update to 8.0.6

fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819
update documentation to 8.0.5

(cherry picked from commit 139a204bfb)

.gitignore

@@ -1,10 +1,11 @@
-/valkey-7.2.4-rc1.tar.gz
-/valkey-7.2.5-rc1.tar.gz
-/valkey-7.2.5.tar.gz
-/valkey-7.2.6.tar.gz
-/valkey-8.0.0.tar.gz
-/valkey-doc-8.0.0.tar.gz
+/valkey-8.1.*.tar.gz
+/valkey-doc-8.1.*.tar.gz
 /valkey-8.0.1.tar.gz
 /valkey-doc-8.0.1.tar.gz
 /valkey-8.0.2.tar.gz
 /valkey-doc-8.0.2.tar.gz
+/valkey-8.0.3.tar.gz
+/valkey-8.0.4.tar.gz
+/valkey-doc-8.0.3.tar.gz
+/valkey-8.0.6.tar.gz
+/valkey-doc-8.0.5.tar.gz

sources

@@ -1,2 +1,2 @@
-SHA512 (valkey-8.0.2.tar.gz) = 432e9b869234b784edcf644b1062bbc0ff1eb79e49c6fb7e66d5db9ddf0e089dfdccf5e5d5201119976699d4dab1b5ddb865767a8087551e9c8f2eff5d157df9
-SHA512 (valkey-doc-8.0.2.tar.gz) = 205eefb7aea66bc7750307b0c9c72c59cc472c12d3f593d4dfcfcc0d68446593c30f84ef697323bccdf5be4518058d13027d414deeebe2330603b22c9c83eb50
+SHA512 (valkey-8.0.6.tar.gz) = 0f704ad06abab2817657abe60be6fb7c45df91cdaaa53d921e26c6f4e91a3712152a31550b876d8deba3493a6ca4b87194efd3a86cacd53906f01e845e7cb137
+SHA512 (valkey-doc-8.0.5.tar.gz) = 9cb90db9fcbed42dcf07b45b5493d0b72779d504c4eb18d8ebe2dc13b46aa35aff5be46e02aec74574b101f8ac0aa532abf6be26acc0a0954e3015f950a21049

valkey-cve-2025-27151.patch

@@ -0,0 +1,34 @@
+From 73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7 Mon Sep 17 00:00:00 2001
+From: Madelyn Olson <madelyneolson@gmail.com>
+Date: Thu, 29 May 2025 00:06:23 +0100
+Subject: [PATCH] Incorporate Redis CVE for CVE-2025-27151 (#2146)
+
+Resolves https://github.com/valkey-io/valkey/issues/2145
+
+Incorporate the CVE patch that was sent to us by Redis Ltd.
+
+---------
+
+Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
+Co-authored-by: Ping Xie <pingxie@outlook.com>
+---
+ src/valkey-check-aof.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/valkey-check-aof.c b/src/valkey-check-aof.c
+index ed0eb2b49d..a6e4b97c6d 100644
+--- a/src/valkey-check-aof.c
++++ b/src/valkey-check-aof.c
+@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) {
+         goto invalid_args;
+     }
+ 
++    /* Check if filepath is longer than PATH_MAX */
++    if (strnlen(filepath, PATH_MAX + 1) > PATH_MAX) {
++        printf("Error: filepath is too long (exceeds PATH_MAX)\n");
++        goto invalid_args;
++    }
++
+     /* In the glibc implementation dirname may modify their argument. */
+     memcpy(temp_filepath, filepath, strlen(filepath) + 1);
+     dirpath = dirname(temp_filepath);

valkey.spec

@@ -4,12 +4,13 @@
 %else
 %bcond_with docs
 %endif
+%global doc_version 8.0.5
 # Tests fail in mock, not in local build.
 %bcond_with tests
 
 Name:              valkey
-Version:           8.0.2
-Release:           2%{?dist}
+Version:           8.0.6
+Release:           1%{?dist}
 Summary:           A persistent key-value database
 # valkey: BSD-3-Clause
 # hiredis: BSD-3-Clause
@@ -25,7 +26,9 @@ Source3:           %{name}.service
 Source4:           %{name}.sysusers
 Source8:           macros.%{name}
 Source9:           migrate_redis_to_valkey.sh
-Source50:          https://github.com/valkey-io/%{name}-doc/archive/%{version}/%{name}-doc-%{version}.tar.gz
+Source50:          https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz
+
+Patch1:            valkey-cve-2025-27151.patch
 
 BuildRequires:     make
 BuildRequires:     gcc
@@ -156,6 +159,8 @@ Provides:          redis-doc = %{version}-%{release}
 # no autosetup due to no support for multiple source extraction
 %setup -n %{name}-%{version} -a50
 
+%patch -P1 -p1
+
 mv deps/lua/COPYRIGHT             COPYRIGHT-lua
 mv deps/jemalloc/COPYING          COPYING-jemalloc
 mv deps/hiredis/COPYING COPYING-hiredis-BSD-3-Clause
@@ -204,7 +209,7 @@ echo '# valkey-sentinel_rpm_conf' >> sentinel.conf
 
 %if %{with docs}
 # docs
-pushd %{name}-doc-%{version}
+pushd %{name}-doc-%{doc_version}
 # build man pages
 %make_build VALKEY_ROOT=../
 # build html docs
@@ -217,7 +222,7 @@ popd
 %make_install %{make_flags}
 %if %{with docs}
 # install docs
-pushd %{name}-doc-%{version}
+pushd %{name}-doc-%{doc_version}
 # man pages
 %make_install INSTALL_MAN_DIR=%{buildroot}%{_mandir} VALKEY_ROOT=../
 # install html docs
@@ -399,6 +404,25 @@ fi
 
 
 %changelog
+* Sat Oct  4 2025 Remi Collet <remi@fedoraproject.org> - 8.0.6-1
+- update to 8.0.6
+  fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819
+- update documentation to 8.0.5
+
+* Wed Jul 16 2025 Remi Collet <remi@fedoraproject.org> - 8.0.4-1
+- update to 8.0.4
+  fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023
+
+* Fri Jun 06 2025 Jonathan Wright <jonathan@almalinux.org> - 8.0.3-3
+- Apply patch for CVE-2025-49112 properly
+
+* Fri Jun 06 2025 Jonathan Wright <jonathan@almalinux.org> - 8.0.3-2
+- Fixes CVE-2025-49112
+
+* Thu Apr 24 2025 Remi Collet <remi@fedoraproject.org> - 8.0.3-1
+- update to 8.0.3
+  fixes CVE-2025-21605
+
 * Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 8.0.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild