update to 8.0.6

fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819
update documentation to 8.0.5

(cherry picked from commit 139a204bfb)

.gitignore

@@ -1,7 +1,11 @@
-clog
-valkey-8.*.tar.gz
-valkey-doc-8.*.tar.gz
-/valkey-9.0.0.tar.gz
-/valkey-doc-9.0.0.tar.gz
-/valkey-9.0.1.tar.gz
-/valkey-doc-9.0.1.tar.gz
+/valkey-8.1.*.tar.gz
+/valkey-doc-8.1.*.tar.gz
+/valkey-8.0.1.tar.gz
+/valkey-doc-8.0.1.tar.gz
+/valkey-8.0.2.tar.gz
+/valkey-doc-8.0.2.tar.gz
+/valkey-8.0.3.tar.gz
+/valkey-8.0.4.tar.gz
+/valkey-doc-8.0.3.tar.gz
+/valkey-8.0.6.tar.gz
+/valkey-doc-8.0.5.tar.gz

macros.valkey

@@ -0,0 +1,2 @@
+%valkey_modules_abi 1
+%valkey_modules_dir %{_libdir}/valkey/modules

migrate_redis_to_valkey.sh

@@ -4,14 +4,12 @@ if [ -f /etc/redis/redis.conf ]; then
   mv /etc/redis/redis.conf /etc/redis/redis.conf.rpmsave
   chown valkey:root /etc/valkey/valkey.conf
   sed -i 's|^dir\s.*|dir /var/lib/valkey|g' /etc/valkey/valkey.conf
-  sed -i 's|logfile /var/log/redis/redis.log|logfile /var/log/valkey/valkey.log|' /etc/valkey/valkey.conf
   echo "/etc/redis/redis.conf has been copied to /etc/valkey/valkey.conf.  Manual review of valkey.conf is strongly suggested especially if you had modified redis.conf."
 fi
 if [ -f /etc/redis/sentinel.conf ]; then
   cp /etc/redis/sentinel.conf /etc/valkey/sentinel.conf
   mv /etc/redis/sentinel.conf /etc/redis/sentinel.conf.rpmsave
   chown valkey:root /etc/valkey/sentinel.conf
-  sed -i 's|logfile /var/log/redis/sentinel.log|logfile /var/log/valkey/sentinel.log|' /etc/valkey/sentinel.conf
   echo "/etc/redis/sentinel.conf has been copied to /etc/valkey/sentinel.conf.  Manual review of sentinel.conf is strongly suggested especially if you had modified sentinel.conf."
 fi
 if [ -d /var/lib/redis ]; then
@@ -22,3 +20,7 @@ if [ -d /var/lib/redis ]; then
   chown -R valkey. /var/lib/valkey
   echo "On-disk redis dumps moved from /var/lib/redis/ to /var/lib/valkey"
 fi
+
+# TODO
+# 1. expand logic to read current redis conf for the dir setting.  same for sentinel conf.  if not stock /var/lib/redis, don't do the mv.  redis and sentinel may be using two different paths.
+

sources

@@ -1,2 +1,2 @@
-SHA512 (valkey-9.0.1.tar.gz) = 99e1ab2abd0e1229df7804ac398088d4b3a8e1b031ab66da56ce98f56d0a97c7365b065bacc29d559194a18f5a85c9bf35c0c54f3a8402ec7c6fdbcf4f89181c
-SHA512 (valkey-doc-9.0.1.tar.gz) = 061d3758cd754767bd0a45d6be3d709d82d91b2f7b0591b58cecd98cd39529bc0ec1bd490ef0890fb455f81fde33066412655005e25aa460989417803b15f45d
+SHA512 (valkey-8.0.6.tar.gz) = 0f704ad06abab2817657abe60be6fb7c45df91cdaaa53d921e26c6f4e91a3712152a31550b876d8deba3493a6ca4b87194efd3a86cacd53906f01e845e7cb137
+SHA512 (valkey-doc-8.0.5.tar.gz) = 9cb90db9fcbed42dcf07b45b5493d0b72779d504c4eb18d8ebe2dc13b46aa35aff5be46e02aec74574b101f8ac0aa532abf6be26acc0a0954e3015f950a21049

