pool/valkey
SHA256
16
0
Fork 0
Code Issues Pull Requests Activity
Files
factory
valkey/valkey.changes

403 lines
18 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Tue Feb 24 10:26:01 UTC 2026 - Marcus Rueckert <mrueckert@suse.de>
- Update to 9.0.3: (boo#1258746 boo#1258788 boo#1258789)
Upgrade urgency SECURITY: This release includes security fixes we
recommend you apply as soon as possible.
Security fixes
- (CVE-2025-67733) RESP Protocol Injection via Lua error_reply
- (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus
message
- (CVE-2026-27623) Reset request type after handling empty
requests
Bug fixes
- Avoids crash during MODULE UNLOAD when ACL rules reference a
module command and subcommand (#3160)
- Fix server assert on ACL LOAD when current user loses
permission to channels (#3182)
- Fix bug causing no response flush sometimes when IO threads are
busy (#3205)
-------------------------------------------------------------------
Tue Feb 10 22:51:02 UTC 2026 - Antonio Teixeira <antonio.teixeira@suse.com>
- Use systemd-tmpfiles to create dirs in /var/* (jsc#PED-14743)
- Add fix-pointer-to-int.patch
-------------------------------------------------------------------
Sun Feb 8 10:48:18 UTC 2026 - Marcus Rueckert <mrueckert@suse.de>
- Update to 9.0.2:
Upgrade urgency HIGH:
There are critical bugs that may affect a subset of users.
- Bug fixes
- Avoid memory leak of new argv when HEXPIRE commands target
only non-exiting fields (#2973)
- Fix HINCRBY and HINCRBYFLOAT to update volatile key tracking
(#2974)
- Avoid empty hash object when HSETEX added no fields (#2998)
- Fix case-sensitive check for the FNX and FXX arguments in
HSETEX (#3000)
- Prevent assertion in active expiration job after a hash with
volatile fields is overwritten (#3003, #3007)
- Fix HRANDFIELD to return null response when no field could be
found (#3022)
- Fix HEXPIRE to not delete items when validation rules fail
and expiration is in the past (#3023, #3048)
- Fix how hash is handling overriding of expired fields
overwrite (#3060)
- HSETEX - Always issue keyspace notifications after validation
(#3001)
- Make zero a valid TTL for hash fields during import mode and
data loading (#3006)
- Trigger prepareCommand on argc change in module command
filters (#2945)
- Restrict TTL from being negative and avoid crash in
import-mode (#2944)
- Fix chained replica crash when doing dual channel replication
(#2983)
- Skip slot cache optimization for AOF client to prevent key
duplication and data corruption (#3004)
- Fix used_memory_dataset underflow due to miscalculated
used_memory_overhead (#3005)
- Avoid duplicate calculations of network-bytes-out in slot
stats with copy-avoidance (#3046)
- Fix XREAD returning error on empty stream with + ID (#2742)
- Performance/Efficiency Improvements
- Track reply bytes in I/O threads if
commandlog-reply-larger-than is -1 (#3086, #3126).
- This makes it possible to mitigate a performance regression
in 9.0.1 caused by the bug fix #2652.
-------------------------------------------------------------------
Fri Jan 16 20:50:54 UTC 2026 - Marcus Rueckert <mrueckert@suse.de>
- valkey-cli and valkey-benchmark both link the RDMA libraries as
well. So there is no need to split out the server feature into
module to split it out into a subpackage. Build with RDMA enabled
by default.
-------------------------------------------------------------------
Tue Jan 13 11:11:14 UTC 2026 - Marcus Rueckert <mrueckert@suse.de>
- mark RDMA support as disabled until we figured out the linking
-------------------------------------------------------------------
Tue Jan 13 01:07:13 UTC 2026 - Marcus Rueckert <mrueckert@suse.de>
- enable RDMA support
-------------------------------------------------------------------
Tue Dec 9 20:31:50 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- Update to 9.0.1:
* Authenticate slot migration client on source node to internal user
* Bug fix: reset io_last_written on c->buf resize to prevent stale pointers
* Sentinel: fix regression requiring "+failover" ACL in failover path
* Cluster: Avoid usage of light weight messages to nodes with not ready bidirectional links
* Send duplicate multi meet packet only for node which supports it in mixed clusters
* Fix: LTRIM should not call signalModifiedKey when no elements are removed
* Fix build on some 32-bit ARM by only using NEON on AArch64
* Fix deadlock in IO-thread shutdown during panic
* Fix COMMANDLOG large-reply when using reply copy avoidance
* Fix CLUSTER SLOTS crash when called from module timer callback
-------------------------------------------------------------------
Sat Nov 29 02:18:38 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- update valkey-conf.patch
instead of copying the whole default example config we can also
have it as include file and start out with a very minimal
configuration for each instance.
