File valkey.changes of Package valkey.39739
-------------------------------------------------------------------
Thu Jul 17 15:55:51 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix CVE-2025-32023, out-of-bounds write when working with HyperLogLog
commands can lead to remote code execution (bsc#1246059)
* CVE-2025-32023.patch
- Fix CVE-2025-48367, unauthenticated connection causing repeated IP protocol
erros can lead to client starvation and DoS (bsc#1246058)
* CVE-2025-48367.patch
-------------------------------------------------------------------
Tue Jun 3 17:55:25 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix crash on SSL_new() returning NULL in outgoing connections (bsc#1243061)
* valkey-ssl_new-null-return.patch
-------------------------------------------------------------------
Mon Jun 2 12:12:59 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix CVE-2025-27151, absence of filename size check may cause a stack
overflow (bsc#1243804)
* CVE-2025-27151.patch
- Fix CVE-2025-49112, setDeferredReply integer underflow (bsc#1243913)
* CVE-2025-49112.patch
-------------------------------------------------------------------
Tue Apr 29 17:03:56 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix CVE-2025-21605, output buffer denial of service (bsc#1241708)
* CVE-2025-21605.patch
- Fix test suite
* valkey-fake-client-flag.patch
* valkey-slot-stats.patch
-------------------------------------------------------------------
Wed Jan 8 17:22:51 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 8.0.2:
- Security fixes
* (CVE-2024-46981, bsc#1235387) Lua script commands may lead to remote code execution. (#1513)
* (CVE-2024-51741, bsc#1235386) Denial-of-service due to malformed ACL selectors. (#1514)
- Bug fixes
* Fix an uncommon crash when using TLS with dual channel replication. (#1173)
* Make sure repl_down_since is correctly reset when dual channel replication
fails. (#1149)
* Fix a performance regression where a replica does not properly initialize
the database size when loading a snapshot during replication. (#1199)
* Make sure the last accessed time is correctly updated when using the TOUCH
command with the CLIENT NO-TOUCH option.
* Fix a bug where total_net_repl_output_bytes may report the wrong. (#1486)
* Fix a bug where used_memory_scripts may report the wrong value. (#1255)
* Fix a bug where server might crash when using active defrag when scripts
are evicted from the script cache. (#1310)
* Fix a bug where extra memory would be used when storing strings in the
inline protocol. (#1213)
* Fix a bug where the SORT command may throw a cross slot error. (#1182)
* Fix a bug where the RANDOMKEY command may omit returning keys in cluster
mode. (#1155)
* Send the correct error message when FUNCTION KIlL is used to kill an
ongoing script. (#1171)
* Fix a potential memory corruption when databases are emptied, such as
through FLUSHDB, when during active defrag is running. (#1512)
- Behavior changes
* Revert an unintended breaking change when sending an unsubuscribe command
when a client is not subscribed to any channels. (#1265)
-------------------------------------------------------------------
Wed Dec 11 22:08:32 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Don't obsolete redis
-------------------------------------------------------------------
Wed Dec 4 20:05:34 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix redis and sentinel units lookup in migration script (bsc#1226986)
* Look for units in /etc/systemd/system/redis.target.wants
- Fix sentinel config files permissions in migration script
-------------------------------------------------------------------
Tue Oct 22 09:03:52 UTC 2024 - Dirk Müller <dmueller@suse.com>
- fix requires for compat-redis package
-------------------------------------------------------------------
Fri Oct 4 12:43:51 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 8.0.1:
- Bug fixes
* Fix a build issue with RDMA when using additional make parameters. (#1074)
* Fix an issue where `CLUSTER SLOTS` might return the wrong tcp or tls port
when called from inside a script or from a module. (#1072)
* Fix a crash when `CLUSTER SLOTS` or `CLUSTER SHARDS` is called from inside
a script or from a module. (#1063)
* Fix a build issue on systems where `<threads.h>` is unavailable. (#1053)
* Fix an issue with the default `sentinel.conf` being invalid. (#1040)
- Security fixes
* (CVE-2024-31449, bsc#1231264) Lua library commands may lead to stack
overflow and potential RCE.
* (CVE-2024-31227, bsc#1231266) Potential Denial-of-service due to malformed
ACL selectors.
* (CVE-2024-31228, bsc#1231265) Potential Denial-of-service due to unbounded
pattern matching.
- 8.0.0 changelog:
* See https://github.com/valkey-io/valkey/blob/8.0.0/00-RELEASENOTES
- Drop ppc-atomic.patch
- Refresh valkey-conf.patch
-------------------------------------------------------------------
Tue Aug 27 18:04:07 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 7.2.6:
- Bug Fixes - Core
* Fix typo in REGISTER_API macro to prevent segfaults when loading Redis
modules (#608)
* Fix the command duration reset issue when clients are blocked and commands
are reprocessed (#526)
* Fix the data type conversion error in zrangeResultBeginStore (Redis#13148)
* Fix a crash caused by quicklist node merges (Redis#13040)
* Fix crashes in module blocking client timeout cases (Redis#13011)
* Fix conversion of numbers in Lua args to Redis args
(Redis#13115, Fixes Redis#13113)
* Fix crash in LSET command when replacing small list items with larger ones,
creating listpacks larger than 4GB (Redis#12955, Fixes Redis#12864)
* Fix blocking command timeout reset issue during reprocessing (Redis#13004)
- Bug Fixes - Cluster
* Fix the CLUSTER SHARDS command to display accurate slot information even
if a primary node fails (#790, Fixes #784)
* Fix an issue where module authentication failed when the cluster was down
(#693, Fixes #619)
* Ensure only primary nodes with slots can mark another node as failed (#634)
* Improve MEET command reliability under link failures to maintain cluster
membership symmetry (#461)
* Allow single primary node to mark potentially failed replica as FAIL in
single-shard cluster (Redis#12824)
- Bug Fixes - Sentinel
* Accept redis-sentinel to start Valkey in sentinel mode (#731, Fixes #719)
- Bug Fixes - CLI
* Ensure the --count option in redis-cli works correctly even without
--pattern (Redis#13092)
* Fix redis-check-aof misidentifying data in manifest format as MP-AOF
(Redis#12951)
* Update redis-check-rdb types to replace stream-v2 with stream-v3
(Redis#12969)
-------------------------------------------------------------------
Tue Jul 9 14:21:33 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- migrate_redis_to_valkey.bash fixes (boo#1227139)
* Also set group owner for /var/lib/valkey
* Change logdir option in copied conf files to /var/log/valkey
* Change owner of copied conf files to root:valkey
-------------------------------------------------------------------
Tue Jul 2 07:52:48 UTC 2024 - Andreas Schwab <schwab@suse.de>
- valkey.logrotate: fix owner of logfiles
-------------------------------------------------------------------
Sat Jun 29 17:32:13 UTC 2024 - Neal Gompa <ngompa@opensuse.org>
- Add legacy symlinks for "redis" executables in sbin to fix
running valkey in other package test suites using absolute paths
-------------------------------------------------------------------
Wed Jun 26 06:25:23 UTC 2024 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Repair Redis instance detection (boo#1226986)
-------------------------------------------------------------------
Sat Jun 22 08:42:19 UTC 2024 - Neal Gompa <ngompa@opensuse.org>
- Enable automatic replacement of redis with valkey
-------------------------------------------------------------------
Thu Jun 6 18:26:19 UTC 2024 - Neal Gompa <ngompa@opensuse.org>
- Initial package based on the redis package and Fedora valkey package
- Ported over patch from redis package
+ Added valkey-conf.patch
- Backport patch from upstream submission
+ Added ppc-atomic.patch
