diff --git a/0003-Fix-CVE-2025-46818.patch b/0003-Fix-CVE-2025-46818.patch deleted file mode 100644 index 4477d5b178d3f5caec6eead3d2f51ac18e903d09..0000000000000000000000000000000000000000 --- a/0003-Fix-CVE-2025-46818.patch +++ /dev/null @@ -1,264 +0,0 @@ -diff --git a/src/config.c b/src/config.c -index 9e8c5ba..cde2dd6 100644 ---- a/src/config.c -+++ b/src/config.c -@@ -3097,6 +3097,7 @@ standardConfig static_configs[] = { - createBoolConfig("latency-tracking", NULL, MODIFIABLE_CONFIG, server.latency_tracking_enabled, 1, NULL, NULL), - createBoolConfig("aof-disable-auto-gc", NULL, MODIFIABLE_CONFIG | HIDDEN_CONFIG, server.aof_disable_auto_gc, 0, NULL, updateAofAutoGCEnabled), - createBoolConfig("replica-ignore-disk-write-errors", NULL, MODIFIABLE_CONFIG, server.repl_ignore_disk_write_error, 0, NULL, NULL), -+ createBoolConfig("lua-enable-deprecated-api", NULL, IMMUTABLE_CONFIG | HIDDEN_CONFIG, server.lua_enable_deprecated_api, 0, NULL, NULL), - - /* String Configs */ - createStringConfig("aclfile", NULL, IMMUTABLE_CONFIG, ALLOW_EMPTY_STRING, server.acl_filename, "", NULL, NULL), -diff --git a/src/eval.c b/src/eval.c -index 47c66b6..6d22533 100644 ---- a/src/eval.c -+++ b/src/eval.c -@@ -260,6 +260,8 @@ void scriptingInit(int setup) { - /* Recursively lock all tables that can be reached from the global table */ - luaSetTableProtectionRecursively(lua); - lua_pop(lua, 1); -+ /* Set metatables of basic types (string, number, nil etc.) readonly. */ -+ luaSetTableProtectionForBasicTypes(lua); - - lctx.lua = lua; - } -diff --git a/src/function_lua.c b/src/function_lua.c -index be79dc1..dacd534 100644 ---- a/src/function_lua.c -+++ b/src/function_lua.c -@@ -491,6 +491,8 @@ int luaEngineInitEngine(void) { - lua_enablereadonlytable(lua_engine_ctx->lua, -1, 1); /* protect the new global table */ - lua_replace(lua_engine_ctx->lua, LUA_GLOBALSINDEX); /* set new global table as the new globals */ - -+ /* Set metatables of basic types (string, number, nil etc.) readonly. */ -+ luaSetTableProtectionForBasicTypes(lua_engine_ctx->lua); - - engine *lua_engine = zmalloc(sizeof(*lua_engine)); - *lua_engine = (engine) { -diff --git a/src/script_lua.c b/src/script_lua.c -index 2c92638..8b64e62 100644 ---- a/src/script_lua.c -+++ b/src/script_lua.c -@@ -66,7 +66,6 @@ static char *redis_api_allow_list[] = { - static char *lua_builtins_allow_list[] = { - "xpcall", - "tostring", -- "getfenv", - "setmetatable", - "next", - "assert", -@@ -87,15 +86,16 @@ static char *lua_builtins_allow_list[] = { - "loadstring", - "ipairs", - "_VERSION", -- "setfenv", - "load", - "error", - NULL, - }; - --/* Lua builtins which are not documented on the Lua documentation */ --static char *lua_builtins_not_documented_allow_list[] = { -+/* Lua builtins which are deprecated for sandboxing concerns */ -+static char *lua_builtins_deprecated[] = { - "newproxy", -+ "setfenv", -+ "getfenv", - NULL, - }; - -@@ -117,7 +117,6 @@ static char **allow_lists[] = { - libraries_allow_list, - redis_api_allow_list, - lua_builtins_allow_list, -- lua_builtins_not_documented_allow_list, - lua_builtins_removed_after_initialization_allow_list, - NULL, - }; -@@ -1320,7 +1319,22 @@ static int luaNewIndexAllowList(lua_State *lua) { - break; - } - } -- if (!*allow_l) { -+ -+ int allowed = (*allow_l != NULL); -+ /* If not explicitly allowed, check if it's a deprecated function. If so, -+ * allow it only if 'lua_enable_deprecated_api' config is enabled. */ -+ int deprecated = 0; -+ if (!allowed) { -+ char **c = lua_builtins_deprecated; -+ for (; *c; ++c) { -+ if (strcmp(*c, variable_name) == 0) { -+ deprecated = 1; -+ allowed = server.lua_enable_deprecated_api ? 1 : 0; -+ break; -+ } -+ } -+ } -+ if (!allowed) { - /* Search the value on the back list, if its there we know that it was removed - * on purpose and there is no need to print a warning. */ - char **c = deny_list; -@@ -1329,7 +1343,7 @@ static int luaNewIndexAllowList(lua_State *lua) { - break; - } - } -- if (!*c) { -+ if (!*c && !deprecated) { - serverLog(LL_WARNING, "A key '%s' was added to Lua globals which is not on the globals allow list nor listed on the deny list.", variable_name); - } - } else { -@@ -1381,6 +1395,37 @@ void luaSetTableProtectionRecursively(lua_State *lua) { - } - } - -+/* Set the readonly flag on the metatable of basic types (string, nil etc.) */ -+void luaSetTableProtectionForBasicTypes(lua_State *lua) { -+ static const int types[] = { -+ LUA_TSTRING, -+ LUA_TNUMBER, -+ LUA_TBOOLEAN, -+ LUA_TNIL, -+ LUA_TFUNCTION, -+ LUA_TTHREAD, -+ LUA_TLIGHTUSERDATA -+ }; -+ -+ for (size_t i = 0; i < sizeof(types) / sizeof(types[0]); i++) { -+ /* Push a dummy value of the type to get its metatable */ -+ switch (types[i]) { -+ case LUA_TSTRING: lua_pushstring(lua, ""); break; -+ case LUA_TNUMBER: lua_pushnumber(lua, 0); break; -+ case LUA_TBOOLEAN: lua_pushboolean(lua, 0); break; -+ case LUA_TNIL: lua_pushnil(lua); break; -+ case LUA_TFUNCTION: lua_pushcfunction(lua, NULL); break; -+ case LUA_TTHREAD: lua_newthread(lua); break; -+ case LUA_TLIGHTUSERDATA: lua_pushlightuserdata(lua, (void*)lua); break; -+ } -+ if (lua_getmetatable(lua, -1)) { -+ luaSetTableProtectionRecursively(lua); -+ lua_pop(lua, 1); /* pop metatable */ -+ } -+ lua_pop(lua, 1); /* pop dummy value */ -+ } -+} -+ - void luaRegisterVersion(lua_State* lua) { - lua_pushstring(lua,"REDIS_VERSION_NUM"); - lua_pushnumber(lua,REDIS_VERSION_NUM); -diff --git a/src/script_lua.h b/src/script_lua.h -index 4c2b348..d8a3688 100644 ---- a/src/script_lua.h -+++ b/src/script_lua.h -@@ -71,6 +71,7 @@ void luaRegisterGlobalProtectionFunction(lua_State *lua); - void luaSetErrorMetatable(lua_State *lua); - void luaSetAllowListProtection(lua_State *lua); - void luaSetTableProtectionRecursively(lua_State *lua); -+void luaSetTableProtectionForBasicTypes(lua_State *lua); - void luaRegisterLogFunction(lua_State* lua); - void luaRegisterVersion(lua_State* lua); - void luaPushErrorBuff(lua_State *lua, sds err_buff); -diff --git a/src/server.h b/src/server.h -index 586711e..defcaf1 100644 ---- a/src/server.h -+++ b/src/server.h -@@ -2002,6 +2002,7 @@ struct redisServer { - mstime_t busy_reply_threshold; /* Script / module timeout in milliseconds */ - int pre_command_oom_state; /* OOM before command (script?) was started */ - int script_disable_deny_script; /* Allow running commands marked "no-script" inside a script. */ -+ int lua_enable_deprecated_api; /* Config to enable deprecated api */ - /* Lazy free */ - int lazyfree_lazy_eviction; - int lazyfree_lazy_expire; -diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl -index 635076b..fa084b2 100644 ---- a/tests/unit/scripting.tcl -+++ b/tests/unit/scripting.tcl -@@ -1007,6 +1007,27 @@ start_server {tags {"scripting"}} { - set _ $e - } {*Attempt to modify a readonly table*} - -+ test "Try trick readonly table on basic types metatable" { -+ # Run the following scripts for basic types. Either getmetatable() -+ # should return nil or the metatable must be readonly. -+ set scripts { -+ {getmetatable(nil).__index = function() return 1 end} -+ {getmetatable('').__index = function() return 1 end} -+ {getmetatable(123.222).__index = function() return 1 end} -+ {getmetatable(true).__index = function() return 1 end} -+ {getmetatable(function() return 1 end).__index = function() return 1 end} -+ {getmetatable(coroutine.create(function() return 1 end)).__index = function() return 1 end} -+ } -+ -+ foreach code $scripts { -+ catch {run_script $code 0} e -+ assert { -+ [string match "*attempt to index a nil value script*" $e] || -+ [string match "*Attempt to modify a readonly table*" $e] -+ } -+ } -+ } -+ - test "Test loadfile are not available" { - catch { - run_script { -@@ -1035,6 +1056,55 @@ start_server {tags {"scripting"}} { - } {*Script attempted to access nonexistent global variable 'print'*} - } - -+# Start a new server to test lua-enable-deprecated-api config -+foreach enabled {no yes} { -+start_server [subst {tags {"scripting external:skip"} overrides {lua-enable-deprecated-api $enabled}}] { -+ test "Test setfenv availability lua-enable-deprecated-api=$enabled" { -+ catch { -+ run_script { -+ local f = function() return 1 end -+ setfenv(f, {}) -+ return 0 -+ } 0 -+ } e -+ if {$enabled} { -+ assert_equal $e 0 -+ } else { -+ assert_match {*Script attempted to access nonexistent global variable 'setfenv'*} $e -+ } -+ } -+ -+ test "Test getfenv availability lua-enable-deprecated-api=$enabled" { -+ catch { -+ run_script { -+ local f = function() return 1 end -+ getfenv(f) -+ return 0 -+ } 0 -+ } e -+ if {$enabled} { -+ assert_equal $e 0 -+ } else { -+ assert_match {*Script attempted to access nonexistent global variable 'getfenv'*} $e -+ } -+ } -+ -+ test "Test newproxy availability lua-enable-deprecated-api=$enabled" { -+ catch { -+ run_script { -+ getmetatable(newproxy(true)).__gc = function() return 1 end -+ return 0 -+ } 0 -+ } e -+ if {$enabled} { -+ assert_equal $e 0 -+ } else { -+ assert_match {*Script attempted to access nonexistent global variable 'newproxy'*} $e -+ } -+ } -+} -+} -+ - # Start a new server since the last test in this stanza will kill the - # instance at all. - start_server {tags {"scripting"}} { --- -2.43.5 - diff --git a/0004-Fix-CVE-2025-46819.patch b/0004-Fix-CVE-2025-46819.patch deleted file mode 100644 index 2d566da293441b122c7fcd82c8b40654c736f895..0000000000000000000000000000000000000000 --- a/0004-Fix-CVE-2025-46819.patch +++ /dev/null @@ -1,160 +0,0 @@ -diff --git a/deps/lua/src/llex.c b/deps/lua/src/llex.c -index 88c6790..1e49c04 100644 ---- a/deps/lua/src/llex.c -+++ b/deps/lua/src/llex.c -@@ -138,6 +138,7 @@ static void inclinenumber (LexState *ls) { - - - void luaX_setinput (lua_State *L, LexState *ls, ZIO *z, TString *source) { -+ ls->t.token = 0; - ls->decpoint = '.'; - ls->L = L; - ls->lookahead.token = TK_EOS; /* no look-ahead token */ -@@ -207,8 +208,13 @@ static void read_numeral (LexState *ls, SemInfo *seminfo) { - } - - --static int skip_sep (LexState *ls) { -- int count = 0; -+/* -+** reads a sequence '[=*[' or ']=*]', leaving the last bracket. -+** If a sequence is well-formed, return its number of '='s + 2; otherwise, -+** return 1 if there is no '='s or 0 otherwise (an unfinished '[==...'). -+*/ -+static size_t skip_sep (LexState *ls) { -+ size_t count = 0; - int s = ls->current; - lua_assert(s == '[' || s == ']'); - save_and_next(ls); -@@ -216,11 +222,13 @@ static int skip_sep (LexState *ls) { - save_and_next(ls); - count++; - } -- return (ls->current == s) ? count : (-count) - 1; -+ return (ls->current == s) ? count + 2 -+ : (count == 0) ? 1 -+ : 0; - } - - --static void read_long_string (LexState *ls, SemInfo *seminfo, int sep) { -+static void read_long_string (LexState *ls, SemInfo *seminfo, size_t sep) { - int cont = 0; - (void)(cont); /* avoid warnings when `cont' is not used */ - save_and_next(ls); /* skip 2nd `[' */ -@@ -270,8 +278,8 @@ static void read_long_string (LexState *ls, SemInfo *seminfo, int sep) { - } - } endloop: - if (seminfo) -- seminfo->ts = luaX_newstring(ls, luaZ_buffer(ls->buff) + (2 + sep), -- luaZ_bufflen(ls->buff) - 2*(2 + sep)); -+ seminfo->ts = luaX_newstring(ls, luaZ_buffer(ls->buff) + sep, -+ luaZ_bufflen(ls->buff) - 2 * sep); - } - - -@@ -346,9 +354,9 @@ static int llex (LexState *ls, SemInfo *seminfo) { - /* else is a comment */ - next(ls); - if (ls->current == '[') { -- int sep = skip_sep(ls); -+ size_t sep = skip_sep(ls); - luaZ_resetbuffer(ls->buff); /* `skip_sep' may dirty the buffer */ -- if (sep >= 0) { -+ if (sep >= 2) { - read_long_string(ls, NULL, sep); /* long comment */ - luaZ_resetbuffer(ls->buff); - continue; -@@ -360,13 +368,14 @@ static int llex (LexState *ls, SemInfo *seminfo) { - continue; - } - case '[': { -- int sep = skip_sep(ls); -- if (sep >= 0) { -+ size_t sep = skip_sep(ls); -+ if (sep >= 2) { - read_long_string(ls, seminfo, sep); - return TK_STRING; - } -- else if (sep == -1) return '['; -- else luaX_lexerror(ls, "invalid long string delimiter", TK_STRING); -+ else if (sep == 