File redis7.spec of Package redis7.38527
#
# spec file for package redis
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define _data_dir %{_localstatedir}/lib/%{_name}
%define _log_dir %{_localstatedir}/log/%{_name}
%define _conf_dir %{_sysconfdir}/%{_name}
%define _name redis
Name: redis7
Version: 7.0.8
Release: 0
Summary: Persistent key-value database
License: BSD-3-Clause
URL: https://redis.io
Source0: https://download.redis.io/releases/%{_name}-%{version}.tar.gz
Source1: %{_name}.logrotate
Source2: %{_name}.target
Source3: %{_name}@.service
Source4: %{_name}.tmpfiles.d
Source5: README.SUSE
Source6: %{_name}.sysctl
Source7: %{_name}-sentinel@.service
Source8: %{_name}-sentinel.target
Source9: %{_name}-user.conf
Source10: https://raw.githubusercontent.com/redis/redis-hashes/master/README#/redis.hashes
# PATCH-MISSING-TAG -- See https://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines
Patch0: %{_name}-conf.patch
Patch3: reproducible.patch
Patch4: ppc-atomic.patch
# PATCH-FIX-UPSTREAM bsc#1208793 CVE-2023-25155
# Integer Overflow in RAND commands can lead to assertion
Patch5: CVE-2023-25155.patch
# PATCH-FIX-UPSTREAM bsc#1208790 CVE-2022-36021
# Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow
Patch6: CVE-2022-36021.patch
# PATCH-FIX-UPSTREAM CVE-2023-28425
# Specially crafted MSETNX command can lead to assertion and denial-of-service
Patch7: CVE-2023-28425.patch
# PATCH-FIX-UPSTREAM CVE-2023-28856 [bsc#1210548], HINCRBYFLOAT invalid key crash
Patch8: CVE-2023-28856.patch
# CVE-2022-24834 [bsc#1213193], heap overflow in the cjson and cmsgpack libraries
Patch9: CVE-2022-24834.patch
# PATCH-FIX-UPSTREAM bsc#1213249 CVE-2023-36824
# heap overflow in COMMAND GETKEYS and ACL evaluation
Patch10: CVE-2023-36824.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1215094 CVE-2023-41053
# SORT_RO may bypass ACL configuration
Patch11: CVE-2023-41053.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1216376 CVE-2023-45145
# race condition during UNIX socket creation leads to permission bypass
Patch12: CVE-2023-45145.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1231266 CVE-2024-31227
# Fix parsing issue leading to denail of service
Patch13: CVE-2024-31227.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1231265 CVE-2024-31228
# Prevent unbounded recursive pattern matching
Patch14: CVE-2024-31228.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1231264 CVE-2024-31449
# Integer overflow bug in Lua bit_tohex
Patch15: CVE-2024-31449.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1235386 CVE-2024-51741
# Malformed ACL selectors can trigger a server panic when accessed
Patch16: CVE-2024-51741.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1235387 CVE-2024-46981
# Lua scripts can be used to manipulate the garbage collector, leading to remote code execution
Patch17: CVE-2024-46981.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1241708 CVE-2025-21605
# Output buffer denial of service
Patch18: CVE-2025-21605.patch
BuildRequires: jemalloc-devel
BuildRequires: libopenssl-devel >= 1.1.1
BuildRequires: pkgconfig
BuildRequires: procps
BuildRequires: sysuser-shadow
BuildRequires: sysuser-tools
BuildRequires: tcl
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(systemd)
# there is no tcl-tls package yet, which is said to be needed for testing tls support
Recommends: logrotate
%sysusers_requires
Provides: %{_name} = %version
Conflicts: %{_name}
%description
%{_name} is an advanced key-value store. It is similar to memcached but the dataset
is not volatile, and values can be strings, exactly like in memcached,
but also lists, sets, and ordered sets. All this data types can be manipulated
with atomic operations to push/pop elements, add/remove elements, perform server
side union, intersection, difference between sets, and so forth. Redis supports
different kind of sorting abilities.