-------------------------------------------------------------------
Tue Oct 21 19:47:52 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 9.0.0:
- Changes since last major version:
* https://valkey.io/blog/introducing-valkey-9/
* https://github.com/valkey-io/valkey/releases/tag/9.0.0-rc1
* https://github.com/valkey-io/valkey/releases/tag/9.0.0-rc2
* https://github.com/valkey-io/valkey/releases/tag/9.0.0-rc3
- Bug fixes
* HSETEX with FXX should not create an object if it does not exist
* Fix crash when aborting a slot migration while child snapshot is active
* Fix double MOVED reply on unblock at failover
* Fix memory leak with CLIENT LIST/KILL duplicate filters
* Fix incorrect accounting after completed atomic slot migration
* Fix Lua VM crash after FUNCTION FLUSH ASYNC + FUNCTION LOAD
* Fix invalid memory address caused by hashtable shrinking during safe
iteration
-------------------------------------------------------------------
Sun Oct 5 10:07:38 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- Update to 8.1.4:
- Security fixes (boo#1250995):
* CVE-2025-49844: A Lua script may lead to remote code execution
* CVE-2025-46817: A Lua script may lead to integer overflow and potential RCE
* CVE-2025-46818: A Lua script can be executed in the context of another user
* CVE-2025-46819: LUA out-of-bound read
- Bug fixes:
* Fix accounting for dual channel RDB bytes in replication stats
* Fix EVAL to report unknown error when empty error table is provided
* Fix use-after-free when active expiration triggers hashtable to shrink
* Fix MEMORY USAGE to account for embedded keys
* Fix memory leak when shrinking a hashtable without entries
* Prevent potential assertion in active defrag handling large allocations
* Prevent bad memory access when NOTOUCH client gets unblocked
* Converge divergent shard-id persisted in nodes.conf to primary's shard id
* Fix client tracking memory overhead calculation
* Fix RDB load per slot memory pre-allocation when loading from RDB snapshot
* Don't use AVX2 instructions if the CPU doesn't support it
* Fix bug where active defrag may be unable to defrag sparsely filled pages
- drop CVE-2025-49112.patch, included
-------------------------------------------------------------------
Tue Jul 15 21:47:08 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 8.1.3:
- Security fixes
* CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations
(boo#1246059)
* CVE-2025-48367 retry accept on transient errors (#2315) (boo#1246058)
- Bug fixes
* Fix missing response when AUTH is errored inside a transaction (#2287)
-------------------------------------------------------------------
Thu Jun 12 01:21:10 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 8.1.2:
- Security fixes
* CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)
- Bug fixes
* Properly escape double quotes and backslash in MONITOR command (#2036)
* Fix high CPU usage when fetching a random element in skewed sparse hash
table (#2085)
* Fix a bug that allowed clients to process commands when the server has
paused command processing (#2109)
* Fix a crash where the wrong slot is used when processing sharded pubsub
unsubscribe events (#2137)
* Fix a crash when a module attempts to write auxiliary data with AOF
enabled (#2132)
* Fix a bug where the engine may crash when establishing new outbound TLS
connections (#2140)
* Fix a bug where a cluster bus packet may be incorrectly marked as
invalid (#2144)
* Fix a bug where CLUSTER SLOTS/NODES information can be stale after
updating node port/tls-port (#2186)
* Fix a bug where replica in cluster mode can't finish failover when
config epoch is outdated (#2178)
* Fix a bug to avoid CLIENT UNBLOCK command to unblock paused clients
(#2117)
- Drop valkey-ssl_new-null-return.patch, CVE-2025-27151.patch
* Included in upstream release
-------------------------------------------------------------------
Wed Jun 11 22:08:53 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Provide redis 7.2.9 instead of valkey version due to lack of
features provided by redis 7.4 (boo#1243605)
-------------------------------------------------------------------
Tue Jun 3 17:55:25 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix crash on SSL_new() returning NULL in outgoing connections (bsc#1243061)
* valkey-ssl_new-null-return.patch
-------------------------------------------------------------------
Mon Jun 2 12:12:59 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix CVE-2025-27151, absence of filename size check may cause a stack
overflow (bsc#1243804)
* CVE-2025-27151.patch
- Fix CVE-2025-49112, setDeferredReply integer underflow (bsc#1243913)
* CVE-2025-49112.patch