valkey-conf.patch

@@ -1,61 +0,0 @@
-diff -up ./sentinel.conf.rpm ./sentinel.conf
---- ./sentinel.conf.rpm	2025-07-07 09:18:20.000000000 +0200
-+++ ./sentinel.conf	2025-08-01 07:57:21.892278834 +0200
-@@ -17,7 +17,7 @@ daemonize no
- # When running daemonized, Valkey Sentinel writes a pid file in
- # /var/run/valkey-sentinel.pid by default. You can specify a custom pid file
- # location here.
--pidfile /var/run/valkey-sentinel.pid
-+pidfile /run/valkey/sentinel.pid
- 
- # Specify the server verbosity level.
- # This can be one of:
-@@ -31,7 +31,7 @@ loglevel notice
- # Specify the log file name. Also the empty string can be used to force
- # Sentinel to log on the standard output. Note that if you use standard
- # output for logging but daemonize, logs will be sent to /dev/null
--logfile ""
-+logfile /var/log/valkey/sentinel.log
- 
- # To enable logging to the system logger, just set 'syslog-enabled' to yes,
- # and optionally update the other syslog parameters to suit your needs.
-diff -up ./valkey.conf.rpm ./valkey.conf
---- ./valkey.conf.rpm	2025-07-07 09:18:20.000000000 +0200
-+++ ./valkey.conf	2025-08-01 07:57:17.825116953 +0200
-@@ -43,6 +43,9 @@
- # include /path/to/other.conf
- # include /path/to/fragments/*.conf
- #
-+# Module configuration files
-+include /etc/valkey/modules/*.conf
-+
- 
- ################################## MODULES #####################################
- 
-@@ -163,7 +166,7 @@ tcp-backlog 511
- # incoming connections. There is no default, so the server will not listen
- # on a unix socket when not specified.
- #
--# unixsocket /run/valkey.sock
-+unixsocket /run/valkey/valkey.sock
- # unixsocketgroup wheel
- # unixsocketperm 700
- 
-@@ -409,7 +412,7 @@ daemonize no
- #
- # Note that on modern Linux systems "/run/valkey.pid" is more conforming
- # and should be used instead.
--pidfile /var/run/valkey_6379.pid
-+pidfile /run/valkey/valkey.pid
- 
- # Specify the server verbosity level.
- # This can be one of:
-@@ -440,7 +443,7 @@ loglevel notice
- # Specify the log file name. Also the empty string can be used to force
- # the server to log on the standard output. Note that if you use standard
- # output for logging but daemonize, logs will be sent to /dev/null
--logfile ""
-+logfile /var/log/valkey/valkey.log
- 
- # To enable logging to the system logger, just set 'syslog-enabled' to yes,
- # and optionally update the other syslog parameters to suit your needs.

valkey-cve-2025-27151.patch

@@ -0,0 +1,34 @@
+From 73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7 Mon Sep 17 00:00:00 2001
+From: Madelyn Olson <madelyneolson@gmail.com>
+Date: Thu, 29 May 2025 00:06:23 +0100
+Subject: [PATCH] Incorporate Redis CVE for CVE-2025-27151 (#2146)
+
+Resolves https://github.com/valkey-io/valkey/issues/2145
+
+Incorporate the CVE patch that was sent to us by Redis Ltd.
+
+---------
+
+Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
+Co-authored-by: Ping Xie <pingxie@outlook.com>
+---
+ src/valkey-check-aof.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/valkey-check-aof.c b/src/valkey-check-aof.c
+index ed0eb2b49d..a6e4b97c6d 100644
+--- a/src/valkey-check-aof.c
++++ b/src/valkey-check-aof.c
+@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) {
+         goto invalid_args;
+     }
+ 
++    /* Check if filepath is longer than PATH_MAX */
++    if (strnlen(filepath, PATH_MAX + 1) > PATH_MAX) {
++        printf("Error: filepath is too long (exceeds PATH_MAX)\n");
++        goto invalid_args;
++    }
++
+     /* In the glibc implementation dirname may modify their argument. */
+     memcpy(temp_filepath, filepath, strlen(filepath) + 1);
+     dirpath = dirname(temp_filepath);