%prep
echo "`grep -F %{_name}-%{version}.tar.gz %{SOURCE10} | cut -d' ' -f4` %{SOURCE0}" | sha256sum -c
%setup -q -n %{_name}-%{version}
%patch0
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%build
export HOST=OBS # for reproducible builds
%make_build CFLAGS="%{optflags}" \
BUILD_WITH_SYSTEMD=yes \
BUILD_TLS=yes
%sysusers_generate_pre %{SOURCE9} %{_name}
%install
install -pm0750 -d \
%{buildroot}%{_sbindir} \
%{buildroot}%{_log_dir} \
%{buildroot}%{_data_dir} \
%{buildroot}%{_conf_dir} \
%{buildroot}%{_log_dir}/default \
%{buildroot}%{_data_dir}/default
install -Dpm0755 src/%{_name}-benchmark %{buildroot}%{_bindir}/%{_name}-benchmark
install -Dpm0755 src/%{_name}-cli %{buildroot}%{_bindir}/%{_name}-cli
install -Dpm0755 src/%{_name}-server %{buildroot}%{_sbindir}/%{_name}-server
ln -sfv ../sbin/redis-server %{buildroot}%{_bindir}/%{_name}-check-aof
ln -sfv ../sbin/redis-server %{buildroot}%{_bindir}/%{_name}-check-rdb
ln -sfv ../sbin/redis-server %{buildroot}%{_sbindir}/%{_name}-check-aof
ln -sfv ../sbin/redis-server %{buildroot}%{_sbindir}/%{_name}-check-rdb
ln -sfv ../sbin/redis-server %{buildroot}%{_sbindir}/%{_name}-sentinel
perl -p -i -e 's|daemonize yes|daemonize no|g' %{_name}.conf
install -Dpm0640 redis.conf %{buildroot}%{_conf_dir}/default.conf.example
install -Dpm0660 sentinel.conf %{buildroot}%{_conf_dir}/sentinel.conf.example
# some sysctl stuff
install -Dpm0644 %{SOURCE6} %{buildroot}/%{_prefix}/lib/sysctl.d/00-%{_name}.conf
%if 0%{?suse_version} > 1500
mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
install -Dpm0644 %{SOURCE1} %{buildroot}%{_distconfdir}/logrotate.d/%{_name}
%else
install -Dpm0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{_name}
%endif
install -Dpm0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{_name}.target
install -Dpm0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{_name}@.service
install -Dpm0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/%{_name}.conf
install -Dpm0644 %{SOURCE7} %{buildroot}%{_unitdir}/%{_name}-sentinel@.service
install -Dpm0644 %{SOURCE8} %{buildroot}%{_unitdir}/%{_name}-sentinel.target
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{_name}
cp %{SOURCE5} README.SUSE
mkdir -p %{buildroot}%{_sysusersdir}
install -pm0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/
%check
cat <<EOF
---------------------------------------------------
The test suite often fails to start a server, with
'child process exited abnormally' -- sometimes it works.
---------------------------------------------------
EOF
# Variable assignments need to match in all make invocations, otherwise it might recomplie. See https://github.com/redis/redis/issues/7337
%make_build test CFLAGS="%{optflags}" BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes || true
%pre -f %{_name}.pre
%service_add_pre %{_name}.target %{_name}@.service %{_name}-sentinel.target %{_name}-sentinel@.service
%if 0%{?suse_version} > 1500
# Prepare for migration to /usr/etc; save any old .rpmsave
for i in logrotate.d/%{_name} ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%endif
%if 0%{?suse_version} > 1500
%posttrans
# Migration to /usr/etc, restore just created .rpmsave
for i in logrotate.d/%{_name} ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
%post
%tmpfiles_create %{_tmpfilesdir}/%{_name}.conf
%service_add_post %{_name}.target %{_name}@.service %{_name}-sentinel.target %{_name}-sentinel@.service
echo "See %{_docdir}/%{name}/README.SUSE to continue"
%preun
%service_del_preun %{_name}.target %{_name}@.service %{_name}-sentinel.target %{_name}-sentinel@.service
%postun
%service_del_postun %{_name}.target %{_name}@.service %{_name}-sentinel.target %{_name}-sentinel@.service
%files
%license COPYING
%doc 00-RELEASENOTES BUGS README.md
%if 0%{?suse_version} > 1500
%{_distconfdir}/logrotate.d/%{_name}
%else
%config(noreplace) %{_sysconfdir}/logrotate.d/%{_name}
%endif
%{_prefix}/lib/sysctl.d/00-%{_name}.conf
%{_bindir}/%{_name}-*
%{_sbindir}/%{_name}-*
%{_sbindir}/rc%{_name}
%{_tmpfilesdir}/%{_name}.conf
%{_sysusersdir}/%{_name}-user.conf
%{_unitdir}/%{_name}@.service
%{_unitdir}/%{_name}.target
%{_unitdir}/%{_name}-sentinel@.service
%{_unitdir}/%{_name}-sentinel.target
%doc README.SUSE
%config(noreplace) %attr(-,root,%{_name}) %{_conf_dir}/
%dir %attr(0750,%{_name},%{_name}) %{_data_dir}
%dir %attr(0750,%{_name},%{_name}) %{_data_dir}/default
%dir %attr(0750,%{_name},%{_name}) %{_log_dir}
%ghost %dir /run/%{_name}
%changelog