-------------------------------------------------------------------
Mon May 5 14:41:28 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- Update to 8.1.1:
* 8.1.x branch with enhanced performance, reliability,
observability and usability over Valkey 8.0
* compatible with all previous Valkey releases as well as Redis
OSS 7.2.4
* Updated configuration options and functionality as listed in
https://github.com/valkey-io/valkey/releases/tag/8.1.1
https://github.com/valkey-io/valkey/releases/tag/8.1.0
-------------------------------------------------------------------
Thu Apr 24 16:52:15 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- Update to 8.0.3:
* CVE-2025-21605: Limit output buffer for unauthenticated clients
(boo#1241708)
* Optimize RDB load performance and fix cluster mode resizing on
replica side
* Fix memory leak in forgotten node ping ext code path
* Fix cluster info sent stats for message with light header
* Fix module LatencyAddSample still work when
latency-monitor-threshold is 0
* Fix potential crash in radix tree recompression of huge keys
* Fix error "SSL routines::bad length" when connTLSWrite is called
second time with smaller buffer
* Fix temp file leak druing replication error handling
* Fix ACL LOAD crash on replica since the primary client don't
has a user
* Fix RANDOMKEY infinite loop during CLIENT PAUSE
* fix: add samples to stream object consumer trees
* Fix cluster slot stats assertion during promotion of replica
* Fix panic in primary when blocking shutdown after previous
block with timeout
* Ignore stale gossip packets that arrive out of order
* Fix incorrect lag reported in XINFO GROUPS
* Avoid shard id update of replica if not matching with primary
shard id
-------------------------------------------------------------------
Wed Jan 8 17:22:51 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 8.0.2:
- Security fixes
* (CVE-2024-46981, bsc#1235387) Lua script commands may lead to remote code execution. (#1513)
* (CVE-2024-51741, bsc#1235386) Denial-of-service due to malformed ACL selectors. (#1514)
- Bug fixes
* Fix an uncommon crash when using TLS with dual channel replication. (#1173)
* Make sure repl_down_since is correctly reset when dual channel replication
fails. (#1149)
* Fix a performance regression where a replica does not properly initialize
the database size when loading a snapshot during replication. (#1199)
* Make sure the last accessed time is correctly updated when using the TOUCH
command with the CLIENT NO-TOUCH option.
* Fix a bug where total_net_repl_output_bytes may report the wrong. (#1486)
* Fix a bug where used_memory_scripts may report the wrong value. (#1255)
* Fix a bug where server might crash when using active defrag when scripts
are evicted from the script cache. (#1310)
* Fix a bug where extra memory would be used when storing strings in the
inline protocol. (#1213)
* Fix a bug where the SORT command may throw a cross slot error. (#1182)
* Fix a bug where the RANDOMKEY command may omit returning keys in cluster
mode. (#1155)
* Send the correct error message when FUNCTION KIlL is used to kill an
ongoing script. (#1171)
* Fix a potential memory corruption when databases are emptied, such as
through FLUSHDB, when during active defrag is running. (#1512)
- Behavior changes
* Revert an unintended breaking change when sending an unsubuscribe command
when a client is not subscribed to any channels. (#1265)
-------------------------------------------------------------------
Wed Dec 4 20:05:34 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix redis and sentinel units lookup in migration script (bsc#1226986)
* Look for units in /etc/systemd/system/redis.target.wants
- Fix sentinel config files permissions in migration script
-------------------------------------------------------------------
Tue Oct 22 09:03:52 UTC 2024 - Dirk Müller <dmueller@suse.com>
- fix requires for compat-redis package
-------------------------------------------------------------------
Fri Oct 4 12:43:51 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 8.0.1:
- Bug fixes
* Fix a build issue with RDMA when using additional make parameters. (#1074)
* Fix an issue where `CLUSTER SLOTS` might return the wrong tcp or tls port
when called from inside a script or from a module. (#1072)
* Fix a crash when `CLUSTER SLOTS` or `CLUSTER SHARDS` is called from inside
a script or from a module. (#1063)
* Fix a build issue on systems where `<threads.h>` is unavailable. (#1053)
* Fix an issue with the default `sentinel.conf` being invalid. (#1040)
- Security fixes
* (CVE-2024-31449, bsc#1231264) Lua library commands may lead to stack
overflow and potential RCE.