valkey-loadmod.patch

@@ -1,161 +0,0 @@
-From b40ab88996d0bbe9bdd366af9426f7400b21e19c Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Sat, 4 Oct 2025 07:23:52 +0200
-Subject: [PATCH] Fix #2678 don't add loadmodule when from config
-
-only protect loadmodule from include files
-
-Signed-off-by: Remi Collet <remi@remirepo.net>
----
- src/config.c |  8 ++++++--
- src/module.c | 17 ++++++++++++-----
- src/module.h |  4 ++--
- 3 files changed, 20 insertions(+), 9 deletions(-)
-
-diff --git a/src/config.c b/src/config.c
-index d0158b2c4d..ab453056df 100644
---- a/src/config.c
-+++ b/src/config.c
-@@ -448,6 +448,8 @@ static int updateClientOutputBufferLimit(sds *args, int arg_len, const char **er
-  * within conf file parsing. This is only needed to support the deprecated
-  * abnormal aggregate `save T C` functionality. Remove in the future. */
- static int reading_config_file;
-+/* support detecting include vs main config file */
-+static int reading_include_file = 0;
- 
- void loadServerConfigFromString(sds config) {
-     deprecatedConfig deprecated_configs[] = {
-@@ -539,7 +541,9 @@ void loadServerConfigFromString(sds config) {
- 
-         /* Execute config directives */
-         if (!strcasecmp(argv[0], "include") && argc == 2) {
-+            reading_include_file = 1;
-             loadServerConfig(argv[1], 0, NULL);
-+            reading_include_file = 0;
-         } else if (!strcasecmp(argv[0], "rename-command") && argc == 3) {
-             struct serverCommand *cmd = lookupCommandBySds(argv[1]);
- 
-@@ -572,7 +576,7 @@ void loadServerConfigFromString(sds config) {
-                 goto loaderr;
-             }
-         } else if (!strcasecmp(argv[0], "loadmodule") && argc >= 2) {
--            moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2);
-+            moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2, reading_include_file);
-         } else if (strchr(argv[0], '.')) {
-             if (argc < 2) {
-                 err = "Module config specified without value";
-@@ -1605,7 +1609,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) {
-     while ((de = dictNext(di)) != NULL) {
-         struct ValkeyModule *module = dictGetVal(de);
-         line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule");
--        rewriteConfigRewriteLine(state, "loadmodule", line, 1);
-+        if (line) rewriteConfigRewriteLine(state, "loadmodule", line, 1);
-     }
-     dictReleaseIterator(di);
-     /* Mark "loadmodule" as processed in case modules is empty. */
-diff --git a/src/module.c b/src/module.c
-index e5afa952fa..f18bc3c6bf 100644
---- a/src/module.c
-+++ b/src/module.c
-@@ -84,6 +84,7 @@
- 
- struct moduleLoadQueueEntry {
-     sds path;
-+    int from_include;
-     int argc;
-     robj **argv;
- };
-@@ -670,7 +671,7 @@ void freeClientModuleData(client *c) {
-     c->module_data = NULL;
- }
- 
--void moduleEnqueueLoadModule(sds path, sds *argv, int argc) {
-+void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include) {
-     int i;
-     struct moduleLoadQueueEntry *loadmod;
- 
-@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) {
-     loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL;
-     loadmod->path = sdsnew(path);
-     loadmod->argc = argc;
-+    loadmod->from_include = from_include;
-     for (i = 0; i < argc; i++) {
-         loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i]));
-     }
-@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module,
-                                               const char *config_option_str) {
-     sds line;
- 
-+    if (module->loadmod->from_include) {
-+        /* no need to add as already from config */
-+        return NULL;
-+    }
-     line = sdsnew(config_option_str);
-     line = sdscatlen(line, " ", 1);
-     line = sdscatsds(line, module->loadmod->path);
-@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) {
-     listRewind(server.loadmodule_queue, &li);
-     while ((ln = listNext(&li))) {
-         struct moduleLoadQueueEntry *loadmod = ln->value;
--        if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0) == C_ERR) {
-+        if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, loadmod->from_include) == C_ERR) {
-             serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path);
-             exit(1);
-         }
-@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) {
- 
- /* Load a module and initialize it. On success C_OK is returned, otherwise
-  * C_ERR is returned. */
--int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex) {
-+int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int from_include) {
-     int (*onload)(void *, void **, int);
-     void *handle;
- 
-@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa
-     ctx.module->loadmod->path = sdsnew(path);
-     ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL;
-     ctx.module->loadmod->argc = module_argc;
-+    ctx.module->loadmod->from_include = from_include;
-     for (int i = 0; i < module_argc; i++) {
-         ctx.module->loadmod->argv[i] = module_argv[i];
-         incrRefCount(ctx.module->loadmod->argv[i]);
-@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) {
-             argv = &c->argv[3];
-         }
- 
--        if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0) == C_OK)
-+        if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0, 0) == C_OK)
-             addReply(c, shared.ok);
-         else
-             addReplyError(c, "Error loading the extension. Please check the server logs.");
-@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) {
-         /* If this is a loadex command we want to populate server.module_configs_queue with
-          * sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */
-         if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK &&
--            moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1) == C_OK)
-+            moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1, 0) == C_OK)
-             addReply(c, shared.ok);
-         else {
-             dictEmpty(server.module_configs_queue, NULL);
-diff --git a/src/module.h b/src/module.h
-index f6c266b592..1f9e729e56 100644
---- a/src/module.h
-+++ b/src/module.h
-@@ -169,7 +169,7 @@ static inline void moduleInitDigestContext(ValkeyModuleDigest *mdvar) {
-     memset(mdvar->x, 0, sizeof(mdvar->x));
- }
- 
--void moduleEnqueueLoadModule(sds path, sds *argv, int argc);
-+void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include);
- sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module,
-                                               const char *config_option_str);
- ValkeyModuleCtx *moduleAllocateContext(void);
-@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx);
- void moduleInitModulesSystem(void);
- void moduleInitModulesSystemLast(void);
- void modulesCron(void);
--int moduleLoad(const char *path, void **argv, int argc, int is_loadex);
-+int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int from_include);
- int moduleUnload(sds name, const char **errmsg);
- void moduleLoadFromQueue(void);
- int moduleGetCommandKeysViaAPI(struct serverCommand *cmd, robj **argv, int argc, getKeysResult *result);

valkey.spec

@@ -4,13 +4,12 @@
 %else
 %bcond_with docs
 %endif
-# See https://github.com/valkey-io/valkey-doc/tags
-%global doc_version 9.0.1
+%global doc_version 8.0.5
 # Tests fail in mock, not in local build.
 %bcond_with tests
 
 Name:              valkey
-Version:           9.0.1
+Version:           8.0.6
 Release:           1%{?dist}
 Summary:           A persistent key-value database
 # valkey: BSD-3-Clause
@@ -25,14 +24,11 @@ Source1:           %{name}.logrotate
 Source2:           %{name}-sentinel.service
 Source3:           %{name}.service
 Source4:           %{name}.sysusers
-Source5:           %{name}.tmpfiles
+Source8:           macros.%{name}
 Source9:           migrate_redis_to_valkey.sh
 Source50:          https://github.com/valkey-io/%{name}-doc/archive/%{doc_version}/%{name}-doc-%{doc_version}.tar.gz
 
-# Fix default paths in configuration files for RPM layout
-Patch0:            %{name}-conf.patch
-# Workaround to https://github.com/valkey-io/valkey/issues/2678
-Patch1:            %{name}-loadmod.patch
+Patch1:            valkey-cve-2025-27151.patch
 
 BuildRequires:     make
 BuildRequires:     gcc
@@ -43,7 +39,6 @@ BuildRequires:     tcl
 BuildRequires:     pkgconfig(libsystemd)
 BuildRequires:     systemd-devel
 BuildRequires:     systemd-rpm-macros
-BuildRequires:     rdma-core-devel
 BuildRequires:     openssl-devel
 %if %{with docs}
 # for docs/man pages
@@ -53,8 +48,8 @@ BuildRequires:     python3-pyyaml
 %endif
 