0) /* '[=...' missing second bracket */ -+ luaX_lexerror(ls, "invalid long string delimiter", TK_STRING); -+ return '['; - } - case '=': { - next(ls); -diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl -index fa084b2..b0ed8a6 100644 ---- a/tests/unit/scripting.tcl -+++ b/tests/unit/scripting.tcl -@@ -315,13 +315,6 @@ start_server {tags {"scripting"}} { - set e - } {*against a key*} - -- test {EVAL - JSON string encoding a string larger than 2GB} { -- run_script { -- local s = string.rep("a", 1024 * 1024 * 1024) -- return #cjson.encode(s..s..s) -- } 0 -- } {3221225474} {large-memory} ;# length includes two double quotes at both ends -- - test {EVAL - JSON numeric decoding} { - # We must return the table as a string because otherwise - # Redis converts floats to ints and we get 0 and 1023 instead -@@ -1056,6 +1049,52 @@ start_server {tags {"scripting"}} { - } {*Script attempted to access nonexistent global variable 'print'*} - } - -+# start a new server to test the large-memory tests -+start_server {tags {"scripting external:skip large-memory"}} { -+ test {EVAL - JSON string encoding a string larger than 2GB} { -+ run_script { -+ local s = string.rep("a", 1024 * 1024 * 1024) -+ return #cjson.encode(s..s..s) -+ } 0 -+ } {3221225474} ;# length includes two double quotes at both ends -+ -+ test {EVAL - Test long escape sequences for strings} { -+ run_script { -+ -- Generate 1gb '==...==' separator -+ local s = string.rep('=', 1024 * 1024) -+ local t = {} for i=1,1024 do t[i] = s end -+ local sep = table.concat(t) -+ collectgarbage('collect') -+ -+ local code = table.concat({'return [',sep,'[x]',sep,']'}) -+ collectgarbage('collect') -+ -+ -- Load the code and run it. Script will return the string length. -+ -- Escape sequence: [=....=[ to ]=...=] will be ignored -+ -- Actual string is a single character: 'x'. Script will return 1 -+ local func = loadstring(code) -+ return #func() -+ } 0 -+ } {1} -+ -+ test {EVAL - Lua can parse string with too many new lines} { -+ # Create a long string consisting only of newline characters. When Lua -+ # fails to parse a string, it typically includes a snippet like -+ # "... near ..." in the error message to indicate the last recognizable -+ # token. In this test, since the input contains only newlines, there -+ # should be no identifiable token, so the error message should contain -+ # only the actual error, without a near clause. -+ -+ run_script { -+ local s = string.rep('\n', 1024 * 1024) -+ local t = {} for i=1,2048 do t[#t+1] = s end -+ local lines = table.concat(t) -+ local fn, err = loadstring(lines) -+ return err -+ } 0 -+ } {*chunk has too many lines} -+} -+ - # Start a new server to test lua-enable-deprecated-api config - foreach enabled {no yes} { - start_server [subst {tags {"scripting external:skip"} overrides {lua-enable-deprecated-api $enabled}}] { --- -2.43.5 - diff --git a/0005-Fix-CVE-2025-46817.patch b/0005-Fix-CVE-2025-46817.patch deleted file mode 100644 index 90a0f72be7cfd0708252e4c7137c1537500d0315..0000000000000000000000000000000000000000 --- a/0005-Fix-CVE-2025-46817.patch +++ /dev/null @@ -1,89 +0,0 @@ -diff --git a/deps/lua/src/lbaselib.c b/deps/lua/src/lbaselib.c -index 2ab550b..26172d1 100644 ---- a/deps/lua/src/lbaselib.c -+++ b/deps/lua/src/lbaselib.c -@@ -340,13 +340,14 @@ static int luaB_assert (lua_State *L) { - - - static int luaB_unpack (lua_State *L) { -- int i, e, n; -+ int i, e; -+ unsigned int n; - luaL_checktype(L, 1, LUA_TTABLE); - i = luaL_optint(L, 2, 1); - e = luaL_opt(L, luaL_checkint, 3, luaL_getn(L, 1)); - if (i > e) return 0; /* empty range */ -- n = e - i + 1; /* number of elements */ -- if (n <= 0 || !lua_checkstack(L, n)) /* n <= 0 means arith. overflow */ -+ n = (unsigned int)e - (unsigned int)i; /* number of elements minus 1 */ -+ if (n >= INT_MAX || !lua_checkstack(L, ++n)) - return luaL_error(L, "too many results to unpack"); - lua_rawgeti(L, 1, i); /* push arg[i] (avoiding overflow problems) */ - while (i++ < e) /* push arg[i + 1...e] */ -diff --git a/deps/lua/src/ltable.c b/deps/lua/src/ltable.c -index f75fe19..55575a8 100644 ---- a/deps/lua/src/ltable.c -+++ b/deps/lua/src/ltable.c -@@ -434,8 +434,7 @@ static TValue *newkey (lua_State *L, Table *t, const TValue *key) { - ** search function for integers - */ - const TValue *luaH_getnum (Table *t, int key) { -- /* (1 <= key && key <= t->sizearray) */ -- if (cast(unsigned int, key-1) < cast(unsigned int, t->sizearray)) -+ if (1 <= key && key <= t->sizearray) - return &t->array[key-1]; - else { - lua_Number nk = cast_num(key); -diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl -index b0ed8a6..9f72451 100644 ---- a/tests/unit/scripting.tcl -+++ b/tests/unit/scripting.tcl -@@ -315,6 +315,45 @@ start_server {tags {"scripting"}} { - set e - } {*against a key*} - -+ test {EVAL - Test table unpack with invalid indexes} { -+ catch {run_script { return {unpack({1,2,3}, -2, 2147483647)} } 0} e -+ assert_match {*too many results to unpack*} $e -+ catch {run_script { return {unpack({1,2,3}, 0, 2147483647)} } 0} e -+ assert_match {*too many results to unpack*} $e -+ catch {run_script { return {unpack({1,2,3}, -2147483648, -2)} } 0} e -+ assert_match {*too many results to unpack*} $e -+ set res [run_script { return {unpack({1,2,3}, -1, -2)} } 0] -+ assert_match {} $res -+ set res [run_script { return {unpack({1,2,3}, 1, -1)} } 0] -+ assert_match {} $res -+ -+ # unpack with range -1 to 5, verify nil indexes -+ set res [run_script { -+ local function unpack_to_list(t, i, j) -+ local n, v = select('#', unpack(t, i, j)), {unpack(t, i, j)} -+ for i = 1, n do v[i] = v[i] or '_NIL_' end -+ v.n = n -+ return v -+ end -+ -+ return unpack_to_list({1,2,3}, -1, 5) -+ } 0] -+ assert_match {_NIL_ _NIL_ 1 2 3 _NIL_ _NIL_} $res -+ -+ # unpack with negative range, verify nil indexes -+ set res [run_script { -+ local function unpack_to_list(t, i, j) -+ local n, v = select('#', unpack(t, i, j)), {unpack(t, i, j)} -+ for i = 1, n do v[i] = v[i] or '_NIL_' end -+ v.n = n -+ return v -+ end -+ -+ return unpack_to_list({1,2,3}, -2147483648, -2147483646) -+ } 0] -+ assert_match {_NIL_ _NIL_ _NIL_} $res -+ } {} -+ - test {EVAL - JSON numeric decoding} { - # We must return the table as a string because otherwise - # Redis converts floats to ints and we get 0 and 1023 instead --- -2.43.5 - diff --git a/redis-7.2.10.tar.gz b/redis-7.2.11.tar.gz similarity index 33% rename from redis-7.2.10.tar.gz rename to redis-7.2.11.tar.gz index d7bf03ae515582ca2cb94edc4afb234b503c95c2..7f53ca5ea52a35af940c733786aa4e41961ebebe 100644 Binary files a/redis-7.2.10.tar.gz and b/redis-7.2.11.tar.gz differ diff --git a/redis-doc-3541d0e.tar.gz b/redis-doc-3541d0e.tar.gz deleted file mode 100644 index 0d320e60a4fa4bcc0cd5e5c11191c8f9eb3e5ab7..0000000000000000000000000000000000000000 Binary files a/redis-doc-3541d0e.tar.gz and /dev/null differ diff --git a/redis-doc-c7880ba.tar.gz b/redis-doc-c7880ba.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..5001fe84f1fa9e9b7faaa82a87c3974de4a8ef9e Binary files /dev/null and b/redis-doc-c7880ba.tar.gz differ diff --git a/redis.spec b/redis.spec index cb343ee6552c9e1750432b0a78bc153fc9b23c76..3bb85169936a455f7a9f063c684cb8c4312c407c 100644 --- a/redis.spec +++ b/redis.spec @@ -1,17 +1,18 @@ -%define anolis_release 2 +ExclusiveArch: x86_64 aarch64 +%global anolis_release 3 # temp workaround to https://bugzilla.redhat.com/2059488 %undefine _package_note_file # Tests fail in mock, not in local build. %bcond_with tests -%global doc_commit 3541d0e20cc4bb7873bdbf51a7717757b806577f +%global doc_commit c7880ba85fd67cb09110a4be790da47d4a6cec80 %global short_doc_commit %(c=%{doc_commit}; echo ${c:0:7}) %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) Name: redis -Version: 7.2.10 +Version: 7.2.11 Release: %{anolis_release}%{?dist} Summary: A persistent key-value database # redis, hiredis: BSD-3-Clause @@ -28,14 +29,15 @@ Source7: %{name}-limit-systemd Source9: macros.%{name} Source10: https://github.com/%{name}/%{name}-doc/archive/%{doc_commit}/%{name}-doc-%{short_doc_commit}.tar.gz +# To refresh patches: +# tar xf redis-xxx.tar.gz && cd redis-xxx && git init && git add . && git commit -m "%%{version} baseline" +# git am %%{patches} +# Then refresh your patches +# git format-patch HEAD~ +# Update configuration for Fedora +# https://github.com/redis/redis/pull/3491 - man pages Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch Patch0002: 0002-add-sw_64-support.patch -# https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e -Patch0003: 0003-Fix-CVE-2025-46818.patch -# https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba -Patch0004: 0004-Fix-CVE-2025-46819.patch -# https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca -Patch0005: 0005-Fix-CVE-2025-46817.patch BuildRequires: make BuildRequires: gcc @@ -54,7 +56,7 @@ Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # from deps/hiredis/hiredis.h -Provides: bundled(hiredis) = 1.0.3 +Provides: bundled(hiredis) = 1.2.0 # from deps/jemalloc/VERSION Provides: bundled(jemalloc) = 5.3.0 # from deps/lua/src/lua.h @@ -121,9 +123,6 @@ administration and development. mv ../%{name}-doc-%{doc_commit} doc %patch -P0001 -p1 %patch -P0002 -p1 -%patch -P0003 -p1 -%patch -P0004 -p1 -%patch -P0005 -p1 mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc @@ -297,6 +296,9 @@ fi %changelog +* Thu Oct 16 2025 Remi Collet - 7.2.11-1 +- rebase to 7.2.11 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 + * Fri Oct 10 2025 wh02252983 - 7.2.10-2 - Add patch to fix CVE-2025-46818 and CVE-2025-46819 and CVE-2025-46817 diff --git a/redis.spec.upstream b/redis.spec.upstream new file mode 100644 index 0000000000000000000000000000000000000000..febf8833c8b1adcf52b31b7449a38cffd9512e4e --- /dev/null +++ b/redis.spec.upstream @@ -0,0 +1,833 @@ +# RHEL spec file for redis, from +# +# Fedora spec file for redis +# +# License: MIT +# http://opensource.org/licenses/MIT +# +# Please preserve changelog entries +# + +# temp workaround to https://bugzilla.redhat.com/2059488 +%undefine _package_note_file + +# Tests fail in mock, not in local build. +%bcond_with tests + +# Commit IDs for the (unversioned) redis-doc repository +# https://fedoraproject.org/wiki/Packaging:SourceURL "Commit Revision" +%global doc_commit c7880ba85fd67cb09110a4be790da47d4a6cec80 +%global short_doc_commit %(c=%{doc_commit}; echo ${c:0:7}) + +# %%{rpmmacrodir} not usable on EL-6 +%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) + +Name: redis +Version: 7.2.11 +Release: 1%{?dist} +Summary: A persistent key-value database +# redis, hiredis: BSD-3-Clause +# hdrhistogram, jemalloc, lzf, linenoise: BSD-2-Clause +# lua: MIT +# fpconv: BSL-1.0 +License: BSD-3-Clause AND BSD-2-Clause AND MIT AND BSL-1.0 +URL: https://redis.io +Source0: https://download.redis.io/releases/%{name}-%{version}.tar.gz +Source1: %{name}.logrotate +Source2: %{name}-sentinel.service +Source3: %{name}.service +Source7: %{name}-limit-systemd +Source9: macros.%{name} +Source10: https://github.com/%{name}/%{name}-doc/archive/%{doc_commit}/%{name}-doc-%{short_doc_commit}.tar.gz + +# To refresh patches: +# tar xf redis-xxx.tar.gz && cd redis-xxx && git init && git add . && git commit -m "%%{version} baseline" +# git am %%{patches} +# Then refresh your patches +# git format-patch HEAD~ +# Update configuration for Fedora +# https://github.com/redis/redis/pull/3491 - man pages +Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch + +BuildRequires: make +BuildRequires: gcc +%if %{with tests} +BuildRequires: procps-ng +BuildRequires: tcl +%endif +BuildRequires: pkgconfig(libsystemd) +BuildRequires: systemd-devel +BuildRequires: systemd-rpm-macros +BuildRequires: openssl-devel +# redis-trib functionality migrated to redis-cli +Obsoletes: redis-trib < 5 +Requires: logrotate +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +# from deps/hiredis/hiredis.h +Provides: bundled(hiredis) = 1.2.0 +# from deps/jemalloc/VERSION +Provides: bundled(jemalloc) = 5.3.0 +# from deps/lua/src/lua.h +Provides: bundled(lua-libs) = 5.1.5 +# from deps/linenoise/linenoise.h +Provides: bundled(linenoise) = 1.0 +# from src/lzf.h +Provides: bundled(lzf) = 1.5 +# from deps/hdr_histogram/README.md +Provides: bundled(hdr_histogram) = 0.11.0 +# no version +Provides: bundled(fpconv) + +%global redis_modules_abi 1 +%global redis_modules_dir %{_libdir}/%{name}/modules +Provides: redis(modules_abi)%{?