* (CVE-2024-31227, bsc#1231266) Potential Denial-of-service due to malformed
ACL selectors.
* (CVE-2024-31228, bsc#1231265) Potential Denial-of-service due to unbounded
pattern matching.
- 8.0.0 changelog:
* See https://github.com/valkey-io/valkey/blob/8.0.0/00-RELEASENOTES
- Drop ppc-atomic.patch
- Refresh valkey-conf.patch
-------------------------------------------------------------------
Tue Aug 27 18:04:07 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 7.2.6:
- Bug Fixes - Core
* Fix typo in REGISTER_API macro to prevent segfaults when loading Redis
modules (#608)
* Fix the command duration reset issue when clients are blocked and commands
are reprocessed (#526)
* Fix the data type conversion error in zrangeResultBeginStore (Redis#13148)
* Fix a crash caused by quicklist node merges (Redis#13040)
* Fix crashes in module blocking client timeout cases (Redis#13011)
* Fix conversion of numbers in Lua args to Redis args
(Redis#13115, Fixes Redis#13113)
* Fix crash in LSET command when replacing small list items with larger ones,
creating listpacks larger than 4GB (Redis#12955, Fixes Redis#12864)
* Fix blocking command timeout reset issue during reprocessing (Redis#13004)
- Bug Fixes - Cluster
* Fix the CLUSTER SHARDS command to display accurate slot information even
if a primary node fails (#790, Fixes #784)
* Fix an issue where module authentication failed when the cluster was down
(#693, Fixes #619)
* Ensure only primary nodes with slots can mark another node as failed (#634)
* Improve MEET command reliability under link failures to maintain cluster
membership symmetry (#461)
* Allow single primary node to mark potentially failed replica as FAIL in
single-shard cluster (Redis#12824)
- Bug Fixes - Sentinel
* Accept redis-sentinel to start Valkey in sentinel mode (#731, Fixes #719)
- Bug Fixes - CLI
* Ensure the --count option in redis-cli works correctly even without
--pattern (Redis#13092)
* Fix redis-check-aof misidentifying data in manifest format as MP-AOF
(Redis#12951)
* Update redis-check-rdb types to replace stream-v2 with stream-v3
(Redis#12969)
-------------------------------------------------------------------
Tue Jul 9 14:21:33 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- migrate_redis_to_valkey.bash fixes (boo#1227139)
* Also set group owner for /var/lib/valkey
* Change logdir option in copied conf files to /var/log/valkey
* Change owner of copied conf files to root:valkey
-------------------------------------------------------------------
Tue Jul 2 07:52:48 UTC 2024 - Andreas Schwab <schwab@suse.de>
- valkey.logrotate: fix owner of logfiles
-------------------------------------------------------------------
Sat Jun 29 17:32:13 UTC 2024 - Neal Gompa <ngompa@opensuse.org>
- Add legacy symlinks for "redis" executables in sbin to fix
running valkey in other package test suites using absolute paths
-------------------------------------------------------------------
Wed Jun 26 06:25:23 UTC 2024 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Repair Redis instance detection (boo#1226986)
-------------------------------------------------------------------
Sat Jun 22 08:42:19 UTC 2024 - Neal Gompa <ngompa@opensuse.org>
- Enable automatic replacement of redis with valkey
-------------------------------------------------------------------
Thu Jun 6 18:26:19 UTC 2024 - Neal Gompa <ngompa@opensuse.org>
- Initial package based on the redis package and Fedora valkey package
- Ported over patch from redis package
+ Added valkey-conf.patch
- Backport patch from upstream submission
+ Added ppc-atomic.patch
Reference in New Issue View Git Blame Copy Permalink