.tar.gz -valkey-doc-8.0.*.tar.gz -/valkey-doc-8.1.1.tar.gz -/valkey-8.1.3.tar.gz +valkey-8.*.tar.gz +valkey-doc-8.*.tar.gz +/valkey-9.0.0.tar.gz +/valkey-doc-9.0.0.tar.gz +/valkey-9.0.1.tar.gz +/valkey-doc-9.0.1.tar.gz diff --git a/sources b/sources index ae11069..6d26371 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (valkey-8.1.3.tar.gz) = 33b5fe5011aa0d26aa797276f1371d063bd8fef2adb1d405d6ae8c4718d3ed602cf8e4c3a8f423b90e798213ae28a939720d61806a3614477e576b2115973864 -SHA512 (valkey-doc-8.1.1.tar.gz) = 37b664a4f07c1821df1cd83df0559127588523feef54785400fae3c2a618c93d86e9ef8bc50cc046d0904a853ae52410aa82f79413e05298f42a829b3508d2f9 +SHA512 (valkey-9.0.1.tar.gz) = 99e1ab2abd0e1229df7804ac398088d4b3a8e1b031ab66da56ce98f56d0a97c7365b065bacc29d559194a18f5a85c9bf35c0c54f3a8402ec7c6fdbcf4f89181c +SHA512 (valkey-doc-9.0.1.tar.gz) = 061d3758cd754767bd0a45d6be3d709d82d91b2f7b0591b58cecd98cd39529bc0ec1bd490ef0890fb455f81fde33066412655005e25aa460989417803b15f45d diff --git a/valkey-conf.patch b/valkey-conf.patch index 55badf7..a079055 100644 --- a/valkey-conf.patch +++ b/valkey-conf.patch @@ -1,6 +1,6 @@ diff -up ./sentinel.conf.rpm ./sentinel.conf ---- ./sentinel.conf.rpm 2025-07-24 10:05:46.477794769 +0200 -+++ ./sentinel.conf 2025-07-24 10:07:27.023483441 +0200 +--- ./sentinel.conf.rpm 2025-07-07 09:18:20.000000000 +0200 ++++ ./sentinel.conf 2025-08-01 07:57:21.892278834 +0200 @@ -17,7 +17,7 @@ daemonize no # When running daemonized, Valkey Sentinel writes a pid file in # /var/run/valkey-sentinel.pid by default. You can specify a custom pid file @@ -20,8 +20,8 @@ diff -up ./sentinel.conf.rpm ./sentinel.conf # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. diff -up ./valkey.conf.rpm ./valkey.conf ---- ./valkey.conf.rpm 2025-07-24 10:05:46.475591081 +0200 -+++ ./valkey.conf 2025-07-24 10:07:23.219331838 +0200 +--- ./valkey.conf.rpm 2025-07-07 09:18:20.000000000 +0200 ++++ ./valkey.conf 2025-08-01 07:57:17.825116953 +0200 @@ -43,6 +43,9 @@ # include /path/to/other.conf # include /path/to/fragments/*.conf @@ -32,7 +32,7 @@ diff -up ./valkey.conf.rpm ./valkey.conf ################################## MODULES ##################################### -@@ -153,7 +156,7 @@ tcp-backlog 511 +@@ -163,7 +166,7 @@ tcp-backlog 511 # incoming connections. There is no default, so the server will not listen # on a unix socket when not specified. # @@ -41,7 +41,7 @@ diff -up ./valkey.conf.rpm ./valkey.conf # unixsocketgroup wheel # unixsocketperm 700 -@@ -385,7 +388,7 @@ daemonize no +@@ -409,7 +412,7 @@ daemonize no # # Note that on modern Linux systems "/run/valkey.pid" is more conforming # and should be used instead. @@ -50,7 +50,7 @@ diff -up ./valkey.conf.rpm ./valkey.conf # Specify the server verbosity level. # This can be one of: -@@ -416,7 +419,7 @@ loglevel notice +@@ -440,7 +443,7 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # the server to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null diff --git a/valkey-loadmod.patch b/valkey-loadmod.patch new file mode 100644 index 0000000..dad9cb9 --- /dev/null +++ b/valkey-loadmod.patch @@ -0,0 +1,161 @@ +From b40ab88996d0bbe9bdd366af9426f7400b21e19c Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Sat, 4 Oct 2025 07:23:52 +0200 +Subject: [PATCH] Fix #2678 don't add loadmodule when from config + +only protect loadmodule from include files + +Signed-off-by: Remi Collet +--- + src/config.c | 8 ++++++-- + src/module.c | 17 ++++++++++++----- + src/module.h | 4 ++-- + 3 files changed, 20 insertions(+), 9 deletions(-) + +diff --git a/src/config.c b/src/config.c +index d0158b2c4d..ab453056df 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -448,6 +448,8 @@ static int updateClientOutputBufferLimit(sds *args, int arg_len, const char **er + * within conf file parsing. This is only needed to support the deprecated + * abnormal aggregate `save T C` functionality. Remove in the future. */ + static int reading_config_file; ++/* support detecting include vs main config file */ ++static int reading_include_file = 0; + + void loadServerConfigFromString(sds config) { + deprecatedConfig deprecated_configs[] = { +@@ -539,7 +541,9 @@ void loadServerConfigFromString(sds config) { + + /* Execute config directives */ + if (!strcasecmp(argv[0], "include") && argc == 2) { ++ reading_include_file = 1; + loadServerConfig(argv[1], 0, NULL); ++ reading_include_file = 0; + } else if (!strcasecmp(argv[0], "rename-command") && argc == 3) { + struct serverCommand *cmd = lookupCommandBySds(argv[1]); + +@@ -572,7 +576,7 @@ void loadServerConfigFromString(sds config) { + goto loaderr; + } + } else if (!strcasecmp(argv[0], "loadmodule") && argc >= 2) { +- moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2); ++ moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2, reading_include_file); + } else if (strchr(argv[0], '.')) { + if (argc < 2) { + err = "Module config specified without value"; +@@ -1605,7 +1609,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) { + while ((de = dictNext(di)) != NULL) { + struct ValkeyModule *module = dictGetVal(de); + line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule"); +- rewriteConfigRewriteLine(state, "loadmodule", line, 1); ++ if (line) rewriteConfigRewriteLine(state, "loadmodule", line, 1); + } + dictReleaseIterator(di); + /* Mark "loadmodule" as processed in case modules is empty. */ +diff --git a/src/module.c b/src/module.c +index e5afa952fa..f18bc3c6bf 100644 +--- a/src/module.c ++++ b/src/module.c +@@ -84,6 +84,7 @@ + + struct moduleLoadQueueEntry { + sds path; ++ int from_include; + int argc; + robj **argv; + }; +@@ -670,7 +671,7 @@ void freeClientModuleData(client *c) { + c->module_data = NULL; + } + +-void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { ++void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include) { + int i; + struct moduleLoadQueueEntry *loadmod; + +@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { + loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL; + loadmod->path = sdsnew(path); + loadmod->argc = argc; ++ loadmod->from_include = from_include; + for (i = 0; i < argc; i++) { + loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i])); + } +@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, + const char *config_option_str) { + sds line; + ++ if (module->loadmod->from_include) { ++ /* no need to add as already from config */ ++ return NULL; ++ } + line = sdsnew(config_option_str); + line = sdscatlen(line, " ", 1); + line = sdscatsds(line, module->loadmod->path); +@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) { + listRewind(server.loadmodule_queue, &li); + while ((ln = listNext(&li))) { + struct moduleLoadQueueEntry *loadmod = ln->value; +- if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0) == C_ERR) { ++ if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, loadmod->from_include) == C_ERR) { + serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path); + exit(1); + } +@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) { + + /* Load a module and initialize it. On success C_OK is returned, otherwise + * C_ERR is returned. */ +-int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex) { ++int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int from_include) { + int (*onload)(void *, void **, int); + void *handle; + +@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa + ctx.module->loadmod->path = sdsnew(path); + ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL; + ctx.module->loadmod->argc = module_argc; ++ ctx.module->loadmod->from_include = from_include; + for (int i = 0; i < module_argc; i++) { + ctx.module->loadmod->argv[i] = module_argv[i]; + incrRefCount(ctx.module->loadmod->argv[i]); +@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) { + argv = &c->argv[3]; + } + +- if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0) == C_OK) ++ if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0, 0) == C_OK) + addReply(c, shared.ok); + else + addReplyError(c, "Error loading the extension. Please check the server logs."); +@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) { + /* If this is a loadex command we want to populate server.module_configs_queue with + * sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */ + if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK && +- moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1) == C_OK) ++ moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1, 0) == C_OK) + addReply(c, shared.ok); + else { + dictEmpty(server.module_configs_queue, NULL); +diff --git a/src/module.h b/src/module.h +index f6c266b592..1f9e729e56 100644 +--- a/src/module.h ++++ b/src/module.h +@@ -169,7 +169,7 @@ static inline void moduleInitDigestContext(ValkeyModuleDigest *mdvar) { + memset(mdvar->x, 0, sizeof(mdvar->x)); + } + +-void moduleEnqueueLoadModule(sds path, sds *argv, int argc); ++void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include); + sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, + const char *config_option_str); + ValkeyModuleCtx *moduleAllocateContext(void); +@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx); + void moduleInitModulesSystem(void); + void moduleInitModulesSystemLast(void); + void modulesCron(void); +-int moduleLoad(const char *path, void **argv, int argc, int is_loadex); ++int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int from_include); + int moduleUnload(sds name, const char **errmsg); + void moduleLoadFromQueue(void); + int moduleGetCommandKeysViaAPI(struct serverCommand *cmd, robj **argv, int argc, getKeysResult *result); diff --git a/valkey.spec b/valkey.spec index dcac124..8b97070 100644 --- a/valkey.spec +++ b/valkey.spec @@ -5,13 +5,13 @@ %bcond_with docs %endif # See https://github.com/valkey-io/valkey-doc/tags -%global doc_version 8.1.1 +%global doc_version 9.0.1 # Tests fail in mock, not in local build. %bcond_with tests Name: valkey -Version: 8.1.3 -Release: 6%{?dist} +Version: 9.0.1 +Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -31,6 +31,8 @@ Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_versio # Fix default paths in configuration files for RPM layout Patch0: %{name}-conf.patch +# Workaround to https://github.com/valkey-io/valkey/issues/2678 +Patch1: %{name}-loadmod.patch BuildRequires: make BuildRequires: gcc @@ -51,8 +53,8 @@ BuildRequires: python3-pyyaml %endif Requires: logrotate -# from deps/hiredis/hiredis.h -Provides: bundled(hiredis) = 1.0.3 +# from deps/libvalkey/include/valkey/valkey.h +Provides: bundled(libvalkey) = 0.2.1 # from deps/jemalloc/VERSION Provides: bundled(jemalloc) = 5.3.0 # from deps/lua/src/lua.h @@ -60,11 +62,16 @@ Provides: bundled(lua-libs) = 5.1.5 # from deps/linenoise/linenoise.h Provides: bundled(linenoise) = 1.0 Provides: bundled(lzf) -# from deps/hdr_histogram/README.md -Provides: bundled(hdr_histogram) = 0.11.0 +# from deps/README.md +# e4448cf6d1cd08fff519812d3b1e58bd5a94ac42 +Provides: bundled(hdr_histogram) = 0.11.9 # no version Provides: bundled(fpconv) +# sub-package was dropped +Obsoletes: valkey-tls < %{version}-%{release} +Provides: valkey-tls = %{version}-%{release} + %global valkey_modules_abi 1 %global valkey_modules_dir %{_libdir}/%{name}/modules %global valkey_modules_cfg %{_sysconfdir}/%{name}/modules @@ -118,15 +125,6 @@ Supplements: %{name} See https://valkey.io/topics/RDMA/ -%package tls -Summary: TLS module for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} -Supplements: %{name} - -%description tls -%summary. - -See https://valkey.io/topics/encryption/ %package compat-redis Summary: Conversion script and compatibility symlinks for Redis @@ -184,11 +182,12 @@ Provides: redis-doc = %{version}-%{release} %prep # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 -%patch -P0 -p1 -b.rpm +%patch -P0 -p1 -b .rpm +%patch -P1 -p1 -b .loadmod mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc -mv deps/hiredis/COPYING COPYING-hiredis-BSD-3-Clause +mv deps/libvalkey/COPYING COPYING-libvalkey mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram mv deps/fpconv/LICENSE.txt LICENSE-fpconv @@ -224,7 +223,7 @@ echo '# valkey_rpm_conf' >> valkey.conf echo '# valkey-sentinel_rpm_conf' >> sentinel.conf %endif -%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=module BUILD_RDMA=module +%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes BUILD_RDMA=module : RDMA configuration file cat << EOF | tee rdma.conf @@ -232,12 +231,6 @@ cat << EOF | tee rdma.conf loadmodule %{valkey_modules_dir}/rdma.so EOF -: TLS configuration file -cat << EOF | tee tls.conf -# TLS module -loadmodule %{valkey_modules_dir}/tls.so -EOF - %build %make_build %{make_flags} @@ -321,10 +314,6 @@ ln -sr %{buildroot}/usr/lib/systemd/system/valkey-sentinel.service %{buildroot}/ install -pm755 src/valkey-rdma.so %{buildroot}%{valkey_modules_dir}/rdma.so install -pm640 rdma.conf %{buildroot}%{valkey_modules_cfg}/rdma.conf -# TLS module -install -pm755 src/valkey-tls.so %{buildroot}%{valkey_modules_dir}/tls.so -install -pm640 tls.conf %{buildroot}%{valkey_modules_cfg}/tls.conf - %check %if %{with tests} @@ -403,7 +392,7 @@ fi %license LICENSE-hdrhistogram %license COPYING-hdrhistogram %license LICENSE-fpconv -%license COPYING-hiredis-BSD-3-Clause +%license COPYING-libvalkey %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %attr(0750, valkey, root) %dir %{_sysconfdir}/%{name} %attr(0750, valkey, root) %dir %{valkey_modules_cfg} @@ -436,10 +425,6 @@ fi %attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/rdma.conf %{valkey_modules_dir}/rdma.so -%files tls -%attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/tls.conf -%{valkey_modules_dir}/tls.so - %files devel # main package is not required %license COPYING @@ -458,6 +443,29 @@ fi %changelog +* Wed Dec 10 2025 Remi Collet - 9.0.1-1 +- Valkey 9.0.1 - December 9, 2025 +- Upgrade urgency MODERATE + +* Thu Nov 27 2025 Remi Collet - 9.0.0-2 +- build TLS statically as module not supported by sentinel +- drop sub-package for TLS module + +* Wed Oct 22 2025 Remi Collet - 9.0.0-1 +- Valkey 9.0.0 GA - October 21, 2025 +- bundled hiredis replaced by libvalkey + +* Mon Oct 6 2025 Remi Collet - 8.1.4-2 +- improve the patch for loadmodule directive + +* Sat Oct 4 2025 Remi Collet - 8.1.4-1 +- Valkey 8.1.4 - Released Fri 09 October 2025 +- Upgrade urgency SECURITY: + CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 +- fix CONFIG REWRITE breaks configuration + reported as https://github.com/valkey-io/valkey/issues/2678 + using patch from https://github.com/valkey-io/valkey/pull/2689 + * Wed Oct 1 2025 Remi Collet - 8.1.3-6 - add sub-package for RDMA module - add sub-package for TLS module