------------------------------------------------------------------- Thu Jul 17 16:06:59 UTC 2025 - Antonio Teixeira - Update to 8.0.4: * CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146) (bsc#1246059) * CVE-2025-48367 retry accept on transient errors (#2315) (bsc#1246058) - 8.0.3 changes: - Bug fixes * Optimize RDB load performance and fix cluster mode resizing on replica side (#1199) * Fix memory leak in forgotten node ping ext code path (#1574) * Fix cluster info sent stats for message with light header (#1563) * Fix module LatencyAddSample still work when latency-monitor-threshold is 0 (#1541) * Fix potential crash in radix tree recompression of huge keys (#1722) * Fix error "SSL routines::bad length" when connTLSWrite is called second time with smaller buffer (#1737) * Fix temp file leak druing replication error handling (#1721) * Fix ACL LOAD crash on replica since the primary client don't has a user (#1842) * Fix RANDOMKEY infinite loop during CLIENT PAUSE (#1850) * fix: add samples to stream object consumer trees (#1825) * Fix cluster slot stats assertion during promotion of replica (#1950) * Fix panic in primary when blocking shutdown after previous block with timeout (#1948) * Ignore stale gossip packets that arrive out of order (#1777) * Fix incorrect lag reported in XINFO GROUPS (#1952) * Avoid shard id update of replica if not matching with primary shard id (#573) - Security fixes * CVE-2025-21605 Limit output buffer for unauthenticated clients (#1993) (bsc#1241708) - Dropped patches, included in upstream release: * CVE-2025-21605.patch * valkey-fake-client-flag.patch - Refresh valkey-ssl_new-null-return.patch ------------------------------------------------------------------- Tue Jun 3 17:55:25 UTC 2025 - Antonio Teixeira - Fix crash on SSL_new() returning NULL in outgoing connections (bsc#1243061) * valkey-ssl_new-null-return.patch ------------------------------------------------------------------- Mon Jun 2 12:12:59 UTC 2025 - Antonio Teixeira - Fix CVE-2025-27151, absence of filename size check may cause a stack overflow (bsc#1243804) * CVE-2025-27151.patch - Fix CVE-2025-49112, setDeferredReply integer underflow (bsc#1243913) * CVE-2025-49112.patch ------------------------------------------------------------------- Tue Apr 29 17:03:56 UTC 2025 - Antonio Teixeira - Fix CVE-2025-21605, output buffer denial of service (bsc#1241708) * CVE-2025-21605.patch - Fix test suite * valkey-fake-client-flag.patch * valkey-slot-stats.patch ------------------------------------------------------------------- Wed Jan 8 17:22:51 UTC 2025 - Antonio Teixeira - Update to 8.0.2: - Security fixes * (CVE-2024-46981, bsc#1235387) Lua script commands may lead to remote code execution. (#1513) * (CVE-2024-51741, bsc#1235386) Denial-of-service due to malformed ACL selectors. (#1514) - Bug fixes * Fix an uncommon crash when using TLS with dual channel replication. (#1173) * Make sure repl_down_since is correctly reset when dual channel replication fails. (#1149) * Fix a performance regression where a replica does not properly initialize the database size when loading a snapshot during replication. (#1199) * Make sure the last accessed time is correctly updated when using the TOUCH command with the CLIENT NO-TOUCH option. * Fix a bug where total_net_repl_output_bytes may report the wrong. (#1486) * Fix a bug where used_memory_scripts may report the wrong value. (#1255) * Fix a bug where server might crash when using active defrag when scripts are evicted from the script cache. (#1310) * Fix a bug where extra memory would be used when storing strings in the inline protocol. (#1213) * Fix a bug where the SORT command may throw a cross slot error. (#1182) * Fix a bug where the RANDOMKEY command may omit returning keys in cluster mode. (#1155) * Send the correct error message when FUNCTION KIlL is used to kill an ongoing script. (#1171) * Fix a potential memory corruption when databases are emptied, such as through FLUSHDB, when during active defrag is running. (#1512) - Behavior changes * Revert an unintended breaking change when sending an unsubuscribe command when a client is not subscribed to any channels. (#1265) ------------------------------------------------------------------- Wed Dec 4 20:05:34 UTC 2024 - Antonio Teixeira - Fix redis and sentinel units lookup in migration script (bsc#1226986) * Look for units in /etc/systemd/system/redis.target.wants - Fix sentinel config files permissions in migration script ------------------------------------------------------------------- Tue Oct 22 09:03:52 UTC 2024 - Dirk Müller - fix requires for compat-redis package ------------------------------------------------------------------- Fri Oct 4 12:43:51 UTC 2024 - Antonio Teixeira - Update to 8.0.1: - Bug fixes * Fix a build issue with RDMA when using additional make parameters. (#1074) * Fix an issue where `CLUSTER SLOTS` might return the wrong tcp or tls port when called from inside a script or from a module. (#1072) * Fix a crash when `CLUSTER SLOTS` or `CLUSTER SHARDS` is called from inside a script or from a module. (#1063) * Fix a build issue on systems where `` is unavailable. (#1053) * Fix an issue with the default `sentinel.conf` being invalid. (#1040) - Security fixes * (CVE-2024-31449, bsc#1231264) Lua library commands may lead to stack overflow and potential RCE. * (CVE-2024-31227, bsc#1231266) Potential Denial-of-service due to malformed ACL selectors. * (CVE-2024-31228, bsc#1231265) Potential Denial-of-service due to unbounded pattern matching. - 8.0.0 changelog: * See https://github.com/valkey-io/valkey/blob/8.0.0/00-RELEASENOTES - Drop ppc-atomic.patch - Refresh valkey-conf.patch ------------------------------------------------------------------- Tue Aug 27 18:04:07 UTC 2024 - Antonio Teixeira - Update to 7.2.6: - Bug Fixes - Core * Fix typo in REGISTER_API macro to prevent segfaults when loading Redis modules (#608) * Fix the command duration reset issue when clients are blocked and commands are reprocessed (#526) * Fix the data type conversion error in zrangeResultBeginStore (Redis#13148) * Fix a crash caused by quicklist node merges (Redis#13040) * Fix crashes in module blocking client timeout cases (Redis#13011) * Fix conversion of numbers in Lua args to Redis args (Redis#13115, Fixes Redis#13113) * Fix crash in LSET command when replacing small list items with larger ones, creating listpacks larger than 4GB (Redis#12955, Fixes Redis#12864) * Fix blocking command timeout reset issue during reprocessing (Redis#13004) - Bug Fixes - Cluster * Fix the CLUSTER SHARDS command to display accurate slot information even if a primary node fails (#790, Fixes #784) * Fix an issue where module authentication failed when the cluster was down (#693, Fixes #619) * Ensure only primary nodes with slots can mark another node as failed (#634) * Improve MEET command reliability under link failures to maintain cluster membership symmetry (#461) * Allow single primary node to mark potentially failed replica as FAIL in single-shard cluster (Redis#12824) - Bug Fixes - Sentinel * Accept redis-sentinel to start Valkey in sentinel mode (#731, Fixes #719) - Bug Fixes - CLI * Ensure the --count option in redis-cli works correctly even without --pattern (Redis#13092) * Fix redis-check-aof misidentifying data in manifest format as MP-AOF (Redis#12951) * Update redis-check-rdb types to replace stream-v2 with stream-v3 (Redis#12969) ------------------------------------------------------------------- Tue Jul 9 14:21:33 UTC 2024 - Antonio Teixeira - migrate_redis_to_valkey.bash fixes (boo#1227139) * Also set group owner for /var/lib/valkey * Change logdir option in copied conf files to /var/log/valkey * Change owner of copied conf files to root:valkey ------------------------------------------------------------------- Tue Jul 2 07:52:48 UTC 2024 - Andreas Schwab - valkey.logrotate: fix owner of logfiles ------------------------------------------------------------------- Sat Jun 29 17:32:13 UTC 2024 - Neal Gompa - Add legacy symlinks for "redis" executables in sbin to fix running valkey in other package test suites using absolute paths ------------------------------------------------------------------- Wed Jun 26 06:25:23 UTC 2024 - Georg Pfuetzenreuter - Repair Redis instance detection (boo#1226986) ------------------------------------------------------------------- Sat Jun 22 08:42:19 UTC 2024 - Neal Gompa - Enable automatic replacement of redis with valkey ------------------------------------------------------------------- Thu Jun 6 18:26:19 UTC 2024 - Neal Gompa - Initial package based on the redis package and Fedora valkey package - Ported over patch from redis package + Added valkey-conf.patch - Backport patch from upstream submission + Added ppc-atomic.patch