_isa} = %{redis_modules_abi} + +%description +Redis is an advanced key-value store. It is often referred to as a data +structure server since keys can contain strings, hashes, lists, sets and +sorted sets. + +You can run atomic operations on these types, like appending to a string; +incrementing the value in a hash; pushing to a list; computing set +intersection, union and difference; or getting the member with highest +ranking in a sorted set. + +In order to achieve its outstanding performance, Redis works with an +in-memory dataset. Depending on your use case, you can persist it either +by dumping the dataset to disk every once in a while, or by appending +each command to a log. + +Redis also supports trivial-to-setup master-slave replication, with very +fast non-blocking first synchronization, auto-reconnection on net split +and so forth. + +Other features include Transactions, Pub/Sub, Lua scripting, Keys with a +limited time-to-live, and configuration settings to make Redis behave like +a cache. + +You can use Redis from most programming languages also. + +%package devel +Summary: Development header for Redis module development +# Header-Only Library (https://fedoraproject.org/wiki/Packaging:Guidelines) +Provides: %{name}-static = %{version}-%{release} + +%description devel +Header file required for building loadable Redis modules. Detailed +API documentation is available in the redis-doc package. + +%package doc +Summary: Documentation for Redis including man pages +License: CC-BY-SA-4.0 +BuildArch: noarch + +# http://fedoraproject.org/wiki/Packaging:Conflicts "Splitting Packages" +Conflicts: redis < 4.0 + +%description doc +Manual pages and detailed documentation for many aspects of Redis use, +administration and development. + + +%prep +%setup -q -b 10 +mv ../%{name}-doc-%{doc_commit} doc +%patch -P0001 -p1 + +mv deps/lua/COPYRIGHT COPYRIGHT-lua +mv deps/jemalloc/COPYING COPYING-jemalloc +mv deps/hiredis/COPYING COPYING-hiredis +mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram +mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram +mv deps/fpconv/LICENSE.txt LICENSE-fpconv + +# Configuration file changes +sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf +sed -i -e 's|^logfile .*$|logfile /var/log/redis/sentinel.log|g' sentinel.conf +sed -i -e 's|^dir .*$|dir /var/lib/redis|g' redis.conf + +# Module API version safety check +api=`sed -n -e 's/#define REDISMODULE_APIVER_[0-9][0-9]* //p' src/redismodule.h` +if test "$api" != "%{redis_modules_abi}"; then + : Error: Upstream API version is now ${api}, expecting %%{redis_modules_abi}. + : Update the redis_modules_abi macro, the rpmmacros file, and rebuild. + exit 1 +fi + +%global make_flags DEBUG="" V="echo" LDFLAGS="%{?__global_ldflags}" CFLAGS+="%{optflags} -fPIC" INSTALL="install -p" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes + +%build +%make_build %{make_flags} all + +%install +make %{make_flags} install + +# Filesystem. +install -d %{buildroot}%{_sharedstatedir}/%{name} +install -d %{buildroot}%{_localstatedir}/log/%{name} +install -d %{buildroot}%{_localstatedir}/run/%{name} +install -d %{buildroot}%{redis_modules_dir} + +# Install logrotate file. +install -pDm644 %{S:1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} + +# Install configuration files. +install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf +install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}/sentinel.conf + +# Install systemd unit files. +mkdir -p %{buildroot}%{_unitdir} +install -pm644 %{S:3} %{buildroot}%{_unitdir} +install -pm644 %{S:2} %{buildroot}%{_unitdir} + +# Install systemd limit files (requires systemd >= 204) +install -p -D -m 644 %{S:7} %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d/limit.conf +install -p -D -m 644 %{S:7} %{buildroot}%{_sysconfdir}/systemd/system/%{name}-sentinel.service.d/limit.conf + +# Fix non-standard-executable-perm error. +chmod 755 %{buildroot}%{_bindir}/%{name}-* + +# Install redis module header +install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h + +# Install man pages +man=$(dirname %{buildroot}%{_mandir}) +for page in man/man?/*; do + install -Dpm644 $page $man/$page +done +ln -s redis-server.1 %{buildroot}%{_mandir}/man1/redis-sentinel.1 +ln -s redis.conf.5 %{buildroot}%{_mandir}/man5/redis-sentinel.conf.5 + +# Install documentation and html pages +doc=$(echo %{buildroot}/%{_docdir}/%{name}) +for page in 00-RELEASENOTES BUGS MANIFESTO *.md; do + install -Dpm644 $page $doc/$page +done +for page in $(find doc -name \*.md | sed -e 's|.md$||g'); do + base=$(echo $page | sed -e 's|doc/||g') + install -Dpm644 $page.md $doc/$base.md +done + +# Install rpm macros for redis modules +mkdir -p %{buildroot}%{macrosdir} +install -pDm644 %{S:9} %{buildroot}%{macrosdir}/macros.%{name} + +%check +%if %{with tests} +# https://github.com/redis/redis/issues/1417 (for "taskset -c 1") +taskset -c 1 make %{make_flags} test +make %{make_flags} test-sentinel +%endif + +%pre +getent group %{name} &> /dev/null || \ +groupadd -r %{name} &> /dev/null +getent passwd %{name} &> /dev/null || \ +useradd -r -g %{name} -d %{_sharedstatedir}/%{name} -s /sbin/nologin \ +-c 'Redis Database Server' %{name} &> /dev/null +exit 0 + +%post +if [ -f %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf ]; then + if [ -f %{_sysconfdir}/%{name}/%{name}.conf.rpmnew ]; then + rm %{_sysconfdir}/%{name}/%{name}.conf.rpmnew + fi + if [ -f %{_sysconfdir}/%{name}/%{name}.conf ]; then + mv %{_sysconfdir}/%{name}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf.rpmnew + fi + mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf + echo -e "\nWarning: %{name} configuration is now in %{_sysconfdir}/%{name} directory\n" +fi +if [ -f %{_sysconfdir}/%{name}-sentinel.conf -a ! -L %{_sysconfdir}/%{name}-sentinel.conf ]; then + if [ -f %{_sysconfdir}/%{name}/sentinel.conf.rpmnew ]; then + rm %{_sysconfdir}/%{name}/sentinel.conf.rpmnew + fi + if [ -f %{_sysconfdir}/%{name}/sentinel.conf ]; then + mv %{_sysconfdir}/%{name}/sentinel.conf %{_sysconfdir}/%{name}/sentinel.conf.rpmnew + fi + mv %{_sysconfdir}/%{name}-sentinel.conf %{_sysconfdir}/%{name}/sentinel.conf +fi +%systemd_post %{name}.service +%systemd_post %{name}-sentinel.service + +%preun +%systemd_preun %{name}.service +%systemd_preun %{name}-sentinel.service + +%postun +%systemd_postun_with_restart %{name}.service +%systemd_postun_with_restart %{name}-sentinel.service + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%license COPYRIGHT-lua +%license COPYING-jemalloc +%license COPYING-hiredis +%license LICENSE-hdrhistogram +%license COPYING-hdrhistogram +%license LICENSE-fpconv +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%attr(0750, redis, root) %dir %{_sysconfdir}/%{name} +%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}/sentinel.conf +%dir %{_libdir}/%{name} +%dir %{redis_modules_dir} +%dir %attr(0750, redis, redis) %{_sharedstatedir}/%{name} +%dir %attr(0750, redis, redis) %{_localstatedir}/log/%{name} +%exclude %{macrosdir} +%exclude %{_includedir} +%exclude %{_docdir}/%{name}/* +%{_bindir}/%{name}-* +%{_mandir}/man1/%{name}* +%{_mandir}/man5/%{name}* +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}-sentinel.service +%dir %{_sysconfdir}/systemd/system/%{name}.service.d +%config(noreplace) %{_sysconfdir}/systemd/system/%{name}.service.d/limit.conf +%dir %{_sysconfdir}/systemd/system/%{name}-sentinel.service.d +%config(noreplace) %{_sysconfdir}/systemd/system/%{name}-sentinel.service.d/limit.conf +%dir %attr(0755, redis, redis) %ghost %{_localstatedir}/run/%{name} + +%files devel +# main package is not required +%license COPYING +%{_includedir}/%{name}module.h +%{macrosdir}/* + +%files doc +# specific for documentation (CC-BY-SA) +%license doc/LICENSE +%docdir %{_docdir}/%{name} +%{_docdir}/%{name} + + +%changelog +* Thu Oct 16 2025 Remi Collet - 7.2.11-1 +- rebase to 7.2.11 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 + +* Wed Jul 16 2025 Remi Collet - 7.2.10-1 +- rebase to 7.2.10 for CVE-2025-27151 CVE-2025-32023 and CVE-2025-48367 + +* Thu Apr 24 2025 Remi Collet - 7.2.8-1 +- rebase to 7.2.8 for CVE-2025-21605 + +* Wed Jan 15 2025 Remi Collet - 7.2.7-1 +- rebase to 7.2.7 for CVE-2024-46981 and CVE-2024-51741 + +* Tue Oct 29 2024 Remi Collet - 7.2.6-1 +- rebase to 7.2.6 RHEL-26628 + +* Tue Jul 11 2023 Remi Collet - 7.0.12-1 +- rebase to 7.0.12 #2221899 + +* Thu May 25 2023 Remi Collet - 7.0.11-1 +- rebase to 7.0.11 for new redis:7 stream #2129826 + +* Tue Apr 18 2023 Remi Collet - 7.0.11-1 +- Upstream 7.0.11 release. + +* Thu Mar 30 2023 Remi Collet - 7.0.10-2 +- fix modules directory ownership and permissions #2176173 +- drop redis-shutdown helper and rely on systemd #2181181 + +* Tue Mar 21 2023 Remi Collet - 7.0.10-1 +- Upstream 7.0.10 release. + +* Wed Feb 1 2023 Remi Collet - 7.0.9-1 +- Upstream 7.0.9 release. + +* Fri Jan 20 2023 Fedora Release Engineering - 7.0.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Jan 17 2023 Remi Collet - 7.0.8-1 +- Upstream 7.0.8 release. + +* Fri Dec 16 2022 Remi Collet - 7.0.7-2 +- Upstream 7.0.7 release. +- refresh documentation + +* Tue Dec 13 2022 Remi Collet - 7.0.6-1 +- Upstream 7.0.6 release. + +* Mon Dec 5 2022 Florian Weimer - 7.0.5-2 +- Port makefile to C99 mode + +* Thu Sep 22 2022 Remi Collet - 7.0.5-1 +- Upstream 7.0.5 security release. + +* Sat Jul 23 2022 Fedora Release Engineering - 7.0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon Jul 18 2022 Remi Collet - 7.0.4-1 +- Upstream 7.0.4 release. + +* Tue Jul 12 2022 Remi Collet - 7.0.3-1 +- Upstream 7.0.3 release. + +* Mon Jun 13 2022 Remi Collet - 7.0.2-1 +- Upstream 7.0.2 release. + +* Wed Jun 8 2022 Remi Collet - 7.0.1-1 +- Upstream 7.0.1 release. + +* Thu Apr 28 2022 Remi Collet - 7.0.0-1 +- Upstream 7.0.0 release. + +* Thu Apr 28 2022 Remi Collet - 6.2.7-1 +- Upstream 6.2.7 release. + +* Fri Jan 21 2022 Fedora Release Engineering - 6.2.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Nov 3 2021 Remi Collet - 6.2.6-2 +- use proper license in dec/devel sub-packages + +* Mon Oct 4 2021 Remi Collet - 6.2.6-1 +- Upstream 6.2.6 release. + +* Tue Sep 14 2021 Sahana Prasad - 6.2.5-2 +- Rebuilt with OpenSSL 3.0.0 + +* Thu Jul 22 2021 Nathan Scott - 6.2.5-1 +- Upstream 6.2.5 release (RHBZ #1984631). +- Fix CVE-2021-32761: 32-bit systems BITFIELD command integer overflow. + +* Wed Jun 2 2021 Remi Collet - 6.2.4-1 +- Upstream 6.2.4 release. + +* Tue May 4 2021 Remi Collet - 6.2.3-1 +- Upstream 6.2.3 release + +* Tue Apr 20 2021 Remi Collet - 6.2.2-1 +- Upstream 6.2.2 release + +* Thu Apr 01 2021 Nathan Scott - 6.2.1-1 +- Upstream 6.2.1 release +- Merged make-macros spec change from Tom Stellard + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 6.2.0-2 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Mon Mar 01 2021 Nathan Scott - 6.2.0-1 +- Upstream 6.2.0 release (RHBZ #1915463). +- drop patch merged upstream. + +* Wed Feb 24 2021 Nathan Scott - 6.0.11-1 +- Upstream 6.0.11 release. + +* Wed Jan 27 2021 Fedora Release Engineering - 6.0.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 13 2021 Remi Collet - 6.0.10-1 +- Upstream 6.0.10 release. + +* Tue Nov 24 2020 Remi Collet - 6.0.9-3 +- fix check for regular file, not symlink + +* Mon Nov 23 2020 Remi Collet - 6.0.9-2 +- move configuration in /etc/redis per upstream recommendation + see https://github.com/redis/redis/issues/8051 + +* Tue Oct 27 2020 Remi Collet - 6.0.9-1 +- Upstream 6.0.9 release. + +* Tue Oct 20 2020 Remi Collet - 6.0.8-2 +- add missing LICENSE files in main package + +* Thu Sep 10 2020 Remi Collet - 6.0.8-1 +- Upstream 6.0.8 release. + +* Tue Sep 1 2020 Remi Collet - 6.0.7-1 +- Upstream 6.0.7 release. +- drop patch merged upstream + +* Wed Jul 29 2020 Fedora Release Engineering - 6.0.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 21 2020 Remi Collet - 6.0.6-1 +- Upstream 6.0.6 release. +- drop patch merged upstream +- open https://github.com/redis/redis/pull/7543 fix deprecated tail syntax + +* Wed Jun 10 2020 Nathan Scott - 6.0.5-1 +- Upstream 6.0.5 release. + +* Thu May 28 2020 Remi Collet - 6.0.4-3 +- Add comment for TimeoutStartSec and TimeoutStopSec in limit.conf +- Fix missing notification to systemd for sentinel + patch from https://github.com/redis/redis/pull/7168 +- Upstream 6.0.4 release. + +* Mon May 18 2020 Nathan Scott - 6.0.3-1 +- Upstream 6.0.3 release. + +* Wed May 6 2020 Remi Collet - 6.0.1-1 +- Upstream 6.0.1 release. + +* Fri May 01 2020 Nathan Scott - 6.0.0-1 +- Upstream 6.0.0 release. + +* Fri Mar 13 2020 Nathan Scott - 5.0.8-1 +- Upstream 5.0.8 release. + +* Wed Feb 12 2020 Nathan Scott - 5.0.7-3 +- Patch extern SDS_NOINIT definition for gcc 10 (RHBZ #1799969) + +* Thu Jan 30 2020 Fedora Release Engineering - 5.0.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Nov 19 2019 Carl George - 5.0.7-1 +- Latest upstream + +* Thu Sep 26 2019 Nathan Scott - 5.0.6-1 +- Upstream 5.0.6 release and redis-doc updates. + +* Fri Jul 26 2019 Fedora Release Engineering - 5.0.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 15 2019 Nathan Scott - 5.0.5-2 +- Use the (modified) bundled jemalloc for defrag (RHBZ #1725852) + +* Thu May 16 2019 Nathan Scott - 5.0.5-1 +- Upstream 5.0.5 release and redis-doc updates. + +* Sat May 11 2019 Nathan Scott - 5.0.4-2 +- Obsolete redis-trib - functionality now in redis-cli(1) +- Remove old chkconfig support, all systemd platforms now + +* Tue Mar 19 2019 Nathan Scott - 5.0.4-1 +- Upstream 5.0.4 release and redis-doc updates. +- Fix sentinel.conf logfile line addition. + +* Sat Feb 02 2019 Fedora Release Engineering - 5.0.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Dec 13 2018 Nathan Scott - 5.0.3-1 +- Upstream 5.0.3 release and redis-doc updates. + +* Fri Nov 23 2018 Nathan Scott - 5.0.2-1 +- Upstream 5.0.2 release and redis-doc updates. + +* Thu Nov 08 2018 Nathan Scott - 5.0.1-1 +- Upstream 5.0.1 release. + +* Thu Oct 18 2018 Nathan Scott - 5.0.0-1 +- Update systemd service files for network-online requirement +- Upstream 5.0.0 release. + +* Thu Aug 09 2018 Nathan Scott - 4.0.11-1 +- Drop the pandoc build dependency, install only markdown. +- Upstream 4.0.11 release. + +* Sat Jul 14 2018 Fedora Release Engineering - 4.0.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jun 25 2018 Remi Collet - 4.0.10-2 +- fix License (BSD and MIT) +- add bundled libraries licences +- add information about bundled lzf + +* Thu Jun 14 2018 Nathan Scott - 4.0.10-1 +- Upstream 4.0.10 release. + +* Tue Mar 27 2018 Nathan Scott - 4.0.9-1 +- Upstream 4.0.9 release. + +* Fri Feb 09 2018 Igor Gnatenko - 4.0.8-2 +- Escape macros in %%changelog + +* Wed Feb 7 2018 Nathan Scott - 4.0.8-1 +- Upstream 4.0.8 release. + +* Wed Jan 31 2018 Nathan Scott - 4.0.7-1 +- Upstream 4.0.7 release. + +* Thu Dec 7 2017 Nathan Scott - 4.0.6-1 +- Upstream 4.0.6 release. + +* Fri Dec 1 2017 Remi Collet - 4.0.5-1 +- Redis 4.0.5 - Released Thu Dec 1 16:03:32 CET 2017 +- Upgrade urgency CRITICAL: Redis 4.0.4 fix for PSYNC2 was broken, + causing the slave to crash when receiving an RDB file from the + master that contained a duplicated Lua script. + +* Fri Dec 01 2017 Nathan Scott - 4.0.4-1 +- Upstream 4.0.4 release. +- Update to current upstream redis-doc also. +- Fix man page issues (RHBZ #1513594 and RHBZ #1515417). + +* Thu Nov 30 2017 Remi Collet - 4.0.3-1 +- Redis 4.0.3 +- fix ownership of /usr/share/doc/redis +- use make_flags for test to avoid rebuild and failure +- fix rpm macro location on EL-6 +- add /var/run/redis on EL-6 +- add spec file license header +- drop duplicated documentation from main package +- keep man in main page + +* Fri Nov 17 2017 Nathan Scott - 4.0.2-2 +- Install the base modules directories, owned by the main package. + +* Tue Oct 31 2017 Nathan Scott - 4.0.2-1 +- Upstream 4.0.2 release. (RHBZ #1389592) +- Add redis-devel for loadable module development. +- Add redis-doc for man pages and detailed documentation. +- Provide redis-check-aof as a symlink to redis-server also now. + +* Tue Sep 26 2017 Nathan Scott - 3.2.11-1 +- Upstream 3.2.11 bug-fix-only release +- Switch to using Type=notify for Redis systemd services (RHBZ #1172841) +- Add Provides:bundled hiredis, linenoise, lua-libs clauses (RHBZ #788500) + +* Mon Aug 14 2017 Nathan Scott - 3.2.10-2 +- Add redis-trib based on patch from Sebastian Saletnik. (RHBZ #1215654) + +* Thu Aug 03 2017 Fedora Release Engineering - 3.2.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Mon Jul 31 2017 Nathan Scott - 3.2.10-1 +- Upstream 3.2.10 release +- Ensure both the redis and redis-sentinel service files set correct perms +- Dropped systemd tmpfiles source, handled directly in systemd service files + +* Thu Jul 27 2017 Fedora Release Engineering - 3.2.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon May 29 2017 Nathan Scott - 3.2.9-1 +- Upstream 3.2.9 +- Add RuntimeDirectory=redis to systemd unit file (RHBZ #1454700) +- Mark rundir as %%ghost since it may disappear (tmpfs - #1454700) +- Fix a shutdown failure with Unix domain sockets (RHBZ #1444988) + +* Mon Feb 20 2017 Haïkel Guémar - 3.2.8-1 +- Upstream 3.2.8 +- bugfix for #3796 (MIGRATE could cause server crash after socket error) + +* Sat Feb 11 2017 Fedora Release Engineering - 3.2.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Feb 4 2017 Haïkel Guémar - 3.2.7-1 +- Upstream 3.2.7 (important security fix) + +* Sat Nov 05 2016 Alan Pevec - 3.2.4-2 +- Install tmpfiles and /run/redis for legacy configurations + +* Mon Sep 26 2016 Haïkel Guémar - 3.2.4-1 +- Upstream 3.2.4 +- Fix buffer overlow (TALOS-2016-0206) + +* Wed Sep 14 2016 Remi Collet - 3.2.3-2 +- add missing man pages #1374577 + using patch from https://github.com/redis/redis/pull/3491 +- data and configuration should not be publicly readable #1374700 +- remove /var/run/redis with systemd #1374728 +- provide redis-check-rdb as a symlink to redis-server #1374736 + using patch from https://github.com/redis/redis/pull/3494 +- move redis-shutdown to libexec + +* Thu Aug 4 2016 Haïkel Guémar - 3.2.3-1 +- Upstream 3.2.3 +- Security fix for CVE-2013-7458 (redis-cli history world readable) +- RHBZ#1363670 RHBZ#1363671 + +* Mon Feb 8 2016 Haïkel Guémar - 3.0.6-3 +- Fix redis-shutdown to handle password-protected instances shutdown + +* Thu Feb 04 2016 Fedora Release Engineering - 3.0.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Sat Dec 19 2015 Haïkel Guémar - 3.0.6-1 +- Upstream 3.0.6 (RHBZ#1272281) + +* Fri Oct 16 2015 Haïkel Guémar - 3.0.5-1 +- Upstream 3.0.5 +- Fix slave/master replication hanging forever in certain case + +* Mon Sep 07 2015 Christopher Meng - 3.0.4-1 +- Update to 3.0.4 + +* Sun Aug 30 2015 Christopher Meng - 3.0.3-2 +- Rebuilt for jemalloc 4.0.0 + +* Tue Jul 21 2015 Haïkel Guémar - 3.0.3-1 +- Upstream 3.0.3 + +* Thu Jun 18 2015 Fedora Release Engineering - 3.0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jun 04 2015 Haïkel Guémar - 3.0.2-1 +- Upstream 3.0.2 (RHBZ #1228245) +- Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331) + +* Sat May 09 2015 Haïkel Guémar - 3.0.1-1 +- Upstream 3.0.1 (RHBZ #1208322) + +* Tue Apr 14 2015 Remi Collet - 3.0.0-2 +- rotate /var/log/redis/sentinel.log + +* Thu Apr 2 2015 Haïkel Guémar - 3.0.0-1 +- Upstream 3.0.0 (RHBZ #1208322) + +* Thu Mar 26 2015 Haïkel Guémar - 2.8.19-2 +- Fix redis-shutdown on multiple NIC setup (RHBZ #1201237) + +* Fri Feb 27 2015 Haïkel Guémar - 2.8.19-1 +- Upstream 2.8.19 (RHBZ #1175232) +- Fix permissions for tmpfiles (RHBZ #1182913) +- Add limits config files +- Spec cleanups + +* Fri Dec 05 2014 Haïkel Guémar - 2.8.18-1 +- Upstream 2.8.18 +- Rebased patches + +* Sat Sep 20 2014 Remi Collet - 2.8.17-1 +- Upstream 2.8.17 +- fix redis-sentinel service unit file for systemd +- fix redis-shutdown for sentinel +- also use redis-shutdown in init scripts + +* Wed Sep 17 2014 Haïkel Guémar - 2.8.15-2 +- Minor fix to redis-shutdown (from Remi Collet) + +* Sat Sep 13 2014 Haïkel Guémar - 2.8.15-1 +- Upstream 2.8.15 (critical bugfix for sentinel) +- Fix to sentinel systemd service and configuration (thanks Remi) +- Refresh patch management + +* Thu Sep 11 2014 Haïkel Guémar - 2.8.14-2 +- Cleanup spec +- Fix shutdown for redis-{server,sentinel} +- Backport fixes from Remi Collet repository (ie: sentinel working) + +* Thu Sep 11 2014 Haïkel Guémar - 2.8.14-1 +- Upstream 2.8.14 (RHBZ #1136287) +- Bugfix for lua scripting users (server crash) +- Refresh patches +- backport spec from EPEL7 (thanks Warren) + +* Wed Jul 16 2014 Christopher Meng - 2.8.13-1 +- Update to 2.8.13 + +* Tue Jun 24 2014 Christopher Meng - 2.8.12-1 +- Update to 2.8.12 + +* Wed Jun 18 2014 Christopher Meng - 2.8.11-1 +- Update to 2.8.11 + +* Sun Jun 08 2014 Fedora Release Engineering - 2.6.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Sep 06 2013 Fabian Deutsch - 2.6.16-1 +- Update to 2.6.16 +- Fix rhbz#973151 +- Fix rhbz#656683 +- Fix rhbz#977357 (Jan Vcelak ) + +* Sun Aug 04 2013 Fedora Release Engineering - 2.6.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 23 2013 Peter Robinson 2.6.13-4 +- ARM has gperftools + +* Wed Jun 19 2013 Fabian Deutsch - 2.6.13-3 +- Modify jemalloc patch for s390 compatibility (Thanks sharkcz) + +* Fri Jun 07 2013 Fabian Deutsch - 2.6.13-2 +- Unbundle jemalloc + +* Fri Jun 07 2013 Fabian Deutsch - 2.6.13-1 +- Add compile PIE flag (rhbz#955459) +- Update to redis 2.6.13 (rhbz#820919) + +* Thu Feb 14 2013 Fedora Release Engineering - 2.6.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Dec 27 2012 Silas Sewell - 2.6.7-1 +- Update to redis 2.6.7 + +* Sat Jul 21 2012 Fedora Release Engineering - 2.4.15-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Jul 08 2012 Silas Sewell - 2.4.15-2 +- Remove TODO from docs + +* Sun Jul 08 2012 Silas Sewell - 2.4.15-1 +- Update to redis 2.4.15 + +* Sat May 19 2012 Silas Sewell - 2.4.13-1 +- Update to redis 2.4.13 + +* Sat Mar 31 2012 Silas Sewell - 2.4.10-1 +- Update to redis 2.4.10 + +* Fri Feb 24 2012 Silas Sewell - 2.4.8-1 +- Update to redis 2.4.8 + +* Sat Feb 04 2012 Silas Sewell - 2.4.7-1 +- Update to redis 2.4.7 + +* Wed Feb 01 2012 Fabian Deutsch - 2.4.6-4 +- Fixed a typo in the spec + +* Tue Jan 31 2012 Fabian Deutsch - 2.4.6-3 +- Fix .service file, to match config (Type=simple). + +* Tue Jan 31 2012 Fabian Deutsch - 2.4.6-2 +- Fix .service file, credits go to Timon. + +* Thu Jan 12 2012 Fabian Deutsch - 2.4.6-1 +- Update to 2.4.6 +- systemd unit file added +- Compiler flags changed to compile 2.4.6 +- Remove doc/ and Changelog + +* Sun Jul 24 2011 Silas Sewell - 2.2.12-1 +- Update to redis 2.2.12 + +* Fri May 06 2011 Dan Horák - 2.2.5-2 +- google-perftools exists only on selected architectures + +* Sat Apr 23 2011 Silas Sewell - 2.2.5-1 +- Update to redis 2.2.5 + +* Sat Mar 26 2011 Silas Sewell - 2.2.2-1 +- Update to redis 2.2.2 + +* Wed Feb 09 2011 Fedora Release Engineering - 2.0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Dec 19 2010 Silas Sewell - 2.0.4-1 +- Update to redis 2.0.4 + +* Tue Oct 19 2010 Silas Sewell - 2.0.3-1 +- Update to redis 2.0.3 + +* Fri Oct 08 2010 Silas Sewell - 2.0.2-1 +- Update to redis 2.0.2 +- Disable checks section for el5 + +* Sat Sep 11 2010 Silas Sewell - 2.0.1-1 +- Update to redis 2.0.1 + +* Sat Sep 04 2010 Silas Sewell - 2.0.0-1 +- Update to redis 2.0.0 + +* Thu Sep 02 2010 Silas Sewell - 1.2.6-3 +- Add Fedora build flags +- Send all scriplet output to /dev/null +- Remove debugging flags +- Add redis.conf check to init script + +* Mon Aug 16 2010 Silas Sewell - 1.2.6-2 +- Don't compress man pages +- Use patch to fix redis.conf + +* Tue Jul 06 2010 Silas Sewell - 1.2.6-1 +- Initial package