 Requires:          logrotate
-# from deps/libvalkey/include/valkey/valkey.h
-Provides:          bundled(libvalkey) = 0.2.1
+# from deps/hiredis/hiredis.h
+Provides:          bundled(hiredis) = 1.0.3
 # from deps/jemalloc/VERSION
 Provides:          bundled(jemalloc) = 5.3.0
 # from deps/lua/src/lua.h
@@ -62,19 +57,13 @@ Provides:          bundled(lua-libs) = 5.1.5
 # from deps/linenoise/linenoise.h
 Provides:          bundled(linenoise) = 1.0
 Provides:          bundled(lzf)
-# from deps/README.md
-# e4448cf6d1cd08fff519812d3b1e58bd5a94ac42
-Provides:          bundled(hdr_histogram) = 0.11.9
+# from deps/hdr_histogram/README.md
+Provides:          bundled(hdr_histogram) = 0.11.0
 # no version
 Provides:          bundled(fpconv)
 
-# sub-package was dropped
-Obsoletes:         valkey-tls  < %{version}-%{release}
-Provides:          valkey-tls  = %{version}-%{release}
-
 %global valkey_modules_abi 1
 %global valkey_modules_dir %{_libdir}/%{name}/modules
-%global valkey_modules_cfg %{_sysconfdir}/%{name}/modules
 Provides:          valkey(modules_abi)%{?_isa} = %{valkey_modules_abi}
 
 ExcludeArch:       %{ix86}
@@ -104,27 +93,14 @@ a cache.
 
 You can use Valkey from most programming languages also.
 
-See https://valkey.io/topics/
-
 %package           devel
 Summary:           Development header for Valkey module development
 # Header-Only Library (https://fedoraproject.org/wiki/Packaging:Guidelines)
 Provides:          %{name}-static = %{version}-%{release}
-Requires:          %{name}%{?_isa} = %{version}-%{release}
 
 %description       devel
 Header file required for building loadable Valkey modules.
 
-%package           rdma
-Summary:           RDMA module for %{name}
-Requires:          %{name}%{?_isa} = %{version}-%{release}
-Supplements:       %{name}
-
-%description       rdma
-%summary.
-
-See https://valkey.io/topics/RDMA/
-
 
 %package           compat-redis
 Summary:           Conversion script and compatibility symlinks for Redis
@@ -182,12 +158,12 @@ Provides:          redis-doc = %{version}-%{release}
 %prep
 # no autosetup due to no support for multiple source extraction
 %setup -n %{name}-%{version} -a50
-%patch -P0 -p1 -b .rpm
-%patch -P1 -p1 -b .loadmod
+
+%patch -P1 -p1
 
 mv deps/lua/COPYRIGHT             COPYRIGHT-lua
 mv deps/jemalloc/COPYING          COPYING-jemalloc
-mv deps/libvalkey/COPYING         COPYING-libvalkey
+mv deps/hiredis/COPYING COPYING-hiredis-BSD-3-Clause
 mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram
 mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram
 mv deps/fpconv/LICENSE.txt        LICENSE-fpconv
@@ -205,17 +181,19 @@ sed -e 's/--with-lg-quantum/--with-lg-page=16 --with-lg-quantum/' -i deps/Makefi
 api=`sed -n -e 's/#define VALKEYMODULE_APIVER_[0-9][0-9]* //p' src/valkeymodule.h`
 if test "$api" != "%{valkey_modules_abi}"; then
    : Error: Upstream API version is now ${api}, expecting %%{valkey_modules_abi}.
-   : Update the valkey_modules_abi macro, and rebuild.
+   : Update the valkey_modules_abi macro, the rpmmacros file, and rebuild.
    exit 1
 fi
 
-# Generates macro file
-cat << 'EOF' | tee macros.%{name}
-%%valkey_version     %version
-%%valkey_modules_abi %valkey_modules_abi
-%%valkey_modules_dir %valkey_modules_dir
-%%valkey_modules_cfg %valkey_modules_cfg
-EOF
+
+sed -i -e 's|^logfile .*$|logfile /var/log/valkey/valkey.log|g' \
+  -e 's|^# unixsocket .*$|unixsocket /run/valkey/valkey.sock|g' \
+  -e 's|^pidfile .*$|pidfile /run/valkey/valkey.pid|g' \
+  valkey.conf
+
+sed -i -e 's|^logfile .*$|logfile /var/log/valkey/sentinel.log|g' \
+  -e 's|^pidfile .*$|pidfile /run/valkey/sentinel.pid|g' \
+  sentinel.conf
 
 %if (%{defined fedora} && 0%{?fedora} < 42) || (%{defined rhel} && 0%{?rhel} < 10)
 # these lines are for conditionals around sysconfig to valkey.conf porting scriptlets to avoid re-runs
@@ -223,13 +201,7 @@ echo '# valkey_rpm_conf' >> valkey.conf
 echo '# valkey-sentinel_rpm_conf' >> sentinel.conf
 %endif
 
-%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes BUILD_RDMA=module
-
-: RDMA configuration file
-cat << EOF | tee rdma.conf
-# RDMA module
-loadmodule %{valkey_modules_dir}/rdma.so
-EOF
+%global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes
 
 
 %build
@@ -268,9 +240,6 @@ rm -rf %{buildroot}%{_datadir}/%{name}
 # System user
 install -p -D -m 0644 %{S:4} %{buildroot}%{_sysusersdir}/%{name}.conf
 
-# Install tmpfiles.d file
-install -p -D -m 0644 %{S:5} %{buildroot}%{_tmpfilesdir}/%{name}.conf
-
 # Filesystem.
 install -d %{buildroot}%{_sharedstatedir}/%{name}
 install -d %{buildroot}%{_localstatedir}/log/%{name}
@@ -283,7 +252,6 @@ install -pDm644 %{S:1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
 # Install configuration files.
 install -pDm640 %{name}.conf  %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
 install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}/sentinel.conf
-install -dm750  %{buildroot}%{valkey_modules_cfg}
 
 # Install systemd unit files.
 mkdir -p %{buildroot}%{_unitdir}
@@ -298,7 +266,7 @@ install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h
 
 # Install rpm macros for valkey modules
 #mkdir -p %{buildroot}%{_rpmmacrodir}
-install -pDm644 macros.%{name} %{buildroot}%{_rpmmacrodir}/macros.%{name}
+install -pDm644 %{S:8} %{buildroot}%{_rpmmacrodir}/macros.%{name}
 
 # compat script
 install -Dpm 755 %{S:9} %{buildroot}%{_libexecdir}/migrate_redis_to_valkey.sh
@@ -310,10 +278,6 @@ install -pDm644 src/redismodule.h %{buildroot}%{_includedir}/redismodule.h
 ln -sr %{buildroot}/usr/lib/systemd/system/valkey.service %{buildroot}/usr/lib/systemd/system/redis.service
 ln -sr %{buildroot}/usr/lib/systemd/system/valkey-sentinel.service %{buildroot}/usr/lib/systemd/system/redis-sentinel.service
 
-# RDMA module
-install -pm755 src/valkey-rdma.so %{buildroot}%{valkey_modules_dir}/rdma.so
-install -pm640 rdma.conf          %{buildroot}%{valkey_modules_cfg}/rdma.conf
-
 
 %check
 %if %{with tests}
@@ -324,6 +288,8 @@ taskset -c 1 ./runtest --clients 50 --skiptest "Active defrag - AOF loading"
 #./runtest-sentinel
 %endif
 
+%pre
+%sysusers_create_compat %{S:4}
 
 
 %post
@@ -392,10 +358,9 @@ fi
 %license LICENSE-hdrhistogram
 %license COPYING-hdrhistogram
 %license LICENSE-fpconv
-%license COPYING-libvalkey
+%license COPYING-hiredis-BSD-3-Clause
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %attr(0750, valkey, root) %dir %{_sysconfdir}/%{name}
-%attr(0750, valkey, root) %dir %{valkey_modules_cfg}
 %attr(0640, valkey, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %attr(0640, valkey, root) %config(noreplace) %{_sysconfdir}/%{name}/sentinel.conf
 %dir %{_libdir}/%{name}
@@ -407,7 +372,6 @@ fi
 %{_unitdir}/%{name}-sentinel.service
 %dir %attr(0755, valkey, valkey) %ghost %{_localstatedir}/run/%{name}
 %{_sysusersdir}/%{name}.conf
-%{_tmpfilesdir}/%{name}.conf
 %if %{with docs}
 %{_mandir}/man1/%{name}*.gz
 %{_mandir}/man5/%{name}.conf.5.gz
@@ -421,9 +385,6 @@ fi
 %{_mandir}/man{3,7}/*%{name}*.gz
 %endif
 
-%files rdma
-%attr(0640, valkey, root) %config(noreplace) %{valkey_modules_cfg}/rdma.conf
-%{valkey_modules_dir}/rdma.so
 
 %files devel
 # main package is not required
@@ -443,67 +404,25 @@ fi
 
 
 %changelog
-* Wed Dec 10 2025 Remi Collet <remi@remirepo.net> - 9.0.1-1
-- Valkey 9.0.1 - December 9, 2025
-- Upgrade urgency MODERATE
+* Sat Oct  4 2025 Remi Collet <remi@fedoraproject.org> - 8.0.6-1
+- update to 8.0.6
+  fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819
+- update documentation to 8.0.5
 
-* Thu Nov 27 2025 Remi Collet <remi@fedoraproject.org> - 9.0.0-2
-- build TLS statically as module not supported by sentinel
-- drop sub-package for TLS module
+* Wed Jul 16 2025 Remi Collet <remi@fedoraproject.org> - 8.0.4-1
+- update to 8.0.4
+  fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023
 
-* Wed Oct 22 2025 Remi Collet <remi@fedoraproject.org> - 9.0.0-1
-- Valkey 9.0.0 GA - October 21, 2025
-- bundled hiredis replaced by libvalkey
+* Fri Jun 06 2025 Jonathan Wright <jonathan@almalinux.org> - 8.0.3-3
+- Apply patch for CVE-2025-49112 properly
 
-* Mon Oct  6 2025 Remi Collet <remi@fedoraproject.org> - 8.1.4-2
-- improve the patch for loadmodule directive
+* Fri Jun 06 2025 Jonathan Wright <jonathan@almalinux.org> - 8.0.3-2
+- Fixes CVE-2025-49112
 
-* Sat Oct  4 2025 Remi Collet <remi@fedoraproject.org> - 8.1.4-1
-- Valkey 8.1.4 - Released Fri 09 October 2025
-- Upgrade urgency SECURITY:
-  CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819
-- fix CONFIG REWRITE breaks configuration
-  reported as https://github.com/valkey-io/valkey/issues/2678
-  using patch from https://github.com/valkey-io/valkey/pull/2689
-
-* Wed Oct  1 2025 Remi Collet <remi@fedoraproject.org> - 8.1.3-6
-- add sub-package for RDMA module
-- add sub-package for TLS module
-
-* Fri Sep 26 2025 Nathan Scott <nathans@redhat.com> - 8.1.3-5
-- enable Remote Direct Memory Access (RDMA) capabilities
-
-* Tue Sep  9 2025 Remi Collet <remi@redhat.com> - 8.1.3-4
-- fix for ImageMode: ensure ownership of /etc/valkey
-
-* Thu Aug 28 2025 Remi Collet <remi@fedoraproject.org> - 8.1.3-3
-- use patch for configuration changes
-- add /etc/valkey/modules drop-in directory for module configuration files
-- add %%valkey_version and %%valkey_modules_cfg macros
-
-* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 8.1.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Mon Jul  7 2025 Remi Collet <remi@fedoraproject.org> - 8.1.3-1
-- update to 8.1.3
-  fixes CVE-2025-CVE-2025-32023 and CVE-2025-48367
-
-* Wed Jun 18 2025 Remi Collet <remi@fedoraproject.org> - 8.1.2-1
-- update to 8.1.2
-  fixes CVE-2025-27151
-
-* Thu Apr 24 2025 Remi Collet <remi@fedoraproject.org> - 8.1.1-1
-- update to 8.1.1
+* Thu Apr 24 2025 Remi Collet <remi@fedoraproject.org> - 8.0.3-1
+- update to 8.0.3
   fixes CVE-2025-21605
 
-* Fri Apr 04 2025 Nathan Scott <nathans@redhat.com> - 8.1.0-1
-- include tmpfiles.d configuration file
-- redis.log transition rhbz#2316030
-- update to 8.1.0 rhbz#22356280
-
-* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 8.0.2-3
-- Drop call to %sysusers_create_compat
-
 * Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 8.0.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
 

valkey.tmpfiles

@@ -1,4 +0,0 @@
-Z /etc/valkey     ~0750 valkey root   -
-D /run/valkey      0755 valkey valkey -
-d /var/lib/valkey  0750 valkey valkey -
-d /var/log/valkey  0750 valkey valkey -